Yes, then why the cert pin for bitwarden.com, but not for bitwarden.eu.

Or maybe it is not a cert pin la, as error is:
Exception message: java.securitycert.Cert.PathValidatorException: Trust anchor for certification path not found.

Anyways, during MiTM, .com is not allowed and the error above shown, but .eu allowed, which just, inconsistent...
Still can be a bug for the MiTM app la, as I just lazy to use httpcanary which seem like paid app, stop updated and taken down by Google.
---
Yes, as long as Master Password is implemented correctly, then yes, MiTM don't works.

Still, our mission done, let the bitwarden + TM customer fix their own issues la.
I guess those selected bitwarden.eu customer are happy, as they are excluded from this DDoS protection, as minority of customer.
---
For me, another lesson learned, job done, sleep~

This post has been edited by BenYeeHua: Dec 18 2023, 10:06 AM

Secondly, why the hell you gonna use cloudflare as CDn for the app, while not supporting the DDoS part, lol.

Based on the data I captured using MiTM, they did supported cookies, which means that by showing the WebView to load the DDoS protection page, the customer can tick the verification part as human, then the app can using back the cookies to passing the protection normally.

Anyways, I hope bitwarden customer are seeking another better platform, as it gonna fall easy.

PS: Reminded me that old history, 10 years ago, when Osu! using a custom HTTP protocol that communicate via Cloudflare CDN, and they are prove with saving huge cost with it, lol.

This post has been edited by BenYeeHua: Dec 18 2023, 10:15 AM

Well, I guess it is normally they don't understand this kind of stuff, and lazy to.

Like I know a private forum which set as 45 days of caching js file, which u know, a lot method to invalidate cached file, like 1.hash.js, even clicking the flush cache in cloudflare's dashboard also count, which just taken 1 mins.

But the developer just reply me, lazy la, it is not interesting feature, so trouble, let it be....
Then after 45 days of desync/outdated js version, finally cache expired, bug fixed, lol.

Within this 45 days, a lot of repeated bug report being created, and server get DDoS by the outdated js.file by check-in repeatly, well...

And yes, now it is set as 15 days caching, and after 2 years, the private forum is, well, nearly dead now.

So, there will be more and more issues like this gonna happen in the future, as rapid development is the future, leaving bank system still running as cobol wlll not be the worst one...
---
Yes, solution is out there, with google, but, 99% of person don't know how to google properly, what's you saw is just SEO result, so...
Not gonna put a lot of hope on everything already....

Just, nah, doing my own best la...

Yes, when come to developer having limited knowledge and push a lot of reason to customers, I think it is better to seek better replacement..
They know about CF's DDoS and not planned to support it like 1-2 years ago, which mean they don't get serious on security practice, well, better run before anything more serious happen...

And hell, your app is down when the server is down as well....

Talk about backup, Microsoft now enforce bitlocker on Windows 11 laptop without telling users to backup the key, if users don't login into any Microsoft Account while having your laptop broken, the key will be lost, and so does your data....

This post has been edited by BenYeeHua: Dec 19 2023, 12:29 AM

Also with AMD stutter issues...
https://www.amd.com/en/support/kb/faq/pa-410
Some motherboard still having stutter issues after updated their BIOS with newer AGESA, guess bad programmer la.

For bitlocker.
I guess MS might told the customer about they are backing up the key, but hidden it inside TnC...
---
Anyways, Android and iOS also doing this, at least for Android, they can decrypt your data as long as u give the pin code, so cracking possible.
(You can verify it by reboot into recovery, and it asking you to key in pin code to allow update the firmware etc.)
(Secondly, just having high level enough of Customer service level account, can also do the same, my friend done recovered the data after the ROM get corrupted by updating to buggy version)

So ya, it is more of a trouble for recovering data(via unofficial method), instead of protecting it la, as someone need to grab your MS account to recover it.
Many don't even remember they got registering the MS account, lol...

Still, security is still the old big trouble, specially now people focus on AI, AI and just AI.
Now, most people don't care about security as all.

This post has been edited by BenYeeHua: Dec 19 2023, 02:11 AM

All Android 8+ already encrypt as enforcement, this is one of the slowdown issues.
Then they swap into file based encryption, the file system still using F2FS because this is one of the most stable system supporting it.

Google planned to move away from it, because no more support from Huawei, but sadly failed, because they wanna wait Meta to support another better file system that can store duplicate file as single file, to save cost, lol.
And then, Huawei already improved their own newer file system with that feature, lol.

Second slowdown on Android is, Android 10 SAF.
Even with Google pixel phone, taking video 1 mins already shut down because too slow the writing speed, lol.
All factory version < Android 10 is taking this performance overhead, because they don't care about upgrading the kernel and change the sdcardfs file system to fix this slowdown, lol.
-----
Anyways, to disable encryption, unlock bl and disable encryption, else your phone falling also gg.
And yes, with the risk of getting crack la, but you can use your own key for encryption if you want.

The power of Android only showing up when you unlock it, but yes, it take a lot effort to tweak it.
Once you did that, you can enjoy the power of 10 hours SoT, lol.

No, TM is not doing charity.

Then skip la, bet on SWU 5.0

https://news.ycombinator.com/item?id=38702783

kwss
Ouch...

Well, slowdown not affected by encryption, but how's Android implement it.
You keep jumping in between solution, sure it will be unstable.

Not talking about how's SAF get enforced since it give up like 5 years from Kitkat android 4.4...
https://source.android.com/docs/core/storag...ardfs-deprecate
https://source.android.com/docs/core/storag...use-passthrough


Also, you posting about those factory Android 10+, not those get upgraded from Android 8/9.
If you got a android 9 phone, check the file system, at Android 9 it is reported as F2FS, then Android 10 reported as sdcardfs.
And kernel version don't change since that.

https://source.android.com/docs/core/archit.../android-common

Try get a latest emmc phone with android 12 then u will know.

