Readit News logoReadit News
Boulth6 commented on The history of Google messaging apps   arstechnica.com/gadgets/2... · Posted by u/TangerineDream
puzzlingcaptcha · 4 years ago
I've been a long-time user of Google Talk. No-nonsense, lightweight (installer was sub-2MB!) chat client that talked to just about anything else. And unlike open-source Jabber clients at the time it had a killer feature: centralized and searchable message archive when XMPP crowd was only starting to think about XEP-0313.

Fortunately XMPP has caught up in the past decade feature-wise (except cross-platform video calls I guess) and I managed to convince some friends to use Conversations but this could have played out differently had it not been for G+.

Boulth6 · 4 years ago
Agreed on both points. XMPP is nowadays so much different than decades ago. I've migrated my family to Conversations and they're super happy with it.

Google's constant messanger churn tires regular users that just want to communicate instead of taking part in Google's internal political/promotion experiments.

Boulth6 commented on EU withheld a study that shows piracy doesn't hurt sales (2017)   engadget.com/2017-09-22-e... · Posted by u/seesawtron
marshallbananas · 5 years ago
As someone who grew up in Eastern Europe in the early 2000s, with a a taste for Western media, especially movies, and the Internet becoming a widespread thing, it was infuriating waiting for movies to come to theaters months behind the rest of the world. Not to mention the horrible country specific posters and advertising, limited availability and titles. Piracy was the only option.

It felt like the Internet would solve all these problems, like you'd be able to experience culture from any part of the world however you liked and at the same time as the rest of the world. Sadly that never happened. It's much better now but it still feels like the media is crippled by old local distributor deals. The fact that e.g. Netflix offers different movies for every country is something that honestly does not make any sense yet everyone accepts it.

When I got my first Kindle 12 years ago my Amazon account was registered with my local European address so the books available in store were all complete trash romance pulp novels. Once I simply changed my home address to some random location in New York I suddenly had access to hundreds of thousands more titles. The Internet never delivered on its promise.

Boulth6 · 5 years ago
> The Internet never delivered on its promise.

The commercial internet never did. Don't forget about Torrents and lib gen rus. They're part of the internet too.

> The fact that e.g. Netflix offers different movies for every country is something that honestly does not make any sense yet everyone accepts it.

People "accept" it because it's convenient and they are not aware that there are other options. How would you suggest people reject it?

Boulth6 commented on How I Learned Symmetric-Key Cryptanalysis   akircanski.github.io/cryp... · Posted by u/aleks224
arciini · 5 years ago
It's kinda surprising that symmetric-key algorithms have been so resistant to attacks. I'm primarily an applications developer, and I feel like I've used tons of asymmetric key algorithms. Where is symmetric key cryptography used for nowadays in normal applications programming?

Are there places where it would be well-suited, but we don't really use it because the default is reaching for our public keys?

Boulth6 · 5 years ago
> Where is symmetric key cryptography used for nowadays in normal applications programming?

Practically every time you use asymmetric keys what they really encrypt with them is a symmetric key that encrypts the underlying data. Thus symmetric key cryptography is everywhere, just not directly exposed.

Boulth6 commented on Welcome to Libera Chat   libera.chat/news/welcome-... · Posted by u/smitop
Arathorn · 5 years ago
yup, much as the W3C and IETF "companies" decide what they want to do with proposals to their standards bodies. The Matrix.org Foundation is a non-profit foundation too.
Boulth6 · 5 years ago
I don't know why but comparing Matrix.org Foundation with standardization organizations such as IETF seems just not right. Maybe it would be more correct to compare Matrix.org with XMPP Software Foundation?
Boulth6 commented on Rust for Windows 0.9   blogs.windows.com/windows... · Posted by u/chenzhekl
turbinerneiter · 5 years ago
I feel like MS naming convention are flipped on the head.

Rust for Windows -> a version of Rust for Windows? Windows Library for Rust -> a library for Rust that allows to interface with Windows APIs

Same with Windows Subsystem for Linux. It's a Linux system for Windows.

But hey, that's just names. Nice for win-devs to get more languages supported.

