HackerLangs
TopNewTrendsCommentsPastAskShowJobs

TalkingCodeMonk

no profile record

comments

TalkingCodeMonk
·8 giorni fa·discuss
see other comment https://news.ycombinator.com/item?id=48772802
TalkingCodeMonk
·8 giorni fa·discuss
> That's the whole point of E2EE.

No it's not. The point of E2EE is that only the client apps decrypt/encrypt content, and the server just processes the encrypted bits. Most E2EE service providers do this by encrypting your encryption key. That's how you can login on other devices without you having to store and import an encryption key every time. When you login they send you an encrypted blob that contains your encryption key, which is decrypted client side, then the key is used to decrypt your data locally on the client. This does not break E2EE, but it does mean you have to trust the provider, which is why most of them are entirely open source.

Sharing and emergency access also use similar public key cryptography techniques to provide shared access to E2EE data. A similar principle applies to your phones encryption aswell, and is the reason you can wipe/reset your device in seconds, instead of minutes/hours. They only wipe the encryption key; not the encrypted data.
TalkingCodeMonk
·8 giorni fa·discuss
FYI the setup you mention is not "end-to-end" encrypted. E2EE means client-to-client encrypted, with the server processing encrypted bits only. Your approach is encryption in transit and at rest. At rest is relatively irrelevent for large cloud providers, as they are probably better at managing the lifecycle of disks than most businesses or people. It's unlikely someone's going to physically rob a data center or end up with a refurb drive that hasn't been thoroughly processed and wiped.

It's not necessarily more secure than managed providers either, simply because you are probably not a security engineer, and have far less resources to secure your server. It does prevent Google/iCloud from scraping your data, but it certainly does not mean Hetzner can't access your data. They control the overarching hypervisor and control plane managing your servers/VM's, so there's no way to know what capabilities have been implemented. The majority of what intelligence agencies are capable of has not been leaked or documented publicly.
TalkingCodeMonk
·8 giorni fa·discuss
Sounds like you want your photos on a unencrypted HDD, which you can do regardless of whether or not a cloud service is E2EE, so I don't see how E2EE is an issue...
TalkingCodeMonk
·8 giorni fa·discuss
Why is there "a very good possibility" of losing your photos because they are E2EE? Do you not use a password manager and backup your data?

There is no reason why E2EE services can't provide recovery or emergency access mechanisms, or implement plaintext export functionality from clients for storage elsewhere. Most reputable providers already have functionality to enable recovery and backup.
TalkingCodeMonk
·8 giorni fa·discuss
Seriously! How do techies and devs of all people not understand that the cloud is someone else's computer, and that the best way to prevent leaks, exploitation, or abuse of user data is to prevent anyone from being able to decrypt it but the end users themselves.

IMO this is the single greatest problem with the selfhosted community; the idea that E2EE is only necessary for passwords and other highly sensitive PII. It should be standard for anything hosted on someone else's computer.

You might argue it's not neccessary for cat photos, but mistakes happen and you can accidentally upload things you don't intend to. You might argue it's not neccessary for games, ebooks or other copyrighted media, but the cloud provider could scan and delete anything you own that matches a hash of copyrighted material, at any time. You can accidentally paste a password, or other sensitive piece of text, into any text field of any website or application, and have it distributed to computers around the world.

E2EE can mitigate against numerous attack vectors, and reduces the surface area and blast radius of most attacks. That also applies to your own computers, if someone steals your hardware or hacks into your network. It is vital in the age of AI where all of your data could be exploited for training and profit, or used against you. The only data that should not be E2EE is situations where it is technically impossible, or the data is explicitly shared as "public" (e.g. the clearnet).
TalkingCodeMonk
·9 giorni fa·discuss
A link at the bottom of the page goes directly to a US directory (of only 476 entities): https://www.usworker.coop/directory/
TalkingCodeMonk
·9 giorni fa·discuss
Because of the principle of least privilege: https://wikipedia.org/wiki/Principle_of_least_privilege

All current age verification measures open up a torrent of attack vectors on user PII and privacy. Limiting the number of entities that are able to access data is one of the best ways to prevent it's leak or abuse. Don't let perfection be the enemy of good.

