If FPS gamers are switching to wired input devices to beat latency on wireless device tech, I don't think they'll be itching to send their control inputs over the internet anytime soon.
If it's not your keys, then it's not your content. In other words, unless you created the keys yourself using your own gear and method, then you cannot guarantee that Slack cannot decrypt your communications without your knowledge. Having Slack generate your keys is ridiculous and is akin to security theater.
What you're getting with this "announcement" is security for data in transit and in storage, but there's no guarantee of confidentiality.
Saying that you don't care about privacy because you have nothing to hide is like saying that you don't care about freedom of speech because you have nothing to say.
It's also important to note that governments want this, too. They used to just have visibility on big number transactions but once all cash is gone, they'll be able to monitor every transaction, no matter how small. The concept of anonymous transactions and spending privacy will be soon be over.
> Having a RFC to standardize length, characters and expiry dates would be a good first step.
It's easier than this. First step is to convince people to use a unique password for each site. Once folks start doing this, they won't be susceptible to the low hanging fruit kidhacks are using today to gain access to their online accounts.
Ultimately, once hardware tokens are more widely adopted, these kinds of attacks will stop and likely move to another vector, like cookie session stealing through malware for account breaching.
>> Something that costs 0.5BTC this morning (actually $1,700) may very well cost 0.7BTC tonight (still $1,700).
As with any new currency, volatility is likely to happen until exchanges and trading stabilizes it. In this area of a brand new technology acting as a currency or asset, where it is completely decentralized and has no borders, it's likely to be volatile for awhile before becoming stable. Also, keep in mind that your thinking is relative to what a seller is expecting: if a seller is expecting dollars, then pay in dollars; if in euros, then pay in euros; if in bitcoin, then pay in bitcoin. If you don't pay a seller what they're expecting, then there's likely to be a difference in value as a result - sometimes small, sometimes large.
>> Getting most people to trust cryptocurrency isn't going to happen, unless you assume most people are stupid. Fortunately for him, it seems most people are indeed stupid.
The sad part about your post is that you're calling people "stupid" for getting involved, either financially or other. Either you don't understand the technology itself or you're angry because you feel that you've missed some kind of boat where you could have quintupled your dollars. You need to think larger than this.
Once smart phones reach a lower price point ($10 or less), we can expect the 2.8 billion 'un-banked' people in the world to enter global financial markets using some form of crypto currency. Think of the prosperity that will spread across third world nations as a result.
Constantly hard-forking as you are suggesting here is a lot harder to do than you make it sound - haven't you been paying attention? You're basically suggesting centralization which undermines the value that bitcoin inherently has.
I use Dropbox and I'm a long time Linux user. You can't find a cheaper online storage solution.
When you use with EncFs, all your data on the Dropbox side is encrypted at the file level and the sync client works amazingly well. What's a cheaper, faster solution?
Please elaborate. Doesn't the Dropbox client app only have access to the specified Dropbox folder?
I use EncFs folders inside the Dropbox share. All of my content to Dropbox is encrypted. When I have an EncFs share mounted, the raw data becomes available elsewhere on my local filesystem. How would Dropbox have access to my unencrypted data in this case?
I understand that it's much easier (and cheaper) to emulate than to run on original hardware, but emulation doesn't bring the nostalgic factor like original hardware does and to be perfectly honest, it just isn't as cool. Also, half the fun in running old gear is keeping it clean, making repairs as needed and providing all the love necessary to keep things running clean and quiet.
I've been collecting Commodore hardware over the last decade and have quite the Commodore museum for an office. There's nothing more satisfying than writing a daily journal using Pen Pal on an original Amiga 2000 or using Paperback Writer on a Commodore 128 in 80 column mode with a 1802 monitor and 1571 disk drive.
>But why does the key work better than authenticating with a mobile phone?
Because it's trivial for someone to contact your phone provider, pretend they're you and have your phone number ported over to the hacker's device. This gives them SMS 2FA, call-back 2FA, etc.
Best to use a Yubikey and Yubico Authenticator for all 2FA websites that support Google Authenticator.
I work in the crypto asset space and these types of attacks have been going on for years now. If your 2FA is based on SMS or a call-back, you're doing it very wrong.
