Natanael
@Natanael@infosec.pub
- Comment on China releases 'UBIOS' standard to replace UEFI — Huawei-backed BIOS firmware replacement charges China's domestic computing goals 1 hour ago:
WASM was made for browsers but can run anywhere. You can cross compile any language to it.
The trickier problem is compiler time hardware optimization, but there’s talks about appending architecture specific optimization hints for the runtime, so you can let the compiler search for optimal implementations when creating the bytecode so the JIT engine doesn’t have to. (that does mean you’re essentially compiling multiple times while creating the bytecode, but for performance sensitive software it’s worth it)
- Comment on X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch 23 hours ago:
Again, you sound like an antivaxxer, and you’re ignoring his history of failure, including SPECIFICALLY FAILING AT ENCRYPTED DM BEFORE
theverge.com/…/twitter-encrypted-dm-security-vuln…
You’re questioning experts with absolutely no justification other than your own animosity, assuming the experts too are driven by animosity instead of true concerns
- Comment on X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch 1 day ago:
This is incoherent bullshit.
You’re choosing to pretend it’s nothing so you can dismiss legitimate criticism.
An engineer hearing about some novice trying to build a plane using difficult methods that only one or two companies with immense expertise has succeeded at would be correct to assume that plane would be unsafe.
A doctor hearing about a tiny clinic attempting treatments that only big medical research facilities have pulled off are correct to assume they’re charlatans.
A cryptographer hearing about somebody attempting to build E2EE using methods that very few are capable of implementing correctly and without having the expertise on hand are correct to call that snakeoil.
Cryptography is INFAMOUSLY complex. E2EE is infamously difficult to make easy.
There’s a reason almost everybody copies Signal’s protocol, and that everybody else who does it in-house keeps having vulnerabilities.
Multi user key management specifically is wildly complex.
Twitter/X has only displayed signs of LACKING the necessary expertise.
To pretend that’s wishful thinking from me just reveals how little you care about expertise.
- Comment on X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch 1 day ago:
If you can’t demonstrate that you know more about cryptography then me, it’s time for you to admit you’re wrong
- Comment on Smells Great 2 days ago:
Heated objects glow the same colors no matter what they are made of
True only if light emissions aren’t dominated by chemical effects or filtered by structural effects. Plenty of materials burn at different colors. Although if you wait out the chemical reactions and keep it heated, it does eventually end up with just blackbody radiation too 🤷
- Comment on X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch 2 days ago:
You sound like an antivaxxer
- Comment on X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch 2 days ago:
I’ve run a cryptography forum for 10 years. I can tell snake oil from the real deal.
Musk’s Twitter doesn’t know how to do key distribution.
- Comment on Fucking math... 3 days ago:
3! = 3*2*1 = 6
- Comment on X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch 3 days ago:
Bluesky federates across different layers, it’s modular, it doesn’t have a comparable same-layer federation. It is fully interoperable, just not by the method you’re used to.
You can host your own partial appview now (caching and indexing your and your friends’ comment), and multiple people have managed to run their own relays for cheap (caching most of the posts in the network), and you can pull the rest of data you need to browse from the other relays and use the service as usual. You can run your own moderation labeler, use your own app, just your own account, etc…
Just look at the interoperable blacksky project by a bunch of black devs making their own infrastructure for accounts and moderation, etc.
- Comment on X is now offering me end-to-end encrypted chat — you probably shouldn't trust it yet | TechCrunch 3 days ago:
There are hardware for that called hardware security modules, but yeah I definitely wouldn’t trust Twitter’s implementation - especially because they probably just need the auth team to tell the HSM that the user logged in when they didn’t to get that key
- Comment on White House joins Bluesky and immediately trolls Trump opponents 1 week ago:
Use DID:Web for your account ID with a TLD not under US control, and you get that today.
- Comment on White House joins Bluesky and immediately trolls Trump opponents 1 week ago:
One of those right wing instances started with federation, but after getting counter trolled, mass blocked, and then mass defederated, they called sour grapes and disabled federation
- Comment on Australian Government gets a taste of what everyday people have to deal with in terms of data breaches as Prime Minister Anthony Albanese's mobile phone number released online 1 week ago:
Literally just use existing standards (STIR/STUN) with some filtering by source network, etc
- Comment on 4chan fined $26K for refusing to assess risks under UK Online Safety Act 1 week ago:
Ofcom, famously a part of EU since brexit
- Comment on Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data 1 week ago:
You should be clear with the difference between link encryption and application encryption here
- Comment on The Steam Controller's stick is upgradeable! 1 week ago:
You need a docking station for it
- Comment on Xbox consoles and games will no longer be sold at Walmart and Target, according to employees 1 week ago:
Current Valve is trying to do what Google used to do with the Nexus phones. They’re setting a minimum standard for other companies and showing what the experience can be like.
- Comment on Happy 20th anniversary to the Corrupted Blood incident! 2 weeks ago:
A well fitted N95 mask protects both you and others
- Comment on Punch Time 2 weeks ago:
Meanwhile, Microsoft translating the state of a setting being disabled as “handicapped”
- Comment on The demise of Flash didn't bring any big HTML5/JS equivalent for watching animations; fast internet and better video compression made those types of animations become raster videos as well 2 weeks ago:
Flash the tech sucked.
Flash content editors and communities sharing info about how to use it is where it was at. That was what was driving the creativity.
- Comment on It would have been really funny if a video game ejected the disk if you lost too many times 2 weeks ago:
You can still softlock preventing progress in many, unless you’re in a fully free mode
- Comment on How much is the fish? 2 weeks ago:
Jeopardy
- Comment on Whoa! Windows 7's market share surged, tripling in users last month 3 weeks ago:
FYI if you have disk encryption enabled you need to pause/disable it first (assuming you’re using automatic unlock using the TPM, which usually is the default)
- Comment on U.S. solar will pass wind in 2025 and leave coal in the dust soon after 3 weeks ago:
Still less than the competitors
- Comment on IT'S A TRAP 3 weeks ago:
That’s like just your axiom man
- Comment on Google's shocking developer decree struggles to justify the urgent threat to F-Droid 3 weeks ago:
You’re responding downthread of QubesOS being mentioned
Sure it’s hard to get that kind of security onto mainstream distros. But it exists.
- Comment on BREAKING NEWS: We did it, guys! 20 poptarts! 3 weeks ago:
Save them for future stacking attempts
- Comment on BREAKING NEWS: We did it, guys! 20 poptarts! 3 weeks ago:
Exponential growth
- Comment on BREAKING NEWS: We did it, guys! 20 poptarts! 3 weeks ago:
You have to bring the seeds first
- Comment on Should Neutron Stars be Added to the Periodic Table? 3 weeks ago:
abc.lbl.gov/wallchart/chapters/03/2.html
I got stuff mixed
In beta minus decay, a neutron decays into a proton, an electron, and an antineutrino: n Æ p + e - +. In beta plus decay, a proton decays into a neutron, a positron, and a neutrino: p Æ n + e+ +n. Both reactions occur because in different regions of the Chart of the Nuclides, one or the other will move the product closer to the region of stability. These particular reactions take place because conservation laws are obeyed. Electric charge conservation requires that if an electrically neutral neutron becomes a positively charged proton, an electrically negative particle (in this case, an electron) must also be produced. Similarly, conservation of lepton number requires that if a neutron (lepton number = 0) decays into a proton (lepton number = 0) and an electron (lepton number = 1), a particle with a lepton number of -1 (in this case an antineutrino) must also be produced. The leptons emitted in beta decay did not exist in the nucleus before the decay–they are created at the instant of the decay.