Readit News logoReadit News
upofadown commented on Leaving Gmail for Mailbox.org   giuliomagnifico.blog/post... · Posted by u/giuliomagnifico
tamimio · a day ago
I am a person who doesn't have any brand loyalty. If there's something else that's better or has the same features at the same cost, I will go for it. That being said, Fastmail has been great. Besides the unlimited domains and masked email features, I never had an issue with my emails ending up in someone else's spam folder. This is crucial to me not to lose a client or a job, or even government communications. Some might argue about security/privacy, but emails are never meant to be that medium for secure communications. Even with PGP you would still leak metadata, so if you are after security, don't use email. Other than that, I will be after reliability and ease of use features.
upofadown · a day ago
In particular, encrypted email provides privacy but not anonymity. You need some sort of onion routing system for that. Back in the day people would set up such routing systems for email.

It turns out that most people don't really need anonymity. That is why most systems these days don't bother the user with all the associated hassle. Briar and Session come to mind as contemporary examples of such things.

upofadown commented on "Remove mentions of XSLT from the html spec"   github.com/whatwg/html/pu... · Posted by u/troupo
spankalee · 5 days ago
A few things to note:

- This isn't Chrome doing this unilaterally. https://github.com/whatwg/html/issues/11523 shows that representatives from every browser are supportive and there have been discussions about this in standards meetings: https://github.com/whatwg/html/issues/11146#issuecomment-275...

- You can see from the WHATNOT meeting agenda that it was a Mozilla engineer who brought it up last time.

- Opening a PR doesn't necessarily mean that it'll be merged. Notice the unchecked tasks - there's a lot to still do on this one. Even so, give the cross-vendor support for this is seems likely to proceed at some point.

upofadown · 5 days ago
The implementations are owned by the implementers. Who owns the actual standard, the implementers or the users?
upofadown commented on The beauty of a text only webpage   albanbrooke.com/the-beaut... · Posted by u/speckx
accrual · 9 days ago
Pros on cons I suppose. I liked the monospace font and I think it works well for some content, especially shorter form content.

IMO a nice serif font is ideal for long form content though. I remember reading the serifs help guide ones eyes into the next character and create more unique shapes than sans or monospace.

upofadown · 9 days ago
There has been some recent research on this sort of thing. It ends up being whatever you are used to. Everyone used to think serif was better for reading but then everyone started reading a lot of sans on computer screens. So now people think sans is somehow inherently better.

It's the same for mono vs proportional spacing. You are better at reading that which you have the most practice with. Most people are not used to reading monospaced prose even if they have seen a lot of monospaced code.

upofadown commented on OpenSSH Post-Quantum Cryptography   openssh.com/pq.html... · Posted by u/throw0101d
ziofill · 12 days ago
Nowhere near close, but getting every day closer. And you should factor in for how long secrets need to last.
upofadown · 12 days ago
Progress to date at using quantum effects to break cryptography has been zero.
upofadown commented on At a Loss for Words: A flawed idea is teaching kids to be poor readers (2019)   apmreports.org/episode/20... · Posted by u/Akronymus
upofadown · 21 days ago
The experimental science behind this revolution in understanding the cognition of reading is pretty interesting. One of the things that is done is to switch the text on the screen while the subject is moving their eyes to see how badly it messes up the reading process. Here is an article that talks about this research in relation to the long accepted, but now discredited, idea that word shape is important in reading.

* https://learn.microsoft.com/en-ca/typography/develop/word-re...

BTW, this in turn suggests that the long accepted idea that lower case is easer to read than upper case is also wrong.

Posted by u/upofadown 25 days ago
Polarizing Parsersflak.tedunangst.com/post/...
Posted by u/upofadown a month ago
XMPP: When a 25-Year-Old Protocol Becomes Strategic Againprocess-one.net/blog/xmpp...
upofadown commented on Google spoofed via DKIM replay attack: A technical breakdown   easydmarc.com/blog/google... · Posted by u/frasermarlow
upofadown · a month ago
People keep trying to use DMARC as some sort of sender authorization scheme. It continues to be a server reputation scheme.

An unsigned email is still anonymous, no matter what DKIM and SPF say. It should be treated as such. No one should ever think: This email passed through a Google email server at one point. It must be legit.

upofadown commented on Fun with gzip bombs and email clients   grepular.com/Fun_with_Gzi... · Posted by u/bundie
upofadown · a month ago
Yet another reason to prevent emails from downloading stuff from remote servers...

It appears that you can't do these sorts of things with with CID embedded images...

upofadown commented on Why you should delete WhatsApp and install Signal   andrewsteele.co.uk/blog/2... · Posted by u/ColinWright
maqp · a month ago
So it goes something like this

1. Attacker does TLS-MITM with rogue certificate to replace the the public key of user B on their website with the attacker's public key in real time

2. A gets the MITM attacker's public key instead.

3. A sends introductory message containing their public key.

4. MITM replaces A's public key with that of theirs with colliding fingerprint

5. MITM keeps reading messages in between.

Later when they meet and compare public key fingerprints, they won't detect the attack.

This makes a lot of assumptions, but it's merely complex in terms of number of steps. It's not computationally infeasible.

Also, a better attack is of course to just hack the endpoints and exfiltrate private keys and passively read all messages since PGP lacks forward secrecy, and since that's according to Snowden, been happening for over 10 years, it's probably the modern approach. Much less noisy.

upofadown · a month ago
MITM can't create a collision with a preexisting fingerprint. That would be a preimage attack. SHA-1 has not been broken in that way.
u

u/upofadown

KarmaCake day6191December 17, 2013View Original