1. 2

    The writing in this article is so muddled I’m having a hard time figuring out what exactly the author is trying to say. Also makes me doubt I should trust them on the subject. What do our resident crypto experts think?

    1. 2

      How do you even go from “I can’t figure out what author is saying” to “therefore I think I shouldn’t trust them”?

      1. 5

        Inability to express one’s thoughts on a subject in a clear way is a sign of poor grasp of the subject. It would certainly affect my trust in person’s competence. Maybe that’s what GP had in mind writing his post.

        1. 1

          This axiom fails when you’re reading on a complex topic you’re not an expert in. If a scientist versed in the field were commenting on some novel quantum computing idea, chances are I would not be able to understand his comments. That’s an indicator of my abilities, not scientist’s. Requesting that he expressed himself in a way I could understand would be, IDK, lazy? Entitled? I’m not the target and he has no obligation to satisfy my curiosity.

          In this case age’s author was able to grasp and respond to the post we’re discussing so clearly this wasn’t an garbage comment from someone you shouldn’t trust.

          I’m a sample of one and I’m def not in crypto circles but I a) could understand this blog post, b) noticed that Filippo and Neil have different ideas of what scenarios age should cover. Part of this is probably due to spec being outdated at places (something Matthew Green is working on) which explains but doesn’t justify the state of age documentation.

        2. 1

          Hmm, seems I failed to get my point across? But, roughly:

          I’m focusing on the author not expressing their thoughts clearly, not on my failure to understand what they’re saying. (I might be wrong here, of course! Though I think I’m decent at judging whether I don’t understand something primarily because it’s hard, and when it’s because of form of expression.)

          The next step is that I believe that unclear writing goes hand in hand with unclear thinking. I’d rather take my crypto advice from someone who I trust to analyze such problems precisely.

          1. 0

            “The next step is that I believe that unclear writing goes hand in hand with unclear thinking.”

            Sure, just like mess on the desk indicates mess in the head. Good thing that my desk is clean.

            Seriously though, this is not how things work. I’d take well written tech book over a convoluted one, sure, but extrapolating the quality of writing to the quality of thought is just wrong. I’d go with an example but the only one that comes to my mind right now violates Godwin’s law.

            1. 1

              Sure, just like mess on the desk indicates mess in the head. Good thing that my desk is clean.

              Come on, really?

              Here’s a good article that was shared here recently on the importance of writing and its intimate relationship to thinking: It’s time to start writing. (As a side note, if we accept this, this might be where non-native speakers are most disadvantaged given the dominance of English in tech and elsewhere.)

              And yes, this is how it works, at least for me: I apply a variety of filters that determine how I value things I read (and how much effort I put into making sense of them). For example, an article might get a bonus if it’s posted here compared to somewhere I deem to have a lower signal-to-noise ratio; or if it gets upvoted; or someone posts an interesting comment… And writing style is one of the factors. Experience tells me it’s a useful indicator.

              Of course I’m open to putting in the effort if other factors convince me that there’s something there. Which is part of the motivation for my original comment: My aim was not to disparage the author’s writing style, but primarily to invite other readers to change my initial judgement. Secondarily, to express that I believe writing style is important, in the hope of encouraging others to focus on this, too. I don’t want to attack the author, nor am I trying to provoke reactions like yours, but I’m willing to risk those.

              1. 1

                I’m not disagreeing that for many of us writing things down (and rewriting them multiple times) helps in organizing mental model of something. But that doesn’t mean that disorganized writing indicates chaotic or otherwise wrong mental model. This is your initial implication and it is as wrong now as it was back then.

                Implication (p->q) can’t be used to prove conversion (!p->!q) but it can be used to prove contraposition (!q->!p). It’s fair to say that if you don’t have the right mental model you can’t explain something clearly. But you can’t say that inability to explain something (in writing or otherwise) indicates unclear thinking. Or I should say: sure you can do that, it’s just not true.

      1. 6

        I like systemd. It is the first system where I was actually able to tinker without feeling intimidated. I’m not an admin, nor I have time or will to learn systemd or it’s alternatives. Call it “chic seeing the world for the first time syndrom” if you are cynical.

        1. 1

          Are there any mobile operators / ISPs in Poland that provide ipv6?

