Any specific reason for avoiding Redis/key-value stores? I’ve only had one such experience (resque-php) and the main downside seemed to be the need for polling, but honestly I don’t know if that’s because of Redis or because of resque-php’s implementation. I’d like to hear more about that!

Not really sure why you’d even want computers as UI. The ‘UI’ of a piece of paper you tick a box on really is quite good.

All I can say is that I’m glad that New Zealand has never (as least to my knowledge) involved computers in actual voting. Not even UI. I hope that the complete disaster that was our recent attempt at doing a census online[0] will help dissuade anyone from trying to do elections online as well.

[0]: Somehow they managed to simplify the census, put it online, reduce the number of questions and get fewer responses than before even though it’s still mandatory. What. And in return for significantly reducing the amount of information we get from the census, now they have a mandatory incredibly invasive survey of a randomly selected few percent of the population.

What’s worse, is that adding computers into the mix was an excuse to go back on well-tested election related rules, such as secret voting. No, we can’t have voting over the internet or via mobile phones or anything like that.

There’s designs and protocols for that. We could even have diverse suppliers on the hardware side to mitigate the oligopoly risks. The question is, “Should we?” I think traditional, in-person methods combined with optical scanning is still the best tradeoff. The remote protocols might still be useful to reduce cost or improve accuracy on some mail-in votes, though.

And let’s face it, how significant is the cost of having elections really? The 2008 general election in NZ cost about $36 million. Sounds like a lot, but that’s $12 million per year: 1/1719th of the Government’s budget. Spending 0.058% of the budget to ensure we have safe and fair elections is pretty insignificant really, it’s about as much as is spent on Parliament and its services and buildings etc, and about half as much as the Police earn the Government in fines from summary infringement notices (speeding tickets etc).

A problem with the “nation-state” rhetoric that might be useful to dispel is the idea that it is somehow a God-tier where suddenly all other rules becomes defunct. The five-eyes are indeed “nation state” and has capabilities that are profound; like the DJB talk speculating about how many RSA-1024 keys that they’d likely be able to factor in a year given such and such developments and what you can do with that capability. That’s scary stuff. On the other hand, this is not the “nation state” that is Iceland or Syria. Just looking at the leaks from the “Hacking Team” thing, there are a lot of “nation states” forced to rely on some really low quality stuff.

I think Greg Conti in his “On Cyber” setup depicts it rather well (sorry, don’t have a copy of the section in question) and that a more reasonable threat model of capable actors you do need to care about is that of Organized Crime Syndicates - which seems more approachable. Nation State is something you are afraid of if you are political actor or in conflict with your government, where the “we can also waterboard you to compliance” factors into your threat model, Organized Crime hits much more broadly. That’s Ivan with his botnet from internet facing XBMC^H Kodi installations.

I’d say the “Hobbyist, Fragmented Maximalist” line is pretty spot on - with a dash of “Confused”. The ‘threats’ of Google Play Store (test it, write some malware and see how long it survives - they are doing things there …) - the odds of any other app store; Fdroid, the ones from Samsung, HTC, Sony et al. - being completely owned by much less capable actors is way, way higher. Signal (perhaps a Signal-To-Threat ratio?) perform an good enough job in making reasonable threat actors much less potent. Perhaps not worthy of “trust”, but worthy of day to day business.

Who should be the faces recommending signal that people will recognize and listen to?

I’m sorry, but this is plain incorrect. There are many expansions on IRC that have happened, including the most recent effort, IRCv3: a collectoin of extensions to IRC to add notifications, etc. Not to mention the killer point: “All of the IRCv3 extensions are backwards-compatible with older IRC clients, and older IRC servers.”

Per IRCv3 people I’ve talked to, IRCv3 blew up massively on the runway, and will never take off due to infighting.

And yet everyone is using Slack.

More likely sure, but that doesn’t mean that many of them reach the threshold of effort that they do.

Sure it is, it’s just that there are multiple federations.

This knee-jerk reaction against “clickbait” kind of annoys me. Imo there is nothing wrong with an article having a title that attempts to engage a reader and pique their interest. I would also much rather a title pose a question and answer it in the article, rather than containing the answer in the title itself. (The latter can lead to people just reading the title and missing any nuance the article conveys).

It’s a fine title, imo. Maybe there’s a better one possible, but it’s fine.

I can’t for the life of me imagine why a CIA-covert-psyops-agency funded walled garden service would want to push people away from open standards to their walled garden service.

Don’t get me wrong, Signal does a lot of the right things but a lot of claims are made about it implying it’s as open as PGP, which it isn’t.

What makes Signal a closed system?

https://github.com/signalapp

But the cryptographyisn’t good. His case in the blog post is intentionally besides all of the crypto badness.example: the standard doesn’t allow any other hash function than sha1, which has been proven broken. The protocol itself disallows flexibility here to avoid ambiguity and that means there is no way to change it significantly without breaking compatibility.

