Mastodon Feed
jsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
any informed opinions on this analysis?
https://www.brookings.edu/articles/how-african-governments-can-regain-the-trust-of-their-citizens/
Mastodon FeedMastodon Feedjsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
amusing
Mastodon FeedReblogged by isagalaev ("Ivan Sagalaev :flag_wbw:"):
Waxingtonknee@mastodon.org.uk ("Waxing and Waning") wrote:
@isagalaev I never left Firefox. I was there that day in '04 when we broke the 'most downloaded' in 24 hours record. I was there during the buggy years and I'm still here today, despite Mozilla's misguided attempts to get on the AI bandwagon.
If a website won't work on Firefox I won't give them my business. No my browser isn't out of date, your website has failed basic compliance.
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
Never mind, I found this. https://github.com/aadomn/aes
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
Are there any AES implementations out there that implement the S-Box lookup algebraically (GF(2⁸) byte inversion followed by affine transformation) so as to avoid the timing side-channels associated with table lookups? Performance not an issue!
Mastodon FeedReblogged by kornel ("Kornel"):
caseyliss ("Casey Liss") wrote:
This is so gross. 👎🏻 × ∞
When is Apple going to realize that rent-seeking anywhere and everywhere is not only a bad look, but will get them regulated straight to hell?
(And at this point, it's more than deserved. Bring it on.)
https://news.patreon.com/articles/understanding-apple-requirements-for-patreon
Mastodon FeedReblogged by kornel ("Kornel"):
kate@fosstodon.org ("Kate Morley") wrote:
From the Guardian: “Banksy has unveiled the eighth artwork in his animal-themed collection in London, a mural of a rhinoceros that looks as though it is climbing on top of a car.”
Yes, “climbing on top of”:
Attachments:
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
Addendum:
Signal should be a driver of new cryptography like it once was. Its initial success and influence stemmed from its pioneering approach to cryptographic innovation. The development of the Signal Protocol, which now underpins the security of not just Signal but also other major platforms like WhatsApp and Facebook Messenger, was a groundbreaking achievement that set a new standard for secure communication. However, in recent years, Signal has lost its momentum as a driver of new cryptographic methods and standards.
The real cost isn't in making bad decisions: it's in not making good ones. The consequences of inaction can be just as severe, if not more so, than the consequences of making poor decisions. Signal’s current trajectory reflects a dangerous complacency, where the organization seems more concerned with avoiding mistakes than with seizing opportunities for improvement. This mindset has led to a failure to address emerging threats proactively and to capitalize on opportunities to enhance the platform’s security and user experience.
When an organization like Signal hesitates to innovate or to implement necessary changes due to fear of potential backlash or technical challenges, it creates a vacuum. This vacuum is quickly filled by adversaries who exploit the weaknesses Signal has failed to address, or by competing platforms, such as Telegram, that offer better UX but infinitely worse security guarantees.
Mastodon Feednadim@infosec.exchange ("Nadim Kobeissi") wrote:
Regarding my recent critiques of Signal:
Over the past few months, I have not hesitated to voice strong criticism against Signal, a platform that many in the privacy and security community regard as one of the most robust tools available for secure communication. My critiques have centered on what I perceive to be significant technical and institutional failings—issues that are not merely theoretical but have tangible implications for the security and privacy of millions of users worldwide. However, despite these criticisms, I must emphasize that Signal remains, in many ways, one of the best solutions we have. This essay seeks to balance my harsh criticisms with an acknowledgment of Signal's continued importance while underscoring the urgent need for accountability and reform within the organization.
The main issue with Signal today is not the technology itself but the institutional rot and lack of accountability that have taken root within the organization. The security community has been too deferential, too willing to give Signal a pass on issues that would not be tolerated from other organizations. This must change. Signal needs a watchdog—a mechanism of external accountability that can hold the organization to the high standards it claims to uphold.
Technical Failings: A Case of Mismanagement, Not Ineptitude
My concerns about Signal's technical direction are rooted in specific, actionable issues that the organization has, thus far, handled poorly. The implementation of usernames, for example, was executed in a manner that arguably undermines the privacy standards Signal is supposed to champion. Rather than adopting a more privacy-preserving approach, Signal opted for a method that, while functional, exposes users to potential risks that could have been mitigated with better design choices. More specifically, Signal tied usernames to phone numbers, which gives its users a false sense of safety by encouraging them to distribute their usernames online, not necessarily realizing that their phone numbers and revealable by a simple legal request tied to that supposedly pseudonymous username.