But therein lies the fundamental problem with surveillance capitalism. Until the sale of personal data/metadata is outlawed, the practice of targeting content based on an individuals personal data/metadata is outlawed, there is a highly punitive cost for violations and leaks that make storage outside core business functionality a major criminal and financial risk, and the compilation of this data by "intelligence" agencies it treated as a critical attack vector to national security – the attack on each citizens civil rights that it truly is – most privacy laws and regulations are just virtue signals designed specifically avoid the root causes, and further entrench the power of monopolies and incumbents.

FYI I don't believe Google sells user data. They sell products which leverage user data to give them a critical advantage over every competitor who does not have trackers in everyones pockets/computers, does not store their entire web search/browsing history, etc. It's in the interest of big tech to protect their market advantage (like ZKP, which would prevent competitors from having a new gov-mandated vector to compile user data).
TalkingCodeMonk
·11 giorni fa·discuss
So, if the majority chose to get microchipped, you believe either we should force the minority to get microchipped against their will, or just exclude them from society?

"Your papers, please"
TalkingCodeMonk
·15 giorni fa·discuss
> because of rising prices for consumer electronics, particularly high-end Apple products

Here's your problem. This is not a consumer or Apple-specific issue whatsoever. Computing hardware is critical infrastructure in the digital age. The AI boom is inflating the cost of almost all compute for every business, including the cost of all cloud computing.

It's alot like housing, in that the average cost of housing directly inflates the average cost of living, impacting the poorer many orders of magnitude more than the richer. When all governments, companies, and individuals depend on computers to amplify productivity or deliver services, a significant increase in price will impact every government, company, and indiviudal.

An extremely small number of individuals or orgs being able to dramatically impact critical infra, and the cost of living – regardless of why – is a major national security and supply chain failure. This is the entire reason why monopolies and too-big-to-fail entities are bad for everyone, and anti-trust laws were created to being with; to prevent an extreme minority from influencing markets in such a way that it is detrimental to consumers and other market players or sectors.
TalkingCodeMonk
·16 giorni fa·discuss
They also inexplicably snuck in a 50% increase for the TV 4k, just to be extra greedy.

Treat yoself Tim Apple!
TalkingCodeMonk
·16 giorni fa·discuss
The fact that a dozen companies are allowed to buy up the entire global supply of core components, and increase the cost of living for every human on Earth, is full blown dystopian.
TalkingCodeMonk
·18 giorni fa·discuss
Agreed. More importantly, this long documented history of massive recurring multi-billion dollar fraud and theft – mostly from domestic and international retirement funds – indicates that America is essentially, for all intents and purposes, a plutocratic dictatorship with the illusion of democracy. Ticking a box every few years, when all your options are pre-positioned to continue a criminal status-quo, is neither "democracy" or "by/for the people". This systemic corruption did not materialise out of thin air recently. It has arguably been present all of history (in every economy). It's just accelerated to psychopathic levels of obscene gratuity over the last 2 decades.

This is why I've voted with my wallet the only way I can, by moving all of my investments (including retirement) out of the American market. The rot is far too deep. The few bad apples have entirely spoiled the bunch. I'm not under any illusion other markets will be safe from the fallout, or that I'll make better returns long term, but I do not care. I'm voting the only way I can given the current system. If I'd moved my investments earlier, when I came to this conclusion, I would have actually made significantly larger gains over the last couple of years.
TalkingCodeMonk
·19 giorni fa·discuss
Persona is also a core provider in jurisdications implementing ID laws for social media and other web services.

Considering the ties to Palantir and America's mass surveillance apparatus, one could even argue that a primary goal of the admin could be to use the USA's current AI lead to accelerate the adoption of web ID laws, and global push to deanonymize all web traffic.
TalkingCodeMonk
·19 giorni fa·discuss
I'm not arguing against a base level of empathy and care for maintainers.

I'm arguing FOR a base level of empathy and care FROM maintainers WHO CHOOSE to build for-profit products in the open, and that empathy for all parties should be the base expectation from a healthy community, rather than the narcissistic view of "nobody owes their communities anything, regardless of context".

