robryk @robryk@qoto.org
I enjoy things around information theory (and data compression), complexity theory (and cryptography), read hard scifi, currently work on weird ML (we'll see how it goes), am somewhat literal minded and have approximate knowledge of random things. I like when statements have truth values, and when things can be described simply (which is not exactly the same as shortly) and yet have interesting properties.
I live in the largest city of Switzerland (and yet have cow and sheep pastures and a swimmable lake within a few hundred meters of my place :)). I speak Polish, English, German, and can understand simple Swiss German and French.
If in doubt, please err on the side of being direct with me. I very much appreciate when people tell me that I'm being inaccurate. I think that satisfying people's curiosity is the most important thing I could be doing (and usually enjoy doing it). I am normally terse in my writing and would appreciate requests to verbosify.
I appreciate it if my grammar or style is corrected (in any of the languages I use here).
Joined Nov 2020
Maybe Scrapheap Challenge? (But it might be way less commonly known.)
robryk
boosted
80s: The A-Team
90s: MacGyver
00s: Mythbusters
10s: The Martian
What's today's kids' reference for "locked in a room with a bunch of random stuff and a problem to solve"? Asking for a high school science technician...
pol, drm
Because you anyway need to trust the manufacturer of the CPUs (as they are able to create fake attestations), because tamper resistant hardware is basically impossible, or for some more reasons?
Have you noticed the weirdnesses around "visible to followers only"?
The technical weirdness is that when you reply to that, you end up replying (by default in Mastodon) with a reply visible to _your_ followers. (And depending on various antispam setups, you might not even be able to reply in a way visible to OP's followers[1].
The nontechnical weirdness is that it's followers and not followees. The latter is a collection you always control yourself, and a reason for having someone in there you don't want to share stuff with is less likely to materialize than for followers.
[1] You can only get OP's instance to forward to them (https://www.w3.org/TR/activitypub/#inbox-forwarding), which requires signed objects (because you might have no clue who the OP's followers are, if they hide the collection, so you can't let them fetch the post from you) that people don't want to use because it makes things nonrepudiable. Even if they do, then most likely such messages would be pushed only (and not pullable), so would have less reliably delivery.
pol, drm
> from a failure mode perspective, yeah, remote attestation where the remote server is the verified one has a much worse failure mode
Sorry, I think I wasn't clear. I meant that my example number two (HSM) has worse failure modes than my example number one (buying computational resources). I agree completely that it'd be better if we didn't have remote attestation.
> in the HSM case, well, that's the thing, you need to trust whoever you ship it off to, attestation can't make it trustworthy
If attestation works, you can surely ship it off only to someone who can attest as being an enclave that runs the same software as you? (More precisely, only encrypt it to public keys s.t. you trust that the corresponding private key is only present in an enclave that runs a copy of yourself.)
pol, drm
BTW I don't really see a reason to use enclaves without remote attestation (apart from weird implementation details that cause them to be better than just virtualisation at combating side channel bugs in CPUs).
It is used for reply discovery. If you visit a post with your client, your instance will be looking for replies in (a) posts it already knows about (b) that collection.
Re subreplies: it's not a thing you can change later. If you decide that subreplies are simply replies to replies and not controlled by OP, you can't retrofit that later. The reason why I think deciding that only direct replies are moderatable by the post's author is that it creates a weird situation where they might have to choose between moderating out a reply they're fine with and not moderating out a subreply they are not fine with (but the reply's author either is, or haven't noticed yet). We have similar problems in APub already (things along the lines of A blocks B, B sends a post that mentions A, C replies to that post and that reply gets sent to A) that cause people to desire to e.g. block instances because they don't block some other instance, which creates churn, collateral damage (that people might feel wronged by), and encourages all instances to converge to the same moderation policy.
pol, drm
The second one is worse than first one, because second one has larger vulnerability windows (potentially even unlimitedly large).
Yeah, first situation is basically the same thing as SafetyNet but with socially important properties switched around.
In the second case I mean an HSM that's running somewhere (and has standard rules for being asked to perform operations with keys it stored, no attestation involved there), but can migrate/duplicate itself to a different host (so that it doesn't die if the host dies). That requires some reason to trust that whoever we ship off a copy of all our secrets to will behave just as we behave (or rather, whoever has the session key that will decrypt the secrets we're shipping out).
pol, drm
I agree on undesirability, but want to point out two situations when it can be a security feature (if there wasn't a stream of exploits against the variants I know of): selling computational power without ability to see what the buyer is doing and poor man's cloneable HSM with potentially much more complicated logic inside (which would export keys, but only to instances of itself running someplace else).
Maybe driving an acoustic guitar like a speaker? (The more interesting way that I haven't seen done would be to do it via conductive or ferromagnetic strings. Vibrating the body could still be interesting on its own, because you ~won't be able to excite some modes from some locations.)
You technically could do that with ActivityPub (each post has a replies collection that whoever hosts the post can control) and technically can have a client that will refuse to show replies that aren't present there.
Sadly (I think), replies to replies would be under the control of the first replier (as opposed to OP). For that reason I think that every system that has the property you want needs to treat posts and replies as different kinds of entities.
@lauren @FLGLchicago @hackbyte
What properties would a good term have?
Hm~ yes, this is not a situation where one needs to coordinate, so just doing that works.
Sorry for rambling, I should probably go to sleep.
But that's also allowed in the byzantine general's problem? There's no restriction on what messages can be passed around there.
If you can only do that in pairwise conversations, sussing out malicious people who say different things depending on who they speak with (and claim falsely what they've said to/heard from others) is nontrivial. Having a way to make a statement that ~everyone can see (and that no one will see a different version of, and that everyone can trust to have this property) makes that much simpler.
The communication has to happen under Byzantine fault conditions sometimes though, given that people will sometimes be maliciously dishonest in different ways when interacting with different people. But I think I overestimated how much worse this makes things, because after all everyone has an equivalent of a broadcast primitive.
Fair point; generally being more proactive about getting the other side's story is both generally good and completely(?) mitigates this problem.
IRL it's very obvious that the complaints are hidden from the target of the complaints. The situation I'm trying to paint is one where this is not obvious to others (because the complaints are ostensibly public, and yet not available to the target of the complaints specifically).
I guess you expect people not to treat "complaint is public" as "B likely has seen the complaint", and explicitly talk to B?
I enjoy things around information theory (and data compression), complexity theory (and cryptography), read hard scifi, currently work on weird ML (we'll see how it goes), am somewhat literal minded and have approximate knowledge of random things. I like when statements have truth values, and when things can be described simply (which is not exactly the same as shortly) and yet have interesting properties.
I live in the largest city of Switzerland (and yet have cow and sheep pastures and a swimmable lake within a few hundred meters of my place :)). I speak Polish, English, German, and can understand simple Swiss German and French.
If in doubt, please err on the side of being direct with me. I very much appreciate when people tell me that I'm being inaccurate. I think that satisfying people's curiosity is the most important thing I could be doing (and usually enjoy doing it). I am normally terse in my writing and would appreciate requests to verbosify.
I appreciate it if my grammar or style is corrected (in any of the languages I use here).
Joined Nov 2020
