My experience with IaC output is that it's so broken to not only be unhelpful but actively harmful.
EDIT: regarding the part about signal and whatsapp I must clarify that of course the possibility of inserting a backdoor on the server side is far more dangerous than the client side: Signal has verified builds so a…
I am saying that in practice the security might be structured in such a way that it requires several different parties to connive, rendering it essentially fine. I mean, having to modify server code in order to access…
I mean at this point they could also change the code running on the user devices, probably someone would notice but that's another story. The point is: even if they could, should they do so when compelled by authority?
This could be extremely unfeasible. For example the code could be generated by a third party and encrypted before arriving on a server controlled by telegram and sent to the user. Or it could be generated inside a nitro…
Something being true only by definition is unfortunately a very weak claim. For example the company servers could be hosted on an island with armed guards instructed to burn everything if anyone approaches and the…
I think this statement requires a stronger argument, since even if they could have access to the data in theory there are concrete implementations where it could be extremely unfeasible. For example, since we are in the…
There is quite a large amount of people believing that Telegram stores messages in plaintext. I would like to know how they got that idea. So far the best I've got is something along the line of: if you can get your…
EDIT: I just want to clarify that I don't believe the claim that an employee can intercept the validation code
Maybe? When you login from a new device you're asked to provide an OTP so maybe there is at least that layer of protection and, hopefully, requires some circumvention at the application code level. However I think the…
Just to be clear, are you saying that his claim > Telegram uses the MTProto 2.0 Cloud algorithm for non-secret chats[1][2]. > In fact, it uses a split-key encryption system and the servers are all stored in multiple…
According to the Telegram FAQ (https://www.telegram.org/faq#q-do-you-process-data-requests) data on their servers is encrypted and the keys are split and stored in different jurisdictions (and different from the…
> Both openvpn and wireguard protocols are trivially blocked by DPI. I don't understand why this matters, it's not like your ISP will ever block this kind of traffic since every company that has any form of IT…
> It's the reason some people will tell you Arch Linux worked perfectly on their machine despite having plenty of problems. I feel personally attacked
I used to run a telegram webhook for myself and kept telling myself to make it in a service. You can deduce by the fact that I'm not sending you a link that it hasn't happened yet
Thanks, I needed to have this thought formalized. I see now why I have a hard disk full of perfectly architured dead projects, and also why the live ones are never going to be perfect
In game theoretic terms all of this looks a lot like a Nash equilibrium to me and, as such, fells inescapable
Also in Haskell: 1. Start by doing everything in ReaderT Env IO 2. Learn all about mtl (or monad transformers, free monads, freer monads, algebraic effects, whatever) 3. Do everything in ReaderT Env IO
> Those don't seem to be names of parameters, but rather of types. It's missing parameter names entirely. The rest of the definition is at the end, to see it as a whole: splitAt :: Eq a => a -> [a] -> [[a]] splitAt x xs…
Just to give a different pov I find Haskell very intuitive, and particularly I find that code written by other people is very easy to understand (compared to Java or TypeScript at least). And by the way x and x' are…
I am deeply interested in this point of view of yours so I will be hijacking your reply to ask another question: is "better than asking a few random people on the street" the bar we should be setting? As far as…
I guess next time I will check with my lawyer before going to an interview
I always wondered, could one simply lie? I mean, I never had to face the situation in an interview, but I would like to be prepared for it. If my interviewer asks for my marital status/family size, could I simply refuse…
> Sick leave policy is up to the company I am really astonished that this is considered normal. Sick leave should not be up to the company, at least not for normal employee contracts. In many countries it isn't up to…
If, by any chance, someone decide that its browser is already covered as far as adblockering goes, we will simply move to a different browser/adblocker/adblocking solution. As long as there is tech savy people there…
My experience with IaC output is that it's so broken to not only be unhelpful but actively harmful.
EDIT: regarding the part about signal and whatsapp I must clarify that of course the possibility of inserting a backdoor on the server side is far more dangerous than the client side: Signal has verified builds so a…
I am saying that in practice the security might be structured in such a way that it requires several different parties to connive, rendering it essentially fine. I mean, having to modify server code in order to access…
I mean at this point they could also change the code running on the user devices, probably someone would notice but that's another story. The point is: even if they could, should they do so when compelled by authority?
This could be extremely unfeasible. For example the code could be generated by a third party and encrypted before arriving on a server controlled by telegram and sent to the user. Or it could be generated inside a nitro…
Something being true only by definition is unfortunately a very weak claim. For example the company servers could be hosted on an island with armed guards instructed to burn everything if anyone approaches and the…
I think this statement requires a stronger argument, since even if they could have access to the data in theory there are concrete implementations where it could be extremely unfeasible. For example, since we are in the…
There is quite a large amount of people believing that Telegram stores messages in plaintext. I would like to know how they got that idea. So far the best I've got is something along the line of: if you can get your…
EDIT: I just want to clarify that I don't believe the claim that an employee can intercept the validation code
Maybe? When you login from a new device you're asked to provide an OTP so maybe there is at least that layer of protection and, hopefully, requires some circumvention at the application code level. However I think the…
Just to be clear, are you saying that his claim > Telegram uses the MTProto 2.0 Cloud algorithm for non-secret chats[1][2]. > In fact, it uses a split-key encryption system and the servers are all stored in multiple…
According to the Telegram FAQ (https://www.telegram.org/faq#q-do-you-process-data-requests) data on their servers is encrypted and the keys are split and stored in different jurisdictions (and different from the…
> Both openvpn and wireguard protocols are trivially blocked by DPI. I don't understand why this matters, it's not like your ISP will ever block this kind of traffic since every company that has any form of IT…
> It's the reason some people will tell you Arch Linux worked perfectly on their machine despite having plenty of problems. I feel personally attacked
I used to run a telegram webhook for myself and kept telling myself to make it in a service. You can deduce by the fact that I'm not sending you a link that it hasn't happened yet
Thanks, I needed to have this thought formalized. I see now why I have a hard disk full of perfectly architured dead projects, and also why the live ones are never going to be perfect
In game theoretic terms all of this looks a lot like a Nash equilibrium to me and, as such, fells inescapable
Also in Haskell: 1. Start by doing everything in ReaderT Env IO 2. Learn all about mtl (or monad transformers, free monads, freer monads, algebraic effects, whatever) 3. Do everything in ReaderT Env IO
> Those don't seem to be names of parameters, but rather of types. It's missing parameter names entirely. The rest of the definition is at the end, to see it as a whole: splitAt :: Eq a => a -> [a] -> [[a]] splitAt x xs…
Just to give a different pov I find Haskell very intuitive, and particularly I find that code written by other people is very easy to understand (compared to Java or TypeScript at least). And by the way x and x' are…
I am deeply interested in this point of view of yours so I will be hijacking your reply to ask another question: is "better than asking a few random people on the street" the bar we should be setting? As far as…
I guess next time I will check with my lawyer before going to an interview
I always wondered, could one simply lie? I mean, I never had to face the situation in an interview, but I would like to be prepared for it. If my interviewer asks for my marital status/family size, could I simply refuse…
> Sick leave policy is up to the company I am really astonished that this is considered normal. Sick leave should not be up to the company, at least not for normal employee contracts. In many countries it isn't up to…
If, by any chance, someone decide that its browser is already covered as far as adblockering goes, we will simply move to a different browser/adblocker/adblocking solution. As long as there is tech savy people there…