• 40 Posts
  • 255 Comments
Joined 1 year ago
cake
Cake day: July 17th, 2023

help-circle
  • Ah well that’s certainly fair enough, I had no idea it’s a Google-encumbered format.

    Not sure I’ve ever “voluntarily” converted something to webp. Many Lemmy instances’ pict-rs setups seem to use it, my home instance sopuli.xyz obviously being one of them, which I guess is a sort of a funny choice considering




  • hydroptic@sopuli.xyzOPtoMemes@lemmy.mlThis is unironically fine
    link
    fedilink
    arrow-up
    21
    ·
    edit-2
    15 days ago

    Exactly so!

    While I’ll definitely do what I can to try and influence the trajectory we’re on I’m just one person with very little power, and I’m not exactly optimistic about how things are going and figure that at some point something like this meme will be the best I can do






  • hydroptic@sopuli.xyztoMemes@lemmy.mlMath
    link
    fedilink
    arrow-up
    40
    arrow-down
    1
    ·
    edit-2
    1 month ago

    Yeah it was a middle school thing in Finland too, at least in the 90’s.

    I did an exchange year in the US in my 2nd high school year, and I was honestly a bit surprised at how… well, simple it all was. I was a senior in the US and I’d learned just about everything they taught that wasn’t specific to the US or the English language (and even some of those…) either in my 1st year in high school or in middle school.



  • With “guarantees” I meant things like whether you want to have perfect forward secrecy, or whether you want to provide some degree of deniability, and so on, not so much what kinds of guarantees you’re relying on although they’re definitely also good to keep in mind.

    “As secure as possible” is a very all-encompassing goal which doesn’t really say much – what I was trying to get at with my point about the guarantees you want to make is that you’ll want to have a clear idea of what you actually mean with “as secure as possible” so you’ll know what sort of eg. architectural decisions to make before you do a lot of work and paint yourself into a corner.

    It’s a very ambitious project, but I can guarantee it’ll probably be very interesting to work on and you’ll learn a lot regardless of the outcome, and I’m definitely rooting for you.


  • I have a background in distributed systems and some background in security (I’m by no means a cryptography expert but I do know more about the subject than average developers), and I’d say that at this stage you shouldn’t worry too much about meeting all parts of some guideline or another; they’re often geared more towards bigger teams and slightly more established projects. What I think could benefit you would be first of all to have a clear idea of what exactly you want to accomplish (from a security standpoint, not necessarily so much from a functionality standpoint) if you don’t already have have one, ie. what sort of guarantees do you want to be able to make. Doesn’t have to even be a public document at first, just some notes and sketches for yourself. Then you’d want to find other projects with similar guarantees and aims and see how they did things, find research papers on the subjects and so on. Security guidelines can be useful, but generally it’s more useful to understand why something is in a guideline in the first place. For a project such as yourst I would personally really emphasize design documents and research over code at an early stage, because you need to have a clear goal in mind before you start cranking out code which might turn out to be worthless (at least to some degree) after you run into problems with your approach. Not saying that the documentation has to be public, just that you / the team know exactly what the goal is.

    “Encrypted P2P chat” can mean vastly different kinds of projects, with very different aims. For example, do you want perfect forward secrecy? If so, you’d want to find out the challenges associated with it, especially in relation to interactivity since you’re building a P2P architecture, etc. etc. Same with anonymity / user “traceability” like I mentioned earlier; you need to have a clear picture of what kinds of guarantees do you want the users to have to be even able to say what kinds of best practices you’d have to follow.

    Sorry, that turned into a bit of a ramble and might be completely obvious to you already, since I have no idea about your background and the level of research you’ve already done.



  • Right that makes sense.

    But yeah, after glancing through the links you provided, I’d agree that you’ll definitely need to pay someone for an audit / review, there are so many pitfalls and gotchas when it comes to encryption alone, and depending on the guarantees you want to be able to make you’ll find even more pitfalls and gotchas – especially if you want to make even relatively light guarantees about anonymity. The classic problem is that even with encrypted payloads the metadata / protocol itself leaks information, which might or might not be a problem depending on what your guarantees are.





  • hydroptic@sopuli.xyztoMemes@lemmy.mlAmazing app ideas
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    edit-2
    1 month ago

    Oh yeah it’s obviously a shit idea, but that generally doesn’t stop executives when they think there’s money to be made – considering how eg. YouTube’s trying to stop you from blocking ads and will apparently start showing ads when videos are paused, requiring attention seems like a logical next step to drive that CPM up to fund the CEO’s new yacht


  • hydroptic@sopuli.xyztoMemes@lemmy.mlAmazing app ideas
    link
    fedilink
    arrow-up
    23
    arrow-down
    1
    ·
    edit-2
    1 month ago

    But they haven’t released a TV with that feature yet though, and if I remember right that patent’s fairly old – something like 10–15 years.

    Wonder what’s kept them from actually doing it. Maybe even Sony suits understood it’d be a fucking disaster from a marketing perspective?

    Edit: the patent was filed in 2009