1. 2
    1. If you try to encrypt a message longer than 256 bytes with a 2048-bit RSA public key, it will fail. (Bytes matter here, not characters, even for English speakers–because emoji.)
    2. This design completely lacks forward secrecy. This is the same reason that PGP encryption sucks.

    Could these tradeoffs be worth it if it means the system is really simple and easy to understand?

    1. 11

      The first one, no. Breaking on large messages is a serious usability pain-point, and doing a hybrid public key encryption is 100% worth the additional complexity.

      The second one, YES! If you make the threat model clear, then eliminating forward secrecy greatly simplifies your protocol. (Implementing X3DH requires an online server to hand out “one-time pre-keys” to be totally safe.) At worst, you’re as bad off as PGP encryption (except, if you follow the advice in my blog, you’re probably going to end up using an authenticated encryption construction rather than CAST5-YOLO).

      1. 1

        The first one, no. Breaking on large messages is a serious usability pain-point, and doing a hybrid public key encryption is 100% worth the additional complexity.

        Isn’t it something people are quite used to though? Both SMS and tweets have a character limit.

        But let’s say we do want to go with the simplest secure model, without forward secrecy but no character limit. So hybrid encryption but not X3DH. What library functions would the smart developer use?

        1. 5

          If they’re using libsodium? crypto_box_seal() and crypto_box_seal_open(). Problem solved for them.

          If they’re using OpenSSL (or one of the native wrappers), something like this:

          type SealedMessage = {cipher: Buffer, tag: Buffer, wrappedKey: buffer};
          const DOMAIN_SEPARATION_AES = Buffer.from('AES-256-CTR');
          const DOMAIN_SEPARATION_HMAC = Buffer.from('HMAC-SHA256');
          
          function hmacSha256(msg: string|Buffer, key: Buffer): Buffer {
              const hmac = crypto.createHmac('sha256', key);
              hmac.update(msg);
              return hmac.digest();
          }
          
          function seal(msg: string|Buffer, recipientPublicKey: Buffer): SealedMessage {
              // Generate and wrap the primary key 
              // (which is split into two keys: one for AES, one for HMAC)
              const key = crypto.randomBytes(32);
              const aesKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_AES]), key);
              const macKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_HMAC]), key);
              const rsaCiphertext = crypto.publicEncrypt(
                  {
                      key: recipientPublicKey,
                      padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
                      oaepHash: "sha256",
                  },
                  key
              );
              
              // Encrypt the data
              const nonce = crypto.randomBytes(16);
              const aes = crypto.createCipheriv('aes-256-ctr', aesKey, nonce);
              const ciphertext = Buffer.concat([
                  nonce, 
                  aes.update(Buffer.from(string)), 
                  aes.finish()
              ]);
              
              // Authenticate the data
              const tag = hmacSha256(ciphertext, macKey);
              
              return {
                  cipher: ciphertext,
                  tag: tag,
                  wrappedKey: rsaCiphertext
              };
          }
          
          function unseal(sealed: SealedMessage, secretKey: Buffer): Buffer {
              const key = crypto.privateDecrypt(
                  {
                      key: secretKey,
                      padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
                      oaepHash: "sha256"
                  },
                  sealed.wrappedKey
              );
              const aesKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_AES]), key);
              const macKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_HMAC]), key);
              const nonce = sealed.cipher.slice(0, 16); // AES-CTR nonce size
              const ciphertext = sealed.cipher.slice(16);
              if (!crypto.timingSafeEqual(sealed.tag, hmacSha256(ciphertext, macKey)) {
                  throw new Error("Integrity check failed");
              }
              const aes = crypto.createDecipheriv('aes-256-ctr', aesKey, nonce);
              return Buffer.concat([aes.update(ciphertext), aes.final()]);
          }
          

          (This is why “just use libsodium” is so much better.)

          1. 1

            Please consider using Pastebin for code; Lobsters renders code in a larger-appearing font than text in its comment section and doesn’t seem to fold it away properly, creating a wall of text that makes it harder to scroll through comments.

            1. 1

              For what it’s worth, that comment looks ok to me (Chrome on Windows).

              1. 1

                I somewhat agree, but I don’t think that there’s a good pastebin which is free to Lobsters without signup and also allows posts to persist. (The Reputation Problem disincentivizes such a service; it would be open to abuse.) It would be cool if Lobsters had the ability to click to expand/hide long code snippets.

                1. 1

                  Definitely the best solution would be for Lobsters to fix code rendering in comments.

                  1. 4

                    We have an issue tracking this if anyone wants to pick up the work

        2. 2

          If you are okay with giving up on security (e.g. for educational purposes) then it could be worth it.

