Comment Re:Markdown (Score 1) 27
How about this, then: It fills a niche, but it is full of bad decisions (and fragmentation), and survives mainly by its existing momentum. It's crap in the same sense that Unix is crap: the founder effect has made its flaws impossible to dislodge or rethink.
A popular solution to a problem is not necessarily a good solution to that problem.
Comment Re:How do they know? (Score 1) 44
There's nothing much to doubt. The evidence is always the same: "our web server logs show scrapers originating from IP addresses owned by someone who didn't pay us."
The Verge article is a little clearer. 100,000 threads pilfered over the past year with scraping! Oh no!
(See also: the actual legal filing. I have to admit the headings sound a little unstable.)
Comment Re:We're fucked (Score 1) 75
Just you wait—they're way more over-represented they are in subreddit moderators... and in the accelerationist movement.
Comment Re:scammer-trained AI (Score 1) 75
"Actually" read them? Are there a lot of people running around purporting to have read TSR novels, or to have credentials that require doing so?
Comment Re:What's wrong with... (Score 2) 46
Nothing. That should always be used when possible. Read about Advanced Data Protection. It is designed to pass the Mud Puddle Test, where your old device is not available to encrypt anything, while the user has not yet bought their new device.
Comment Re:The UK Gov will just mandate a backdoor on phon (Score 1) 46
I worry about that. In my threat model, I assume the attacker wants to keep the backdoor secret, and is unwilling to push a secret mass surveillance backdoor to all phones. Even if no one noticed the backdoor, someone is likely to notice all that encrypted surveillance traffic. So, there may be occasionally used back doors in our phones already, but secret mass surveillance is done server-side. That's the main threat I'm worried about.
Comment Re:Do this now please (Score 3, Informative) 46
Check out the github repo I just created. Simply ask to become a contributor.
Comment Re:Sounds interesting (Score 4, Informative) 46
Data can eventually add up. It isn't like a block chain, but we might have say 1KiB per device, and 8 billion devices globally, so maybe 10 TiB? That's assuming we don't ever shard into different quorums, and 15-ish nodes run the world, which is probably unrealistic. With say 150 nodes by then, it could add up to 1TiB per node.
Queries per second would always be low. Using a public key for incremental backups and only rotating the private key every month or two, 8 billion devices registering once a month is only 3,000 QPS globally, and again dividing by 10, that's only 300, which a Raspberry PI can probably handle.
So... it's dumb, but I will find it entertaining to run my node on a Raspberry PI until I start having security concerns. That would be roughly when enough devices are enrolled to make the system a juicy target, probably at least 2 years out. We'll need improved security at that point, e.g. running nodes in data centers with multi party with for any changes, and maybe Tor routing.
Comment How to join the effort (Score 5, Informative) 46
Anyone interested can ask to join my Github project.
Submission + - Help wanted to build open source Advanced Data Protection for everyone
WaywardGeek writes: Recall that Apple was ordered to back-door Advanced Data Protection in the UK. We need to take action now to protect users.
I helped build Google's Advanced Data Protection (Google Cloud Key VaultService) in 2018, and Google is way ahead of Apple in this area. I know exactly how to build it an can have it done in spare time in a few weeks, at least server side. The whole world would be able to use it for free, protecting backups, passwords, message history, and more, if we can get existing applications to talk to the new data protection service.
However, I need help. I've got the algorithms and server-side covered. This would be a distributed trust based system, so I need folks willing to run the protection service. I'll run mine on a Raspberry PI. Areas where I need help include:
* Running protection servers. This is a T-of-N scheme, where users will need say 9 of 15 nodes to be available to recover their backups.
* Android client app, and preferably tight integration with the platform as an alternate backup service.
* Same with iOS
* Authentication. Users should register, and login before they can use any of their limited guesses to their phone unlock secret.
The scheme splits a secret among N protection servers, and when it is time to recover the secret, which is basically an encryption key, they must be able to get key shares from T of the original N servers. This uses a distributed oblivious pseudo random function algorithm, which is very simple.
In plain English, it provides nation-state resistance to secret back doors, and eliminates secret mass surveillance, at least when it comes to data backed up to the cloud. iOS and Android systems don't currently do that. The UK and similarly confused governments will need to negotiate with operators in multiple countries to get access to any given users's keys. There are cases where rational folks would agree to hand over that data, and I hope we can end the encryption wars and develop sane policies that protect user data while offering a compromise where lives can be saved.
So, nothing too serious :-)
Are you up for this challenge? Are you ready to plunge into this with me?
I helped build Google's Advanced Data Protection (Google Cloud Key VaultService) in 2018, and Google is way ahead of Apple in this area. I know exactly how to build it an can have it done in spare time in a few weeks, at least server side. The whole world would be able to use it for free, protecting backups, passwords, message history, and more, if we can get existing applications to talk to the new data protection service.
However, I need help. I've got the algorithms and server-side covered. This would be a distributed trust based system, so I need folks willing to run the protection service. I'll run mine on a Raspberry PI. Areas where I need help include:
* Running protection servers. This is a T-of-N scheme, where users will need say 9 of 15 nodes to be available to recover their backups.
* Android client app, and preferably tight integration with the platform as an alternate backup service.
* Same with iOS
* Authentication. Users should register, and login before they can use any of their limited guesses to their phone unlock secret.
The scheme splits a secret among N protection servers, and when it is time to recover the secret, which is basically an encryption key, they must be able to get key shares from T of the original N servers. This uses a distributed oblivious pseudo random function algorithm, which is very simple.
In plain English, it provides nation-state resistance to secret back doors, and eliminates secret mass surveillance, at least when it comes to data backed up to the cloud. iOS and Android systems don't currently do that. The UK and similarly confused governments will need to negotiate with operators in multiple countries to get access to any given users's keys. There are cases where rational folks would agree to hand over that data, and I hope we can end the encryption wars and develop sane policies that protect user data while offering a compromise where lives can be saved.
So, nothing too serious
Are you up for this challenge? Are you ready to plunge into this with me?
Comment Re:iOS will have a problem in 100 years (Score 1) 58
There are no real downsides to saying the 2026 version is 26 and the 2126 version is 126. It's just [year - 2000]; you can even imagine this is release 026 rather than 26. Personally I'd worry more about what happens in the year 3000 when they have to release version 1000.
Moreover—these are just version numbers, imitative of dates, rather than actual date fields. It's not like someone is going to be charged for unpaid bills because their iOS version number was accidentally parsed as being in the past. Take your damn pills, grandma!
Comment Re: I guess i will watch it now. (Score 1) 101
And yet you registered on Slashdot. Curious.
Comment Re:Good jorb, don (Score 1) 282
(The social credit system isn't real. See here for debunking.)
Comment Re:Finally a reversal (Score 1) 57
They kinda did; Diet Coke is based on the New Coke recipe.
Slashdot Top Deals
Great spirits have always encountered violent opposition from mediocre minds. -- Albert Einstein