The narssisist view leads to the behaviour of Minio, Bambu, etc becoming an accepted norm; to the abuse, exploitation, and deterioration of open source communities by for-profit orgs.
TalkingCodeMonk
·19 giorni fa·discuss
Your post changed my prespective on atproto! It also solidified the architectural issues I've had all along with the fediverse, and view that it's more of an interim solution which doesn't resolve the core centralisation and censorship issues; often exacerbating them to the extreme.

Just noticed who you are. Big fan of you're work and approach to problem solving! Do you have any similar posts about alternative protocols in this space, like nostr et al?

I've been ruminating on the incorporation of censorship resistance by adopting core concepts from tor/I2P and Monero using cryptographic techniques for validation and obfuscation that enable users to subscribe to specific communities, chatrooms, or channels within a PDS, so they also operate like private/public-PDS's to replace messaging providers with a uni/multi/any-cast rss. The reason I think this should coexist in the same protocol is that if the hosting provider itself is untrusted by default, and all comms are E2EE between all consumers from the ground up (public comms could contain a decryption key in the response, or one assembled by relays), the individual hosting providers can't choose to selectively filter or censor individual comms they disagree with at any layer, because they can't see the speech, where it's coming from, or where it's going; even for publicly broadcasted comms, until at least after the response has been transmitted to relays (enforced by the protocol).
TalkingCodeMonk
·20 giorni fa·discuss
jhack's perspetive is something that is all too common in tech. The implication that if code is open source the owners and maintainers don't owe consumers anything because "you can always fork or build it yourself"... as if that were ever possible for the average user, or in a digital world where anything you do with a computer depends on endless recursive sub-dependencies.

It's analogous to saying "it's your fault because you didn't read the T&C's", when all the T&C's you've implicitly agreed to already would take more than a human lifetime to read and understand. That is not a reasonable implication or expectation for the vast majority of people, the vast majority of the time; therefore it is logically corrupt, and should not be entertained.

This is ofcourse a fair point of view for 1-few person codebases built for fun, or to solve their own problems, open sourced out of the kindness of their hearts, but when the open source code is built or maintained as part of a job function (receiving a paycheck) &/or to generate profit (either directly or indirectly to influence standards, gain market share, etc) the open-sourcing is more of a means to build trust and becon attention or adoption in the age of relentless enshittification.

Open sourcing should not be an accepted path for profit seeking orgs or individuals to exploit and screw over consumers, as though they are eternal beta testers whose trust and dependence are worthless externalities. It also completely ignores the time and effort consumers must invest themselves to learn your product, workaround any errors, and build it into their workflow. That is arguably worth significantly more than whatever fee they could pay you for your code.
TalkingCodeMonk
·21 giorni fa·discuss
I find it simultaneously amusing and depressing that you took my comment as a promotion of bribery, rather than a stark commentary on the sytemic corruption that has destroyed Americas democracy, and is destroying liberal democracies worldwide.

How the system has self-corrected to empower the most greedy and sociopathic of behaviours, across all private and public institutions, the entire time; so much so that the average person can't even comprehend the root causes, or any solution beyond a simple band-aid non-solution.
TalkingCodeMonk
·22 giorni fa·discuss
Microsoft had it worse because Gates was a megalomaniac who was so self-absorbed he didn't understand he was supposed to bribe via "donations". Tech companies all learned the same as other sectors; it's more profitable to have lobbyists greasing the wheels of corrupt politicians from the get go, and "donate" to their success for a lifetime of consultation and quid pro quo.

This is also why all virtues signaled by corporations should be treated as lies unless they are legally bindable, and there are actual consequences for false and misleading advertising, fraud, etc other than a rounding error and cost of doing business.

It's only been several years since all AI companies signaled virtues about morality and ethics by not working with the military. Now they all do.
TalkingCodeMonk
·23 giorni fa·discuss
> For the EU taxpayer, nothing was gained and nothing was lost.

Except for the "massive" subsidies you advocated for, right? Except for the massive cost to provide utilities and infrastructure to support those businesses? Except for the cost to support the employees they refuse to provide minimum "protections" for? Except for any damage they do to the local environment?

You seem to think that businesses exist in a vaccum where they have no impact on society or its population, except when they succeed and everyone should be eternally grateful. This is the systemic greed and narcissism America exports to the world; not just through its businesses, but its media and population across forums such as this one, and is exactly what I'm talking about.