i'm trying to understand how outer shell works here. on the website you give the following as your motivation: > Apps like Jupyter and Tensorboard are not typically visible to standard web browsers if they’re running on…
On Being the Right Size turned 100 this year. It's not entirely the same topic as this essay, but this reminded me of it and it's a pretty famous short essay that's worth reading if you haven't seen it.…
Cool find and a very interesting analysis! There's a lot more to morphology than just the shape of the shell, and indeed the shape can sometimes be misleading, in that very different species can have somewhat similar…
The first bit seems possibly solvable with private set intersection. You can publish a salted hash of everybody you trust, and I can compute hashes of everyone I trust with your salt to see if we have anyone in common.…
For people reading this, you may want to know the the NSA is allegedly trying to weaken hybrid ML-KEM and X25519 down to just ML-KEM. This is a good thing to pay attention to! Here is a 6-part article about the topic:…
I believe ML-KEM is the standard algorithm for post-quantum asymmetric encryption. I think it's slower mainly because there's not good hardware support, but it shouldn't be a big deal because most encryption is hybrid…
This article, "Factoring is not a good benchmark to track Q-day", was posted this month by one of Cloudflare's lead post-quantum researchers specifically addressing the factoring issue.…
I'm surprised people are advocating self-hosting as a viable solution. It takes a lot of knowledge to do sync and backup yourself, most of it implicit knowledge that people here don't realize we have and so for us it…
what's the advantage of a static site generator over pandoc + makefile?
Hi Matt, there's lots of speech-to-text programs out there with varying levels of quality. 100% local is admirable but it's always a tradeoff and users have to decide for themselves what's worth it. Would you consider…
Have you (or anyone reading this) been able to "beat" fingerprint.com without Tor or turning JavaScript off outright? I've tried it various times over the last couple years, using different browsers with various privacy…
Fair point, but that solution doesn't address the market for theft, so there's a tradeoff there.
Can you elaborate on "fairly well documented exploit tactics"? My impression is that most of these are either social engineering, for which we need to hire better designers, or complicated chains of hard-to-find…
I really don't understand the argument here. That the product is locked down by design is a feature, not a limitation. Yes, this has the side effect of making them more money and allowing a walled garden to form, but…
I'm not sure anyone is being this explicitly malicious. Parents' groups, child safety organizations, and researchers have been at this for years, and while I agree with you that the solutions are very misguided, I think…
there is a `theme set` command
I'm surprised zero-knowledge proofs have not been mentioned. This is a technique where (for example) the government signs your digital license, then you can present a proof that you are over 18 to a site without…
The quote seems to imply that if the watch receives the payload from any source, even without a compromised AP, it'll pop the shell. The easiest source of this is local network attacks, and it's not that unusual. In…
Yes, to self-host it you will need a Google maps API key. In the related links at the bottom, https://gdir.telae.net/links.html, the Git repo https://github.com/pafoster/gdir.telae.net is available along with some other…
Omega-3 good, Omega-6 bad has been known for many years. For example, Scott Alexander wrote in 2014 on his blog Slate Star Codex about how Omega-3 lowers crime rates and Omega-6 increases crime rates. And he links to…
To be fair, the octet as the byte has been dominant for decades. POSIX even has the definition “A byte is composed of a contiguous sequence of 8 bits.” I would wager many software engineers don't even know that a…
I hear sentiment like this occasionally and I genuinely wonder if this is conspiracy theory stuff or if this sort of thing actually happened in the past. I'm aware of the programs Snowden revealed, Tempora / XKeyscore /…
For anyone else who got a little too excited at the title, ECC here is error correction codes, not elliptic curve crypto. Very cool writeup, thanks for digging into all those data sheets and sharing it with us! I feel…
Why do you say that? Bubblewrap is a it's a very minimal setuid binary. It's 4000 lines of C but essentially all it does is parse your flags ask the kernel to do the sandboxing (drop capabilities, change namespaces) for…
Thanks for linking to the essay. I just read it and really enjoyed it. I think I'll try to put the ideas into practice in my writing (and hope I'll succeed).
