BitSound @ BitSound @lemmy.world

Posts

6

Comments

293

Joined

2 yr. ago

Physical access means all bets are off, but it's not required for these attacks. If it's got a way to communicate with the outside world, it can get hacked remotely. For example here's an attack that silently took over iphones without the user doing anything. That was used for real to spy on many people, and Apple is pretty good at security. Most devices you own such as cameras with wifi will likely be far worse security-wise.

original image’s timestamp has already been published

"Oh the incorrect information was published, here's the correct info". Again, the map is not the territory.

the whole point of this technology is to remove the need for that trust.

And it utterly fails to achieve that here. I'll put it another way: You have this fancy camera. You get detained by the feds for some reason. While you're detained, they extract your private keys and publish a doctored image, purportedly from your camera. The image is used as evidence to jail you. The digital signature is valid and the public timestamp is verifiable. You later leave jail and sue to get your camera back. You then publish the original image from your camera that proves you shouldn't have been jailed. The digital signature is valid and the public timestamp is verifiable. None of that matters, because you're going to say "trust me, bro". Introducing public signatures via the blockchain has accomplished absolutely nothing.

You're trying to apply blockchain inappropriately. The one thing that publishing like this does is prove that someone knew something at that time. You can't prove that only that person knew something. You can prove that someone had a private key at time X, but you cannot prove that nobody else had it. You can prove that someone had an image with a valid digital signature at time X, but you cannot prove that it is the unaltered original.

The evil maid could take a copy of a legitimate image, modify it, publish it, and say that the original image was faked. If there's a public timestamp of the original image, just say "Oh, hackers published it before I could, but this one is definitely the original". The map is not the territory, and the blockchain is not what actually happened.

Digital signatures and public signatures via blockchain solve nothing here.

They would, but each camera's private key can be extracted from the hardware if you're motivated enough.

If Alice's fancy new camera has the private key extracted by Eve without Alice's knowledge, Eve can send Bob pictures that Bob would then believe are from Alice. If Bob finds out that Alice's key was compromised, then he has to guess as to whether any photo he got from Alice was actually from Eve. Having a public timestamp for the picture doesn't help Bob know anything, since Eve might've gone and created the timestamp herself without Alice's knowledge.

In this case yes, because if it's not perfect, then it's perfectly useless

That doesn't really work. If the private key is leaked, you're left in a quandary of "Well who knew the private key at this timestamp?" and it becomes a guessing game.

Especially in the scenario you posit. Nation-state actors with deep pockets in the middle of a war will find ways to bend hardware to their will. Blindly trusting a record just because it's timestamped is foolish.

And Tom's camera gets hacked by an evil maid and then where are you? Exactly. This is snake oil.

It is decentralized. None of the issues you bring up are proof of centralization. If you get banned from one instance or don't like email verification or whatever your beef is, find an instance with whatever policies you like. If you can't find such an instance, start your own.

If nobody federates with you because your instance is full of people that got banned from everywhere else, that's decentralization in action and maybe you should stop to consider if there's a reason nobody wants to interact with you?

This is tilting at windmills. If someone has physical possession of a piece of hardware, you should assume that it's been compromised down to the silicon, no matter what clever tricks they've tried to stymie hackers with. Also, the analog hole will always exist. Just generate a deepfake and then take a picture of it.

Wheel of Time on Amazon should've been animated. It might not have sold as well or whatever the execs wanted but it would've been way cheaper to produce something so much better.

I'm sure Google has their own shitty reasons, but also get bent, shitheads 🖕

I know it won't happen, but it'd be nice if Linux switched to GPLv3. That would at least help somewhat here

I realize we're probably not going to convince each other over some internet comments, but that's not a philosophy I'd sign up for. Morality is subjective, and I'd rather choose moral principles that don't involve me accepting being massacred.

VLC is the sort of software where if it can't play it, I don't know what else could. I guess I'd also try the ffmpeg command line tool to see if it can figure out what the video file even is, and maybe it could convert it to a regular format.

Also TBH such a video file would be interesting enough that you could probably post it here (if possible, or any metadata you can extract from it) and see if anyone knows how to play it.

It's a nice thought, but doesn't work out so well

Since Word documents are one of your bigger concerns, you can download LibreOffice on one of your current machines and try them out. That's the same program you'd be using on Linux.

It'd have to be a pretty unusual video format to have issues. Similar to above, you can try VLC on Windows and see if there's any issues.

Based on your description, I'd be surprised if you encountered any major issues. I'd recommend trying either Pop! OS if you're OK with a slightly different UI from Windows, or Mint if you want something more comfortable. Note that you can create a LiveUSB stick of either of those, or any other distro. You can then boot your computer from it and take it for a spin to see if there's any obvious issues.

Magnatiles are surprisingly fun

Oh neat. Development had died down, but looks like it's picking back up again and the creator is finding more maintainers. It's what I use on my phone.

There's some not really relevant history, but Zero-K has an extensive single player campaign, and is based on the same engine as BAR:

It just means having to micromanage a particular unit's actions. I like it more when I can say "patrol this area, return fire and advance a bit if necessary, but no further than this", instead of having to flip back to those units constantly to manage them. IMO it's more thematic anyways for a sci fi game, you're probably going to have units with a basic AI in them in-universe.