          In practice absolutely not.

          1. 1

            Giving up on security is too vague, sorry. Can eve read my messages? No? Then I think I’m pretty safe.

            1. 2

              Maybe bfiedler refers to the second point, meaning if Eve compromises Alice’s private key, then Eve can read past, present and future messages. My personal opinion is that this should be default for any secure messaging system.

        1. 4

          I feel the problem with adding a tag to filter out these kinds of posts is that it also promotes the content as acceptable to new users. We already see on IRC a number of new users trying to self post content and run into the 70 “new domain” rule.

          Instead of adding a new tag, we explicitly add a story vote reason of “Product Placement” or something similar?

          1. 1

            I have heard that response already but the posts are here, they are numerous and, for some reason, some are highly upvoted (some even had 30+, which is unheard of even for some of the best written articles out there.)

            Flagging is a lot of work while tagging goes around that. If the community doesn’t reject those posts, at least let us filter them out.

          1. 13

            During the host migration we moved off of MariaDB to managed MySQL. That introduced a change in our query plans which is causing most of the slowness.

            1. 2

              The biggest thing I notice is that sometimes where’s a 20 to 50 second delay in loading something. For example, when I loaded the frontpage just now it took about 30 seconds. I also had it when loading some stories the other day (I loaded two in a tab, both took this long). The browser is just waiting on a reply from the server. Everything else seems unchanged, and this is just occasionally (it’s okay now).

              I don’t know if that’s related to the SQL query plan issues, but my first instinct would be to say it’s not(?)

            1. 4

              In the ruby space, scientist touches on some of the ideas you are talking about. While its not property based, GitHub has been able to use it to pull off a few refactors.

              1. 5

                I’ve used Vector in a lot of places and have been super happy with it. Compared to Filebeat, the in process stream processing features (like the lua module ) have really come in handy when I’ve needed to get data cleaned up before sending.

                1. 7

                  I’ve found that a big “saving grace” for YAML is that anything that is valid JSON is also valid YAML. My go-to fix for having to work with large amounts of YAML has been to generate JSON via jsonnet and use that instead.

                  1. 3

                    If anyone is interested in contributing to Lobste.rs for Hacktoberfest, we have a curated list of good first issues.

                    1. 7

                      …why am I getting a loading circle for a text page?

                      1. 7

                        They turned c2 into an SPA, because they could.

                        1. 31

                          Always happy to help. It was a whole lot of fun working with you.

                          1. 1

                            I’ve used 1.1.1.1’s API to use SRV records.

                            1. 4

                              If you want to look at some other interesting alternative query models, Datalog is worth looking into.

                              1. 17

                                From my perspective, these kinds of behaviors seem to creep up more on culture, person and practices threads. Could we try marking those tags as inactive and see if the site behavior improves/number of flags on comments drops?

                                1. 12

                                  I expect for at least a while they’d be submitted and tagged with just programming. How much content relevant to culture/person/practices would prompt you to remove such a story? Would your answer change if all the comments are about that aspect of the story? Or if it’s the elephant in the room?

                                  Some test cases, in the hopes that they’re useful for figuring out how to draw a line:

                                  • A famous programmer dies
                                  • A famous programmer joins or departs a project and writes about technical issues they will/did encounter
                                    • and they were forced out for discriminatory behavior, though the post never mentions or refers to it
                                  • A study (academic or ad-hoc) of bug rate by language
                                    • and by development methodology (agile, scrum, tdd, etc.)
                                    • Would your answer to the previous change if it was a one-sentence mention of a correlation vs half the study?
                                    • How about if it was a one-sentence mention suggesting it for future work?
                                  • A retrospective on the author’s contributions to an open source project
                                    • that was paid work for their employer
                                    • and the employer is accused or held liable for discriminatory behavior, is a political party, or is a political advocacy group
                                    • Or the author thanks a business like Patreon or Github Sponsors for making their work possible
                                  • A blog post about the author’s first contribution to fix a bug in an open source project
                                    • and the PR is rejected
                                    • and the submitter believes it’s for discriminatory reasons
                                    • or the reasons given are explicitly discriminatory
                                  • A blog post about x86 minutiae from a programmer who famously advocates for discrimination
                                    • A blog post about why nobody should contribute to that famous author’s project because of their political views
                                  • A blog post about using ML to locate humans in video
                                    • in surveillance video from a military drone
                                    • that refers to the military or political conflict it will be or was used in

                                  And of course this all comes up again in comments.

                                  How do you feel about culpability? I’m thinking of sayings like “the standard you walk past is the standard you accept” that cast a failure to act as a position in favor of the status quo.

