Threads for rlg

  1. 7

    This is great news! I always wondered why this was not possible and I’m glad to hear that it now is. I must say I’m somewhat uncomfortable with using Github as a trusted third party. I don’t see how we can do away with the web of trust if we really want a trustworthy cryptographic ecosystem.

    1. 30

      Keybase had the right idea for identity verification, until they’ve jumped on a chatapp-shitcoin-aquihire death spiral ;(

      1. 5

        I missed the Keybase hype before the spiral, what did it get right about identify verification?

        1. 7

          The original idea was that you’d upload your GPG public keys (and later SSH keys), and then, rather than dealing with the shitshow that is GPG key signing parties, you could attest your Keybase account publicly on various social media (Twitter, Hacker News, GitHub, your personal sites, etc.), giving extremely high confidence, in very public fora, that a given GPG key belonged to who you wanted it to. Problem is, that’s not a business, so I always knew it was going to be a limited engagement before they attempted to jump the shark and instead landed in its gullet.

          1. 3

            I always found this pretty spammy and annoying.

          2. 6

            Keybase helped users prove which social media accounts and domains they own. This nicely reused webs-of-trust and identities that people already know.

            For example, you prove your identity on Lobsters, Twitter, GitHub and GitLab. Each site could individually perform a MITM attack and show a false key. But it’s extremely unlikely that all of them would collaborate to fake the same identity. So when the same identity/key is proven on all of them at once, it’s a quadratically higher level of assurance that it’s a valid key and that’s the same person.

      1. 10

        This is pretty cool, gets me excited about computing again. I’ve come from a more web/api oriented background and for some time I’ve been curious about hardware/firmware. I’m pretty excited about where we might go with compute in more and more places but most my experience is running cloud services so firmware seems uncharacteristically unattainable compared to web/app stuff for me.

        Does anyone know a meaningful way to get involved that isn’t necessarily working at one of the few large bureaucracies funding hardware, and isn’t collecting anymore raspberry pis?

        1. 5

          I found retro-computing hobby to be a great stepping stone to getting to work on hardware-software interface full time. I started by needing a terminal board with serial interface on one end and VGA plus keyboard on the other. At first I built an existing design by Geoff Graham and then gradually improved its hardware and software. It was good experience learning microcontroller programming and the never ending intricacies of historic VT terminals.

          1. 2

            This sounds so interesting, specifically seeing the interest in retro-computing on circles like sdf.org, gopher and gemini places…

            For me retro computing is not really nostalgia so… if somebody was curious about retro computing, where do you think I’ll be a good place to start? Commodore? Atari?

            1. 3

              I can only reflect on my personal story of building simple logical circuits out of what was series 74 analogue in the USSR when I was in my early teens. As well as reading amateur radio magazine of the time explaining how to build home computer from Soviet version of 8080. All this led to recent me building primitive CPU from series 74 (to which I finally have unfettered access!) and trying to interact with it via serial terminal. This CPU was closer to Apollo guidance computer than to microcomputers of the 70s, allowing for exciting clock by clock debugging experience.

        1. 2

          Im listening to ‘Surface detail’ by Iain M Banks. I’m a fan of listening to the culture series. It’s science fiction without the tropes im tired of. I’m hoping Amazon does good job turning it into TV.

          Im reading ‘Elixir in action’ by Sasa Juric. I’ve been wanting to use functional programming on a side project and I’m planning on using Elixir to get my feet wet thinking about problems in a different way. Problem is Elixir is different enough from what I’m used to that I need a more structured guide to avoid getting stuck on the trivial things.

          1. 2

            I love the Culture series. Surface Detail and Player of Games are my favorites. Excession is up there too.

            I don’t want to ruin anything for you, so I’ll just say that the plot of Surface Detail is Banks at his best.

            I’m hoping Amazon does good job turning it into TV.

            WHAT?? Is this a real thing?

          1. 3

            I recently switched to Windows after nearly a decade of Linux desktops. I’ve been containerizing app in a effort to keep the base os in a clean state. I’ve also been searching for how to create a pico driver to no success but If I figure it out I plan on writing a toy OS and programming language in the windows kernel.

            1. 2

              Why the switch to Windows? Seems kind of backwards!

            1. 2

              So if you install Mir and uninstall X11, can you fix this problem completely? Also, are snap packages less secure than debian packages, or is it just that they aren’t as secure as they claim?

              1. 3

                Just less secure than they claim. The problem is that X11 has no sandboxing or isolation between applications, so any X11 application can get keypresses from another etc. Obviously you can package an X11 application into a debian package and achieve the same thing, but debian packages don’t promise any security. (Nor do they have any, by installing a debian package you basically let it do whatever it wants).

                1. 2

                  I was under the impression that snap is supposed to be more for IOT and embedded devices. Things where the minimal amount of software is going to be installed. In that case having bloated and old software that breaks sand boxing is not really a problem. I may be mistaken though.

              1. 4

                In the time that it takes a sophisticated attacker to find a hole in Azure that will cause an hour of disruption across 1% of VMs, that same attacker could probably completely take down ten unicorns for a much longer period of time. And yet, these attackers are hyper focused on the most hardened targets. Why is that?

                I suspect it’s the same reason that people will flock to play the 1 Billion dollar PowerBall, but the still life changing $30 Million lottery jackpot isn’t as enticing.

                1. 9

                  Humans are terrible at risk/reward judgement. They also won’t pay the same amount for a 1/20 raffle ticket. Some of them still smoke, don’t wear seatbelts and keep guns in the same house as their own children.

                  1. 3

                    some of them even keep dangerous drugs like Acetaminophen in the same house as their own children.

                    1. 5

                      sigh Yes, I don’t own any acetaminophen. I’d rather have exactly one available suicide method, so that I can never think about it or come upon it accidentally, but be reassured that it’s there so that I never need to have panicked thoughts about not having one. I think a lot of people with mental health stuff take that particular caution pretty seriously. :)

                      Honestly, I’m not sure whether you were trying to be sarcastic, but it IS a dangerous substance, if you specifically intend to use it that way, and the information about how to use it is readily available. If I were caring for children I’d be pretty cautious about having it around.

                      (Note: The most recent attempt was quite a few years ago and I’ve had a lot of life changes since then and have no intention to die in the foreseeable future. Just in case there’s anyone reading this who doesn’t understand how this stuff never goes away, and is afraid on my behalf. There’s no need for such fear.)