HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cassonmars

623 karmajoined il y a 5 ans
Just an engineer that doesn’t believe in “impossible”.

comments

cassonmars
·il y a 6 jours·discuss
Your argument would be far more charitable if NIST had not already been caught pushing a broken standard at the behest of the NSA before. DJB might be combative and somewhat caustic, but the one thing he's never been, given enough time in the retrospect to show it, is wrong.
cassonmars
·il y a 10 jours·discuss
The problem with attempting to provide universal healthcare in the united states is that, despite health professionals attesting to the necessity and validity of certain health related topics, the current administration in particular is very keen about stripping away access to these forms of care, as far as they legally can (medicare/medicaid, VA, federal funding).

UHC requires the removal of politicians from qualified input, and this country's politicians love nothing more than to get overly involved in things they know nothing about.
cassonmars
·il y a 23 jours·discuss
This feels like a strange take to me. With the internet, it has never been easier for people anywhere in the (connected) world to find an audience, which we've seen to great and detrimental effects. Prior to this, reaching widespread audiences _required_ powerful entities (publishers, marketers, broadcasters).

Why do you feel differently?
cassonmars
·le mois dernier·discuss
Save a click: no public information exists yet.
cassonmars
·il y a 2 mois·discuss
For a basic CRDT set, merge rules have to have some kind of temporality basis in the messages such that commutativity is preserved. usually it's a timestamp, sometimes it's an unforgeable value like a hash, e.g. A: { "prev_hash": null, "content": "foobar" } B: { "prev_hash": "<hash of A>", "content": "foobarbaz" } C: { "prev_hash": "<hash of B>", "content": "foobaz" }

and when played out of order, it's guaranteed to resolve to foobaz eventually or immediately, depending on when messages are received

when you encounter the scenario of a fork, there's usually a fork resolution rule, e.g. D: { "prev_hash": "<hash of B>", "content": "foobazbar" }

to resolve C vs D, sort lexicographically, choose direction of sort order and pick first

When you have non-continuous data due to messages dropping, e.g. you have B and perhaps an E that builds on C, you can either use the same lexicographic rule, or make the hash basis a combination of timestamp and hash, so you get temporality and lineage.

As for deletes, you have either the single set approach of simply making the message content empty and that _is_ the delete, or you have the 2-phase sets, where there exists an add set and a delete set.

Quite a few ways to approach it, but commutativity can be readily preserved.
cassonmars
·il y a 2 mois·discuss
based
cassonmars
·il y a 3 mois·discuss
As you are someone building cryptographic libraries used by people all over the world, which includes those who might be seen as "enemies" by the organization in question, this is not a gradient — it's quite binary in nature.
cassonmars
·il y a 3 mois·discuss
I genuinely do not understand how someone working in the capacity that you do, for things that matter universally for people, can contend that an organization who is intentionally engaging in NOBUS backdoors can be remotely trusted at all.

That is insanely irresponsible and genuinely concerning. I don't care if they have a magical ring that defies all laws of physics and assuredly prevents any adversary stealing the backdoor. If an organization is implementing _ANY_ backdoor, they are an adversary from a security perspective and their guidance should be treated as such.
cassonmars
·il y a 4 mois·discuss
It's insane to me that Stripe cancels accounts when they get used for card testing. I get that it's because the onus would be on them otherwise, but the problem is that the onus is on anyone but the card companies in the first place.
cassonmars
·il y a 4 mois·discuss
How do you propose fixing the corruption?
cassonmars
·il y a 4 mois·discuss
PFS is valuable largely in stable, small groups that rarely change shape or association.

PFS in an open, freely-associable environment is far more complicated when you move beyond even the smallest of group sizes. Realistically, once the group size is beyond Dunbar's number you can reasonably assume that PFS is moot, because you no longer can depend on maybe four or five people's personal security, but 150+. Statistically, someone's opsec failure will be guaranteed.
cassonmars
·il y a 4 mois·discuss
You can if the manufacturer has a track record that refutes the notion, and especially if they have verifiable hardware matching publicly disclosed circuit designs. But this is Intel, with their track record, I wouldn't trust it even if the schematics were public. Intel ME not being disable-able by consumers, while being entirely omitted for certain classes of government buyers tells me everything I need to know.
cassonmars
·il y a 4 mois·discuss
Yes!
cassonmars
·il y a 4 mois·discuss
It's simple. Don't comply. Software engineers, despite not having the same requirement of mechanical engineers, should uphold the ethical obligations of their craft. This law is harmful. Given the requirement of compelled speech, given code has been _proven_ to be such, Do. Not. Comply.
cassonmars
·il y a 4 mois·discuss
This is funny as most Michelin star chefs I've had the luxury of knowing love fast food
cassonmars
·il y a 5 mois·discuss
And Cluely
cassonmars
·il y a 6 mois·discuss
I had the same confusion reading this – what kind of go-based webservice framework can you discretely deploy new handlers without restarts/redeploys? Would be a really awesome thing to have!
cassonmars
·il y a 7 mois·discuss
or you're working in embedded systems, machine learning, cryptography, or any other specialized field where being clever is very important
cassonmars
·il y a 7 mois·discuss
You would likely enjoy Isaac Asimov's "Profession": https://www.abelard.org/asimov.php
cassonmars
·il y a 7 mois·discuss
The hard part _includes_ the crypto and the sandboxing. Short of playing security theater games like "chuck it in a TEE", the moment your data needs any kind of processing, or possesses relationships with other users data (or their ability to view your data, like a social media feed), the complexity increases exponentially.