reifyx's comments

In Italy I saw a replication of Fra Angelico's Annunciation as a sculpted relief intended for the blind.

if you work from home, a sticky note with a strong password might be safer than a memorized employee-chosen password

"Just" is used in chess commentary frequently and usually a bit too flippantly as the speaker hasn't gone through all the necessary calculations as the players have to. Sam Shankland mentions this. https://youtu.be/GbFgmXqVLl8?t=1069; https://streamable.com/yuglrw

I haven't used this for large deployments but I use it for my personal server and it works perfectly. Almost everything is built in and I can easily write my own custom operations when I need them. Documentation is good and the operations are well designed.

Only downside is I couldn't make it work with my SSH agent, but that might be a problem with Paramiko and not Pyinfra.

Having played around with Clojure and Scheme for a while (but never got too serious), I always thought homoiconicity and macros were extremely cool concepts, but I never actually ran into a need for them in my everyday work.

>Now, if we agree that the ability to manipulate source code is important to us, what kind of languages are most conducive for supporting it?

This is useful for compiler programmers, or maybe also those writing source code analyzers/optimizers, but is that it? On occasion I have had to write DSLs for the user input, but in these cases the (non-programmer) users didn't want to write Lisp so I used something like Haskell's parsec to parse the data.

The remote code example given in the post is compelling, but again seems a bit niche. I don't doubt that it's sometimes useful but is it reason enough to choose the language? Are there examples of real-life (non-compilers-related) Lisp programs that show the power of homoiconicity?

Same goes with the concept of "being a guest" in the programming language. I have never wanted to change "constant" to "c". Probably I'm not imaginative enough, but this has never really been an issue for me. Perhaps it secretly has though, and some of my problems have been "being a guest" in disguise.

I think both the idea and execution are great. These games would be useful even just as problem statements. I like that each problem clearly defines the desired tone and goals, and that the sample solutions have explanations.

Both in technical and creative writing, I agree that the main issue I've seen is unnecessary filler words, needlessly complicated sentences, and a difficulty clearly expressing the point and staying on-topic.

Some ideas - A copy of the original text with highlighted words above the editor might be nice - Not sure if the timer is helpful, might cause people to do a poor job for fear of running out of time. Could start without a timer and add it in as users get more practice

Yes, that's exactly what we both agreed on 6 comments ago. The question is, is the ability to delete messages critical enough to require in any possible secure messaging solution, at the expense of features like email search, archiving, backup, and transfer-to-new-device?

>The premise of cryptographically secure messaging is that you have an adversary recording all your message traffic.

Agreed.

>Lack of forward secrecy implies, logically, that if your long-term secret is ever compromised, every message you've ever sent is recoverable from the adversary's archive.

Also agreed. I am trying to say that this only gives you better security for messages that you have deleted on your device, because if you haven't, regardless of whether your protocol is forward-secret or not, the adversary that has the power to compromise your device will get access to the message the plaintext of which is on the device, even if the keys aren't. Thus, the scope is significantly limited, unless you have a policy to regularly delete old messages on your device, and most people do not want this for email.

I can assure you I understand the cryptographic properties of forward secrecy. I don't understand your claim that it is a strict requirement for every secure messaging system, including an email-like usecase.

>I'm sometimes in the mood to write long posts and comments explaining this stuff, but today, on the bottom of this old thread, if you're trying to make a point about PGP vs. Signal...

I already said several times I don't care about PGP. I feel like you're not really reading or responding to any of my arguments about why forward secrecy doesn't really help you much in most users' threat models or why it precludes various desirable features (of course, I could be wrong here, which is what I'm asking about). Thanks for your time anyway.

Your argument is that forward secrecy is important in messaging because forward secrecy is important in messaging?

I'm not trying to be argumentative here, I actually don't understand what the reason it's so critical is, nor have I really found any explanations online. For text messaging where you don't really go back to read your old messages, sure, forward secrecy makes sense. Email seems to be a different story where user expectation is different and forward secrecy both precludes many desired features and also doesn't provide significantly more security, other than in very limited circumstances.

