douglasg14b

Yes but it pushes it to an operating system level and that means everyone wins as the operating system solutions to improve as vulnerabilities are found and resolved.

You also don't need rce access to exfiltrate data. If decrypted keys are held in memory, that mitigates an entire class of vulnerabilities from other applications causing your private chats from leaking.

Full disk encryption is not a solution here. Any application that's already running which can provide read only file system access to an attacker is not going to be affected by your full disk encryption.

They don't necessarily need RCE access.

Also this isn't how security works. Please refer to the Swiss cheese model.

Unless you can guarantee that every application ever installed on every computer will always be secure under every circumstances then you're already breaking your security model.

An application may expose a vulnerable web server which may allow read only file system access without exposing the user to any direct control of their computer from an attacker. Now your lack of security posture for your application (signal) now has a shared fate to any other application anyone else built.

This is just one of many easy examples that are counter to your argument here.

That's literally how a stutter works my man.

The wrong words come out sometimes even if you know what you were about to say.

This seems to be the case here as evidenced by the rest of the press conference being smooth as butter.

But no one seems to care how well things went when you have single phrase fuck up early on. Answering questions effectively and intelligently later on means nothing when you can focus on something that brings in drama points for your average voter to suck on ...

I know and then he carried on with the rest of the press conference pretty damn eloquently when it came to unscripted questions.

Get all the media wants to focus on is a train of thought fuck up.

I do this shit all the goddamn time, does this mean I am old and decrepit? Senile? No it just means that I fuck up words periodically.

Unfortunately American voters only want one thing, red or blue, and that's drama. Which is asinine.

This is exactly it. Reddit right now is what our society is like. This is the lowest common denominator.

EVERY forum and community online will always approach the lowest common denominator as it's size grows. This has always been the case on reddit, where niche communities lose their niche to the lowest common denominator.

The only way to avoid this is active moderation, clear quality expectations, and a strong stance on what does and does not belong in a community.

It won't burst, just deflate, and then gradually grow like the ready of the tech industry.

AI is getting more robust, not less. The current hype is crazy, that'll burst, but the good use cases don't vanish. The actual problem spaces where it excels (like astroturfing and manipulation public opinion, or intelligent search, Q & A, information management, knowledge work supplementation...etc) will still be there.

To their credit we couldn't do "anything about" the pandemic because of how many morons and suckers there out there.

Or at the least we failed to do what was most effective.

I'm not claiming some grand level of knowledge here. I also cannot enumerate all risks. The difference is that I know that I don't know, and the danger that poses towards cognitive biases when it comes to false confidence, and a lack of effective risk management. I'm a professional an adjacent field, mid way into pivoting into cybersecurity, I used to think the same way, that's why I'm so passionate here. It's painful to see arguments and thought processes counter to the fundamentals of security & safety that I've been learning the past few years. So, yeah, I'm gonna call it out and try and inform.

All that crap said:

And you are right, the problem gets moved. However, that's the point, that's how standardization works, and how it's supposed to work. It's a force multiplier, it smooths out the implementation. Moving the problem to the OS level means that EVERYONE benefits from advanced in Windows/Macos/Linux. Automatically.

It's not signal's responsibility, it shouldn't be unless that's a problem they specifically aim to solve. They have the tools available to them already, electron has a standardized API for this, secureStorage. Which handles the OS interop for them.

I'm not arguing that signal needs to roll their own here. The expectation is that they, at least, utilize the OS provided features made available to their software.

Another risk with Monitor, which may get better with time. Is that FOSS rust projects have a tendency to slow down or even stall due to the time cost of writing features, and the very small dev community available to pick up slack when original creators/maintainers drop off, burn out, or get too busy with life.

To be clear: I have nothing against rust. It's a fantastic language filling in a crucial gap that's existed for decades. However, it's I'll suited for app development, that's just not it's strength.

Why are you here if you're just going to insult hobbyists in the community dedicated to hobbyists.

This isn't the kind of vibe /c/selfhosted needs

Interesting fact, Nazis were actually socialists. The term Nazi is a shortened version of the german term for National Socialist, which is part of their full name: National Socialist Workers Party of Germany

I found one of the suckers that would vote for the Nazi party because they put {{Popular political ideology here}} in their name.

Having Signal fill in gaps for what the OS should be protecting is just going to stretch Signal more than it already does. I would agree that if Signal can properly support that kind of protection on EVERY OS that its built for, go for it. But this should be an OS level protection that can be offered to Signal as an app, not the other way around.

Damn reading literacy has gone downhill these days.

Please reread my post.

But this should be an OS level protection that can be offered to Signal as an app, not the other way around.

1. OSs provide keyring features already
2. The framework signal uses (electron) has a built in API for this EXACT NEED

Cmon, you can do better than this, this is just embarrassing.