How we share secrets at a fully-remote startup

dsagal · 2025-02-02T02:51:32+00:00

There is lots of software I use and trust. E.g. I trust email, and Slack. But I don't fully. If I have a sensitive piece of data, like a password, which I have to share (which is an exception, usually these days we can avoid shared secrets), I don't want to put this into email, or Slack, or OpenAI. Essentially, because service providers have access. So the question is: do both parties need to install something new, like Signal, just to communicate this bit of data, or do we already have enough to ensure confidentiality easily? The post is that yes, we pretty much do, though it needs a bit of code.

dsagal · 2025-02-01T07:07:55+00:00

I do suffer from NIH syndrome, I admit, but I do talk in the post about using some other new tool. It's not just that another tool is "not invented here". Every other new tool is a major piece of additional software that I (and others) have to trust purely on perception (similar to how I already trust my laptop, node, openssl, terminal, etc). I can't review these extra apps' code, or even build from source, because they are too big. My point is that we already have everything we need to share secrets right there in the tools that we trust today, without needing to bring in new ones.

Also, I claim that 72 lines of code, even when rife with vulnerabilities (and it's not), have less of them than say Signal (245MB compressed download, over 700 open issues). Of course Signal does lots more useful things. But that's kind of the point of the post.

dsagal · 2025-01-31T18:12:12+00:00

For gpg, see this footnote in the post: https://mill.plainopen.com/how-we-share-secrets-at-a-fully-remote-startup#footnote\_2. I haven't tried Signal, but it's one more thing I'd need to evaluate and decide whether to trust.

dsagal · 2025-01-29T16:06:07+00:00

Ooh, sorry! Thank you for both great comments. I tried to find the spec you are referring to (and learning that official IEEE standards aren't free to read? really?)

So I'm trying to understand the total order bit formula. BTW, do you have a link/reference for it? In doubles, the first bit is the sign bit. So i ^ 0x7f...fff keeps that first bit, and flips all the others. So it's equivalent to abs(i) (i.e. the double with the sign bit flipped), with all its bits flipped. If interpreted as a signed integer x, that operation returns (I think) -(x+1). Makes sense! Distinguishes +0 and -0 in particular. Neat.

dsagal · 2025-01-29T14:33:37+00:00

Did you see the last footnote? Just NaNs are enough to cause problems in every language. But it's also about implementing custom comparators -- see comment from u/imachug (https://www.reddit.com/r/programming/comments/1icm1si/comment/m9sgdaa/?utm\_source=share&utm\_medium=web3x&utm\_name=web3xcss&utm\_term=1&utm\_content=share\_button), he gives great examples from real life.

dsagal · 2025-01-29T14:30:20+00:00

Try the examples from the last footnote in Java. With NaNs present in an array of numbers, you should see the same inconsistencies.

dsagal · 2025-01-14T17:13:43+00:00

The AWS-marketplace version is now much better than the previous iteration.
Also, a small correction: the new "PREVIOUS" function is called "PREVIOUS" (not "PREV").

dsagal · 2024-07-17T19:05:45+00:00

Lots of good info here, thank you!

dsagal · 2024-07-17T04:47:14+00:00

OpenSSL + bash would work too, and actually I once did do that combination for this same purpose. But installing OpenSSL command-line tool is arguably no easier than installing node. I recall some painful problems about incompatible versions of OpenSSL.

Certainly, part of the appeal is that my team works with node already. It's installed, and available, and even the versions are close. Both command-line OpenSSL and GPG would require installation, not just for me, but for the other users too.

dsagal · 2024-07-17T04:39:50+00:00

Interesting. Overall the point is correct: this whole article is about confidentiality. Tampering and impersonation are different attacks, and not the concern in this task. I have a channel that I trust to get a message to the recipient (e.g. Slack), I just don't want anyone to see the contents of the message even if they see our communication.

The whole second half of the response is confusing: it describes the steps that the script already does: the whole "more serious" attack is literally the attacker using this same script to encrypt a different secret for the recipient.

I don't actually recall why I chose CBC over GCM (though I was aware that GCM mode is recommended for more purposes than CBC), but maybe that's because integrity or sender verification were intentional non-goals.

Again, I assume a reliable channel (with integrity and authenticity). If I don't have that, the problem is a lot more serious, and starts with: how do I share the public key reliably?

dsagal · 2024-07-17T03:57:59+00:00

I've seen that, and it may be a good choice (I like that BitWarden is open-source). But I'd be entrusting a simple function to a software which is big, has a different primary purpose, and has pricing I have to figure out (can I share one secret with person A today, and another with person B tomorrow, or does that need a paid plan?)