Also, I'm not an advocate of PGP at all. If people can use Signal for their usecase, great! They should do that. But Signal's model does not work for everyone's usecases. How do I send a Signal message to [email protected] to report a vulnerability? Is the entire security team supposed to share a mobile phone with Signal on it? What about banks that need to send secure email to each other, but must retain all messages for compliance purposes? (Again, I'm not advocating that PGP should be used in this scenario either, just that there's room for a better solution here, possibly without forward secrecy by default).

I agree with you there. But is your point that any secure email system must critically have forward secrecy, or its insecure? Even though forward secrecy really only gives you any benefit for the messages that you delete, which most people don't in the context of email?

Just thinking, if people had the option between 1) deleting their mail and 2) email search, secure (unlike WhatsApp) and easy (unlike Signal) backups, ability to offload your email archive to the server (it's common to have gigabytes of mail, do you want to store all of it on a mobile phone forever? what happens if you drop it in a river?), and so on, don't you think people would go for option 2?

This is all disregarding the specifics of PGP-encrypted mail, for which I agree is not great.

But this only applies for messages that are deleted on your local device (either manually or through an automatic timer). Otherwise, whatever adversary stole your keys can steal your message archive too, they're on the same device. Now, assuming you aren't going to be deleting most of your mail, I don't see how forward secrecy is "such a big deal" in this scenario. It's certainly nice to have, but it definitely has drawbacks wrt the features I mentioned earlier.

Post-compromise security, on the other hand, makes more sense, since the future messages don't exist yet.

Assuming you don't want to keep any "chain state" in between messages (which seems reasonable), you can always consume a fresh one-time key of the recipient for every message. The first downside is how you know that the one-time key hasn't been reused, for this you can either trust the service provider or use blockchain or blockchain-like technologies. Second downside is that the user has to be online to generate a ton of one-time keys. I believe puncturable encryption helps with this so the recipient can "puncture" their key at the used-up key identifiers, and thus doesn't have to be online all the time. No idea how practical this is.

There's this old picture from a 1986 MIT lecture: https://miro.medium.com/max/4448/1*-yaqXNO1tUwVkUpyOqTT7Q@2x....

I don't think people want forward secrecy for their email. If they get a new computer, they probably want all their mail on there, right? Isn't porting over their email efficiently at odds with forward secrecy? Also, is forward secrecy compatible with any kind of encrypted search (I know most encrypted search schemes leak too much these days, but if the alternative is not encrypting email at all...)?

Also, how would it work with multiple people in a thread that can be added/removed arbitrarily, or email addresses that resolve to multiple users? Messaging and email seem like different models to begin with.

Thanks for the reference. Haven't looked into this in a few years, cool to see something has shown up about it now. I guess Sweedler was just having some fun then?

Still curious about the Trithemius quote and if it has any particular relevance to the paper.

When doing some research for a final project about using Grobner bases for cryptography, I came across an interesting paper titled aptly titled "Why You Cannot Even Hope To Use Grobner Bases in Public-Key Cryptography: An Open Letter to A Scientist Who Failed and a Challenge to Those Who Have Not Yet Failed".

[https://pdfs.semanticscholar.org/aab4/9f22ed522d16111eca29ae...]

Not only is this paper written in a very wry style not super common in math papers (it is addressed to "Dear Deluded Author"), it seems all the authors are pseudonyms: Boo Barkee, Deh Cac Can, Julia Ecks, Theo Moriarty, and R.F. Ree. And it includes a large quote from Trithemius' (a 15th century occultist who wrote several books on magic that were actually "encrypted" books on early cryptography in disguise.) Steganographia in the abstract.

When I tried to do some research on this mysterious paper I couldn't really find any references or explanations for who these people are, where they are from, or why this wrote this paper. The only thing I could come up with is "Boo Barkee" sounds a lot like "Bourbaki", the last name of a pseudonymous group of French mathematicians [https://en.wikipedia.org/wiki/Nicolas_Bourbaki].

All this to say, does anyone here know about this paper or who the authors are? Why is it all so mysterious? Is there supposed to be hidden steganography'd messages inside the paper itself? Are the other authors' names also references?

As for my final project, I ended up not being able to figure out a way to use Grobner bases for cryptography.