1. 39
  1.  

  2. 9

    Extremely informative piece as somebody moderately knowledgeable in cryptography. I learned a lot from it.

    1. 7

      What this means is, a malicious app that can flush the CPU cache and measure timing with sufficient precision can siphon the AES-GCM key used by Signal to encrypt your storage without ever violating the security boundaries enforced by the Android operating system.

      Oops indeed.

      Fairly comprehensible writeup to follow and the design flattened well on my phone. I don’t know what this talk is about too many emoticons - I’d see one about every major section which is several paragraphs usually.

      1. -1
        1. 19

          I am interpreting presentation as the artwork, apologies if that’s not what you meant.

          You wouldn’t know because you passed on it, but it’s a well researched, interestingly opinionated piece that discusses the nuances of a cryptographic construction in an accessible way, while acknowledging what’s good about the design. And it has some cute drawings. We need more of this, and less hot takes on how this or that is bad and dumb, IMHO.

          I am surprised and disappointed to see a comment on Lobsters which is gratuitously negative, dismisses a point of view because of the innocuous identity expression of the author, and tries to enforce the stereotype of technical content having to be inexpressive and boring and dry and nerdy. I have downvoted this as Unkind and I hope you’ll take the time to think about whether that was appropriate.

          1. 6

            The original comment has since been removed so I can’t see if this was acknowledged, but the author’s about page gives some (very genuine) rationale for the format.

            1. [Comment removed by author]

              1. 10

                I didn’t mean that GP dismissed the article directly because of the author’s identity (but I see that’s what it looked like, sorry about that) and I do believe they found the artwork distracting.

                However the artwork is (presumably) an expression of the author’s identity, and not making the effort to scroll past a couple images makes the community less inclusive. Commenting negatively in a place the author is likely to see it is also sure not to make them feel welcome. Said another way, if we only accept technical content presented to the non-technical tastes of the majority, we are certain to keep having a community with little diversity.

                Likewise with emoji, some people find that they help them learn and communicate, some find them distracting. Working past that is key in including different folks with different styles. It’s especially important for the people in the majority to make an effort, because underrepresented people already have to adapt most of the time (or they just get worn down, feel unwelcome, and leave, at a loss for everyone).

                1. 1

                  This is no different from dismissing an article because the author has pictures depicting attractive females in a way that women claim makes them feel uncomfortable or excluded, other than in what the specific sort of sexualized images associated with the article are, and their political valence.

                  1. 4

                    I don’t see any sexualized images in the linked article.

                  2. -7

                    Gonna be honest here, the artwork was distracting from the get go so I blocked them at the first image with ubo. I try to not care about orientations or whatever political/sexual/racial/feeling things people are driven to make a part of their identity. I just find it annoying that the author is using an article featuring a technical subject I’m interested in reading about in order to try and normalize his particular psychological baggage. I don’t care.

                    With that said, it’s a solid article even though if you’re stuck using the WebCrypto api for any reason AES-GCM is the best option you have, it’s also not difficult to get right - Openpgp.js code is pretty easy to follow for implementing the proper protocol. The best, simple option if you’re developing for the web and have more control is libsodium.js which uses chacha and salsa.

                    1. 6

                      Considering all the websites with obnoxious, pointless photo headers, scrolling past cute fursona art is a welcome change.

                      1. 3

                        I just find it annoying that the author is using an article featuring a technical subject I’m interested in reading about in order to try and normalize his particular psychological baggage.

                        What particular psychological baggage are you referring to?

                        I don’t care.

                        When you say “I don’t care” do you really mean to say “I don’t want to see it because it bothers me and therefore I care a lot but in a negative way”?

                        1. 0

                          What particular psychological baggage are you referring to?

                          That being gay or furry or whatever is something to be proud about or guilty about or whatever. It’s no different from liking a certain tv show that other people don’t. It has nothing to do with me, do whatever you want.

                          When you say “I don’t care” do you really mean to say “I don’t want to see it because it bothers me and therefore I care a lot but in a negative way”?

