Notices by Alec Muffett (alecmuffett@mastodon.social)

UK Digital Minister @peterkyle threatens companies which do not submit to government surveillance and censorship demands
https://alecmuffett.com/article/110681
#OnlineSafety #PeterKyle #dsit

Pakistani religious body declares using VPN is against Islamic law
https://alecmuffett.com/article/110666
#encryption #theocracy

UK cheeses miss out on international prize after getting stuck in customs | The Guardian
https://alecmuffett.com/article/110663
#brexit #cheese

@i @grillchen @p@fsebugoutzone.org @lucy @mint@ryona.agency @sun

Apologies, what did I do? HTTPS for Onion?

@i @grillchen @p@fsebugoutzone.org @lucy @mint@ryona.agency @sun

Oh that is always fun. Is it because of the custom TLD or is it because of some aspect of proof of ownership, or something else entirely different like the SOCKS debacle of a few months ago?

@i @grillchen @p@fsebugoutzone.org @lucy @mint@ryona.agency @sun

FWIW

Anybody who wants alt text can send me a DM because it's way too big

@mmasnick but what will happen when civil society runs into APIs which do not behave as general purpose functionality that scales linearly?

Yes we can argue about legalities and lawsuits, but the bottom line is that private APIs do not have to be designed to support this kind of functionality, and at some point civil society is going to complain that they don't.

At that point: either civil society gives up, or it demands a public API, or it seeks to compel removal of rate limits.

Tag: @mmasnick who may enjoy this one

Zuckerman vs: Zuckerberg: why and how this is a battle of the public understanding of APIs, and why Zuckerman needs to lose and Meta needs to win
https://alecmuffett.com/article/109757
#EthanZuckerman #KinLane #apis #meta #scraping

#Fedipact – The [mastodon] instances blocking Zuckerberg’s Threads.net
https://alecmuffett.com/article/109510
#censorship #fediverse #mastodon

@thomasfuchs 42 years, and much of my career is in dual-use technology: writing password crackers and hacking tools and releasing them for the public good, promoting end to end encryption and privacy in the face of Government critics who demand that it enables child abuse and terrorism...

So: forgive me if I suggest that your perspective demands some nuance?

https://www.youtube.com/watch?v=BrxJlp_3utk

@dalias it is regrettable therefore that in the scale of software, the nearly unbreakable stuff is but a drop in the ocean.

@mdfranz @dave_aitel

@dalias @mdfranz @dave_aitel "…and then run it on Linux" :-)

@dalias @mdfranz @dave_aitel that's really interesting. What's the definition of an attack surface?

@mdfranz I'm with you re: that observation, although one will never convince the people who are into theorem proving or formal methods or Coq or whatever, because they live in a world of small elegant perfect things.
/Cc @dalias @dave_aitel

@dalias @mdfranz @dave_aitel You're absolutely right, it is an abdication; but in the past 35 years or so I've seen trusted platforms and A1 secure trusted systems and provers… and they all go on for about 5 to 10 years before people get bored and move on to the next thing.

@dalias @mdfranz @dave_aitel https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Openssh suggests that the reality is more murky and complicated than suggested.

@dalias @mdfranz @dave_aitel it is really easy to escape charges of being more murky and more complicated by narrowing or changing the scope; similarly, we could chop out any vulnerabilities which occurred in linked libraries or (e.g.) due to operating systems random number generators being weak… but at some point that just becomes cheating.

Easier instead to acknowledge the murkiness and that software is complicated and messy.