                                  1. 4

                                    I personally feel that either all of your “discriminatory behavior” test cases should be in-scope for discussion within this community, or there should otherwise be an outright ban on anything that breaks the meta barrier (or not-strictly-about-hard-tech barrier), emulating something akin to a dry technical journal with a strictly-moderated comments section.

                                    But let’s be honest: there’s already precedent on this website for discussion of topics that intersect with computing; I’ve seen a number of well-upvoted/discussed stories including:

                                    • blog posts and updates from prominent community members about things happening in their lives
                                    • posts discussing history and context of open source projects
                                    • news stories about prominent community members
                                    • (this one may sound a little salty, but:) fluff pieces, rants, and straight-up advertisements written by darlings of the community
                                    • meta-tagged posts such as this one that explicitly encourage us to think critically about the community

                                    So IMO it’s at best not self-reflective and at worst intellectually dishonest to value critical engagement with topics that intersect in interesting ways with computing, except for the cases in which those intersectional topics touch on problems of discrimination and representation in tech. A strong message is sent to newcomers and passersby when they hop into the comments section, and see that many of the well-upvoted comments on this website are in fact hostile and intended to trivialize and demean when the topic at hand is actually critical to community health. Whether it’s meant to or not, this sends an unkind message to marginalized members of this community, and it will – as it has – homogenize participation on this platform over time.

                                    1. 5

                                      Good test cases. Ones I’ll point at in particular:

                                      and they were forced out for discriminatory behavior, though the post never mentions or refers to it

                                      If the post is about the technical issues they encountered, I think it should stay. Them getting kicked out (or brought in!) due to discriminatory behavior is drama and only leads to poor discussion.

                                      and the employer is accused or held liable for discriminatory behavior, is a political party, or is a political advocacy group

                                      We had this happen with a newbie lobster who worked at Palantir–they were roasted with pointy questions before they could really represent their work. That was super shitty.

                                      A blog post about the author’s first contribution to fix a bug in an open source project

                                      I think this is fluff, and attracts fluff, unless the framing is explicitly “here is this super interesting technical thing that also happens to be my first contribution back”. Further subpoints all boil back down to drama.

                                      A blog post about x86 minutiae from a programmer who famously advocates for discrimination

                                      If it’s valid x86 minutiae it should be tagged assembly, and commentary about their political hobby horses is just as relevant as speculation on what configuration of genitals they prefer during intercourse. Users repeatedly dragging that up she be flagged and if needed encouraged to find communities with a more humanitarian focus elsewhere.

                                      ~

                                      I’m thinking of sayings like “the standard you walk past is the standard you accept” that cast a failure to act as a position in favor of the status quo.

                                      I think those sayings are troublesome because they by definition assume bad faith on the part of the people walking by. Also, I dislike them because they remove all shades and alternative interpretations of interaction in favor of plain “you’re either with us or against us”…and if folks keep asking for that sort of conflict, I think they’re gonna be rudely surprised by the outcomes they get. Blind tribalism doesn’t lend itself to healthy discussion.

                                      1. 5

                                        If the post is about the technical issues they encountered, I think it should stay. Them getting kicked out (or brought in!) due to discriminatory behavior is drama and only leads to poor discussion.

                                        I infer from this that you think drama should be removed. Can you define that term? Is it a heckler’s veto, such that any reading of “drama” into a post means it should be removed? Same for “fluff”? Especially with those being new, unspecific terms, I think the questions about where “how much content” mean a comment or story should be removed are vital.

                                        1. 5

                                          “Fluff” is the easier one to define here: pieces that are based in exceptionally common experiences but which are also going to probably get sympathetic upvotes. The example of “my first PR” is fluff because a) a lot of people have their first PR and b) what kind of asshole would flag such a thing. Fluff tends to have an advantage against other content in any memetic ecosystem lacking explicit pressures against such simple content. That simplicity is also why I have the exception for framing it as a real technical issue that just so happens to be somebody’s first PR.

                                          “Drama” is much harder, but as I use it: content that is significantly about the internal politics or disagreements inside some community. A test might be “if you replaced the people with other people could the problem be made to go away?” Donglegate could have been resolved with either party being replaced, Heartbleed could not. I believe that the corollary to this is that any discussion involving drama will ultimately involve calls to remove or reprogram other humans, and thus are inherently corrosive for a community such as ours to engage in.

                                      2. 1

                                        I distilled these examples to express a couple problems with defining and enforcing topicality.

                                      3. 5

                                        +1 from me.

                                        I’ve had a number of long discussions with 35 recently over whether retiring those tags would skew the amount of incidents back down to normal.

                                        1. 3

                                          I agree with you those tags lead to toxic discussion more than others, but I think it’s worth emphasizing that a lot of @itamarst’s examples are in a person thread.

