HackerTrans
TopNewTrendsCommentsPastAskShowJobs

sasas

no profile record

comments

sasas
·26 ngày trước·discuss
Turns out it was intentional. https://news.ycombinator.com/item?id=48550425
sasas
·26 ngày trước·discuss
The author may well disagree.

https://news.ycombinator.com/item?id=48550425
sasas
·26 ngày trước·discuss
Thanks for the clarifying the situation. Something did feel a bit off but I didn't want to jump to any premature conclusions.

The author has clearly put quite some investment in writing their book, it's a shame and hard to understand that someone would self sabotage by plagiarising the work of others - Especially to someone donating their own free time to initially help out.

> But I have only myself to blame for opensourcing the code of my books/website and thinking people would use it as intended.

Even if you had not, perhaps this scenario would have still eventuated.

Keep up the good work. Any new books planned on the horizon?
sasas
·27 ngày trước·discuss
Understood. It's reasonable to call out potential conflict while also being unclear on intention. Something as simple in the Keen book author acknowledging the proofreader would put to rest the ambiguity central to the discussion point in contention.
sasas
·27 ngày trước·discuss
It's often helpful not to immediately assume bad faith without further enquiry. It appears that Fabien had reviewed the book beforehand and he has reposted John Carmack's tweet[1] linking the book.

[1] https://x.com/ID_AA_Carmack/status/2066577536339923091
sasas
·27 ngày trước·discuss
The book's source has verbatim copy and pasted TeX ripped from Fabien's books which was licensed under GPL.
sasas
·27 ngày trước·discuss
How do you feel about this book mirroring your prior art in both format and structure? Were you consulted beforehand?

[EDIT] - I see in the Keen book's source git commit logs that you reviewed and assisted with proof reading beforehand, so may we assume that this is all above board and sanctioned by you?
sasas
·27 ngày trước·discuss
It appears the author is leveraging Fabien's branding by copying not only the style of post but more importantly the formatting and style of Fabien's books. Even structurally the book appears quite similar.

If you didn't double check the author while skimming this Keen book, you may well be mistaken that it was written by Fabien.

I took a quick skim of the content, it looks great - tempted to purchase a copy to support the author for their efforts (and have it sit on the bookshelf next to two other very similar looking books...) but need to sit on this for a while.

Maybe I'm overthinking this. Would like to hear Fabien's take on the situation.

[EDIT] It looks that the Keen book author copied and pasted direct sections[1] out of Fabien's book's TeX[2].

[EDIT] The git commit history has comments that indicate that Fabien reviewed the book, e.g. "updated all chapters after feedback Fabien" and "Proofread Fabien Sanglard en hardcopy review", so perhaps this is all sanctioned.

[1] https://github.com/bsmits74/Keen_White_Papers/blob/master/sr...

[2] https://github.com/fabiensanglard/gebbdoom/blob/master/src/b...
sasas
·4 năm trước·discuss
Thanks for taking the time to respond. As SuptleCrypto's states themselves:

> Warning: This API provides a number of low-level cryptographic primitives. It's very easy to misuse them, and the pitfalls involved can be very subtle. Even assuming you use the basic cryptographic functions correctly, secure key management and overall security system design are extremely hard to get right, and are generally the domain of specialist security experts.

Errors in security system design and implementation can make the security of the system completely ineffective.

Given the potential volume of people's personal data that might be stored, this is certainly an area you would want to get right.
sasas
·4 năm trước·discuss
Your response indicates you may have limited knowledge on the topic.

> what do you think is more likely, that the tiny team of 6 invested a ton of time reinventing the wheel with a custom in-house AES implementation

AES is a cryptographic primitive. No one ever implements their own. What developers implement is the cryptographic system - the block cipher mode, initialisation vectors, rounds, salting etc. It all very easy to get this wrong. Their site does state they use GCM cipher mode which is the right choice (say over ECB, CBC…)

> which you can verify with wireshark

Viewing encrypted material in a packet capture is meaningless and provides zero assurances

> What exactly are your concerns, given that the data isn't encrypted locally in the first place?

The encrypted data in their cloud solution is adequately protected.

Companies that take end to end encryption seriously will generally provide details on how they went about their cryptographic system.

For example, is the encryption key derived from the password? If so what is the key derivation function? How many rounds didn’t get select? These are generally the responsibility of the developer to responsibly choose.
sasas
·4 năm trước·discuss
From the link:

> AES-256 is a military-grade encryption specification that's widely used in for example online banking.

The term “military grade” is meaningless and if anything raises a red flag (at least to me). What would be more useful is a detailed spec on the implementation.

Are the crypto routines implemented in house or has a well tested library been used? If in house, had there been an external code audit done? What were the results ?