Author: Martin

Raising the Shields – Part 15b – Email Privacy!

Back in 2013 I set out to decentralize and to end-to-end encrypt as much of my private communication as possible (see here how it all began and here for the overall history). It’s been the year of the Snowden revelations and I was (and still am) more than just a bit concerned. Since then I’ve come a long way. It started with installing the Off-The-Record (OTR) plugin in my XMPP desktop messenger, checking certificates with Certificate Patrol, making sure an encrypted connection is always used when I send emails, using TOR for especially sensitive web sessions, automatically deleting cookies when the browser closes, using Nextcloud (Owncloud back then) for file sharing and synchronizing contacts and calendars between my devices, installing my own XMPP messaging server at home, encrypting my frequent remote screen sharing sessions and I started using my own VPN server at home. Lately, Nextcloud talk has become available for voice and video communication, so I’ve also regained a secure and end-to-end encrypted voice and video channel. There are a lot of other small things I have also implemented over the years but one major service has so far only been inadequately protected: eMail! Well, I’ve finally got a fix for that as well.

Continue reading Raising the Shields – Part 15b – Email Privacy!

Still Lots of ‘Red Text’ in the 5G NR Standalone RRC Spec

These days, there is a lot of hype in the press about the race to get 5G networks off the ground. All press reports I’ve come across so far are about non-standalone network deployments in which the 4G network is the anchor for the connection and 5G resources are added when available. For an intro see my post from back last year on 5G Dual Connectivity (EN-DC). At some point, however, we will also see networks that support 5G in standalone mode in which there will be a 5G core network and devices that only talk to to 5G base stations (the gNode-Bs). Today, I wanted to take a look at how the RRC (Radio Resource Control) specification for 5G standalone looks like and was quite surprised that major parts are still missing from the corresponding specification document 3GPP TS 38.331.

Continue reading Still Lots of ‘Red Text’ in the 5G NR Standalone RRC Spec

Security Headers for the Blog

content security header evaluation

The Internet is a dangerous place, lots of bots have nothing better to do than probe for weaknesses everywhere. As you might know, I use WordPress to run this blog and they are pretty quick to fix security issues when they come up. But since I’m quite a bit on the security conscious side, I decided to add an extra layer of armor with HTTP Security Headers for extra protection for me and of course, you, the reader.

Continue reading Security Headers for the Blog

In-Flight Internet in the EU

ean-onlineI’m on planes quite often and on many intercontinental flights, airlines are offering satellite Internet access these days. Unfortunately, quality over the years has significantly deteriorated, the satellites used for the service are probably quite busy these days or airlines artificially throttle throughput to save costs. Who knows… In the US, ground based Internet connectivity on short-haul flights has been available for many years but in the EU, there was nothing similar up to now. However, this is now changing, and when I recently flew from Dublin to Düsseldorf, I could try the new European Aviation Network (EAN) for the first time as a paying customer.

Continue reading In-Flight Internet in the EU

Certificate Pinning vs. Transparency

As you are probably aware I am one of those people who don’t like their private data to be absorbed, analyzed and sold, so I am hosting most of the services I use over the network myself. Over the years, my Nextcloud instance has become the central instance for this as I host files I exchange there as well as my calendars and my address books. Also, I use it as a  platform for private voice and video communication.

This is a great thing and the main threat vectors that remain are that my instance is hacked from the outside with a zero day exploit or someone gets to the data I have stored there with a https man-in-the-middle attack. Both require signification dedication, effort and resources. When I think about it, I feel most vulnerable on the https front as I do not control which certificates are accepted by the various applications on the PC and by apps on my mobile devices that interact with my Nextcloud instance.

In the past, I’ve been using HTTPS Public Key Pinning (HPKP) to add an extra layer of protection. As the scheme hasn’t really caught on over the years, I’ve been thinking a lot lately about the value Certificate Transparency (CT) provides to me. Time for a quick summary.

Continue reading Certificate Pinning vs. Transparency

5G – What’s The Difference Between Option 3, 3A And 3X?

As if there weren’t already enough deployment options for the upcoming 5G network standard, it turns out that for 5G Non-Standalone Option 3, there are actually 3 different variants: 3, 3A and 3X. So what exactly is the difference between them?

Continue reading 5G – What’s The Difference Between Option 3, 3A And 3X?

Image Rotation Chaos – My Ultimate Fix

I’m sure you’ve been at this point before: There’s an image shown in a wrong orientation on your screen because the camera’s orientation sensor got it wrong, or your computer got it wrong, or something in between got it wrong, and you had trouble rotating it into the right orientation. If it’s a single image you can try until you succeed with various programs just to find out that the next image viewer again shows it in the wrong orientation. It might be a nuisance for a few images but when you deal with hundreds of images at a time that should all be in portrait orientation with many of them marked as landscape, it becomes more than just a frustrating exercise to manually re-orient the images. At some point I became so frustrated that I spent some time to find the ultimate fix for this.

Continue reading Image Rotation Chaos – My Ultimate Fix