Skip Navigation

Posts
0
Comments
142
Joined
2 yr. ago

  • Thanks for adding context to this!

  • Also, I've seen accusations of blatant homophobia been thrown around against the founder, haven't looked into that though so no idea how accurate that is

  • I don't understand your negativity. How else would you write a proposal for a completely new system to be talked about, if not in an idealistic and prescriptive manner? That's the first step to then start a discussion about it and find and fix the aspects that people expect to not work in practice.

  • Because Edge is the default browser on the most widespread operating system. If you're using Chrome, you very likely already switched once and are better informed than someone encountering the message on Edge.

  • I transitioned (ugh I hate that word)

    Slightly off topic but I'm curious, why do you hate that word and is there different wording that you'd prefer?

  • It's a way to verify that an app, or any package of data really, actually comes from the source you're expecting it to.

    It's based on some clever math, but basically, an app developer has two very large numbers that share a certain mathematical relationship, but if you only know one of them, it's extremely hard to calculate the other one. One of those numbers (the private key) they keep securely to themselves, the other number (the public key) they publish permanently for everyone to see.

    Now when the releases an app or an update to it, they put both the app and their private key into a special formula, which produces a new big number, called the "signature". Then, they publish both the app and the signature to the play store.

    Now, when your app store sees an update of the app, it won't just blindly trust it, but first check that it's actually legit, so that it doesn't accidentally install a virus or something. To do that, it downloads the app and the signature, and puts them into another special function, together with the public key that was used to sign the version of the app that you currently have installed. Now the clever part is, because of the special mathematical relationship between the public key and the private key, this function can check whether the signature was in fact produced by combining the app with the private key of the developer, without actually having to know that private key. This way, it can now be sure that this app update is actually coming from the original developer - unless they have been compromised and their private key leaked.

    So, technically, saying "it has the same signature" is not quite correct. The signature changes with every update. The thing that's the same and allows to install the update is the key being used to generate the signature.


    This I very close to how (asymmetrically) encrypted messaging works, btw. If you have a key pair like above, you can encrypt a message with one of the keys in a way that it's only decryptable with the other one. This way you can have people send you encrypted messages without anyone else knowing the encryption key, not even the sender of the message.

  • Only for three months, though, because:

    The Irish regulator oversees Meta under the General Data Protection Regulation (GDPR) for the whole of Europe because the tech company has its regional headquarters there. Other European countries such as Norway are able to issue national decisions for a time limit of three months in a "case of urgency" under the GDPR.

  • Those last three input boxes are all parameters to fine tune the operation of the key derivation function, they control the performance and hardware usage characteristics of how to derive the actual database encryption key from your password in order to make it harder to brute force.

    The Transform Rounds input essentially controls how much sequential processing power is needed by repeating a specific part of the KDF more or less often, and thus allows you to determine how long the key derivation will take every time. That's why there's a Benchmark button next to it - it will automatically test on your CPU and determine how many rounds are needed to produce a 1 second delay on your hardware. Which is an acceptable time to wait for your database to unlock, but bad news for someone trying to brute force your password, as it limits how many attempts different passwords they can test in a given time.

    Memory usage controls the amount of memory the KDF needs, and Parallelism controls how many parallel threads are used, both limiting how many parallel attempts at brute forcing your password a potential attacker can run on any given hardware.

    Disclaimer: I'm not a security expert, just a software developer who has come into contact with KDFs quite a bit. If I misrepresented anything above, happy for correction!

  • I’d bet Threads was never supposed to be federated.

    Except they already publicly announced that Threads is going to support ActivityPub and federate with the larger fediverse.

    They just made use of a pre-existing software

    Not in the way you think, I believe. It's not like they used Mastodon as a basis - they can't, at least not without also making their own software open source, which is never gonna happen. No, the software they're using is proprietary and built by them. What they are "reusing" is the ActivityPub protocol, but it's not like that was a cost-saving measure. Without the goal to federate, it would make no sense at all to use ActivityPub.

  • For note taking, you might even get by without self-hosting, looking at software like Obsidian which works perfectly fine with just SyncThing to sync between devices, or just literally any other file syncing solution, self-hosted or otherwise.

  • Yeah. That's what you're supposed to do with modern dishwashers. Scrape off any leftovers, but rinsing is unnecessary and just wastes water.

  • Brickfilming! I make films with Lego using stop motion animation. Takes a lot of patience and my perfectionism is my worst enemy, but it's super rewarding, and there's a really cool community online around it. And yes, my profile picture is from my most recent Brickfilm!

  • I know that, but if that's not the goal, then what else do they hope to achieve by implementing ActivityPub? It means they plan to federate with the larger fediverse, and you can bet that there's a carefully calculated business reasoning behind it.

  • ActivityPub was just an easy protocall to build off of quickly

    If they didn't want to federate, they wouldnt have a need for ActivityPub or any kind of similar protocol.

  • This feels very close to the paradox of tolerance, honestly. To achieve maximum tolerance, you can not tolerate those who are intolerant themselves, or they will destroy you from within. I think something similar applies here. To achieve a maximally open system, be open by default, but only to those who actually share the goal to keep the system as open as possible, and defend vigorously against those who don't.

  • And that's precisely why so many people are calling for everyone to defederate immediately from anything facebook-owned. The only way to prevent this is to not even let them get started.

  • Nobody's talking about censorship. Anybody who wants to see that kind of stuff can still just go to the defederated instance without any problem, and nobody is arguing for that possibility to be taken away.

    Also, no, I'm not glossing over that part. Instead, you seem to be glossing over this part of your own quote:

    as long as we can counter them by rational argument and keep them in check by public opinion

    In an age where transphobic legislation is passed left and right at an alarming rate, you can not tell me in good consciousness that transphobia and similar intolerant ideologies are actually successfully being kept in check by public opinion right now, and rational argument does jack shit, as evidenced by, well, the whole of public discourse about the topic apparently not having any bearing on said legislation.

  • Read up on the Paradox of Tolerance, please. "We must be better than them" is a call for total tolerance, which will inevitably lead to the disappearance of tolerance, and that cannot be allowed to happen. It is simply impossible to have a community where transphobes and trans people coexist happily together, and I'll choose the side that's not trying to hurt others (trans people, in case that wasn't clear) every day.