There is a massive misconception about encryption, and different uses for it. People seem to think that ‘End-to-End’ Encryption means everything is private. This is true for traffic, but not true for the servers using it. End-to-end encryption just means data is encrypted between you and a server. Whoever owns the servers for tech networks can see everything in the plain and store what they want.

Bruce Schneier has done public talks about this for the past 20 years. He clearly states that you have to trust the Companies you use, with your data. We all trust certain Companies with our data. Companies who are shown to not care about data, or have been previously shown to sell data for political corruption (i.e. Facebook, now known as Meta), or just to make money from selling, should never be trusted with your data. That is how I see it. This is not paranoia, it is called knowledge of how systems work, and using your best judgement from what you know. The problem is; most people do not even know how Computers work, let alone how networking and encryption works.

Differences Between End-to-End and Peer-to-Peer Encryption

There is a distinct difference between end-to-end and device-to-device encryption. The only way you get ‘Private’ communications, as in only you and the sender see the data, is by 1) Running your own servers for said services (such as email) with end-to-end encryption or 2) by using device-to-device encryption (phone to phone, computer to computer): This means device to device encryption with no central server.

Companies still use centralized systems that are private to them. Many Companies run their own domain server for VPN and local network. admins of these types of system can read all users emails; which is fair enough in a work setting where you are representing said Company.

If you have a basic knowledge of networking you can check if communications are peer-to-peer or end-to-end (going through a server), by using network stats tools and hardware switches, routers or firewalls. This is because all connections IP data are still viewable by administrators within Companies. Most big Companies have internal AI and human network monitoring this way to track suspicious outgoing and incoming connections (IP data is extremely valuable to network Security within any organisation, as stated in my last post).

When the internet first started there were very few centralized systems. Centralized networks mainly came to being a bigger thing when billionaires (and enemy communications agencies) saw that they could use the internet to control people by buying out social networks (or force bribing) that held centralized data, and had a big chance to spread disinformation. Rupert Murdoch purchased MySpace because of this kind of thinking (the guy who owns 90% of right wing propaganda in the west). We see this today with Elon Musk buying out Twitter, people are now leaving the site in their millions. I am not saying all centralized systems are bad, because they are not, there are great security systems with centralized data, but with anything; if you have bad actors you have people using these systems for bad, or for just making as much as they can from selling private data. Most of the bad on these systems is used for Politics or global disinformation.

Another misconception that I constantly see (within tech communities) is; “you can’t block that domain because…”, you CAN block anything you want to block on your devices or network, they are your private devices.

Scripts that are editable in the Browser

No scripting that can be edited by the user (such as JavaScript) should be used for anything other than styling, api data (that is allowed to be viewed on said page), or media importing. This is something we are seeing a lot from big tech Companies, they are pushing out client side scripts to take stress off of their servers then complaining that people are editing the scripts. The web browser is just that; a browner. A request is sent and a server sends page data back, users can edit anything shown in the browser (and they should) browsers were designed this way purposely to be able to block viruses, malware etc.

The joy of being in tech: you get blamed for everything that goes wrong, even if it is user error and spend a lot of time explaining simple tech concepts to people who think they already know everything. I have had many discussions with people online communities who claim to work in Tech but can not figure out basics. If you want to learn things in a specific field you read books by leading experts within said field.

This has been an on going discussion between administrators ever since Google started using the HTTP/3 QUIC Protocol. What is HTTP/3 QUIC? It is now a hidden UDP gateway that encrypts traffic direct to a Gogole service. Problem? The problem is that administrators cannot see any network information in netstat (in Winows, Linux, Android or iOS) for what the protocol is connected to. This is beyond bad, if you are using any type of VPN (Enterprise or other) you have no idea what connections are going through the HTTP/3 QUIC protocol. I am pretty sure viruses and malware creators will be jumping onto this protocol as traffic is next to impossible to track (unless you are an enterprise with Hardware connection checking), even with checking you do not know what the protocol is connecting to. A lot of other services have started to use the protocol.