                                          1. 2
                                            Software Foundations

                                            The Software Foundations series is a broad introduction to the mathematical underpinnings of reliable software.

                                            1. 1

                                              My article organiser (Zotero) also made the same ironic, amusing mistake when importing the title of that Joe Erlang paper on errors.

                                              1. 9

                                                The UI/UX is worthy of exploration; unlike anything I’ve seen.

                                                1. 2

                                                  kind of similar in some ways to void (void is TUI though). I actually started void to be a tui spreadsheet, but over time found that a strict tree worked better for my own workflows. but maybe over time I’ll revisit the nested spreadsheet idea.

                                                2. 6

                                                  This looks awesome. I don’t personally see this as a replacement for Joplin which I use and adore for note taking, but I could totally see it as a fabulous tool for ideation and outlining.

                                                  Definitely giving this a look, thanks for the pointer!

                                                  1. 3

                                                    How did you manage to get a handle on it? It seems so damned alien and all the tutorials I’ve managed to find when I go looking every 6 months or so are always really shallow, like one of those “button and counter” Medium posts about React.

                                                    1. 3

                                                      This is completely new to me. Thanks for sharing!

                                                      1. 2

                                                        Interesting, this reminds me a bit of MaxThink for DOS back in the 90s

                                                        1. 1

                                                          This does look intriguing, but I can’t help but be disinterested in it because it doesn’t look like you can share and collaborate over the Internet. Can you? Or are is there an online equivalent or competitor?

                                                          1. 2

                                                            No, this is strictly desktop software. Miro is the closest I could find to an online version.

                                                          2. 1

                                                            Welp, this looks amazing. Thank you!

                                                          1. 2

                                                            It sounds like the openSuse Build Service is close to what you are after. They offer the infrastructure to compile and package your application on a number of different linux distributions. Unlike some of the other CI tools out there, they will also offer a package repository for your users to install your software with.

                                                            1. 1

                                                              Yes, this one I’ve noticed before, but it seems to neglect the *bsd side. Thanks for the link though!

                                                            1. 5

                                                              I feel like this is a good change. Our community is small enough that “toxic” threads seem to float around longer than is healthy. As a first attempt we could update the score_sql to penalize heavily flagged stories as they get older.

                                                              1. 2

                                                                What rate/formula do you think should be applied?

                                                                1. 3

                                                                  To preface, my suggestion is predicated on two points:

                                                                  • In a healthy community based on user generated content, the rank of any piece once it’s hit the front page should look something like 1/x when graphed over time.
                                                                  • @hwayne observation around the “stickiness” of content that isn’t healthy for the community is an observation that the content isn’t following the 1/x lifecycle.

                                                                  To that end, I feel that if we updated the ranking algorithm to weight upvotes more towards the beginning of a story’s time on the front page and flags more towards the end it will allow for heavily flagged content to flush itself out in a smoother fashion while still giving every story a chance on the front page.

                                                                  1. 2

                                                                    I like this idea! It seems the best compromise between “not shying away from controversial discussion” and “making downvotes reflect the community”. What are you thinking in terms of the “beginning” and “end” of a story’s time? 24 hours?

                                                                    1. 2

                                                                      perhaps HOTNESS_WINDOW

                                                                      1. 1

                                                                        I went and graphed out the old and new algorithm: https://observablehq.com/@hmadison/lobste-rs-voting-formula.

                                                                1. 2

                                                                  While it is Mac only, I’ve been using Things 3 for a while. It has a decent enough API for me to sync Jira and Things which is really nice.

                                                                  1. 3

                                                                    How do you sync Jira and Things?

                                                                    1. 2

                                                                      I’m using OSA scripting bridge between Things and Javascript to pull all of my assigned issues into projects. This lets me have notes and subtasks on top of our poorly configured Jira projects.

                                                                      1. 1

                                                                        Sounds interesting, do you have any code to share?

                                                                      2. 1

                                                                        I would also very much like to know the answer to this question!

                                                                    1. 1

                                                                      My concern with allowing automated tag additions is that its a trap for new members. We don’t have the best onboarding experience when it comes to tagging, and adding something like this feels like it may compound the problem.

                                                                      A suggestion along these lines that I saw in #lobsters the other day would (from rock if I recall correctly) be to have some kind of trended tag structure. If we shifted over to using tuples like {supertopic, subtopic} to tag every story, we could allow the subtopic to be user specified and keep rules around topicality.

                                                                      1. 15

                                                                        If anyone is interested in seeing how opinions change over time, this same question was asked two years ago.

                                                                        1. 0

                                                                          Awesome!