                          More like “I don’t care to take in random furry imagery when I’m concentrating on a technical topic.” Random pictures of babies, cats or stupid gifs have annoyed me the in the same fashion. Stop getting offended.

                          1. 5

                            That being gay or furry or whatever is something to be proud about or guilty about or whatever. It’s no different from liking a certain tv show that other people don’t. It has nothing to do with me, do whatever you want.

                            I’ll take your word for it that you feel like it has nothing to do with you, and therefore everyone should do whatever they want. That’s a generally fair attitude to have, and not too dissimilar to how I approach people whose interests don’t align with mine.

                            For example, one of the repeat Pwn2Own winners goes by “Pinkie Pie”, and is (at least as far as I can tell) a member of the My Little Pony fandom (a.k.a. “bronies”). They’re known to publish brilliant, novel exploitation techniques under that alias.

                            Now, I’m not interested in My Little Pony or its fandom. When I see an article about Pinkie Pie winning Pwn2Own, I don’t take to the comment threads to express annoyance at their celebrating an interest they hold that I do not. I let them do whatever they want, since it has nothing to do with me.

                            Stop getting offended.

                            I’m not offended. I just found the remarks about the author’s “particular psychological baggage” odd (and out of place for this forum).

                            Also: If the art bothers you enough to use uBlock Origin to hide all the images and then tell everyone you did… doesn’t that imply that someone other than me is offended?

                            1. -1

                              It implies nothing of the sort, and Pinkie Pie is god damned admirable.

                            2. 4

                              Do you generally start/join off-topic tangents about those? What prompted you to draw your line here?

                              1. 1

                                No.

                                Because I read jakob’s comment then checked out the blog’s about page. He’s including the images with a specific non-humorous, non-knowledge transferring purpose in mind. That annoys me more than usual.

                                1. 3

                                  See, I read it a whole other way. The art transfers knowledge to me: “I recognize this person!”

                                  If you don’t like it as identity affirmation, treat it as branding. A lot of infosec furries who might have skipped it will take a deeper look because they recognize soatok where they might only skim something on a bland stock theme. There are a lot of furry/furry-adjacent people who care about this topic. Some will weigh their familiarity with the author in determining how deep a read they give it.

                                  1. 2

                                    He’s including the images with a specific non-humorous, non-knowledge transferring purpose in mind. That annoys me more than usual.

                                    The author addresses this in the about page:

                                    The context it’s asked in is usually, “Who cares about [aspect of identity], shouldn’t your blog be about [technical content divorced of humanity]?!”

                                    […]

                                    Second, representation matters.

                                    People who feel nervous being open and authentic about who they are (especially junior developers) will feel even more pressure to remain hidden (to their own detriment) if no one is relatable to them.

                                    So, I promise, I’m not being loud about my identity or interests to spite you. I’m doing it to comfort people like me. And that distinction matters.

                                    1. 0

                                      I noticed. It’s fine that the message is crafted to inspire or comfort a specific audience but the way it’s done means there’s more useless content to filter out for those that aren’t in the target group. The distinction matters little when the effect is the same.

                                      1. 3

                                        For almost the entire course of human history, people in the “out groups” have had to conceal messages intended for them so as not to risk ostracization or worse by the “in group”. I’m sad to see that some people still think that has to be the norm.

                                        1. -2

                                          You’re adding to a reply chain that you don’t know the context of with your incredibly wrong and generic comment. Try harder, please.

                                          There will always be in groups and out groups. If you wanted to simply sub in an example. Would you consider all of the messages that you send your family or friends to be free of anything that the general public would not ostracize you for?

                                          Everyone hides. It’s normal.

                                          1. 4

                                            I have read every comment to this submission.

                                            Try harder, please.

                                            I will indeed try harder to be more understanding of other people’s experiences and personalities.

                                            Please take your own advice to heart.

                            3. -1

                              This is a meta comment but I don’t consider anything I’ve said to be trolling as they’re not intentionally inflammatory. This reply chain was already off the rails so any down votes indicating troll are pretty wrong. Incorrect or troll, no, they are truthful opinions. Unkind or off-topic, sure.