Google changed the protocol from using outgoing UDP 443, to creating it’s own ‘hidden’ gateway. In netstat during the use of the protocol, every connection is a separate hidden gateway (there is no way of seeing IP data) where as with normal TCP and UDP connections you see every connection, with IP data for every connection. Netstat was meant for this type of checking by admins and users to check for virus / malware connections and other uses for application Firewalling. In Linux normally anything with networking and gateways requires ROOT privileges (I will be pushing for Debian to block this protocol), this gateway creation does not for some reason. Why have google designed it this way? Because they want to hide the gateway information and what is going through it, no other logical answer. Organizations need to block this protocol completely.

Another thing I do not get with browser creators: why are you force enabling ‘Experimental Protocols’ by default? You are giving one Company a protocol, auto enabling it without questioning it.

How to Disable HTTP/3 QUIC

As this protocol is built into most browsers you have to disable it on every browser profile, for whatever browser you are using.

Google Chrome
In the browser address bar, type chrome://flags. Disable the Experimental QUIC protocol option.

Microsoft Edge
In the browser adddress bar, type edge://flags/. Disable the Experimental QUIC protocol option.

Mozilla Firefox
In the browser address bar, type: about:config. Search for and disable network.http.http3.enable

Opera
In the browser address bar, type: opera://flags/#enable-quic. From the Experimental QUIC protocol drop-down list, select Disabled.

There is a constant myth from people who do not understand centralised Tech. The people who own big social media and VOIP services are not the richest people in the world from running “Free Services”, they sell all your data on to whoever wants it, that includes the Police and Governments world wide. If you have had conversations with people on any of these platforms purporting to crime, illegality, promoting anti-fact, anti-science, or fascism; not only do they know, but Governments world wide know.

I have seen a recent rise in people going along with fascist culture wars, anti-vax and science denial. The same people stomped their feet like toddlers about Brexit, and now spend their entire time moaning about problems with the Country that are direct implications of Brexit (they now want people to think they did not vote for it). Everything costing more is down to investors removing all investment from the Country (along with off-shore tax dodging) which in turn has seen the GBP fall 45%, import and export tariffs are a direct result of Brexit. Car prices are higher because or the GBP value and the fact that importing cars now costs an extra 20%, car leasing has gone up because the Bank of England have put up interest rates because of the growing inflation which is also down to Brexit. The ‘Stop the Boats’ culture war is another result of Brexit.

Scientists are now stating that these centralised Social Networks are creating bias and fuelling racism and alt right terrorism (the same as newspapers). The people who fall for state-propaganda culture wars do not understand Human Rights either: it is like they think that removing ‘Human Rights; will not effect them, as if they are some other kind of being (they are that deranged with their Grandiose Delusions). ‘Human Rights’ means the rights of all Humans, not just one race. We are seeing an exact copy of history right now in the UK. This has also led to a massive increase in denying fact and science. I follow science and fact. If you want to have an opposite view to people who follow ‘fact’, you are following ‘fiction’. These people do not even know what words mean, or the history of wars and what caused them. We did not fight along side fascists who made it legal to persecute an entire race based on extreme nationalism, we fought against them.

Related Link:
 1 - Early Warning Signs of Fascism (AKA Tories Check List)

We were right to be sceptical about LK-99 being a superconductor, as it was only published as a preprint and had not gone through peer review. Scientists were stating the expulsion of the magnetic field was from thermal magnetism and not from the meissner effect. An article published in the journal of nature says the effect was caused by copper sulfide, this work was published by Prashant K. Jain a Chemist of the University of Illinois Urbana-Champaign. He noticed in the preprint they claimed the superconductivity of LK-99 went way up at a temperature of 104.8oC, he stated “I was like… wait a minute I know this temperature”, he is an expert in copper sulfide. Chinese labs created two separate samples, one in a vacuum with 5% copper sulfide and the second in air with 70% copper sulfide, the one with 70% copper sulfide acted like the korean sample, where as the one with 5% behaved differently. Michael Fuhrer a physicist from ARC Centre of Excellence in Future Low-Energy Electronics Technologies was quoted as saying: “That was the moment where I said ‘Well obviously that’s what made them think this was a superconductor.’ The nail in the coffin was the copper sulfide thing.”

Science done properly through reviewing the preprint, with a conclusion. Although other labs are still testing it in other ways.

