33 comments

[ 2.8 ms ] story [ 80.9 ms ] thread
(comment deleted)
(comment deleted)
(comment deleted)
This is trying to show the GNU project in a bad light.

The GNS which most of the article focuses on has nothing to do with the GNU project. Because pgp is from the 90's, gpg is an easy target mostly . The only other halfway good data point in the line they're trying to draw is gnutls, which is surely got its holes, but also wasn't afflicted with openssl's heartbleed

> The GNS which most of the article focuses on has nothing to do with the GNU project.

Doesn't it stand for GNU Name System?

Tech is particularly famous for having similar names for very different things.

The authors of the GNS IETF draft appear to be associated with GNUnet[0], which is an official GNU project. However, in defense of the OP, there may be a level of indirection here - there's no clear link between the GNU leadership and GNS: just GNU - GNUnet - GNS. It could be a purely GNUnet initiative.

[0]. https://en.wikipedia.org/wiki/GNUnet

It is a project under the GNU umbrella. That said, that's a loose association (i.e. it's not like GNU projects necessarily share developers, project leadership or even much in the way of infrastructure), so it does seem needlessly click-baity. (Next up: "GitHub: A Heuristic for Bad Cryptography"? - although GNU projects probably have a bit more cultural overlap)
> Because pgp is from the 90's, gpg is an easy target mostly

That would be a good argument if it was retired in the 90's.

> If you see the letters GNU in a systems design, and that system intersects with cryptography, I can almost guarantee that it will be badly designed to an alarming degree.

The author does indeed talk about seeing the letters Gnu, not being an official part of the GNU Project.

Plus if the GNU Project never enforces its brand, that its problem (it will be associated with the potential successes of independant projects reusing the GNU brand, but then it also has to accept association with the failures)

I thought I saw this before... yes I did 5 days before.
This seems like mostly the technical nitpicking that goes on with any crypto protocol. There aren't any holes here, and as a competent non-expert I'm having trouble deciding on whether any of these criticisms even rise to the level of a theoretical vulnerability. It's all best practices and hygine stuff. Which is fine, but hardly justfication for "Bad Cryptography".

I mean, these are the mistakes that everyone seems to make (including the blog author, who seems to have retracted one of the bigger claims). Stuff happens in engineering.

And the "GNU" angle is just bile, or a cynical attempt to get clicks by leveraging hacker political sentiment. Yawn.

> It's all best practices and hygine stuff. Which is fine, but hardly justfication for "Bad Cryptography".

Cryptographers have spent years trying to clean up the GNU cryptography ecosystem [1] [2].

[1] https://twitter.com/FiloSottile/status/1281055144659030016

[2] https://lists.gnupg.org/pipermail/gcrypt-devel/2015-November...

Isn't that true of almost every crypto protocol, though? As I mention, this kind of stuff is absolutely routine. Free software protocols, open source protocols, standardized protocols, proprietary protocols.

I get that crypto is hard (again, the messup in the central criticism in the linked article is a great existence proof). I don't get why you feel like taking potshots at GNU in particular is justified except to flog your personal political agenda.

I don't have a personal political agenda here.

I'd love for GNU cryptography to be better, but the first step in fixing problems is to acknowledge they exist in the first place.

GNUnet, GnuPG, etc. need to actually learn from modern cryptography projects like age and Signal, instead of doubling down in the name of ideology.

I have no clue on what "ideology" they (who are they? The GNUnet developers? The gnupg developers? all developers associated with GNU projects?) are "doubling down" on in your opinion, despite reading the article.
> I don't have a personal political agenda here. [one sentence later...] GNUnet, GnuPG, etc. need to [...] instead of doubling down in the name of ideology.

Just stop. If you have criticisms, make them. Leave your politics out of it.

> If you see the letters GNU in a systems design, and that system intersects with cryptography, I can almost guarantee that it will be badly designed to an alarming degree.

Battle of heuristics: furries vs GNU

The furry art in it makes it difficult to take the article seriously. I'm not sure why people inject stuff like this into an otherwise serious opinion piece.
Would you say the same if the article was filled with "loli" anime characters instead?
(comment deleted)
Just like you have a furry character as a representation of your identity a lot of people have an anime character as a representation of their identity or what they wish to be, this is true especially for transgender people and I say that as one of them.

I also never mentioned pornography, saying that this is "pedophilic pornography" is no different to saying that furry is zoophilic pornography. This was not intended as a flame bait, rather it was constricted by the extremely negative experience that I had with people with furry avatars.

Edit: previous post was "My fursona is a representation of my identity, and comparing that to a genre of pedophilic pornography is the kind of flame bait that isn't welcome on HN.", it then was edited to say "[not interested in flamebait about "loli"]". He seems not to be interested in a "flamebait about "loli"" but he is certainly interested in continuing the exclusionist and general asshole-ish reaction that furries have against anime fans.

So their idea is to make the world more accepting of furries by being an asshole?
(comment deleted)
Their response to my post certainly makes it seem so.
This has nothing to do with being anti-furry. If this were full of MCU characters, it would be just as difficult to take seriously.
There's a good line in the guidelines:

>> "Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something."

This is about as shallow as shallow gets.

>> A good critical comment teaches us something.

I thought the take-away would be something along the lines of "it is difficult to focus on the content with distracting material jammed in". Like I said, not dismissing this, simply saying it is difficult to take an article seriously when it's got extra fluff like this.

One of the linked articles references Magic Wormhole, which appears to be just the file transfer tool I have been missing all the recent years.

https://github.com/warner/magic-wormhole

summary and example -> https://techcrunch.com/2017/06/27/magic-wormhole-is-a-clever...

It's so good.

I've been meaning to write a GUI frontend (probably in Electron, but still) so that desktop users can experience its magic, but I keep putting it off.

Maybe this weekend? :)