          1. 21

            Why (practically) no mention of xmpp/jabber? It’s federated, has E2EE support (OMEMO), many FOSS clients and server implementations, and providers generally don’t require any personal info to sign up. The article only mentions that last bit briefly, but instead spends more time focusing on the various walled garden services out there.

            1. 7

              It’s not trendy and new? Honestly the only reason I can think why these articles always gloss over it.

              From a user point of view, I can see why it struggled. It is old, it wasn’t always great, OMEMO rollout has been slow and steady.

              However, if you are writing an article like this you should know that XMPP in 2019 is really good. Services like Conversations make it a program that I use with real people in the real world every day.

              Nerds like me use their domain as their ID. Other people just use hosted services. Doesn’t matter, it all works.

              Decentralised services are always going to have a branding issue I guess.

              1. 7

                no mention of xmpp/jabber? It’s federated,

                It is listed under Worth Mentioning of our Federated section. The reason why it is not a main feature is because client quality is such fragmented ecosystem, and this is due largely to poor quality of documentation. Many of the XEPs still remain in draft or proposed status.

                However, if you are writing an article like this you should know that XMPP in 2019 is really good. Services like Conversations make it a program that I use with real people in the real world every day.

                The issue is Conversations is the only good client. If there were iOS and Desktop clients as good as that then we would be more likely to make it a main feature.

                1. 3

                  Nerds like me use their domain as their ID. Other people just use hosted services. Doesn’t matter, it all works.

                  There is also Quicksy.im by the Conversations author that provides even easier on-boarding for non-nerds but still uses XMPP underneath.

                  For me the biggest problems with XMPP are lack of good clients for iOS and desktops. There is Dino.im but still in beta and it’s not clear if there will ever be an iOS client with Conversations feature-parity.

                  Edit: It seems some members of privacytools.io actually like XMPP: https://github.com/privacytoolsIO/privacytools.io/pull/1500#issuecomment-559405853

                  1. 2

                    It’s not trendy and new? Honestly the only reason I can think why these articles always gloss over it.

                    I should mention here that is not the case at all. We look at number of factors, including client quality, developer documentation quality, types of ‘footguns’ involved, ie where a user might expect something to be encrypted and in reality it is not etc.

                    1. 2

                      You’re being too kind to XMPP, like PGP it’s another example of focusing on things that are trendy in some FOSS circles and meanwhile losing focus on actually providing value where it really matters to users.

                      It’s trendy to assume that federation is an unequivocal good thing and centralized services are bad, when looking deeper into the topic reveals it’s a mess of tradeoffs. Every time this comes up, Moxie’s “The Ecosystem is Moving” post is looking more and more insightful.

                      XMPP, like PGP provides a horrible user experience unless you have extensive domain-specific knowledge. In XMPP’s case, federation is partly to blame for that. Another part is that XMPP is very much a “by nerds, for nerds” thing which comes with a very different set of priorities than anything that aims to be used by most people.

                      1. 2

                        Every time this comes up, Moxie’s “The Ecosystem is Moving” post is looking more and more insightful.

                        For a different perspective on the subject see “An Objection to ‘The ecosystem is moving’”.

                        1. 2

                          I personally like this one I don’t trust Signal by Drew DeVault.

                    2. 2

                      For me the biggest problems with XMPP are lack of good clients for iOS and desktops.

                      For the desktop there is Gajim (gajim.org). It has OMEMO and works very well with Conversations. I have been using this for years and years, although I can only attest to the Linux version.

                      1. 3

                        Yes, I agree. Gajim is fully featured. It’s not without flaws: outdated UI, OMEMO not built in and enabled by default and apparently no official MacOS version (there is https://beagle.im/ for MacOS though…).

                        I guess XMPP’s problem no 1 is software fragmentation as there is no single company that’s maintaining full suite of software. It’s always mix-and-match depending on what OS/phone is used by one’s friends.

                      2. 2

                        Ah, iOS is a big deal. Didn’t realise Conversations didn’t have an app on there.

                        1. 2

                          Yeah. Some people report good results with ChatSecure or Monal or Siskin.im but it seems all of them have minor issues here and there.

                          1. 1

                            For me the biggest problems with XMPP are lack of good clients for iOS and desktops. There is Dino.im but still in beta and it’s not clear if there will ever be an iOS client with Conversations feature-parity.