I recently listened to a great podcast about science denial and the growing amount of people who do not believe in factual or scientific evidence based information – mainly older people who get into religion, are brainwashed by mainstream media into fascist political views or are against science progression. The podcast discussion is between Dr Brian Keating who is a Professor of Physics at the University of California and Prof Dave Farina who runs YouTube channel: Professor Dave Explains. Brian does interviews with a lot of people that most Scientists would not, he has had interviews with Climate Change deniers and other questionable people, he claims he does this to try to educate these people in Science. I don’t know if I could interview people of this nature calmly. He explains this is how he and Dave met, through Dave contacting about someone he interviewed being a clear charlatan.

The interview is interesting, Dave has a similar way of thinking about science denial as myself, that Fact deniers need to be aggressively pushed back on their misinformation or disinformation. This is something I clearly think needs to be looked at and have posted about numerous times on this Blog. You have science deniers owning most of mainstream media (in the old sense), who are just out to make money or force people in to their fascist political views without a care for the planet or the teaching of fact. This needs to change and be stood up against. This is why a lot of older people do not understand why the Young have completely differing views to them. The young are learning about progressed Science. Just imagine what high school kids are learning in their Science lessons today – completely updated and different to 50-100 years ago. They are not learning old simple science like people were 50 years ago, they are learning way more, especially in the field of Physics.

I listen to a lot of podcasts weekly, in a lot of subjects, including science (mainly Physics as that is my main interest subject in Science): the science podcasts mainly involve interviews with Science Professors on new findings and testing. I love learning new things, which is part of being a Developer. People who do programming and technology need to be learning all the time, the same as in the field of science. You also have to be factual in writing software, if you put something the computer does not understand within the framework or programming language you write in, the software will crash. A lot of everyday people seem to think Computers are amazing, and to create Software you just draw a picture and it all works… no that is not how it works. Everything computers do is programmed by humans. Even AI created software is created with a data-set of previous code by humans, robots have no conscience or brain.

Edit:
A day on and I thought I would add another video of interest from this week that I watched last night. It is by Dr Paul M. Sutter, another great Physicist who explains the difference between Science and Pseudoscience, and why Pseudoscience is so dangerous. He has a more laid back way of dealing with science deniers and followers of Pseudoscience. A really interesting video. You can watch both of the linked talks below for free on YouTube.

Related Links:
 1 - Why Professor Dave Thinks Science is in Jeopardy
 2 - What Makes Pseudoscience So Dangerous?

LK-99 is a gray–black, polycrystalline compound, identified as a copper-doped lead‒oxyapatite, research into it being used as a superconductor started in 1999. Scientists at Korea University recently published preprints claiming that it acts as a ‘room-temperature superconductor’ at temperatures of up to 400 K at ambient pressure. Scientists are using these preprints to recreate the superconductor in the lab. Currently they are saying it currently only works for low power, which makes it ideal for Computers and Phones, but could potentially be researched for use in high power in the future. If we had a ‘room temperature superconductor’ it would be a massive scientific discovery. It could be used to combat climate change, and could be used in medical machines, and other uses where superconductors currently need to be cooled using liquid nitrogen and liquid helium.

I recently listened to a great podcast (have been subscribed to for years) about this subject with John Michael Godier interviewing two Scientists who are actively testing this new superconductor in the lab. A really interesting talk.

Related Links:
 1 - Testing LK-99 and Room Temperature Superconductors with Michael Perrone and Jeremy Rys
 2 - LK-99

We have been working really hard for the past year to get the new season of Darkside Atlas up and running. We have done all the testing with the server cluster and everything seems good for launch on Friday the 18th of August. This season we have enough servers and server power to allow for 4900 players connected at any one time, making Darkside the biggest Roleplay Community in the world. This is going to be the last season of Atlas specifically, after problems with the game developers constantly changing code and removing VOIP (we got around this by writing our own VOIP).

Can’t wait to see everyone on launch… I’m pretty sure the Development and Server team are going to be busy for the first few days!

