defend | 2 years ago | on: Minibone: practical end-to-end encryption for web apps
defend's comments
defend | 2 years ago | on: Happy New Year HN!
Time to ship 2024 to production.
Happy new year, fellow hackers.
May your code always work on the first try and never regress.
defend | 2 years ago | on: Encrypting private data and private communications is now an ethical duty
It's only impractical if you actually require end users to understand and apply all of these technologies. It's a lot more tractable if they're abstracted away.
The fact is that developers very (very) rarely have to interface directly with TLS or the Signal protocol, yet billions of non-technical users implicitly use them in our browsers and via Signal or WhatsApp.
In my view, the challenge in the adoption of secure/private-by-design tech is the simplicity and usability of the interfaces and the capabilities these tools provide.
We need secure tools to compete on capability in order to garner mass usage. Without (significant) feature superiority there's little reason for users to make the switch. I'm actively trying to solve some of these problems at Backbone [0]; aiming to build a usable, secure experience for end users and a simple, robust end-to-end-encryption interface for developers.
defend | 3 years ago | on: Could we make the web more immersive using a simple optical illusion?
Seems interesting especially for the gaming industry, but it seems like it'd be exceptionally difficult to handle the edgecases in the real world; for instance multiple pairs of eyeballs staring at the screen.
This, alongside various privacy concerns of eyeball tracking, will likely nip this technology in the bud.
defend | 4 years ago | on: Simple, solar-powered water desalination (2020)
A healthy exercise in skepticism.
defend | 5 years ago | on: Moving your SSH port isn’t security by obscurity
A few useful resources:
If you don't want your SSH server being found by trivial port-scanning, apply port-knocking:
https://github.com/moxie0/knockknock
If you want to help secure the interwebs, host this tarpit to try to slow down network scanners: https://github.com/skeeto/endlessh
page 1
A pointed question. Under threat models where you trust (or have verified) the code being executed, this allows you to use untrusted storage (e.g. cloud databases, S3, etc.) without worrying about passive attackers being able to read your data.
Using TLS and server-side encryption, a passive attacker could install a shim to intercept data.
In practice, one usecase of Minibone would be open-source electron-style web applications where you have the necessary code transparency AND signed code versioning. Another would be self-written applications (assuming you trust yourself). Another might be closed-source internal tooling (assuming you trust your company) that's hosted on cloud infrastructure.
If I've overlooked anything, please do let me know.