                            The issue with that is they have no tagged releases, which means maintainers have some ancient random old version or have to keep up to date with every commit. It is unacceptable for something as complex as an instant messenger program to have no tagged release and we believe this because the developers are not comfortable in the completeness of the product to do so.

                            https://github.com/privacytoolsIO/privacytools.io/pull/1500#discussion_r347156496

                      3. 2

                        Because it does not solve any privacy, security or resilience problems from the point of view of individual.

                        a) Federation is meaningless from resilience PoV since XMPP accounts are not transferable; if someone is targeting me they can take down server I’m using. User or programmer giving a damn about “network being resilient as whole” is irrational. It’s should always be about end-user experience.

                        b) Until people will figure out how to create Open Incentive-Aligned Cloud Messaging Platform (replacement for FCM and APNS) battery life will suck. Having multiple tcp sockets each with its own heartbeat for every of your apps means short battery life. I want one socket with heartbeat values optimized for network I’m using ATM.

                        If you want to figure out how to build open replacement for FCM/APNS, I would love to help.

                        1. 1

                          Aren’t all of there points especially worse for the services mentioned in the article? They all depend on a single company, none of the accounts or services are transferable.

                          Battery life doesn’t ‘suck’. My nexus 5x regularly sees 24hr+ with moderate xmpp usage through Conversations (and no Google play services installed)

                        2. 1

                          I’ve been using XMPP with OMEMO E2EE for about a year now, after a FOSS enthusiast convinced me to use it. I’m using Gajim (https://gajim.org/) pretty much daily now and am quite happy with the feel and performance of the chat. It even has code highlighting blocks and other goodies and addons, and it stores the history in a sqlite database. Apparently it’s also possible to use multiple clients on the same account and the messages go to all your clients once they’re hooked up, but I’ve never tried it myself.

                          1. 3

                            Yeah I use it on my phone and desktop, much like one might use whatsapp and whatsapp web. Only your phone doesn’t have to be on for it to work.

                            1. 3

                              Apparently it’s also possible to use multiple clients on the same account and the messages go to all your clients once they’re hooked up, but I’ve never tried it myself.

                              Yep, I believe that’s XEP-0280 ‘message carbons’. Many servers/clients support it.

                              1. 2

                                XMPP with OMEMO E2EE

                                The other issue we have with XMPP is that E2EE is not consistent. For example file transfer and VOIP.

                                https://github.com/privacytoolsIO/privacytools.io/pull/1500#discussion_r351079569

                                It’s not abundantly clear to the user whether their file transfer was sent with E2EE or not. As for VOIP over Jingle, there’s no E2EE to be found there. We believe all channels should be E2EE and not “some features only”.

                                1. 2

                                  I’ve been using XMPP with OMEMO E2EE for about a year now, after a FOSS enthusiast convinced me to use it. I’m using Gajim (https://gajim.org/) pretty much daily now and am quite happy with the feel and performance of the chat.

                                  That is the client we suggested for desktop under our Federated section.

                                  We would like to see documentation for MacOS. Pages like https://gajim.org/download/ just simply say things like:

                                  MacOS

                                  MacOS instructions to follow.

                                  1. 1

                                    Apparently it’s also possible to use multiple clients on the same account and the messages go to all your clients once they’re hooked up, but I’ve never tried it myself.

                                    Yes, and it works very well. I am using Conversation on my mobile and Gajim on the desktop. Both support OMEMO.

                                    See omemo.top for the OMEMO implementation status across a large number of XMPP clients.

                                1. 1

                                  Dialyzer in Elixir is less useful than in Erlang. Main culprit for me is the fact that Enum is a black hole for typing system 1. Types representing collections from Erlang stdlib can be all accept hints about stuff that is inside.

                                  1. 1

                                    Yes – and while this is true, it makes finding workflows where Dialyzer actually helps all the more important. We can always hope that the future will bring improvements in the area of Elixir, as systems get older and people come to appreciate the value of a type system during large refactorings.

                                    1. 1

                                      I would add to that, that the way structs work in Elixir (an Erlang map with a __struct__ field) basically disqualifies usage of some more sophisticated Dialyzer flags (like overspecs for instance). Nevertheless, there’s still a lot of value in maintaining correct typespecs and running Dialyzer on CI, despite steep learning curve.

