"Technically any hosting provider can do this for any online platform."
Not really? I host my website on Fly.io but they can disappear tomorrow and I will just change my DNS records. (Registry and registrar are strictly regulated.)
Likewise, my newsletter is on Ghost but I can take my subscribers with me unilaterally.
If chinwag.org goes offline though, you can't move your followers. Whether that's intentional or not.
@icing oh it’s probably top 3 things that make git work for me. Lets me do a cursory review of everything I’m committing and encourages well scoped commits. Also works well with git-revise.
This is not a carefully worded statement, but fuck Appelbaum, fuck the people who sheltered and supported him these past years, and fuck those who are allowing his unrepentant attempt at a comeback and putting people and communities at risk. #37c3
@dangoodin@ryanc@sophieschmieg That's a very simplified model, which I initially took as good myself, but it's effectively incorrect. In practice, 128 bits is enough. Not only that, but post-quantum crypto of Category 1 is defined by NIST as "as hard to break as AES-128".
There's a fairly broken hand-rolled cryptographic protocol on the HN front page. Its messages can be reordered, dropped, replayed, and reflected.
This is why I *don’t* like the “don't roll your own crypto” saying: it didn't stop this from being written and spending hours on the HN front page (but does stop smart folks from getting into the field).
The more I think about it the less it makes sense that instance admins also have the role of curating an instance blocklist ("defederations") for all their users.
They clearly have the role of moderating local users, as they are the ones that get to suspend or ban users.
It's also nice to delegate the curation of a blocklist to someone, but why to the admin? And why without opt-outs?
Feels like tooling to subscribe to blocklists would put users more in control.
#LastPass is being deservedly criticized for using PBKDF2-HMAC-SHA256 with a number of iterations that is 3x lower than the OWASP recommendation, but there's much worse here IMHO.
First, 1Password's design with a random secret key or iCloud Keychain's with HSM wrapping would have prevented cracking altogether.
@FiloSottile elsewhere / Cryptogopher / Go crypto maintainer / Professional Open Source maintainer / RC F'13, F2'17 https://mkcert.dev / https://age-encryption.org / https://filippo.io/newsletter🕳️ “Gaze not into the abyss, lest you become recognized as an abyss domain expert, and they expect you keep gazing into the damn thing.” —@nickm