• 0 Posts
  • 23 Comments
Joined 1 year ago
cake
Cake day: July 9th, 2023

help-circle

  • Interestingly, whilst Wikipedia does say that, the language in RFC 1591 (Domain Name System Structure and Delegation) only says:

    There are a set of what are called “top-level domain names” (TLDs). These are the generic TLDs (EDU, COM, NET, ORG, GOV, MIL, and INT), and the two letter country codes from ISO-3166.

    Likewise, in ICANN’s PRINCIPLES FOR THE DELEGATION AND ADMINISTRATION OF COUNTRY CODE TOP LEVEL DOMAINS, they say:

    ‘Country code top level domain’ or ‘ccTLD’ means a domain in the top level of the global domain name system assigned according to the two-letter codes in the ISO 3166-1 standard

    In neither case do they actually limit two letter TLDs to being country codes, they only state that all country codes in ISO 3166-1 are ccTLDs. In the RFC, the author does suggest it is unlikely that any other TLDs will be assigned, but this has obviously been superseded with the advent of gTLDs. Thus I still consider it likely that the .io TLD will simply transition to being a commercial one, rather than a country one.

    Having said all that, it’s entirely possible I’ve missed some more recent rule that tightens this up and only allows two letter domains from ISO 3166-1. If I have I’d be glad of a pointer to it.



  • It’ll get eliminated as a country code, yes, but that leaves it available as a generic TLD. Seen as it will be available and is obviously lucrative, someone will register it and, presumably allow domains to be registered under it. Off the top of my head, I think it costs $10,000 and you have to show you have the infrastructure to support the TLD you register, so an existing registrar is the most likely. That figure is probably out of date, it’s been many years since I checked it, but the infrastructure requirement is the more costly part anyway.




  • Look, I’m not attacking them over this, as you rightly said, it has plenty of other drawbacks and concerns, I’m just emphasising that Google do have a large degree of influence over them. For instance, Chromium is dropping manifest v2 support, so Brave pretty much has to do the same. They’ve said that, as Chromium has a switch to keep it enabled until June (iirc) they’ve enabled that, but after Chromium drops manifest v2 the most they can do is try to support a subset of it as best they can. The Brave devs may not want to drop support, but Google have decreed it will be dropped, so they end up dropping it and having to put in extra work to keep even a subset working for some period of time.

    If Brave gets even a moderate market share, Google will continue to mess them around like this as they really don’t like people not seeing their adverts.

    Ultimately it’s software, so the Brave devs can do pretty much whatever they want, limited by the available time and money. Google’s influence extends to making that either easier or harder, it much the same way as they influence the Android ecosystem.



  • If you’re talking about being able to regain access with no local backups (even just a USB key sewn into your clothing) your going to need to think carefully about the implications if someone else gets hold of your phone, or hijacks your number. Anything you can do to recover from the scenario is a way an attacker can gain access. Attempting to secure this via SMS is going to ne woefully insecure.

    That being said, there are a couple of approaches you could consider. One option is to put an encrypted backup on an sftp server or similar and remember the login and passwords, another would be to have a trusted party, say a family member or very close friend, hold the emergency codes for access to your authentication account or backup site.

    Storing a backup somewhere is a reasonable approach if you are careful about how you secure it and consider if it meets your threat model. The backup doesn’t need to contain all your credentials, just enough to regain access to your actual password vault, so it doesn’t need to be updated often, unless that access changes. I would suggest either an export from your authentication app, a copy of the emergency codes, or a text file with the relevant details. Encrypt this with gpg symmetric encryption so you don’t have to worry about a key file, and use a long, complex, but reconstructable passphrase. By this I mean a passphrase you remember how to derive, rather than trying to remember a high entropy string directly, so something like the second letter of each word of a phrase that means something to you, a series of digits that are relevant to you, maybe the digits from your first friend’s address or something similarly pseudo random, then another phrase. The result is long enough to have enough entropy to be secure, and you’ll remember how to generate it more readily than remembering the phrase itself. It needs to be strong as once an adversary has a copy of the file they jave as long as they want to decrypt it. Once encrypted, upload it to a reliable storage location that you can access with just a username and password. Now you need to memorize the storage location, username, password and decryption passphrase generator, but you can recover even to a new phone.

    The second option is to generate the emergency, or backup, codes to your authentication account, or the storage you sync it to, and have someone you trust keep them, only to be revealed if you contact them and they’re sure it’s you. To be more secure, split each code into two halves and have each held by a different person.


  • I was more suggesting that it might be a bit eldritch, but sometimes humor doesn’t come across quite right/

    The linked paper is focused on studying the ‘perforation-type anchor’ they use to hold the tissue to the mold as it grows, rather than keeping it alive afterwards. During growth the tissue and mold were submerged, or partially submerged, in a suitable medium to keep the cells healthy, and it was only when the resulting models were tested that they were removed (although one test did seem to involve letting it dry out to see if the anchors held). Growing the various layers of cells seems to be a solved problem, and I suspect that includes keeping them supplied with nutrients and such, so the authors aren’t examining that. What’s not solved is how to keep the tissue attached to a robot, which is what the authors were studying.



  • The article says:

    The photons travel through a resonant metasurface, where they mingle with a pump beam.

    From that, I think it’s suggesting it needs a separate beam of photons to amplify the signal, much like a transistor needs a supply current to amplify the signal it gets.

    They also say:

    This new tech also captures the visible and non-visible (or infrared) light in one image as you look through the ‘lens.’

    Which sounds like it produces an image showing both the IR and visible spectrum in the visible range.

    Mind you, re-readind it, most of the article just talks about IR, so I’m not certain what it’s actually doing. It could just be transparent to the visible spectrum. It wouldn’t be much good for driving if it did that though, the windscreen blocks a lot of IR and you’d need IR headlights!




  • It doesn’t really matter whether the FMR is one in a hundred or one in a million, for the uses it’s being put to it’s still too high. If it was only being used as one factor for authenticating someone (I.e. the ‘thing for are’) but still required the other factor(s) (the ‘thing you know’ and the ‘thing you have’) then it’d be adaquate.

    As it stands, when it’s being used either to pick someone out without further scrutiny, or to make payments with no further checks, it’s simply unacceptable. There’s good arguments to say it’s not just the error rate is unacceptable, but that the technology simply shouldn’t be used in those scenarios as it’s entirely inappropriate, but that’s a separate discussion.


  • It’s the same problem with a drive like this, or any long term archive, you either store the data unencrypted and rely on physical security, or make sure you store the encryption key and algorithm for the same length of time, in which case you still need the physical security to protect that instead. In both cases you need to make sure you preserve a means to read the data back and details of the format its in so you can actually use it later.

    Paper is actually a pretty good way of storing a moderate amount of data long term. Stored correctly it’s unlikely to physically degrade, the data is unlikely to suffer bitrot and it can be read back by anything that can make an image in the visible spectrum. That means you can read it, or take a photo and use OCR to convert it into whatever format is current when the data is needed.





  • Just adding another voice agreeing that I just want to block instance posts, not comments from their users.

    If people really don’t want to see anything from an instance then they should join an instance that is bit federated with the one in question.

    If blocking all users from an instance does get implemented I believe it should be separate to blocking posts as they’re very different use cases.