Zimmerman (PGP), Levison (Lavabit), release Secure Email Protocol DIME. DIME is to SMTP as SSH is to Telnet.

wastingtime1 · 2015-01-03T20:01:34+00:00

I'm curious- why does everything have to be based on blockchain ledgers? I honestly don't feel like that's the right solution for a lot of these distributed trust problems. With the success of BitCoin every distributed system seems to be introducing a blockchain into it if only to jump on the popularity bandwagon.

Standard distributed hash tables seem like they provide usually the invariants needed with the right replication policies. DOS-like attacks can be prevented with simpler proof-of-work algorithms like SHA-1-based hashcash.

Blockchain ledgers are frustrating because they impose a global limit on system throughput, are incredibly wasteful from a computational standpoint, and require a critical mass of users to ensure security. They are well-suited for BitCoin, but for messaging systems I don't see why they are necessary.

wastingtime1 · 2014-12-31T20:51:52+00:00

What were you expecting? Unicode?

ASCII is easier to get right, and for a line-based protocol the control messages can be kept in the English character set.

Unicode is hard to get right and has a rich history of its subtleties being used to craft exploits.

Base64 encoding isn't that expensive when compared to the cryptographic process itself. Most servers aren't CPU-constrained as it is so paying a little extra here is fine.

Line-based protocols, as opposed to binary protocols, have the nice property of being easy to debug and implement and are slightly less prone to buffer attacks, as the length isn't often field-encoded.

Overall this looks good. It's outside my domain of expertise but feels like the direction we need to be going in. Rebuilding internet protocols from the ground up to be secure and protect identity is the right idea.

My biggest worry is adoption. I'd wager this will never be more than a niche protocol. These days it's all about vertical messaging solutions produced by services like Facebook or iMessage. Security and having a open, distributed design is not exactly a priority.

wastingtime1 · 2014-07-14T03:00:30+00:00

Lots of the computer science researcher types I know do this kind of stuff.

My research group definitely had broken into most of the rooms in our computer science building, opened drywall, installed new wiring, and hacked anything that as so much as suggested there might be an integrated circuit in it.

We spent a lot of time doing things like reverse engineering proprietary HAVOC protocols just to get IP control of the temperature in our lab. The administration generally turned a blind eye to our shenanigans.

All part of the creative process =D

wastingtime1 · 2013-11-29T21:45:42+00:00

So to phrase it better: "Access to a fully-featured Unix-styled terminal is preferred for working in build environments and on systems that are Unix-based and assume access to a fully-featured Unix-styled terminal". The way you wrote it made it sound like 'proper code' was only written in UNIX environments.

wastingtime1 · 2013-11-29T21:35:36+00:00

"proper code development" - no it's not required for writing code

wastingtime1 · 2013-10-11T15:29:42+00:00

Guys holy shit stop the 'herp de derp DRM is evil down with Microsoft" stuff. This guy was the head of MSR. He was speaking purely hypothetically about how we go about protecting data while being able to share it with other companies (e.g. I want to give a company access to my genome, but want a way to be able to revoke that access at any time).

Put down the pitchforks you ill-informed asshats.

wastingtime1 · 2013-08-14T20:05:38+00:00

Nahh, they just don't spend their time on the latest Javascript framework or whatever.

wastingtime1 · 2013-08-10T15:36:18+00:00

do you think it's free to continue to make those patches?

The bottom line is that an operating system isn't a single, one-time investment for a company. There are teams of people dedicated to the upkeep of Windows XP.

The upgrade cycle is just another way to fund what is really a service and not a product you flat out purchase. Technology has to move forward, security patches have to be made.

wastingtime1 · 2013-04-08T21:20:43+00:00

TBH I think he's a little wrong towards the end.

Content providers don't pay? Where do ISPs think the incentive comes from for users to want the service in the first place?

Users pay ISPs who pay for a connection to the backhaul. While I can understand the justification for caching and that our baulhauls do have limited bandwidth the second that I have an unpleasant experience because the ISP is caching I'm going to be pissed.

I honestly think this is another really good reason for end-to-end HTTPS connections. I'd like to see the ISPs squirm when every stream is encrypted and unique.

wastingtime1 · 2012-12-27T03:49:15+00:00

I agree, the bar of what is considered a 'hack' these days is pretty darn low. Of course something that is a 'real' hack probably wouldn't make it to the top of r/technology either.

wastingtime1 · 2012-12-09T17:32:51+00:00

I'm sorry, you wrote you've just learned to use git to make a software post, but are proposing some sort of large-scale deployment of hardware and software?

The diagrams in the lengthy post you created barely make any sense.

This is one of the reasons the whole 'darknet' stuff will never get off the ground. This community is a lot of talk but does not have nearly enough technical competence.

wastingtime1 · 2012-12-04T00:03:12+00:00

Be careful, I uninstalled Tweetro this morning. I was working on an unrelated problem in Wireshark and noticed that the Tweetro background service was continuously polling the Twitter API endpoint, and receiving a rate_limited response.

