9·
1 month agoYeah it’s called defcon
- 1 Post
- 23 Comments
Joined 2 years ago
Cake day: August 10th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
1·2 months agoSignal’s reproducible builds are broken: https://github.com/signalapp/Signal-Android/issues/13565
No, the duckstation dev obtained the consent of contributors and/or rewrote all GPL code.
I have the approval of prior contributors, and if I did somehow miss you, then please advise me so I can rewrite that code. I didn’t spend several weekends rewriting various parts for no reason. I do not have, nor want a CLA, because I do not agree with taking away contributor’s copyright.
So Signal does not have reproducible builds, which are very concerning securitywise. I talk about it in this comment: https://programming.dev/post/33557941/18030327 . The TLDR is that no reproducible builds = impossible to detect if you are getting an unmodified version of the client.
Centralized servers compound these security issues and make it worse. If the client is vulnerable to some form of replacement attack, then they could use a much more subtle, difficult to detect backdoor, like a weaker crypto implementation, which leaks meta/userdata.
With decentralized/federated services, if a client is using other servers other than the “main” one, you either have to compromise both the client and the server, or compromise the client in a very obvious way that causes the client to send extra data to server’s it shouldn’t be sending data too.
A big part of the problem comes with what Github calls “bugdoors”. These are “accidental” bugs that are backdoors. With a centralized service, it becomes much easier to introduce “bugdoors” because all the data routes through one service, which could then silently take advantage of this bug on their own servers.
This is my concern with Signal being centralized. But mostly I’d say don’t worry about it, threat model and all that.
I’m just gonna @ everybody who was in the conversation. I posted this top level for visibility.
@Ulrich@feddit.org @rottingleaf@lemmy.world @jet@hackertalks.com @eleitl@lemmy.world @Damage@feddit.it
EDIT: elsewhere in the thread it is talked about what is probably a nation state wiretapping attempt on an XMPP service: https://www.devever.net/~hl/xmpp-incident
For a similar threat model, signal is simply not adequate for reasons I mentioned above, and that’s probably what poqVoq was referring to when he mentioned how it was discussed here.
The only timestamps shared are when they signed up and when they last connected. This is well established by court documents that Signal themselves share publicly.
This of course, assumes I trust the courts. But if I am seeking maximum privacy/security, I should not have to do that.
1·1 year agoAddictive arcade game about archery. Reminds me of flappy bird, not in the raw mechanics, but in the way they are both addicting in the same manner.
Simple bike racing game, although the player is very fragile, which adds some difficulty. Playable in browser.
All the maps are user created content.
This site has a few high quality browser games. The one I come back to is X Type, a bullet hell shoot-em up that has ever expanding enemy ship sizes, and never ends. It gets hard fast.
I also like Xibalba, which is a Doom/Wolfenstein style game playable in the browser.
The creator also did a rewrite of quake in 13 kb of javascript
A webgl/browser based 3d dungeon crawler with proceduraly generated levels.
A short questionaire game that demonstrates the difficulties of poverty.
Gameboy roguelike that is simple, but very elegant.
Sadly, since romhacking went down, I don’t think it’s possible to find the translation patch for it, unless they uploaded it to the internet archive.
Gameboy puzzle game. Very high quality.
A simple but elegant io game. You are a ball, and you want to knock other balls to the ground.
One thing I like is that rounds in small, 4 person lobbies, rather than the massive worlds of other io games. Although you can’t really make friends, you can know personas, and it’s more personable.
Fork of the older warsow, open source movement shooter. Think quake.
Sadly, it seems to be dead on steam.
A wonderful and life changing experience.
I like to link it without the ending title, like https://store.steampowered.com/app/1944240/ because it’s funnier when people can’t see the game title in the link.
Learn the pleasures of loving another human, and the pain of being a programmer — at the same time!
Absolutely obligatory, the simply named “The Game” is a work of art, and truly a life changing experience. You’ll never think about things the same after experiencing “The Game”.
A fnaf fangame that is close enough to feel like fnaf, but has a twist: Every single level also involves a puzzle. While trying to survive enemies fnaf style. Although I’ve never played this game, I LOVE watching it on Twitch. I like to call it “Human’s can’t multitask: The Game”.
Fun arcade bullet hell survivors (think vampire survivors) type game. Dodge bullets, and survive as long as you can.
Also by double speak games, and open source gridland is a variant on the match 3 style. During the day phase, you accrue and store resources, and build stuff. During the night phase, you fight.
I use this for kubernetes secrets with sops. It works great.