signal’s “sealed sender” feature has an incoherent threat model

Regarding TVs, WikiLeaks’ Vault 7 publication in 2017 included “Weeping Angel”, CIA malware for Samsung TVs which streams audio from them while they’re in “fake off” mode.

https://mashable.com/article/cia-samsung-tv-hack-weeping-angel

xkcd#37 moment

It’s good to see someone in this thread who knows what an IPv5 address looks like:

IPv5 addresses consist of four hextets a 16bit each.  For the visual
representation, those grouping are used.  The hextets might be
written in decimal, separated by dot '.' characters, or as
hexadecimal numbers, separated by colon ':'.

It’s long past time to start replacing our IPv4.1 deployments!

Supersingular isogeny key exchange (SIKE) is very secure post-quantum replacement for Diffie-Hellman…

SIKE!

fuckin’ a

Activity lights are useful

in even more ways than one might think.

(see also this and this later work from the same author…)

based on the other comments here i had to double check if this thread was in !shittyasklemmy@lemmy.ml smh my head

well, some of them are built so that the front doesn’t fall off at all

You’re correct on both points (🤦‍♂️ indeed).

I’ve now edited this post to link to their advisory text file instead of their advertising-heavy blog post about it which I had initially linked when the above comment was posted. Thanks.

FYI, the day after you published this blog post, a spam blog posted… their AI reimplementation of it 🤦

ai — dr

(version 2.0 could triple your RAM)

signal’s claimed inability to collect metadata being an obvious albeit elaborate lie is a strong indicator

Nice post. Relatedly, see also malus.sh and this talk by the people that made it (both of which I posted in this lemmy community here).

A couple of minor corrections to your text:

Blanchard’s account is that he never looked at the existing source code directly.

Blanchard doesn’t say that he never looked at the existing code; on the contrary, he has been the maintainer (and primary contributor) to it for over a decade so he is probably the person who is most familiar with the pre-Claude version’s implementation details. Rather, he says that he didn’t prompt Claude with the source code while reimplementing it. iirc he does not acknowledge that it is extremely likely that multiple prior versions of it were included in Claude’s training corpus (which is non-public, so this can only be conclusively verified easily by Anthropic).

The GPL’s conditions are triggered only by distribution. If you distribute modified code, or offer it as a networked service, you must make the source available under the same terms.

The GPL does not require you to offer GPL-licensed source code when using the program to provide a network service; because it is solely a copyright license, the GPL’s obligations are only triggered by distribution. (It’s the AGPL which goes beyond copyright and imposes these obligations on people running a program as a network service…)

tbh, no, i have never actually used QED. 😢

(i have used ed though…)

(based on The Onion’s original version)

Sparkles? (bookmark groups?)