Boulth6 · 5 years ago
This is mostly for legal reasons and the "for X" where X is a trademark is a common theme. (just look at Google Play store "for Twitter" or "for Reddit").

Looks and sounds weird though!

Boulth6 commented on OpenSearch: AWS fork of Elasticsearch and Kibana   aws.amazon.com/blogs/open... · Posted by u/ke4qqq
conroy · 5 years ago
I just opened a pull request to fix a few typos in the README. They are requiring a Developer's Certificate of Origin.
Boulth6 · 5 years ago
Thanks for the confirmation!
Boulth6 commented on OpenSearch: AWS fork of Elasticsearch and Kibana   aws.amazon.com/blogs/open... · Posted by u/ke4qqq
resoluteteeth · 5 years ago
> Makes me wonder what these are for (copyright transfer) and why they decided it’s not needed. It also makes me wonder if this sort of thing has ever been taken/tested in court or if it’s paranoid friction with little value add.

Some companies/projects might use them purely to avoid possible future legal headaches (I think GNU does this), and I'm not sure to what degree that has actually been tested, but they can also allow re-licensing under a different license which is more clear cut and I think that's more the issue here

Amazon is trying to say that they'll never relicense the code, so they have no need to take ownership over contributions.

Boulth6 · 5 years ago
Indeed that is likely but I wonder why didn't they at least require a Developer's Cerificate of Origin [0] that kernel.org uses. This is really lightweight (just append one line to git commit message) and supposedly provides a minimum legal base for the change. IANAL.

[0]: https://blog.chef.io/introducing-developer-certificate-of-or...

Boulth6 commented on Polish blogger sued after revealing security issue in UseCrypt messenger   therecord.media/polish-bl... · Posted by u/WarOnPrivacy
Boulth6 · 5 years ago
> they have been receiving legal letters from S440 SA demanding the removal of any negative articles and user comments from their websites about the UseCrypt Messenger app

I guess S440 never heard about the Streisand effect....

Boulth6 commented on Actually, DMARC works fine with mailing lists (2018)   begriffs.com/posts/2018-0... · Posted by u/pabs3
Boulth6 · 5 years ago
I was under the impression that DMARC always requires DIIM.

One unanswered question: should the mailing list software rewrite Return-Path? (to detect bounces) wouldn't that trip DKIM alignment?

Boulth6 commented on Enable hibernation when Lockdown is enabled   lore.kernel.org/lkml/2021... · Posted by u/doener
mtzet · 5 years ago
> In 2012 Microsoft started requiring vendors ship systems with UEFI Secure Boot, a firmware feature that allowed[5] systems to refuse to boot anything without an appropriate signature. This not only enabled the creation of a system that drew a strong boundary between root and kernel, it arguably required one - what's the point of restricting what the firmware will stick in ring 0 if root can just throw more code in there afterwards?

I still think there's plenty of point. I usually don't care about what ring0 can do; I care about what the system can do. Root can steal or destroy my data, or make my system do bad things.

The reason for restricting what kernel will be loaded, is to restrict what will happen at userspace.

A common use-case is bitlocker-style encryption. The system decrypts my harddrive using keys from the TPM. My own userspace is secured at the userspace-level using a login prompt. To defend against an attacker sideloading a different OS, I rely on secure boot to only load my kernel and hence my userspace.

I'm actually having a bit of a hard time finding really good usecases for this lockdown feature. On embedded systems the secure boot keys are often fused in, but I suppose the kernel, but potentially not root, could be able to change the tpm keys on an x86 system?

Boulth6 · 5 years ago
> To defend against an attacker sideloading a different OS, I rely on secure boot to only load my kernel and hence my userspace.

You could additionally seal the TPM key to specific PCR values so that only booting your kernel would allow using that TPM key.

> kernel, but potentially not root, could be able to change the tpm keys on an x86 system?

Depends on what do you mean by "change". They can't extract private bits but they can remove and add new ones. But if the data is encrypted using the old key it would become bit recoverable.

B

u/Boulth6

KarmaCake day99July 1, 2020View Original