Related Link:
 1 - DarksideRP - Atlas

Zoom has just changed it’s ‘Terms of Service’ to allow user data from Zoom calls to be used in training AI. We have been saying it for years now: your private data is worth more than anything else to Tech Companies trying to maximise profit. We are now at a point where we have listening devices in the Home and Vehicle (Cortana, Alexa, Google, in-car Search), most people use apps like WhatsApp; that is owned by Meta (previously Facebook) for all their voice calls, which have the same capabilities. All of these services have automatic voice to text capabilities to store all your calls to a centralised database, they do not need to store calls in MP4 or WAV, although in the terms they claim they do. When you have data in a database it can be searched through automatically by AI. We’ve seen automated metadata from live streams on TikTok.

I see this as a bigger problem than average spying. Businesses, Government Agencies and Defence Companies all use Zoom for video conferencing. People wonder why those in Tech are calling for more Privacy Rights, and for those rights to be protected by an international body like Human Rights are. The only way to protect your privacy and private data is by controlling it yourself. This is something the average user doesn’t understand, people in the know are way more important than they realise.

Related Link:
 1 - Schneier on Security - Zoom Spying

As Debian 12 came out recently I thought I would do some PHP 8.2 testing on it.

VPS Setup:
1x Intel Core 3Ghz (of multi-core processor)
1024mb RAM
120GB SSD

OS:
Debian 12 - Release 11-06-23

Services:
Web Server: Nginx 1.22.1
Hypertext Preprocessor: PHP 8.2.7
MySQL Database: MariaDB 10.11.3
HTTPS Encryption: TLS 1.3 RSA 2048
Firewall: Nftables (200kb Live Server Ruleset)

Server Boot

Server Total Usage:
157mb

Process Memory Usages:
php-fpm: master process 2mb
php-fpm: pool www 2mb
php-fpm: pool www 2mb
MariaDB 9.6mb
nginx: worker process 0.1mb
nginx: master process 0.1mb

After loading blog site – receiving data from MariaDB

Server Total Usage:
178mb

Process Memory Usages:
php-fpm: master process 2mb
php-fpm: pool www 2.1mb
php-fpm: pool www 2mb
MariaDB 9.6mb
nginx: worker process 0.12mb
nginx: master process 0.11mb

Page Load Times:
General blog page load times direct from php, page loads 10 blog entries. This is not using a reverse-proxy or a cache.

184ms Page Load - General Blog Site

A new version of Debian was released a few weeks ago, Debian 12 “bookworm”. I have created a list of the changes below.

This new version of Debian “bookworm” contains over 11,089 new packages for a total count of 64,419 packages, while over 6,296 packages have been removed as “obsolete”. 43,254 packages were updated in this release. Debian 12 “bookworm” is made up of 1,341,564,204 lines of code.

System

• Linux kernel 6.1 (from 5.10)
• systemd 252 (from 247)

Web Servers

• Apache 2.4.57
• nginx 1.22.1

Programming Languages

• PHP 8.2 (from 7.4)
• Python 3.11.2
• Rustc 1.63

Database Servers

• MariaDB 10.11
• PostgreSQL 15

Architectures officially supported:

• 32-bit PC (i386) and 64-bit PC (amd64),
• 64-bit ARM (arm64),
• ARM EABI (armel),
• ARMv7 (EABI hard-float ABI, armhf),
• little-endian MIPS (mipsel),
• 64-bit little-endian MIPS (mips64el),
• 64-bit little-endian PowerPC (ppc64el),
• IBM System z (s390x)

32-bit PC (i386) no longer covers any i586 processor; the new minimum processor requirement is i686.

Cloud Computing Services:

• Amazon EC2 (amd64 and arm64),
• Microsoft Azure (amd64),
• OpenStack (generic) (amd64, arm64, ppc64el),
• GenericCloud (arm64, amd64),
• NoCloud (amd64, arm64, ppc64el)

Desktop Environments:

• Gnome 43,
• KDE Plasma 5.27,
• LXDE 11,
• LXQt 1.2.0,
• MATE 1.26,
• Xfce 4.18

There is currently a slight problem with memory usage reporting using free -m, the Debian team are currently working on this. Overall for servers it seems a lot faster, but with a slight increase in memory usage. I am currently testing PHP8.2 on a server, post to be put up soon.