TimeZone, TLS, WARP, ECH, CryFS, SCRAM, Geany

1. Time, as simple as time, err ... I've seen cases like this with servers, where the server VM timezone is already adjusted to local time zone (@ Wikipedia), and then the server thinks it's UTC time zone and then converts it again to be local. Nice. How about doing it just once, on one layer and sticking with that? Or even better, not doing it at all, and using UTC on both levels. And then bleeps fix it by adding NTP sync to the boot, because system gets wrong time and we need to fix it. - Duh!

2. Ah, and Windows messed up TLS certs again. I love it. I did once again follow at least three different instructions how to prevent that from happening in future. Hopefully it's now finally fixed.

3. IT seems that Cloudflare WARP (@ Wikipedia) VPN works directly with WireGuard, that's very nice indeed.

4. Firefox ECH was failing once again, I changed more settings again, and now it works... Until it probably gets broken again. This is just, well what it is. Life... Some things require constant monitoring and repairing to keep working properly. Which is kind of annoying. It seems that the force_https_rr might be a new option, because I fixed the ECH months a year ago, and it was broken again.

5. The Windows 10 -> Xubuntu Minimal laptop setups worked out after all absolutely great. Excellent! Even the legacy lapotps are now faster than "ever", wonderful.

6. LUKS2 cryptsetup (@ Wikipedia) - It's NOT that hard to enable discard (TRIM): cryptsetup --allow-discards --persistent refresh mapper_name - Yes, I'm aware about the risks. Whole point of this disk encryption is to protect from theft / loss of the device and prevent data leaks. Metadata leaks in this context do not concern me at all.

7. A friend's CryFS setup with 16 KiB blocks on a 128 KiB exFAT filesystem resulted in 8× storage overhead—1 GiB files consuming 8 GiB disk space due to mismatched block sizes. kw: disk encryption software (@ Wikipedia)

8. TPM2 (@ Wikipedia). - Lots of tinkering with it. Now I've got system specific TPM only ssh keys on top of separately kept FIDO2 / backup access keys. Recycled all of my keys and daily use keys are now all TPM backed on all systems.

9. SCRAM authentication (@ Wikipedia) memory refresh. And after thinking about it for a while, only extra step it adds, is key derivation and key hiding (XOR with nonce hashes). Which all would be unnecessary, if people wouldn't prefer to use such a weak password. Using proper secure high entropy keys, completely averts using something like SCRAM. It was needed for one project, yet we implemented enhanced version with SHA256 and Argon2id primitives, otherwise the same standard SCRAM process and channel binding as bonus.

10. Today I've developed a Proof of Concept (PoC) for a Denial of Service (DoS) vulnerability discovered during an investigation into a service issue earlier today. The PoC can reliably trigger either a process crash or an infinite loop leading to resource exhaustion.

11. Databases - The current process for defining database field requirements is inefficient and time-consuming for the organization.-  My recommendation: To streamline this, I proposed using base record templates. This would pre-populate standard fields, allowing focus to shift exclusively to defining the essential, business-critical data points. - Result: This recommendation has not yet been unfortunately adopted, and the process inefficiencies persist.

12. Geany (@ Wikipedia) - A very nice and fast text editor. I like this. But some of the settings were quite confusing, there's settings, then there's generic file type configuration file, file type specific configuration file and open document settings. Things like indentation can be configured on (at least) four different levels. I'm not 100% if the file type specific files contain chaining / inheritance, but maybe not. This is much faster and nicer to use than Bluefish. Only thing I miss from Bluefish is the file size indicator, which made it easy to see how large the file is. Geany doesn't show that information, unless you select to view it from tools (Tools -> Word Count, also shows characters (which isn't bytes, due to UTF-8)).

2026-04-19