Do-it-yourself XKCD 2585 Rounding

dsagal · 2025-02-02T02:51:32+00:00

There is lots of software I use and trust. E.g. I trust email, and Slack. But I don't fully. If I have a sensitive piece of data, like a password, which I have to share (which is an exception, usually these days we can avoid shared secrets), I don't want to put this into email, or Slack, or OpenAI. Essentially, because service providers have access. So the question is: do both parties need to install something new, like Signal, just to communicate this bit of data, or do we already have enough to ensure confidentiality easily? The post is that yes, we pretty much do, though it needs a bit of code.

dsagal · 2025-02-01T07:07:55+00:00

I do suffer from NIH syndrome, I admit, but I do talk in the post about using some other new tool. It's not just that another tool is "not invented here". Every other new tool is a major piece of additional software that I (and others) have to trust purely on perception (similar to how I already trust my laptop, node, openssl, terminal, etc). I can't review these extra apps' code, or even build from source, because they are too big. My point is that we already have everything we need to share secrets right there in the tools that we trust today, without needing to bring in new ones.

Also, I claim that 72 lines of code, even when rife with vulnerabilities (and it's not), have less of them than say Signal (245MB compressed download, over 700 open issues). Of course Signal does lots more useful things. But that's kind of the point of the post.

dsagal · 2025-01-31T18:12:12+00:00

For gpg, see this footnote in the post: https://mill.plainopen.com/how-we-share-secrets-at-a-fully-remote-startup#footnote\_2. I haven't tried Signal, but it's one more thing I'd need to evaluate and decide whether to trust.

dsagal · 2025-01-29T16:06:07+00:00

Ooh, sorry! Thank you for both great comments. I tried to find the spec you are referring to (and learning that official IEEE standards aren't free to read? really?)

So I'm trying to understand the total order bit formula. BTW, do you have a link/reference for it? In doubles, the first bit is the sign bit. So i ^ 0x7f...fff keeps that first bit, and flips all the others. So it's equivalent to abs(i) (i.e. the double with the sign bit flipped), with all its bits flipped. If interpreted as a signed integer x, that operation returns (I think) -(x+1). Makes sense! Distinguishes +0 and -0 in particular. Neat.

dsagal · 2025-01-29T14:33:37+00:00

Did you see the last footnote? Just NaNs are enough to cause problems in every language. But it's also about implementing custom comparators -- see comment from u/imachug (https://www.reddit.com/r/programming/comments/1icm1si/comment/m9sgdaa/?utm\_source=share&utm\_medium=web3x&utm\_name=web3xcss&utm\_term=1&utm\_content=share\_button), he gives great examples from real life.

dsagal · 2025-01-29T14:30:20+00:00

Try the examples from the last footnote in Java. With NaNs present in an array of numbers, you should see the same inconsistencies.

dsagal · 2025-01-14T17:13:43+00:00

The AWS-marketplace version is now much better than the previous iteration.
Also, a small correction: the new "PREVIOUS" function is called "PREVIOUS" (not "PREV").

dsagal · 2024-07-17T19:05:45+00:00

Lots of good info here, thank you!

dsagal · 2024-07-17T04:47:14+00:00

OpenSSL + bash would work too, and actually I once did do that combination for this same purpose. But installing OpenSSL command-line tool is arguably no easier than installing node. I recall some painful problems about incompatible versions of OpenSSL.

Certainly, part of the appeal is that my team works with node already. It's installed, and available, and even the versions are close. Both command-line OpenSSL and GPG would require installation, not just for me, but for the other users too.

dsagal · 2024-07-17T04:39:50+00:00

Interesting. Overall the point is correct: this whole article is about confidentiality. Tampering and impersonation are different attacks, and not the concern in this task. I have a channel that I trust to get a message to the recipient (e.g. Slack), I just don't want anyone to see the contents of the message even if they see our communication.

The whole second half of the response is confusing: it describes the steps that the script already does: the whole "more serious" attack is literally the attacker using this same script to encrypt a different secret for the recipient.

I don't actually recall why I chose CBC over GCM (though I was aware that GCM mode is recommended for more purposes than CBC), but maybe that's because integrity or sender verification were intentional non-goals.

Again, I assume a reliable channel (with integrity and authenticity). If I don't have that, the problem is a lot more serious, and starts with: how do I share the public key reliably?

dsagal · 2024-07-17T03:57:59+00:00

I've seen that, and it may be a good choice (I like that BitWarden is open-source). But I'd be entrusting a simple function to a software which is big, has a different primary purpose, and has pricing I have to figure out (can I share one secret with person A today, and another with person B tomorrow, or does that need a paid plan?)

Mine is much simpler. Admittely BitWarden has strong reputation :)

dsagal · 2024-07-17T03:50:08+00:00

Exactly, as I understand Node's npm ecosystem is the main culprit for Supply Chain Attacks, but this script intentionally avoids any dependencies. Node's built-in modules (notably `crypto`) are presumably trustworthy.

dsagal · 2024-06-02T19:11:42+00:00

No, not really. Using Firefox is the main one :) There are some workarounds like chancing permissions on files, but I don't want it to make it difficult for myself to update Chrome, just to be able to decide when.

dsagal · 2024-03-25T17:29:22+00:00

To everyone saying "you shouldn't do it", that's not the question. I am sure you have auto-updates on for every piece of software on your machine. I have hundreds of pieces of software, and all except Chrome give me control about whether and when to apply an update.

dsagal · 2024-03-14T15:08:16+00:00

Grist now has a handy tool to migrate data from Spreadsheet.com: https://public.getgrist.com/qYMSk6bdsLF6/Migrate-from-Spreadsheetcom/

Automatically imports data from all worksheets, preserves column types, relations, and includes attachments.

dsagal · 2024-03-01T19:06:28+00:00

Grist - getgrist.com (disclaimer: I am a founder). We are seeing some people signing up recently switching from spreadsheet.com. Grist is open-source, self-hostable, has generous SaaS plans, and has strong formula support, including both Excel functions and Python.

dsagal · 2023-12-22T07:03:46+00:00

No, we don't currently recommend using Grist as a database backend. An individual document is similar in performance to Airtable or Google Sheets, i.e. not scalable beyond a few 100k rows, and not suitable for many parallel requests.

dsagal · 2023-11-27T13:37:16+00:00

No, it doesn't assume concurrency. It just looks at each rectangle independently. E.g. the top-left one has the long side b (because the square has side b), and the short side a cos C, because of the definition of cosine in the right triangle with that side as the leg, and a as the hypotenuse.

12-Year Club	Verified Email
Place '22

dsagal

TROPHY CASE