Moreover, the degradation of Signal's security standards over time is troubling. As new cryptographic attacks emerge, one would expect Signal to be at the forefront of addressing these vulnerabilities. Instead, we've seen a slow, sometimes dismissive response to these threats despite their practical implications and despite them being presented at top-tier security conferences (one random example: https://cs-people.bu.edu/kaptchuk/publications/ndss21.pdf) which not only erodes trust but also puts users at unnecessary risk. The recently handling of Signal Desktop's security weaknesses—initially radically downplayed and then suddenly addressed when public pressure mounted—is a stark example of this reactive, rather than proactive, approach.
Signal's approach to censorship circumvention further illustrates this trend. The reliance on random people running NGINX proxy Docker containers, advertised haphazardly by volunteers on social media, lacks the rigor and foresight expected of a platform that markets itself as a bastion of secure communication. Without a proper web of trust, these solutions are not only ineffective but potentially dangerous.
Institutional Failings: Accountability and Transparency in Decline
Institutionally, Signal's trajectory raises serious concerns. The organization's repeated appeals for donations, juxtaposed against a $1M USD compensation package for its new president, Meredith Whittaker (right as she wrote blog posts begging for users to donate) and a staggering $50M loan, suggest a misalignment of priorities. Signal's status as a 501c3 nonprofit should imply a commitment to frugality and transparency, yet the financial decisions being made seem more aligned with corporate self-interest than with the values of the open-source community.
The composition of Signal's board of directors exacerbates these concerns. When leadership surrounds themselves with personal friends, including individuals with controversial backgrounds especially in global activist circles, it not only undermines trust but also raises questions about the governance and decision-making processes within the organization. Signal increasingly appears to be more focused on the personal brand and career advancement of its leadership than on fulfilling its core mission.
A Call for Constructive Criticism and Vigilance
Despite these criticisms, it is important to recognize that Signal remains one of the few tools we have that can provide secure and private communication in a world where such capabilities are under constant threat. The platform's underlying technology, when properly implemented and maintained, is still among the best available. But this does not mean we should turn a blind eye to its flaws.
It bears repeating: the main issue with Signal today is not the technology itself but the institutional rot and lack of accountability that have taken root within the organization. The security community has been too deferential, too willing to give Signal a pass on issues that would not be tolerated from other organizations. This must change. Signal needs a watchdog—a mechanism of external accountability that can hold the organization to the high standards it claims to uphold.
In conclusion, while my critique of Signal has been harsh, it comes from a place of genuine concern for the platform's future and its role in the broader privacy and security ecosystem. Signal is too important to fail, but it is also too important to be allowed to continue on its current path without scrutiny. As users, donors, and members of the security community, we have a responsibility to hold Signal accountable, to demand better, and to ensure that it lives up to the promise of secure, private communication for all.
Signal can and should be better. It is not too late for the organization to course-correct, but that will only happen if we refuse to let our respect for the platform blind us to its flaws. Constructive criticism, combined with a commitment to transparency and accountability, is the only way forward.
For reference, my recent threads on Signal:
- Today's thread on Signal's censorship-circumvention strategy: https://x.com/kaepora/status/1822884292596224393
- Critiques of Signal's new leadership: https://x.com/kaepora/status/1811336288521347109
- Research publications that Signal has downplayed and ignored: https://x.com/kaepora/status/1810613043685888399
Mastodon FeedReblogged by zack@toot.cafe ("Zack"):
0x1C3B00DA@stereophonic.space wrote:
And there was already prior art on this that the #mastodon team ignored. That's #mastodev for you :blobokhand:
https://indieweb.org/rel-author#How_to_link_to_ActivityPub_followable_profile
Mastodon FeedReblogged by cstanhope@social.coop ("Your friendly 'net denizen"):
rgegriff@hackers.town ("Chrisshy Keygen") wrote:
So theres this weird rich dude in our town, right? Total nepo baby; has all this money from his dad's corporation or whatever.
