As George Costanza used to say, "You know, we're living in a society!", but just in case we don't, remember this website has a mirror on the Tor network. Bookmark it for safekeeping. Also, RSS feed is here.

Matrix notes

Tuesday, June 21, 2022    Link    https://anarc.at/blog/2022-06-17-matrix-notes/

I have some concerns about Matrix (the protocol, not the movie that came out recently, although I do have concerns about that as well). I’ve been watching the project for a long time, and it seems more a promising alternative to many protocols like IRC, XMPP, and Signal.

One of my main concerns with Matrix is data retention, which is a key part of security in a threat model where (for example) an hostile state actor wants to surveil your communications and can seize your devices.

On IRC, servers don’t actually keep messages all that long: they pass them along to other servers and clients as fast as they can, only keep them in memory, and move on to the next message. There are no concerns about data retention on messages (and their metadata) other than the network layer. (I’m ignoring the issues with user registration, which is a separate, if valid, concern.) Obviously, an hostile server could log everything passing through it, but IRC federations are normally tightly controlled. So, if you trust your IRC operators, you should be fairly safe. Obviously, clients can (and often do, even if OTR is configured!) log all messages, but this is generally not the default. Irssi, for example, does not log by default. IRC bouncers are more likely to log to disk, of course, to be able to do what they do.

Compare this to Matrix: when you send a message to a Matrix homeserver, that server first stores it in its internal SQL database. Then it will transmit that message to all clients connected to that server and room, and to all other servers that have clients connected to that room. Those remote servers, in turn, will keep a copy of that message and all its metadata in their own database, by default forever. On encrypted rooms those messages are encrypted, but not their metadata.

There is a mechanism to expire entries in Synapse, but it is not enabled by default. So one should generally assume that a message sent on Matrix is never expired.

Anarcat

The security racket

Thursday, June 16, 2022   Post   224 words  2 mins read

*This article was initially a so.cl post but I decided to move it here.

Hertzbleed definitely looks like the latest entry in the security racket, it always goes the same way:

  • Find some unremarkable side channel. Bonus points if it’s something that’s always been known but nobody cared about (Spectre, BadUSB).
  • Try your luck with the USENIX reviewers. After enough attempts, you’ll probably get lucky enough when you get a dumb enough panel to accept your quite unremarkable paper.
  • As soon as you get the acceptance notice, buy a custom domain and hire a graphic designer (or five, preferably Jony Ive being one of them) for a “cool” logo.
Read more ...

World-Wide Music: Italy

Sunday, June 12, 2022   Post   261 words  2 mins read

I’ve been planning to do a new website series, music from all around the world, every week five songs from a specific country while skipping the classics (because we’re I’m fucking tired of Pink Floyd, Laura Pausini and Metallica).

This week we have five very good pop songs from Italy, the country shaped like a boot, the country that gave us Michelangelo, Raffaelo, Donatello and Leonardo, or, as you probably know them, the Ninja Turtles.

The video and audio tracks are pulled from Youtube via Snopyta’s Invidious instance. Don’t forget to r8, b8 and please don’t h8.

Highsnob - La miglior vendetta

Me lo diceva sempre mio papà
La miglior vendetta è la felicità
Questo silenzio mi ripagherà
La miglior vendetta è la felicità.

Read more ...

Hardcore Movie Week

Friday, June 3, 2022   Post   1238 words  6 mins read

I had some more-than-usual free time lately so I’ve been watching a lot of movies. Below are just the ones that got on the list of my favorite movies, the names of the others will be forgotten.

Dersu Uzala
Dersu Uzala
Directed by Akira Kurosawa in 1975, Dersu Uzala is a portrait of the friendship between a Russian surveyor and an aging Nanai hunter.

By the way, if you were impressed (just like I was) by Maxim Munzuk, the actor that plays Dersu Uzala, you should really read this 4-part article by his daughter, Svetlana Munzuk, (part 1, part 2, part 3, part 4).

Life can’t be stopped, that means that time can’t be stopped either. The saying - a time for everything - is not in vain. It really is like that: everybody is born in his own time and lives in his own times. Maxim Munzuk

Read more ...