For crypto code it’s important that it’s time-invariant, otherwise it is vulnerable to timing attacks. I’ve had to build this time-invariant equality test from scratch, because I couldn’t find something on Google. I hope it’s useful to someone else.
Users of PGP will be aware of the many keyservers around the web. Keybase.io has launched as an interesting alternative to the ‘boring’ and complicated keyservers. They provide an easy CLI client and web client (if you choose to share your private key – I didn’t) for PGP crypto, where you don’t need to know someone’s key id – just their username on Twitter or GitHub.
One of the main problems I see with most crypto tools, like PGP, is usability. Without innovations I don’t think it will ever reach the masses. I’ll be paying attention to keybase and see how it develops.
My keybase.io account id is thomwiggers.
If you wish to verify it, my TextSecure identity is this:
You can verify it’s me by the image’s PGP signature available here, if there exists a trust path between us.
It’s been a while since I posted. Today I decided it was time to behave myself a bit like the pretentious hipster I secretly am and post a bit about the music that I discovered lately.
London Grammar – If You Wait (2013)
London Grammar are an UK based indie pop band. They released their debut album If You Wait a couple of weeks ago. Pitchfork already wrote a great review about them, so I’m not going to repeat that, but I’d like to highlight their great cover of Kavinsky’s Nightcall, capturing the feeling of the original track so nicely.
Kill Paris – The Beginning (2012)
Kill Paris’s tracks are a strange bunch. Electronic masterpieces, having influences of dubstep, indie electro and UK Garage. The tracks remind you of several popular and less popular pieces of music, but done in such a way that it’s brand new and just makes you want to dance.
Arcade Fire – The Suburbs (2010)
An album which I completely missed back when it was released. Grammy winner (which led to hilarious reactions) and overal awesome release. I particularly like the album’s second track, Ready To Start.
Arcade Fire is releasing a new album soon called Reflektor. It’s title track Reflektor has already been released and is also a great way to start your day.
CHVRCHES – The Bones of What You Believe (2013)
Great, happy indie pop. The band picked this name because you wouldn’t be able to find them in Google’s search engine if they’d be named “Churches”. This is their first album. Great stuff to listen to if you’re in a happy, uncomplicated mood.
Today I stumbled across heml.is. This is a supposed to become a crowdfunded, secure (as in NSA-free) replacement for WhatsApp and iMessage after the recent PRISM scares.
I think backing heml.is is a stupid idea.
I came across some forum posts about how this all is new and marvellous, so I felt I needed to burst some bubbles.
It has been done before. See the wonderful site https://prism-break.org/.
Love the way how it looks too
That site states they are not going to stick to design guidelines and basically launch an ios app on all platforms. We’ve seen that before, and it pretty much has been a fucking disaster every time. Design guidelines exist for a reason, and that is to make users feel comfortable and not confuse the heck out of them. It’s part of the ecosystem, and ecosystems have rules.
The guys making this are the same guys who created Flattr!
So tying in to my previous point: it’ll probably a disaster usability-wise.
Maybe I should send these guys some books on interaction design. Usability matters a LOT, because if users are frustrated, they drop your app. If they drop the app, noone wil use it, if noone uses it, it is useless.
heml.is pretty much wrote (paraphrased):
…the platform won’t be open source
Instant fail. Applications are in fact safer if they are open source.
Your server only?
Yes! The way to make the system secure is that we can control the infrastructure. Distributing to other servers makes it impossible to give any guarantees about the security. We’ll have audits from trusted third parties on our platforms regularily, in cooperation with our community.
False. There are plenty of ways to make the system secure while not trusting heml.is. There are plenty mature solutions for this, for instance assymetric crypto.
So BRB starting a campaign for an actually safe app and raising 100k.
While playing with my ePass2003 on my Gentoo installation today, I had some trouble getting it to work. As it turned out, you need the following use flags enabled:
# /etc/portage/package.use dev-libs/opensc pcsc-lite secure-messaging
Hope this helps someone.