                                    1. 3

                                      AFAIK there is a way to detect on server side if socket is being piped into bash on other side. You do that by checking backpressure propagating via TCP buffers - bash will execute stuff as soon as it will receive it. Just put a sleep 5 command in the beginning of the bash script and see your buffers on server side being full. You will not see this if client is sane and is not piping to bash.

                                      1. 1

                                        On Ubuntu aptitude why python2.7 returns gimp.

                                        1. 1

                                          aptitude why python2.7

                                          On 18.04 here after uninstalling distcc-pump I only have

                                          aptitude why python2.7
                                          i   python Depends python2.7 (>= 2.7.15~rc1-1~)
                                          

                                          oh well, and steam-launcher which needs python

                                        1. 4

                                          I had one of those at home, growing up. It had foil instead of keyboard. Programs were loaded with help of tape recorder. Not sure about the screen. Grayscale, possibly with green/black instead of white/black.

                                          1. 2

                                            It had foil instead of keyboard

                                            Can you describe this a little more? I looked up some pictures of this computer on wikipedia and they all seemed to have keyboards.

                                          1. 2

                                            Traveling to Osaka, to conference. Studying cryptography. Resting.

                                            1. 5

                                              Seems like the author is slowly re-inventing pass.

                                              You also don’t need to restrict yourself to using just ed.. The author of pass has a vim plugin that disables plaintext temp files, etc in vim. when vim is invoked by pass.

                                              1. 5

                                                If you use Emacs, just save a a buffer to a file ending in '.gpg and it will ask for a key to encrypt that file with. On subsequent saves it will reuse the same key.

                                                1. 4

                                                  Indeed; one of the best things about pass is that it’s just text files + gpg + git. After this fully sunk in, I started using it for all sort of non-password data which I edit in vim with the gpg plugin.

                                                  1. 3

                                                    There’s also an add-on for Firefox[1] to use pass.

                                                    [1] https://github.com/passff/passff

                                                    1. 1

                                                      And an android app [1] compatible with pass.

                                                      [1] https://play.google.com/store/apps/details?id=com.zeapo.pwdstore

                                                  1. 2

                                                    That’s USD 7.500.000 of savings if assumed that 1GB of data costs 5 USD on average. That’s a unit cost derived from infrastructure costs, not amounts consumers pays directly. Got it from some old research paper, not sure about current state of things.

                                                    1. 3

                                                      Participating in zksnarks trusted setup ceremony - ‘perpetual powers of tau’.

                                                      1. 3

                                                        Looking for implementation or implementing the “accountable ring signatures” scheme for fun and glory.

                                                        1. 4

                                                          The city where I live allows for a maximum of two dogs per household. Three dogs, as far as the city is concerned, is too many dogs.

                                                          1. 5

                                                            Time for regime change.

                                                            1. 3

                                                              Where is that?

                                                              In the US, limits on the number of dogs in a household were struck down in a district court decision a long time ago but many cities still have the law on the books and enforce it tactically, knowing that not a lot of people would try to fight it despite a precedent that may or may not apply in their judicial district.

                                                              1. 2

                                                                That sounds familiar, but a district court would only have impact on…well, the district. If it had then been appealed and denied ceriorari at both the appellate and Supreme Court level, it’d (within at least the narrow confines of however the decision was written) potentially have national appeal, but otherwise, it’d have been a local decision. Do you know the case, or anything about it?

                                                                1. 1

                                                                  I may have misremembered the scope. I thought it was a federal court decision, but it appears that it was a Pennsylvania Commonwealth Court decision. So, it only applies to PA.

                                                                  http://www.naiaonline.org/articles/article/pennsylvania-court-strikes-down-ordinance-limiting-number-of-cats-per-resid

                                                                  There are other cases, such as one in Minnesota at the MN state level, too. I know that there is not case law declaring such laws unconstitutional in Kentucky, as an acquaintance of ours lives just outside of Louisville because Louisville has limit and breed laws that are apparently aggressive enforced. A contact in the metro government there confirmed this.

