Setting up DoH, I already provide the expected name AND an IP. No need for plain DNS at any step. There’s no reason a corporate TV can’t do that either.

How about no, for a change.

And everytime I get a document in a Microsoft format I send a reply asking if this or that is supposed to look that way or be that value. Yet it’s the open format and tools that’s an issue somehow.

sigh

zip

There was this chapter in an XKCD book talking about where does tire particles goes. From memory, it said “there are many answers to that question and none of them are good”.

Yeah. I got a hunch of that a while ago, while trying some “old” scenarios of de-anonymization we used to do by hand. Just asking questions and posting pictures got surprisingly accurate results. A single picture with (to me) no significant landmark could lead to localizing a specific part of a city, and that was using a local LLM with a relatively small model, running on a 16GB VRAM 4060Ti.

It is now time to remember fondly the time where the younger people were warned by older people to not post all their stuff online, not over-share, be cautious about strangers, etc. I’m not sure when we lost that, but oh boy, it’s a festival.

No, I don’t think I wil.

Microsoft-supported formats are badly documented, and regularly broken by updates of the software before changes are understood (if there’s even an update to the loose spec we used to have). That’s a problem.

That’s… not applicable here. Like, at all. To reproduce a printed document, you input it. To make a 3D print, you produce tailored list of operations depending on many, many settings. Usually, the file that reach the printer have little in the way of knowing what is printed, aside from expensive reconstruction that would only give the general shape, if even that. And even if you can send actual 3D model files to a printer that would do the slicing locally, there’s no “absolutely required” fingerprint there. A tube is a tube.

And, just so you know, there’s a slew of public printers and scanners that will just plain not recognize any of this, too. There’s also some “protection” pattern in some official document; large office printers would choke on them, where a home scanner was fine. This is, at best, only enforceable in the flimsiest of ways.

Let’s entertain the thought. How would one identify what is a gun part being printed, and what is a tube, a mechanical latch, or whatever else. Heck, I printed a plastic replica of a movie prop once. Would that be illegal?

I mean, I’m not in the US, and I know how to drive three steppers according to a list of extremely basic instructions that never ever represent anything “final part-y” looking, but the question remains. How do we go from “lots of gcode” to “yep, that’s definitely illegal” without saying that everything is illegal?

That’s basically what we used to do before big printer came in :D

Private workshop are next on the chopping block, then. Totally feasible. /s

It’s already trickling down : from public government money to private business owners.

If the entire supply chain up to the software you’re running to perform actual decryption is compromised, then the decrypted data is vulnerable. I mean, yeah? That’s why we use open-source clients and check builds/use builds from separate source, so that the compromission of one actor does not compromise the whole chain. Server (if any) is managed by one entity and only manage access control + encrypted data, client from separate trusted source manage decryption, and the general safety of your whole system remain your responsibility.

Security requires a modicum of awareness and implication from the users, always. The only news here is that people apparently never consider supply chain attacks up until now?

a novelty security feature for hubcaps that you don’t want to be removed too easily

If this picks up, the people you’d want to not be able to remove these too easily will be the first to have the adequate tools to remove them easily.

At this point, it’s a suicide really.

/J

Didn’t they already do that in their public posts or whatever? They don’t care.

Matrix, the central service, might work, but I’m not sure if it could handle the load well. Matrix, the federated service, hosted by many people, have performance issues with the “free” version. I could not test the paid/more optimized version, so I can’t talk about that.

Anyway, the protocol and clients have their issues. All these stems from usage; I did not do a deep dive in the internal of it. But on the top of my head:

• joining a room will sometimes not send you keys to see older messages, despite being configured to do so. When it works, it’s ok. When it doesn’t, there’s little to no recourse.
• sometimes (rarely) rooms have to be upgraded to use new versions/features. So far it happened once (to my knowledge). The issue is that “upgrade” means locking the existing room, creating a new one, inviting everyone in the new room, and putting a link to the old room as read only. Sure, the process is mostly automated… except the best way to start it is using dev commands on a client, and every user will have to accept the invite. Just hope you don’t have too much rooms.
• Logging into a new device/client sometimes will works perfectly fine. Other times it will obstinately refuse to retrieve your room’s keys from another existing, online, logged-in device. Despite the “confirmation” dialog, it won’t work. You can manually export/import your keys from one device to another, but for large scale adoption? Not good. You can say goodbye to all previous messages if that happens.
• Interface is relatively barebone, and some features gets pushed quickly (like, throwing confettis), while other (like, proper room management, fine notification controls, etc.) are held back forever.
• Features are limited. It works very well as a chat, and they recently worked on a built-in video/audio call service, but that’s it. A few “plugins” are supposed to work but are clunky as hell (they’re basically iframes). Some features that people consider important (like stickers) are definitively an afterthought, and searching for a sticker is a pain (dicslaimer: I’m not using the central service/app, so that part might be specific to my instance)

With that said, nothing’s actually a show stopper for small usage, and the heavily optimized server might handle itself well enough, as long as you’re mainly concerned with having text rooms. But open instances handling hundreds of users might be a stretch… for now. Maybe this will cause more development into the Matrix/Element ecosystem.

Math have little room for backdoors.

Unless there’s an incredible amount of people “not in” on some universal secret, maths gonna maths, and physics gonna physics. Actual encryption works well in a proven way, computational power isn’t as infinite as some people think, and decent software implementations exists.

Getting hold of anything properly encrypted with no access to the key still requires an incredible amount of computing power to brute force. Weak/bad implementations can leave enough info back to speed this up, malicious software can make use of an extra, undocumented encryption key, etc. but a decent implementation would not be easy to break in.

Now, this does not say anything about what Apple actually do. They claim to have proper encryption, but with anything closed source, you only have your belief to back you up. But it’s not an extraordinary claim to say that this can be done competently. And Apple would have a good incentive in doing so: good PR, and no real downside for them since people happily unlock their phone to keep their software running and doing whatever it wants locally.