Wandering Thoughts archives


The safety of GMail's POP server TLS certificate verification (or lack of it)

A while back I wrote an entry on how GMail hadn't been doing full TLS server certificate verification when fetching mail from remote POP servers. GMail may have verified that the POP server's TLS certificate was properly signed by a CA, but it didn't check the server name, which is the second part of server verification. This is not safe in general (even if you verify the IP address), but Google (and GMail) aren't everyone and they sit in a very special position in several ways.

I don't know if GMail's lack of verification was truly safe, and certainly it skips part of the purpose of verifying the TLS server hostname, but Google skipping this check can be safer than it is for almost anyone else. The basic reason why is that Google is in a position to be very confident that it's not talking to an impostor, if it wants to go to the effort. First, Google can check what it sees for DNS lookups, network routing, and TLS certificates from multiple vantage points around the Internet. This means that any tampering and MITM attacks must be global, not local, which generally means very close to the final network connection to the target.

(Of course, doing this sort of global check can run into issues with services that give you localized DNS results, with anycast routing, and so on. Nothing is perfect here.)

Second, Google can keep a history of all of this. If everything is consistent over time (and your previous connections worked and gave sensible results), you can be relatively confident that you're still connecting to the same thing. If you accepted the thing before, you can keep accepting it now. We weren't presenting the same TLS server key every time (as far as I know, Certbot generates a new keypair every time it renews your TLS certificate, which is about every 60 days), but we were presenting a valid TLS certificate for the same set of TLS names (that were valid DNS names for our IMAP and POP server).

None of this could make GMail's lack of full checking completely safe. But it at least could make it a lot safer than an isolated program or service trying to do the same thing. Google's in a position to have a lot of information that let it 'authenticate' (in some sense) your server, which is part of the reasons for verifying the server name.

(At the same time, I expect that GMail's behavior was ultimately for pragmatic reasons. It seems likely that they found that too many people had POP servers with TLS certificates that didn't include the right name. I can't throw stones about this, since we accidentally did this, as covered in my first entry.)

tech/GMailPopTLSVerificationII written at 23:14:03; Add Comment

Dual displays contrasting with virtual screens (aka multiple desktops)

At work, I have dual displays on my office desktop, specifically two Dell U2412M monitors (which are 24" diagonal with 1920 x 1200 resolution). This gives me a lot of space to work in, and lets me do things like have a full sized Grafana dashboard on the left one while carpeting the right one with windows that are investigating the problems shown on the dashboard. Of course, given world and local events I'm not at work, I'm working from home. At home I have a nice HiDPI display, but it's a Dell P2715Q which means it's only 27" diagonal (and a 16:9 display compared to the 16:10 of the dual monitors). This is not anywhere near as much space as two displays, and the space doesn't split naturally or as nicely.

One of the things that my window manager supports is what is variously called virtual screens or multiple desktops. I have multiple virtual screens set up on my desktop at work as well as at home, but at work I've generally not used them very often or for much. Generally I would switch virtual screens only if I was interrupted in the middle of something and so needed a whole new set of windows on top of the set that I already had. Otherwise, I did everything on my primary virtual screen, because it had enough room.

This isn't really the case with working from home. Now I'm routinely out of what I consider enough space, and so my work sprawls across multiple virtual screens. Sometimes this is different parts of my work; I might be running virtual machines on one virtual screen and looking at a Grafana dashboard on another. This sort of split across virtual screens is okay, and some people would find it an improvement over putting everything on the primary screen, although I'm not sure I do (having everything iconified in one spot is convenient). However, sometimes my single screen and lack of as much space forces me to split one thing between two virtual screens. The most common case is looking at Grafana dashboards, which really want to be full screen on my display. A full screen dashboard leaves me no room for other windows to investigate things, so I often wind up flipping back and forth between a virtual screen with a Grafana dashboard and a virtual screen where I'm doing something about what the dashboard is telling me. This is, naturally, not the best experience; I can't see both things at once and I lose some context and flow as I flip back and forth.

Even with different parts of my work, it's not infrequently a bit more annoying to switch virtual screens than to have one set of things on one display and another set of things on the other. One area this especially comes up in is reading email as it comes in. At work, my email client de-iconifies on the left side of my right display (more or less in the center of where I look), and I tend to first use the left display for things like terminal windows and work, which means that there's space left for the email client to open up, for me to write replies to email, and so on. At home, the de-iconified email client is competing for space with all sorts of other things, so if email comes in while I'm working I'll often switch to another clean virtual screen to read it. This is more of an interruption than it is on my work dual display.

At the same time, the clean virtual screen that I get at home is in its own way a nicer thing. I can't deny that there's clutter and a bunch of distractions on my primary virtual screen at work, both passive ones (things I could do) and active ones (things I'm currently doing). A forced switch to a different virtual screen at home wipes away all of that and gives me a clean, low distraction slate (at least until I start cluttering up the second virtual screen). The very lack of space that I don't like pushes me to switch virtual screens more often and thus to get that new, uncluttered, lower distraction experience more often.

My current feelings are that virtual screens at home don't make up for not having dual displays. I can get my work done, but it's not as nice an experience as it is at work, and not as flowing (for lack of a better term). I'm cramming too much into too little space, and my virtual screens are mostly a method of trying to get more space (as opposed to, say, trying to keep things organized).

(Some people like using virtual screens to separate various things from each other, but my current view is that I don't want to do that for various reasons beyond the scope of this entry.)

sysadmin/DualDisplayVsMultiDesktop written at 00:11:12; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.