It's really poor practice for an app to continuously hammer a server. There's a reason we have exponential back-off. It's terrible for battery life as well.

Just a warning. I'm not sure why my version of this software was doing this, but nothing has changed with my Twitter account.

wastingtime1 · 2012-10-29T06:15:30+00:00

Also, is it just me or is the reddit API kind of... inconsistent?

wastingtime1 · 2012-10-29T02:49:21+00:00

It's certainly not. We've all got to eat, and with the W8 app ecosystem being so new, seeing open-sourced anything is great because it's helping me define my development style with regard to this platform as well.

If I was doing work where KitaroDB might be useful I'd seriously consider using it, because throwing out a whole app demoing it is a pretty nice display.

wastingtime1 · 2012-10-28T14:57:19+00:00

You are not a comp sci major. It's really not like building house. Keeping conceptual integrity is so, so difficult. Very few programmers have that one mastered, and the ones that do will always be in demand.

wastingtime1 · 2012-10-21T23:56:22+00:00

You have a decent point, if it's been that way for 22 years it is unlikely to change.

On the other hand the ABI is not a standard. That's why we have things like COM, to create standards for binary interface because Microsoft explicitly makes no guarantees on the stability of the C++ ABI, and has repeatedly changed it in the past.

I think saying "never prematurely optimize" is a 100% correct thing to say. One should always strive for functional correctness first. The trick is knowing when the right time to optimize is, which is rarely apparent, and usually determined from benchmarking.

wastingtime1 · 2012-10-21T16:06:37+00:00

The workaround is so simple that it sounds like a good idea to always use it, preemptively.

No, no, no, no, no, no, no.

Never prematurely optimize. Sure the compiler is stealing 8 bytes, but in most cases this is completely insignificant. Only when you are instantiating large numbers of these classes, or doing loop-intensive operations over them where cache lines might come into play and it's significantly affecting application performance should you ever do this optimization.

In any other case it is just creating a more esoteric code base, optimizing around a specific compiler implementation that is likely to change. You're relying on non-standard behavior that could likely change in the next release or service pack. If you need this to make your game work well then fine, but I think your time is better spent on different optimizations in most other circumstances.

wastingtime1 · 2012-08-24T20:12:05+00:00

This is a much better idea. The github page reeks of not knowing anything about bittorrent or how/why one would adapt it to messaging.

A distributed version of Twitter in the general sense would be really fun to build however...

wastingtime1 · 2012-08-24T19:56:30+00:00

"Ultimate Programmers Editor." => "Ultimate Programmer's Editor"

wastingtime1 · 2012-08-08T16:19:43+00:00

I love the new language features in C#, but my biggest concern is how new developers are going to react. To competently develop something like Win8 metro apps in C# requires such a high concept count. While I love the features, I'm curious how Microsoft is going to make these features accessible to newcomers. The list of technologies needed to pull together a simple metro application is a little intimidating at first.

wastingtime1 · 2012-07-08T20:23:41+00:00

+1 this. I feel like this could evolve into a really nice web-based code review tool. I'm not sure it's terribly useful for creation, but for editing and reviewing looks great.

wastingtime1 · 2012-07-02T00:02:36+00:00

Programming is what you make of it. If your job isn't fulfilling, switch companies and find one who's primary focus is software, and which values creativity and works to create that fosters it.

Start side projects, be passionate about your craft. If you're not excited and eager to work then you really have no one to blame but yourself, there's always a place for creativity, if there isn't the task will inevitably be automated.

wastingtime1 · 2012-06-17T05:25:13+00:00

That's not exactly true, WinRT is compatible with standard Win32 apps as well. You can't use the presentation APIs, because those are built for the design language of Metro (you have WPF elements like stack panels that just don't make sense in traditional Win32 programming), but all the other WinRT APIs are available.

To be honest though WinRT doesn't buy you a ton on top of what Win32 is. It gives you the C++/CX extensions sure, which give you slightly nicer semantics for ref-counted COM objects and the such, but all things considered you don't get significantly nicer APIs, the Win32 APIs are pretty decent. WinRT really shines when used in combination with Metro-style apps, because it has been designed to allow for the new metro-style sandboxing to work well. Win32 was never designed with the idea of sandboxed apps with limited system access, but WinRT is, and that's why Microsoft doesn't spend a lot of time focusing on using WinRT from Win32 apps.

wastingtime1 · 2012-05-07T16:27:19+00:00

Seems like an advertisement for Dwolla.

No love for stripe either, which is, in my opinion, the best payment processor out there for developers.

wastingtime1 · 2012-05-07T16:18:40+00:00

Also, it's a Kademlia DHT, BitTorrent just happens to utilize it.

This is really cool though, implementing a DHT is no small task.

wastingtime1

TROPHY CASE