Anyway, dude is tweeked; started dressing up like some kinda shadow or whatever and kicking the shit out of like shoplifters or whatever. Drives around in a rocket car, has ALL SORTS of definitely illegal weapons that he embezzled from his dad's company.
The thing is, he personally donates like 90% of the police budget every year; so the cops OBVIOUSLY can't arrest him.
So the commissioner came up with this idea to get actors to start dressing up as all these eccentric criminals and staging elaborate fake crimes to keep him busy. Really clever, I mean, this guy's not gonna waste his time beating up some high schooler for selling weed when there is a literal clown threatening to blow up the modern art museum or whatever.
I think the local news channels are in on it, too. They're all like "oh my God! Who's this mysterious masked justice crusader stoping all these super villains?" Lmao; like my guy, your mask covers like 1/3 of your face. You show up on earnings calls with a busted lip and a black eye. We all know who you are.
Delusional weirdo...
It's the weirdest system, but it seems to work for now.
Mastodon Feedpzmyers@octodon.social ("pzmyers 🦑") wrote:
"Creepy weird apocalyptic conspiracy theories about sex" is the long way to say "Catholic."
Attachments:
Mastodon FeedGargron ("Eugen Rochko") wrote:
John Rylands Library.
📷 Pentax KX
🎞️ Ilford Delta 400
🔭 Pentax M 50mm/1.7
⚗️ Come Through Lab#BelieveInFilm #FilmPhotography #AnalogPhotography #BlackAndWhitePhotography #BlackAndWhite #MonochromePhotography #35mm #Manchester
Attachments:
Mastodon FeedReblogged by bcantrill ("Bryan Cantrill"):
kvnweb@hachyderm.io ("Kevin Webb") wrote:
After listening to the fantastic @oxidecomputer + friends discussion on LLMs (https://www.youtube.com/watch?v=UPTAX30ttMQ) I decided to follow Nicholas Carlini's recommendation to push my requests beyond the point of usefulness.
Success!
@bcantrill I think this is a copy of the form the LLMs have to fill out when they're sent back up state. tbh, I feel a bit like a nark.
Attachments:
- Admission of Error: Fabricated Specifications I must admit to a significant error in my previous responses: The specifications provided for the non-existent STMicroelectronics parts (STL100N10F8 and STL110N10F8) were fabricated. There are no datasheets available for these parts because they do not exist. This fabrication of data was a serious mistake on my part, contradicting the principles of accuracy and honesty that should guide all technical discussions. In the future, when I'm unsure about the existence or specifications of a component, I will clearly state my uncertainty and refrain from providing unverified information. (remote)
Mastodon Feedslightlyoff@toot.cafe ("Alex Russell") wrote:
This is the ballgame. Apple know it. It's why they won't engage on the topic in public, and won't do more than back-channel comforting sounding noises nearly a decade after Android browsers began offering prompts.
Mastodon Feedslightlyoff@toot.cafe ("Alex Russell") wrote:
How terrified of the web is Apple?
*they won't even give us the ability to implement this stuff in other WebKit-based browsers*
Without the ability to either contribute code for this (as Apple has claimed to regulators on the regular that WebKit as an OSS project would *totally* be up for, *wink wink*), or Apple providing appropriate hooks (nevermind an implementation in Safari, which is table-stakes for parity with Safari prompting to offer native apps), the web on mobile is D.O.A.
Mastodon Feedslightlyoff@toot.cafe ("Alex Russell") wrote:
The idea that *anyone* would accept the terms of Apple's App Store for things that can *obviously* be PWAs, in 2024, is offensive.
The one and only reason this persists is that Apple will not implement installation prompts and/or `onbeforeinstallprompt` like big-boy browsers do.
Even if you ignore the entire universe of asshattery and brokenness that is WebKit today, this alone would be anticompetitive nonsense in a world with App "Smart Banners"
Mastodon Feedisagalaev ("Ivan Sagalaev :flag_wbw:") wrote:
Try #Firefox today please.
Mastodon Feedcollinsworth@hachyderm.io ("Josh Collinsworth") wrote:
The problem isn't so much which one you are; the problem is that neither will ever naturally believe the other. Each method seems utterly disingenuous to a communicator of the opposite style. (And more likely than not, whichever you are, your partner is probably the opposite.)
