encthenet

encthenet, 5 days ago

@qlp
Yeh, that works as well. As long as you don't spell it GBit. That just hurts my eyes. 😝

encthenet, 6 days ago

@meejah

Nifty combo.

I still need to get off my butt and try to add quic support to magic wormhole.

encthenet, 5 days ago

@meejah
It's partly more me deciding which quic library to use. Pure python means it just works everywhere, but it's slow. Using a C library means faster transfers (which with quic means 100% local network is possible and so theoretically >1Gb, and I know python quic can't do even 10MB/sec).

encthenet, 5 days ago

@meejah
I've started working on a cryptography replacement that doesn't depend upon rust. Not much there, but enough for an app I needed to use:
https://www.funkthat.com/gitea/jmg/pycryptowrap

I'm very familiar with ctypes so wrapping a library isn't hard.

And most of the libraries expect that you have an event system because the multiple streams can cause io at odd times, so it shouldn't be too terrible to plug in.

encthenet, 5 days ago

@meejah Looking at my past work, looks like ngtcp2 is the library I chose to go w/ for my ntunnel probject. It's MIT licensed, so a good fit, and I have some of the boilerplate implemented, but need to start implementing the basics for it.

encthenet, 4 days ago

@feld @meejah It is, but I haven't spent much time extending it. Partly as I haven't done much python stuff in the last year or two.

encthenet, 6 days ago

@feld Where did I say it should be illegal? I'm tired of you pretending I said something when I didn't even say anything of the like.

encthenet, 8 days ago

@fanf
Have you looked at tcpcrypt and its implications?

https://datatracker.ietf.org/doc/rfc8548/

encthenet, 7 days ago

@fanf
It was created so that programs wouldn't have to implement tls, and that tcp sessions would be opportunistically encrypted.

encthenet, 6 days ago

@fanf First, it was created back in 2010, LONG before Let's Encrypt and TLS was seen as the solution to session protection. This was when lots of protocols were still plain text, and HTTP[S], though becoming more common wasn't quite the defacto standard, so it was making sure that ALL connections would be encrypted w/o having to update all the applications to support them.

It also means that all applications could be "updated" to deal w/ security issues by simply updating the OS.

1/

encthenet, 6 days ago

@fanf instead of having to update all the different applications. We still see issues w/ applications using old versions of TLS because either their closed source, or they haven't been updated to the latest API of their library.

Yes, TOFU isn't the best solution, but it's a lot better than allowing middleware boxes to do things like XXX out STARTTLS in SMTP sessions because they want to be able to sniff email traffic.

(SMTP is a good use case for this.)

2/2

encthenet, 6 days ago

@fanf Oh, one more comment, tcpcrypt tried to standardize it in 2011, but the IETF didn't (still doesn't) care about security, so they didn't complete it. Only after they had a few public embarrassments wrt their terrible security posture, did they finally realize they should do something, and then a second try was made to standardize it, but it took 5 years, mainly due to rrs insisting that tcpcrypt be TLS instead of the existing working w/ code solution.

1/

encthenet, 6 days ago

@fanf by the time it was completed, the industry had effectively moved to very few plain text protocols, wrapping TLS, and HTTPS now being the standard for more comms, so wasn't as needed as when the project first was created.

2/2

encthenet, 6 days ago

@fanf oh, re: why did I mention it, because you said:
> If we pull the cryptography into TCP, we might be able to simplify things further.

encthenet, 6 days ago

@fanf Oh lol. sorry for the confusion. Should look closer next time.

encthenet, 6 days ago

@fanf Yeah, someone else who did that had preceding text like, article I just read.

encthenet, 8 days ago

@feld Yeah. It should be easy enough to say, if you access this domain, auto open in container w/o the need to do the BS to "create" a container for that site. e.g. auto containerize this site. Though it is complicated by some stupid crazy SAML/SSO redirects that some sites do.

This would also apply to iframes, where if it attempted to access a site in an iframe, it'd deny the site, and open a new window for that site.

encthenet, 8 days ago

@feld and GC of "old" containers doesn't even need to be that complicated either, only keep the last 10, or say anything used in the last 2-4 weeks or some blend as well.

and it does look like the plugin is pure JS, so seems like it'd be totally doable.

encthenet, 9 days ago

@patrickworld
Most (all?) US theaters have captioning devices available upon request.

I haven't used them myself, and I have heard of troubles getting/using them, but they are suppose to be available.

E.g.
https://www.regmovies.com/captioning-and-descriptive-video