PS: You may messed up by my poor speaking, I means huawei supporting duplicate file combine, don't means it is better in encryption.
I just means that google also trying to redo the same duplicate file combine, but failed because they wait Meta to write the code, but not them.
PS2: Huawei upgrade their kernel version, yes, you can check on it, but it got a lot of slowdown bug happen to their own NM cards, should be fixed la.
---
Yes, slowdownness caused by lazy fix as it need update of kernel + filesystem to fix it.

https://new.c.mi.com/my/post/11302

They just stop update ROM, and called it a fix, kernel version stay the same, still using sdcardfs not FUSE.

Yes and no, UFS don't means fast, my old asus zenfone max pro M1 with emmc still faster than Huawei Y Max emmc, while this Huawei Y Max got NAND dead before this old max pro M1....
And hell, I got friend using Mix2s, which also UFS, slowdown until failed to open Alipay within 5s.

But after he get a temporary backup Redmi 10 or whatever phone, it feel snappy than that mix2s.
I run a benchmark using CPDT, it is much, much slower than that old Max pro M1....
https://play.google.com/store/apps/details?...com.Saplin.CPDT

So yes, should be too much log writing(china app love to do log writing and caching unlimited) and unbalanced writing + TRIM algorithm broke it.

And no, disable encryption not a solution, backup with NAS always is.
But you should know, 99% of people don't do backup properly, no one teach them, they just do backup on pendrive, which failed more easy.

And as u can see, he jump to Android because he think Android safer from data lost/failing, but no it is not.
I just point it out and how to disable it, don't means I recommend it, else why I point it out can get crack easy after disabled it.

Also, NAND kind of hard to recover nowadays, it is not SSD or HDD, even SSD also hard, lol

This post has been edited by BenYeeHua: Dec 21 2023, 12:38 AM

Even google pixel always broken(hell, failed phone that can't call 911E!!!), who gonna trust google on Android, not to mention about OEM doing more stuff, lol.
There is only 1 rule, trust yourself, take a good backup, and change new phone every 3 years after stop getting update.

New phone is the only method to "reset" the aging of NAND, and prevent data lose.
Cheap or not don't matter too much, 3 years RM 1k phone is already good enough.

https://www.reddit.com/r/GooglePixel/commen...emergency_call/
https://www.reddit.com/r/Android/comments/1...ial_911_during/

---
So, near end of 2023, how's all upgrade of 500M?
Enjoyment, or always not reaching 500M?

For boring compare, using torrent file vs magnet.

UniFi 100 Mbps, private IP.
Can full speed but I limit it la, else gonna break my louzy TM orange router, lol.

Same as yours, but 100M since received the upgrade sms, I guess you should already 100M if got that sms.

Yes, IC to IC, person to person, both showing up at TM point, with fingerprint, alive.

Already a open one, like Maxis dealer seeking me on WhatsApp, with old outdated address.

From which phone number?

Except Streamyx which give dummy IPv6 prefix, should be fine for UniFi.
But some area got bugged PPPoE device, which you can only wait for them to maintain during midnight.

Even I am 100M, it is still showing 30M plan for me.

Look like the problem for mihoyo's JP server is a sign, then also china mobile with high latency at SG last also weeks.

Guess will slowly recover at 1 AM, like usual.

Better ask here?
https://forum.lowyat.net/topic/4658096

Always like this, trigger QoS as more people browsing at 10 AM morning, sometimes kill China traffic at 12 PM, getting higher and higher QoS over time, then boom at night 7 PM where everyone at home, as they start not using data(during office time) but UniFi/WiFi.

Get reset after a lot of people going rest during 1 AM, now moving earlier as the quota of this QoS is getting lower.
or I should said, easy to trigger as more people getting 100M high speed, compare with 30M.

Before that just applied to Google local ISP(yes, 480KBps, until Google having some deals with TM) + China traffic, then after famous of CloudFlare, moving to whole SG traffic as well.
This rule applied since Streamyx era, then went away for UniFi(only UniFi customer get benefit) showing up, after the famous of free speed upgrade, the effect of QoS came back to UniFi, as Streamyx user start moving to UniFi.

The slowness of IPv6(mostly for upload) for Google also observed during that time(MEGA drive get the most hit, last for years), which is why got the famous "disable IPv6 to speed up the internet" showing up in Lowyat forum.

-----
If you wanna me guess why it trigger heavy yesterday?
There is 1 thing I know might trigger, 1 famous activity happen during night yesterday, bilibili livestream about the HSR's CNY Festival, the video server is at Amazon SG, only it use Maxis MY CDN if you doing something, which already having high latency by going local, but at least stable than Amazon...

As it is Sunday, the traffic should be local Chinese + Student + Oversea Chinese(SG? also those oversea Chinese getting the traffic wrongly and going to Amazon SG via MY) watching live stream, taking it down heavy.
https://www.bilibili.com/festival/honkaistarrail2024spring

But it might also be DDoS traffic la, not like MY don't have a lot of computer infected as BOT, going to printer shop, then going back, see your Pendrive got worm infected or not...

This post has been edited by BenYeeHua: Feb 5 2024, 07:42 AM

Yup, quite stable, should be WiFi or shared network on his area getting bursted.

As many CNY going hometown, so network gonna crowd for WiFi and Fiber for those hometown that at kampung etc.
Just like highway getting crowd, network also crowd as the total bandwidth can't extend on load.