And so far, it seems, people wanted compatibility (or switched to something else, like Signal)

I guess that’s an invitation to push https://autocrypt.org/

OpenPGP might have resisted the NSA, but that’s not a unique property. Every modern encryption tool or standard has to do that or it is considered broken.

One assumes the NSA has backdoors in iOS, Google Play Services, and the binary builds of Signal (and any other major closed-source crypto tool, at least those distributed from the US) - there’s no countermeasure and virtually no downside, so why wouldn’t they?

there is no security blame game between Signal the desktop app vs signal the mobile app vs the protocol when a security vulnerability happens, OWS just fixes it with little drama.

Not really the response I’ve seen to their recent desktop-only vulnerability, though I do agree with you in principle.

To start with, you can’t trust the closed-source providers since the NSA and GHCQ are throwing $200+ million at both finding 0-days and paying them to put backdoors in. Covered here. From there, you have to assess open-source solutions. There’s a lot of ways to do that. However, the NSA sort of did it for us in slides where GPG and Truecrypt were worst things for them to run into. Snowden said GPG works, too. He’d know given he had access to everything they had that worked and didn’t. He used GPG and Truecrypt. NSA had to either ignore those people or forward them to TAO for targeted attack on browser, OS, hardware, etc. The targeted attack group only has so much personnel and time. So, this is a huge increase in security.

I always say that what stops NSA should be good enough to stop the majority of black hats. So, keep using and improving what is a known-good approach. I further limit risk by just GPG-encrypting text or zip files that I send/receive over untrusted transports using strong algorithms. I exchange the keys manually. That means I’m down to trusting the implementation of just a few commands. Securing GPG in my use-case would mean stripping out anything I don’t need (most of GPG) followed by hardening the remaining code manually or through automated means. It’s a much smaller problem than clean-slate, GUI-using, encrypted sharing of various media. Zip can encode anything. Give the files boring names, too. Untrusted, email provider is Swiss in case that buys anything on any type of attacker.

Far as the leaks, I had a really-hard time getting you the NSA slides. Searching with specific terms in either DuckDuckGo or Google used to take me right to them. They don’t anymore. I’ve had to fight with them narrowing terms down with quotes trying to find any Snowden slides, much less the good ones. I’m getting Naked Security, FramaSoft, pharma spam, etc even on p 2 and 3 but not Snowden slides past a few, recurring ones. Even mandating the Guardian in terms often didn’t produce more than one, Guardian link. Really weird that both engines’ algorithms are suppressing all the important stuff despite really-focused searches. Although I’m not going conspiracy hat yet, the relative-inaccuracy of Google’s results compared to about any other search I’ve done over past year for both historical and current material is a bit worrying. Usually excellent accuracy.

NSA Facts is still up if you want the big picture about their spying activities. Ok, after spending an hour, I’m going to have to settle for giving you this presentation calling TAILS or Truecrypt catastrophic loss of intelligence. TAILS was probably temporary but the TrueCrypt derivatives are worth investing effort in. Anyone else have a link to the GPG slide(s)? @4ad? I’m going to try to dig it all up out of old browser or Schneier conversations in near future. Need at least those slides so people knows what was NSA-proof at the time.

Somewhat related, but even small changes to the request/response can have large impact on the bandwidth consumed.

From Stathat “This change should remove about 17 terabytes of useless data from the internet pipes each month” https://blog.stathat.com/2017/05/05/bandwidth.html

don’t think the fines for violating GDPR are large enough

Actually, they are very large:

Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher [0]

Based on 2017 revenue [1] of $40B, that’s $1.6 Billion Dollars

But it’s not just the fines. The blowback from the stock hit and shareholder loss, as well as cascading PR impact, is a high motivator too.

[0] https://www.gdpreu.org/compliance/fines-and-penalties/ [1] https://www.statista.com/statistics/277229/facebooks-annual-revenue-and-net-income/

It’s a hierarchy (from worst to least worst)

1. No autoupdates
2. Autoupdates but no cryptography, https, made by the worst PHP developers on the planet.
3. Autoupdates, no cryptography or https, made by competent developers
4. Autoupdates, no cryptographical signing over https, made by competent people
5. Autoupdates, cryptographically signed updates delivered over https prepared by competent people
6. Autoupdates, reproducible builds / updates with cryptographically signed updates delivered over https with a transparent and well designed/documented process made by competent people

Tag yourself ;)

I’m not blaming Facebook users or trying to act as if I were superior. I mean, I use WhatsApp on a (far too) regular basis, and have a pretty good feeling that it is going on there too And I understand why they are using it.

But in the end, what else were they supposed to be doing with the data? The people I am “concerned” with are those who are talking about this the most, acting as if nobody would have guessed that this could be happening in a million years. If anything, this seems to be the harmful thing to do, since it seems to neglect that Facebook isn’t doing this because they are evil or something, but anyone, any social network with a similar history, size and system of operation, would have to do the same. The crime is intrinsic in the form.

