HackerTrans
TopNewTrendsCommentsPastAskShowJobs

gyush

no profile record

Submissions

Mac-sudo-touchid: When coding agents sudo, use touch ID instead of password

github.com
3 points·by gyush·เดือนที่แล้ว·0 comments

Guthib: GitHub, but Dyslexic

guthib.mattbasta.workers.dev
2 points·by gyush·2 ปีที่แล้ว·0 comments

comments

gyush
·2 เดือนที่ผ่านมา·discuss
It seems to me that comments here are reading this as saying attestation is bad, when the real argument is that attestation should explicitly provide a path of inclusion for non-Apple and Google providers.

The headline seems to make the statement that Apple and Google are evil and doing this for monopoly lock-in, and GrapheneOS, a competitor, will stand for the people against that. But given their final counterpoint is that they should have been included too and they rant about being rejected from Google's Play Integrity API for unclear reasons they claim are malicious, it seems they do acknowledge there's security value here: we do critically need for full-chain-of-signature attestations for critical identity data, the only way to avoid someone using AI to create fraud identities trivially.
gyush
·2 ปีที่แล้ว·discuss
> As well as authenticating a message, they also provide third-party verifiability and (part of) non-repudiation.

I think digital signatures and third party verification are an incredibly useful feature. The ability to prove you received some data from some third party lets you prove things about yourself, and enables better data privacy long-term, especially when you have selective disclosure when combined with zero knowledge proofs. See: https://www.andrewclu.com/sign-everything -- the ability to make all your data self-sovereign and selectively prove data to the outside world (i.e. prove I'm over 18 without showing my whole passport) can be extremely beneficial, especially as we move towards a world of AI generated content where provenant proofs can prove content origin to third parties. You're right that post quantum signature research is still in progress, but I suspect that until post-quantum supremacy, it's still useful (and by then I hope we'll have fast and small post quantum signature schemes).

EU's digital signatures let you do this for your IDs and https://www.openpassport.app/ lets you do this for any country passport, but imagine you could do this for all your social media data, personal info, and login details. we could have full selective privacy online, but only if everyone uses digital signatures instead of HMACs.