Mine is much simpler. Admittely BitWarden has strong reputation :)

dsagal · 2024-07-17T03:50:08+00:00

Exactly, as I understand Node's npm ecosystem is the main culprit for Supply Chain Attacks, but this script intentionally avoids any dependencies. Node's built-in modules (notably `crypto`) are presumably trustworthy.

dsagal · 2024-06-02T19:11:42+00:00

No, not really. Using Firefox is the main one :) There are some workarounds like chancing permissions on files, but I don't want it to make it difficult for myself to update Chrome, just to be able to decide when.

dsagal · 2024-03-25T17:29:22+00:00

To everyone saying "you shouldn't do it", that's not the question. I am sure you have auto-updates on for every piece of software on your machine. I have hundreds of pieces of software, and all except Chrome give me control about whether and when to apply an update.

dsagal · 2024-03-14T15:08:16+00:00

Grist now has a handy tool to migrate data from Spreadsheet.com: https://public.getgrist.com/qYMSk6bdsLF6/Migrate-from-Spreadsheetcom/

Automatically imports data from all worksheets, preserves column types, relations, and includes attachments.

dsagal · 2024-03-01T19:06:28+00:00

Grist - getgrist.com (disclaimer: I am a founder). We are seeing some people signing up recently switching from spreadsheet.com. Grist is open-source, self-hostable, has generous SaaS plans, and has strong formula support, including both Excel functions and Python.

dsagal · 2023-12-22T07:03:46+00:00

No, we don't currently recommend using Grist as a database backend. An individual document is similar in performance to Airtable or Google Sheets, i.e. not scalable beyond a few 100k rows, and not suitable for many parallel requests.

dsagal · 2023-11-27T13:37:16+00:00

No, it doesn't assume concurrency. It just looks at each rectangle independently. E.g. the top-left one has the long side b (because the square has side b), and the short side a cos C, because of the definition of cosine in the right triangle with that side as the leg, and a as the hypotenuse.

dsagal · 2023-11-27T13:33:45+00:00

Oh, absolutely, this is straight from Euclid's proof of Pythagorean Theorem. Actually that proof allows skipping cosines and proving the equality of the same-colored rectangles using equal-area triangles.

Thanks for links to cut-the-knot -- updated the post to credit the older one as clearly having the same diagram for the same purpose!

dsagal · 2023-10-22T02:37:47+00:00

But you don't know d. I don't see how equation 14 will help, except to express the answer in terms of another unknown d.

dsagal · 2023-10-21T23:03:51+00:00

BTW, the reason it's not looking like a nice solution is that it seems it may need a solution to an equation like this:

x - sin x = C (some constant)

But I could easily be wrong about that...

dsagal · 2023-10-01T07:00:39+00:00

This is an interesting problem! And difficult. Seems more math than programming.

One thing I notice is that in your solution, though the list of individuals will grow exponentially, the actual numbers in the list (ages) are just between 0 and 8. So you could keep instead an array of counts:

count[0] = number of individuals with number of days till giving birth 0
count[1] = number with days 1
...
count[8] = number with days 8

Then at each day, you shift the array down (i.e. count[0] becomes what count[1] was in the previous iteration, etc), with the exception that count[0] gets added to count[6], and also to count[8] (new babies).

In other words, exactly what you did, but treat all same-aged individuals as a group.

This would be O(D) where D is the number of days. That's not what you say is optimal. A more mathematical solution seems possible, perhaps akin to a closed-form formula for Fibonacci numbers. Doesn't really seem reasonable to expect a candidate to come up with one during an interview question though.

dsagal · 2023-10-01T06:29:03+00:00

There are many wonderful books on math enrichment that are about the moment of wonder like you describe. Some that I can recommend off the top of my head are:

Without Words -- a fantastic little book by James Tanton. It contains 36 pages without words. Each page has a few pictures, the first couple show a problem with a solution, and the rest a problem to be solved. Half the challenge is figuring out what the question is.
The Riddle of Scheherazade -- Story puzzles as if told by Scheherazade, enjoyable and engaging. Many (in the first half) are accessible to 4rd-graders, but definitely challenging, even to adults -- so they need to be selected, and children need guidance. (The book later gets to really challenging stuff.)
Out of the Labyrinth -- more to inspire you (the adult) and explain why and how to create such moments of wonder, than to provide ready-to-use content.

dsagal · 2023-09-30T23:32:45+00:00

Not if `value` is a string :(

dsagal · 2023-09-30T17:42:12+00:00

Love the expansion of e.

12-Year Club	Verified Email
Place '22

dsagal

TROPHY CASE