HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Boulth6

no profile record

comments

Boulth6
·vor 5 Jahren·discuss
Agreed on both points. XMPP is nowadays so much different than decades ago. I've migrated my family to Conversations and they're super happy with it.

Google's constant messanger churn tires regular users that just want to communicate instead of taking part in Google's internal political/promotion experiments.
Boulth6
·vor 5 Jahren·discuss
> The Internet never delivered on its promise.

The commercial internet never did. Don't forget about Torrents and lib gen rus. They're part of the internet too.

> The fact that e.g. Netflix offers different movies for every country is something that honestly does not make any sense yet everyone accepts it.

People "accept" it because it's convenient and they are not aware that there are other options. How would you suggest people reject it?
Boulth6
·vor 5 Jahren·discuss
> Where is symmetric key cryptography used for nowadays in normal applications programming?

Practically every time you use asymmetric keys what they really encrypt with them is a symmetric key that encrypts the underlying data. Thus symmetric key cryptography is everywhere, just not directly exposed.
Boulth6
·vor 5 Jahren·discuss
I don't know why but comparing Matrix.org Foundation with standardization organizations such as IETF seems just not right. Maybe it would be more correct to compare Matrix.org with XMPP Software Foundation?
Boulth6
·vor 5 Jahren·discuss
This is mostly for legal reasons and the "for X" where X is a trademark is a common theme. (just look at Google Play store "for Twitter" or "for Reddit").

Looks and sounds weird though!
Boulth6
·vor 5 Jahren·discuss
Thanks for the confirmation!
Boulth6
·vor 5 Jahren·discuss
Indeed that is likely but I wonder why didn't they at least require a Developer's Cerificate of Origin [0] that kernel.org uses. This is really lightweight (just append one line to git commit message) and supposedly provides a minimum legal base for the change. IANAL.

[0]: https://blog.chef.io/introducing-developer-certificate-of-or...
Boulth6
·vor 5 Jahren·discuss
> they have been receiving legal letters from S440 SA demanding the removal of any negative articles and user comments from their websites about the UseCrypt Messenger app

I guess S440 never heard about the Streisand effect....
Boulth6
·vor 5 Jahren·discuss
I was under the impression that DMARC always requires DIIM.

One unanswered question: should the mailing list software rewrite Return-Path? (to detect bounces) wouldn't that trip DKIM alignment?
Boulth6
·vor 5 Jahren·discuss
> To defend against an attacker sideloading a different OS, I rely on secure boot to only load my kernel and hence my userspace.

You could additionally seal the TPM key to specific PCR values so that only booting your kernel would allow using that TPM key.

> kernel, but potentially not root, could be able to change the tpm keys on an x86 system?

Depends on what do you mean by "change". They can't extract private bits but they can remove and add new ones. But if the data is encrypted using the old key it would become bit recoverable.
Boulth6
·vor 5 Jahren·discuss
You may want to check out Dino.im. For easy XMPP there is also Quicksy.im that's a fork of Conversations (from the author of Conversations) but using contact book for people discovery.
Boulth6
·vor 5 Jahren·discuss
I'd rather advise to use Web Key Directory that is trivial to setup (have https and put a key file in one special location). WKD is also widely supported by OpenPGP software (including ProtonMail, GnuPG, OpenKeychain).

See: https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-s...
Boulth6
·vor 6 Jahren·discuss
> Hopefully they'll also build something like Keybase's proof integration https://book.keybase.io/guides/proof-integration-guide as well.

As far as I've seen the proof integration is used only for Mastodon insurances and Keyoxide supports all of them by default: no need to ask for permission, no weird conditions to enter like, instance has to be bigger than N people.

I see this as a way to control who gets into Keybase. A perfect example of centralized control. The idea of programmable proofs looks good though.

> If you have any suggestions as to which E2E (group) messaging+fileshare+git platform I could use as a replacement for Keybase I'm all ears.

Sadly I won't help you with that. There are a number of services that want to eat Keybase's cake now but neither of them hits all points on my scale. So I'm using mostly several different services to get a semblance of the Keybase experience.
Boulth6
·vor 6 Jahren·discuss
> There's things like https://keybase.io that did try to solve this to a reasonable extent, PGP but more modern. It looked hopeful, but Zoom seems to only keep it on life support. Maybe someone will continue

It seems there's already Keybase like solution using OpenPGP only (no centralized infrastructure needed): https://keyoxide.org/
Boulth6
·vor 6 Jahren·discuss
I've seen that with Delphi. The unique factor was that the examples were not a basic call of the function but an actual real world practical sample that usually solved the problem one was looking for.
Boulth6
·vor 6 Jahren·discuss
The press release mentions only FIDO2. Where did you get the OpenPGP smart card bit?
Boulth6
·vor 6 Jahren·discuss
> When I want to reply to someone, do I email the list or the person?

Reply to person, CC the list.

> How do I make sure the emails are threaded properly?

Using In-Reply-To header that references parent Message-ID. Git asks for it when sending a patch.
Boulth6
·vor 6 Jahren·discuss
> This is one of the books which I will gladly buy once more when it is updated.

Agreed, Programming Rust is really nice and I read a dozen of Rust books already. I'll be buying 2nd edition as soon as it's available.
Boulth6
·vor 6 Jahren·discuss
This is a solution to a non-problem. Hosting taken down git repos is easy an due to gits design all developers already have the source code.

The real problem is hosting issues and PRs in such a way. Github has an API and it's possible to script the backup but source code gets backup automatically so when the takedown strikes it's not a big problem.