Ok, I understand that, but I hope I clarified my position in my other responses. Looking back at my original phrasing, I understand the possibility for misunderstanding. “Media coverage” might have been a better word to use instead of “reactions”, which could be understood to be too general.

The network effects are so strong that competition is, for all intents and purposes, impossible. Google Plus is the canonical case study here, though I’m sure there’s an entire graveyard full of them. Facebook’s value is that it has all the people on it, and any competitor will by definition start without any people, which gives it no value proposition to pull people off Facebook.

Unfortunately it’s still the most viable platform for certain things. I use Facebook almost exclusively to buy and sell event tickets at the last minute. In the past 2 years I have bought tickets from the actual ticket vendor for only 2 out of 20+ shows. Facebook provides a web of trust that no other platform can match. I would hesitate to buy a ticket from “edmfan1337,” but some random person with years of photos, a job, a school, and hundreds of friends is way more trustworthy. Often I’ll even have a mutual friend or two for events that are local. I’d love if there were some other platform equally viable, but I am not really interested in technical solutions involving third party guarantees or other “secure” systems. It’s better to deal with real people who can come to agreements and make compromises.

I don’t believe in sinister masterminds controlling things from behind the scenes. And the usage of the word “media” retrospectively didn’t help much to clarify what I intended to say. Maybe “popular discourse” would have been better?

Regarding the points you brought up, I just believe that Trump is a easy to report topic that a lot of people (in some perverse sense) enjoy to hear about. And why should a media network not talk about it, if there’s a “marketplace of attention”? And also, one should avoid falling into cognitive biases. Trump get’s mentioned a lot, one the one hand because his policies are controversial, but also because he is the president of the USA… It’s not like Obama or Bush were minor political actors. And a “1%” is really a void term. It means nothing, and just gives space for ones own imagination. Some things just happen, randomly, and there isn’t a overarching narrative one can coherently place it in.

I’m restricting my horizon for projects that aren’t run by Google because it better showcases the difference between running and contributing to a project. Discussing how Google runs open source projects is another interesting topic though.

Edit: running a large open source project for a major company is in large part about control. Contributing to a project where the contributor is not the main player running the project is more about cooperation and being a nice player. It just seems to me that Google is much better at the former than the latter.

Chromium?

Did you ever tried to compile it?

Google does care a lot about security and I know of plenty of positive contributions that they’ve made. We probably could spend days listing them all, but in addition to what you’ve mentioned project zero, pushing the PKI towards sanity, google summer of code (of which I was one recipient about a decade ago), etc all had a genuinely good impact.

OTOH Alphabet is the world’s second largest company by market capitalization, so there should be some expectation of activity based on that :)

Stepping out of the developer bubble, it is an interesting thought experiment to consider if it would be worth trading every open source contribution Google ever made for changing the YouTube recommendation algoritm to stop promoting extremism. (Currently I’m leaning towards yes.)

I believe it. But what platforms are at issue? Edit: yikes, the tier 1 list is way more limited than I thought. Never mind this question.

Also, for projects starting in 2018, the question isn’t what Rust supports today, but what platforms you’re willing to bet Rust will support in 5-10 years. Hopefully that list is bigger.

I’ve definitely seen this with Wikimedia, as someone who was heavily involved with it in the early years (now I still edit, but have pulled back from meta/organizational involvement). The people running it are reasonably good and I can certainly imagine it having had worse stewardship. They have been careful not to break any of the core things that make it work. But they do, yeah, basically have more money than they know what to do with. Yet there is an organizational impulse to always get more money and launch more initiatives, just because they can (it’s a high-traffic “valuable” internet property).

The annual fundraising campaign is even a bit dishonest, strongly implying that they’re raising this money to keep the lights on, when doing that is a small part of the total budget. I think the overall issue is that all these organizations are now run by the same NGO/nonprofit management types who are not that different from the people who work in the C-suites at corporations. Universities are going in this direction too, as faculty senates have been weakened in favor of the same kinds of professional administrators. You can get a better administration or a worse one, but barring some real outliers, like organizations still run by their idiosyncratic founders, you’re getting basically the same class of people in most cases.

They may be a dysfunctional bureaucratic organisation without a focused agenda (wouldn’t know as I don’t work for it) which would surely make them less effective, but shouldn’t the question instead be how effective they are? Is what they produce a useful, positive change and can you get that same thing elsewhere more cost-effectively?

If I really want to get to a destination, I will take a run-down bus if that is the only transport going there. And if you don’t care about the destination, then transport options don’t matter.

What if, and bear with me here, what they did ISN’T bad? What if instead they are actually making a choice that will make Firefox more attractive to new users?

For now…