Certificate Pinning vs. Transparency

As you are probably aware I am one of those people who don’t like their private data to be absorbed, analyzed and sold, so I am hosting most of the services I use over the network myself. Over the years, my Nextcloud instance has become the central instance for this as I host files I exchange there as well as my calendars and my address books. Also, I use it as a  platform for private voice and video communication.

This is a great thing and the main threat vectors that remain are that my instance is hacked from the outside with a zero day exploit or someone gets to the data I have stored there with a https man-in-the-middle attack. Both require signification dedication, effort and resources. When I think about it, I feel most vulnerable on the https front as I do not control which certificates are accepted by the various applications on the PC and by apps on my mobile devices that interact with my Nextcloud instance.

In the past, I’ve been using HTTPS Public Key Pinning (HPKP) to add an extra layer of protection. As the scheme hasn’t really caught on over the years, I’ve been thinking a lot lately about the value Certificate Transparency (CT) provides to me. Time for a quick summary.

Continue reading Certificate Pinning vs. Transparency

5G – What’s The Difference Between Option 3, 3A And 3X?

As if there weren’t already enough deployment options for the upcoming 5G network standard, it turns out that for 5G Non-Standalone Option 3, there are actually 3 different variants: 3, 3A and 3X. So what exactly is the difference between them?

Continue reading 5G – What’s The Difference Between Option 3, 3A And 3X?

Image Rotation Chaos – My Ultimate Fix

I’m sure you’ve been at this point before: There’s an image shown in a wrong orientation on your screen because the camera’s orientation sensor got it wrong, or your computer got it wrong, or something in between got it wrong, and you had trouble rotating it into the right orientation. If it’s a single image you can try until you succeed with various programs just to find out that the next image viewer again shows it in the wrong orientation. It might be a nuisance for a few images but when you deal with hundreds of images at a time that should all be in portrait orientation with many of them marked as landscape, it becomes more than just a frustrating exercise to manually re-orient the images. At some point I became so frustrated that I spent some time to find the ultimate fix for this.

Continue reading Image Rotation Chaos – My Ultimate Fix

DNS Pogo Oscillations

A couple of days ago I suddenly had strange intermittent problems to connect to my services at home. It worked one minute and the servers were not found the next. At first I thought it must be a DSL problem but I quickly figured out that this was not the case at all when I checked the DNS resolution for my domains. Here’s the response of two DNS queries which were one minute apart.

$ ping www.some-domain.com
PING www.some-domain.com ( 56(84) bytes of data.
$ ping www.some-domain.com
PING www.some-domain.com ( 56(84) bytes of data.

What should have been the same IP address suddenly oscillated between two entirely different IP addresses. What’s more is that this happened for several of my domain names via the local DNS resolvers, over Google’s DNS server and also over two VPN tunnels over which yet other DNS resolvers were used.

Continue reading DNS Pogo Oscillations

Nextcloud Talk – Voice and Video Calling – First Impressions

Nextcloud LogoOnce upon a time, Skype was THE voice and video calling platform for me. It was independent, decentralized and offered end-to-end encryption. But that was a long time ago, today it’s centralized, more closed source than ever, and encryption seems to be rather optional. But on PCs there was little else that was usable and universal, perhaps until now. A few days ago I started to test Nextcloud Talk, that, despite its name is a full blown Voice and Video Conferencing and Calling Solution.

Continue reading Nextcloud Talk – Voice and Video Calling – First Impressions

A TURN Server for Nextcloud Talk

Over the past few weeks, I’ve been using Nextcloud Talk quite a bit. While I’m very happy with it in general, I have actually found two scenarios in which the standard setup is not able to establish a connection between the two (or more) parties of a call: In roaming scenarios with my mobile network operator of choice and when I use Nextcloud Talk in the web browser on the PC at work behind the firewall. But there is a fix, at least for one of them.

Continue reading A TURN Server for Nextcloud Talk

CAT-M Evolution in 3GPP Rel. 14

It’s been a while since I talked about LTE based technologies for the Internet of Things (IoT) or Machine to Machine (M2M) communication. Slowly but steadily, we are now seeing NB-IoT and CAT-M1 technology deployed in practice even though I would have thought things would move faster. 3GPP has not slept in the meantime, however, and has continued to evolve both the standards for NB-IoT and also for CAT-M. In this post, I’d like to describe some interesting additions to the CAT-M system that has resulted in specifications for CAT-M2 devices.

Continue reading CAT-M Evolution in 3GPP Rel. 14

Why Is My SNR So Bad At 2 MHz?

up- and downlink channels

One of the nice things of my Fritzbox DSL router is that it draws nice graphs of what is happening on my VDSL line. And one thing I find particularly puzzling in the top graph in the screenshot above is that the signal to noise ratio on the line starts at around 60 db and then quickly decreases down to only 20 db at around 2 MHz. After that it skyrockets again to 60 db and then expectedly degrades again slowly.

Continue reading Why Is My SNR So Bad At 2 MHz?