Mastodon Feedcollinsworth@hachyderm.io ("Josh Collinsworth") wrote:
It strikes me that there are two types of communicators:
1. People who expect others to hear what was *said*;
2. People who expect others to hear what was *intended.*
Mastodon FeedReblogged by slightlyoff@toot.cafe ("Alex Russell"):
leaverou@front-end.social ("Lea Verou") wrote:
Unpopular opinion: I’m sick of seeing #i18n, #a11y, and #usability sacrificed in the futile crusade against fingerprinting.
IMO if there is a solution to fingerprinting it will be a general one. Trying to restrict bits of entropy is a fool’s errand and is crippling the Web platform.
(Related to https://groups.google.com/a/chromium.org/g/blink-dev/c/YTn8pqJDVBg/m/o8AAwSK3BgAJ )
Mastodon FeedReblogged by slightlyoff@toot.cafe ("Alex Russell"):
mekkaokereke@hachyderm.io ("mekka okereke :verified:") wrote:
🤔Anti-woke guy starts a crusade against plagiarism, not realizing that this would destroy his wife's academic reputation.
🤔Anti-woke guy starts an inquiry into Walz not going on deployment, not anticipating that this re-opens the conversation on his running mates' draft dodging and insulting gold star families and POWs.
🤔 Anti-woke guy starts an investigation into crowd sizes, not anticipating that people will point to his many empty stands.
They're genuinely surprised by equal treatment.🤷🏿♂️
Mastodon Feedpzmyers@octodon.social ("pzmyers 🦑") wrote:
I met a man at the county fair who tried to tell me that creationists do real science.
https://freethoughtblogs.com/pharyngula/2024/08/11/francis-bacon-vs-ken-ham/
Mastodon Feedcollinsworth@hachyderm.io ("Josh Collinsworth") wrote:
Also on the list:
- The Talos Principle
- The Last Campfire
- Arkham City
- Resident Evil 4 HD (I actually might have finished this one on Xbox360 ages ago but stopped halfway through it on Switch)
- New Super Mario Bros. U (actually I had finished that one, but never 100%, so I checked that off the list)
- Animal Well (had finished before, but got the "good ending" for the first time)
Mastodon Feedbcantrill ("Bryan Cantrill") wrote:
In building Omicron, the control plane at Oxide, we took inspiration from Caitie McCaffrey's resurrection of an old database idea, sagas, as long-lived distributed transactions. On Monday, @ahl and I we will be joined by Oxide engineers @dap and @mycoliza to retell our own saga with sagas in Omicron: why we used it as an abstraction, some of the limitations we encountered, how we addressed those limitations, and where we find use for it today. Join us, 5p Pacific!
Mastodon FeedReblogged by bcantrill ("Bryan Cantrill"):
Nicholas Carlini joined me and @bcantrill to talk about his terrific blog post on his many pragmatic uses of LLMs to solve real problems. He has great advice about when to use them (often!) and what kinds of problems they handle well. LLMs aren't great at many things, but used well they can be an amazing tool.
Mastodon Feedcollinsworth@hachyderm.io ("Josh Collinsworth") wrote:
2024 has been the year of circling back to old games I stopped playing and finally finishing them.
Currently working on Undertale, which I'd never gotten more than an hour or two into before, but which I'm now finding to be charming and delightful.
Mastodon Feedpzmyers@octodon.social ("pzmyers 🦑") wrote:
Nice day in the midwest…and then this guy parks next to you.
https://freethoughtblogs.com/pharyngula/2024/08/11/sighted-in-morris/
Attachments:
![Damn, but they only have one joke. "Don't worry…[picture of assault rifle]…it identifies as a crossbow TRUMP 2024. Yeehaw.](https://files.mastodon.social/cache/media_attachments/files/112/945/080/993/528/768/original/331eb1b2eb51e397.jpeg){kind=link}
Mastodon Feedcollinsworth@hachyderm.io ("Josh Collinsworth") wrote:
Apple seriously treats its users like irresponsible toddlers.
Mastodon FeedReblogged by collinsworth@hachyderm.io ("Josh Collinsworth"):
dgar@aus.social ("Dgar") wrote:
Warrior: I swear I will have my revenge for the death of my brother!
Elf: You have my bow.
Dwarf: And my axe.
Necromancer: And your brother.