                                                                  Breed clubs and responsible breeders have better info on this, such as on https://omalmalamutes.com/omal/doglimits.htm, from an older AKC bulletin on the subject:

                                                                  Several courts have agreed that limit laws are unjust. In 1994 the Commonwealth of Pennsylvania struck down an ordinance enacted by the Borough of Carnegie that limited residents to five cats or dogs per household (Commonwealth of Pennsylvania v. Creighton, 1994). Similarly, a two-dog limit in Sauk Rapids, Minnesota was challenged and ruled unconstitutional (Holt v. City of Sauk Rapids, 1997).

                                                                  The modern AKC position is documented in http://images.akc.org/pdf/GLEG02.pdf. More info here: https://animallawcoalition.com/are-you-a-victim-of-pet-limits/.

                                                                  Source: family breeds and I’ve had litters in my house yearly for the last several years. Entering it by relationship, I’ve covered all of my bases. Limit laws are still on the books in most municipalities, preferring citation of case law should the educated plaintiff take the matter to court. Uneducated law enforcement presents a risk to dogs with complex medical and behavioral needs.

                                                              2. 1

                                                                Considering carbon footprint impact of dogs I would limit myself without waiting for the city to enforce.

                                                              1. 4

                                                                Thinking on a authentication scheme that could be used as oAuth that would have following properties:

                                                                1. identity
                                                                2. anonymous identity per service, unlinkable to true identity
                                                                3. sybil resistance
                                                                4. decentralization
                                                                1. 7

                                                                  @aphyr Would you see value in community funded analysis of PostgreSQL?

                                                                  1. 7

                                                                    Oh absolutely. I’d love to do PostgreSQL at some point!

                                                                  1. 1

                                                                    The guy is heading in the right direction but he isn’t saying anything new. This kind of critique has existed since forever and he’s argumenting it in a very weak way, arguably doing more harm than good. That said, if all the STEMlords were like him, even without renouncing their framework of thought as STEMlords, there would be much less bullshit about AI around the internet and the IT industry. So in the end, kudos, but read more tech critique.

                                                                    1. 2

                                                                      would you be able to point to a stronger/ better worded/ more comprehensive argument similar to or at least in the vein of the points I tried to raise in said article ?

                                                                      I wouldn’t mind updating it or even scrapping it and replacing it with a re-direct or a link at the top if those same ideas are manifest in someone else writing in a more cohesive manner.

                                                                      1. 5

                                                                        Sure.

                                                                        Here’s one: http://rodneybrooks.com/the-seven-deadly-sins-of-predicting-the-future-of-ai/ This one is somehow related: https://medium.com/@mijordan3/artificial-intelligence-the-revolution-hasnt-happened-yet-5e1d5812e1e7

                                                                        And this other paper is already beyond the AGI narrative and tries to understand why this and other narratives about AI (and implicitly AGI) came to be. I’m not 100% you will find it related, but it’s such a great paper that I think it’s worth reading: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3078224

                                                                        edit: uh, and another great one: https://jods.mitpress.mit.edu/pub/resisting-reduction This is probably even closer to your argument, in some way. It doesn’t say that we don’t need AGI because we have humans, but it takes the narrative about AGI and singularity to highlight flaws in the vision of the human from the perspective of the singularists.

                                                                        1. 1

                                                                          From your first link.

                                                                          Even if there is a lot of computer power around it does not mean we are close to having programs that can do research in Artificial Intelligence, and rewrite their own code to get better and better.

                                                                          That’s a strawman. The argument is exactly - AGI is by definition capable of doing research in AI, ergo it can improve itself. And that is dangerous. By saying “but that’s far away” you are not defeating the argument.

                                                                    1. 1

                                                                      When your whole security model is based on ability to rollback money transfers - this type of “feature” fits perfectly. Compare with cryptocurrencies.

                                                                      1. 5

                                                                        I’m not sure what you mean.

                                                                        You can still roll back transactions with secure confidential transport. The goal of this as stated was monitoring and data loss prevention - both of which can also be achieved with a forward secret transport channel.

                                                                        Cryptocurrencies, in general, have massively lacking privacy/anonymity, but prevent rollback due to distributed immutable consensus.

                                                                      1. 2

                                                                        Very much outdated, but very useful as an introduction.

                                                                        1. 1

                                                                          can you share more uptodate links on this?

                                                                          1. 1

                                                                            I don’t know any. I just can tell that all described solutions appeared long time ago. It does not include newer approaches - e.g. forwarding kademlia (used in Swarm).