teri

Thanks Microsoft for admitting that Wimdows sucks. You didn't even try really.

I've seen police in german trains doing precisely this.

Maybe they should also ban lobbying by Google, Microsoft etc.

Honestly I'm not sure what the definition says. But in case of the original axolotl/signal protocol the 'ratchet' construction in my understanding allows to recover from a key compromise given that the attacker is passive (read only). Let's say you have to hand your phone to the police, they disappear with it for a moment and get a copy of all the keys you use for the axolotl protocol. As long as they don't manage to manipulate network traffic but only intercept everything your chat session will 'recover' once a new (EC)DH agreement is completed with your chat partner. This might not happen immediately though in case your chat partner is offline.

This property (securing future messages) can only be achieved with asymmetric cryptography. Securing past messages can in principle be achieved with symmetric cryptography: You could imagine a ratchet mechanism where each chat partner computes a new key by transforming the old key with a entropy-preserving and hard-to-invert function (such as sha3) and then deleting the old key (and also best deleting old messages).

P.S. Just did some reading: https://signal.org/docs/specifications/doubleratchet/

Forward security: Output keys from the past appear random to an adversary who learns the KDF key at some point in time.

Break-in recovery: Future output keys appear random to an adversary who learns the KDF key at some point in time, provided that future inputs have added sufficient entropy.

So what I meant is not called forward secrecy but break-in recovery. Confusing terms.

And it costs innocent people their lives or makes it at least very miserable. Yeah, what to spend billions for...

Use uMatrix and see more sewage

Let's poke the bubble.

In m opinion this is a real risk. In case od Organic maps already started happening. The FOSS community should move away from github and consider alternatives like codeberg.org (germany) or self-hosted forgejo instances to mitigate the risk.

Does anybody care about people in Yemen? Such a fuzz about a stupid group chat while the big story could also be the airstrike and murder of people. What happened in Yemen?

Generally seems an okay idea to me because it allows you to use the rust tool-chain and you can more easily achieve compatibility with other rust code. In fact, there's other languages which do something similar. I remember F* (f-star) which compiles to OCaml.

In thie fesiverse graphic each person has exactly 1 connection to a fediverse thing. But in reality, there can be more. I guess in practice there are often more than one.

That's me most of the time. Does it mean I'm ADHD?