i'm trying to understand how outer shell works here. on the website you give the following as your motivation: > Apps like Jupyter and Tensorboard are not typically visible to standard web browsers if they’re running on…
On Being the Right Size turned 100 this year. It's not entirely the same topic as this essay, but this reminded me of it and it's a pretty famous short essay that's worth reading if you haven't seen it.…
Cool find and a very interesting analysis! There's a lot more to morphology than just the shape of the shell, and indeed the shape can sometimes be misleading, in that very different species can have somewhat similar…
The first bit seems possibly solvable with private set intersection. You can publish a salted hash of everybody you trust, and I can compute hashes of everyone I trust with your salt to see if we have anyone in common.…
For people reading this, you may want to know the the NSA is allegedly trying to weaken hybrid ML-KEM and X25519 down to just ML-KEM. This is a good thing to pay attention to! Here is a 6-part article about the topic:…
I believe ML-KEM is the standard algorithm for post-quantum asymmetric encryption. I think it's slower mainly because there's not good hardware support, but it shouldn't be a big deal because most encryption is hybrid…
This article, "Factoring is not a good benchmark to track Q-day", was posted this month by one of Cloudflare's lead post-quantum researchers specifically addressing the factoring issue.…
I'm surprised people are advocating self-hosting as a viable solution. It takes a lot of knowledge to do sync and backup yourself, most of it implicit knowledge that people here don't realize we have and so for us it…
what's the advantage of a static site generator over pandoc + makefile?
Hi Matt, there's lots of speech-to-text programs out there with varying levels of quality. 100% local is admirable but it's always a tradeoff and users have to decide for themselves what's worth it. Would you consider…
Have you (or anyone reading this) been able to "beat" fingerprint.com without Tor or turning JavaScript off outright? I've tried it various times over the last couple years, using different browsers with various privacy…
Fair point, but that solution doesn't address the market for theft, so there's a tradeoff there.
Can you elaborate on "fairly well documented exploit tactics"? My impression is that most of these are either social engineering, for which we need to hire better designers, or complicated chains of hard-to-find…
I really don't understand the argument here. That the product is locked down by design is a feature, not a limitation. Yes, this has the side effect of making them more money and allowing a walled garden to form, but…
I'm not sure anyone is being this explicitly malicious. Parents' groups, child safety organizations, and researchers have been at this for years, and while I agree with you that the solutions are very misguided, I think…
there is a `theme set` command
I'm surprised zero-knowledge proofs have not been mentioned. This is a technique where (for example) the government signs your digital license, then you can present a proof that you are over 18 to a site without…
The quote seems to imply that if the watch receives the payload from any source, even without a compromised AP, it'll pop the shell. The easiest source of this is local network attacks, and it's not that unusual. In…
Yes, to self-host it you will need a Google maps API key. In the related links at the bottom, https://gdir.telae.net/links.html, the Git repo https://github.com/pafoster/gdir.telae.net is available along with some other…
Omega-3 good, Omega-6 bad has been known for many years. For example, Scott Alexander wrote in 2014 on his blog Slate Star Codex about how Omega-3 lowers crime rates and Omega-6 increases crime rates. And he links to…
To be fair, the octet as the byte has been dominant for decades. POSIX even has the definition “A byte is composed of a contiguous sequence of 8 bits.” I would wager many software engineers don't even know that a…
I hear sentiment like this occasionally and I genuinely wonder if this is conspiracy theory stuff or if this sort of thing actually happened in the past. I'm aware of the programs Snowden revealed, Tempora / XKeyscore /…
For anyone else who got a little too excited at the title, ECC here is error correction codes, not elliptic curve crypto. Very cool writeup, thanks for digging into all those data sheets and sharing it with us! I feel…
Why do you say that? Bubblewrap is a it's a very minimal setuid binary. It's 4000 lines of C but essentially all it does is parse your flags ask the kernel to do the sandboxing (drop capabilities, change namespaces) for…
Thanks for linking to the essay. I just read it and really enjoyed it. I think I'll try to put the ideas into practice in my writing (and hope I'll succeed).