For those interested in doing 2FA correctly, buy a yubikey (USB-C if your phone supports) and couple that with Yubico authenticator which is 100% compatible with Google Authenticator. The major difference is that none of your 2FA codes appear until you plug your yubikey into your phone and nothing sensitive is stored on the phone itself. This way, the attacker would physically need your yubikey to authenticate as you - problem solved.
This is like saying that once all the gold and silver dries up, we can just switch to bottlecaps. It doesn't work this way. Something is only valuable if people give it value. Sure you can start a new coin, but if people don't give it value then it's worthless.
What gives something value is what people are willing to pay. If people are willing to pay $7000 for a single bitcoin, then that's the value. Just because you don't agree with it doesn't make the value wrong, it just makes the value wrong to you. If enough people think this way, then the value will be driven down by market forces, however that's not what we're seeing here.
My car registration is my taxes paid for using public roads. My taxes paid on my income pays for public services (and killing innocent women and children in foreign countries via drone strikes). I enjoy living in a free country thanks to the actions of me and my military brothers that have fought in wars protecting this country.
The government should be allowed to shake me down because I made some risky, but good financial decisions. Keep in mind that I take all the risk.
>how can it back up your chat history to keep it accessible across all your devices?
That's why you typically scan the QR code between clients, you're sharing your private key across applications. All of your chat history is stored encrypted server-side.
two different BBS software on a C-64: HAL9000 and CNET v10 in SoCal from 1983-1986. It started at 300 baud and ended at 1200. It was called The Pirates Galley and later, The Probability Broach. CNET v10 software had lots of basic parts to it, so was highly customizable. For example, the email section was fashioned after the wild west and visiting the old post office. File transfer section was science fiction themed. We only had a few thousand user accounts, but for a single line BBS, that's pretty good. I can still remember the phone number, 805-647-8093. No, don't try it, it's been offline for over 30 years.
I still have the basic portion of the CNET printed out on some dot-matrix printer around here somewhere..good times.
Slashdot Mirror
If FPS gamers are switching to wired input devices to beat latency on wireless device tech, I don't think they'll be itching to send their control inputs over the internet anytime soon.
If it's not your keys, then it's not your content. In other words, unless you created the keys yourself using your own gear and method, then you cannot guarantee that Slack cannot decrypt your communications without your knowledge. Having Slack generate your keys is ridiculous and is akin to security theater.
What you're getting with this "announcement" is security for data in transit and in storage, but there's no guarantee of confidentiality.
Saying that you don't care about privacy because you have nothing to hide is like saying that you don't care about freedom of speech because you have nothing to say.
Being an advocate of digital, sovereign assets through crypto is a good start.
>>Wait until someone does this via moon-bounce. I can see the headline now: "Bitcoin coming from the Moon."
No, no you have that backwards. The correct headline will be "Bitcoin going to the moon".
It's also important to note that governments want this, too. They used to just have visibility on big number transactions but once all cash is gone, they'll be able to monitor every transaction, no matter how small. The concept of anonymous transactions and spending privacy will be soon be over.
> Having a RFC to standardize length, characters and expiry dates would be a good first step.
It's easier than this. First step is to convince people to use a unique password for each site. Once folks start doing this, they won't be susceptible to the low hanging fruit kidhacks are using today to gain access to their online accounts.
Ultimately, once hardware tokens are more widely adopted, these kinds of attacks will stop and likely move to another vector, like cookie session stealing through malware for account breaching.
>> Something that costs 0.5BTC this morning (actually $1,700) may very well cost 0.7BTC tonight (still $1,700).
As with any new currency, volatility is likely to happen until exchanges and trading stabilizes it. In this area of a brand new technology acting as a currency or asset, where it is completely decentralized and has no borders, it's likely to be volatile for awhile before becoming stable. Also, keep in mind that your thinking is relative to what a seller is expecting: if a seller is expecting dollars, then pay in dollars; if in euros, then pay in euros; if in bitcoin, then pay in bitcoin. If you don't pay a seller what they're expecting, then there's likely to be a difference in value as a result - sometimes small, sometimes large.
>> Getting most people to trust cryptocurrency isn't going to happen, unless you assume most people are stupid. Fortunately for him, it seems most people are indeed stupid.
The sad part about your post is that you're calling people "stupid" for getting involved, either financially or other. Either you don't understand the technology itself or you're angry because you feel that you've missed some kind of boat where you could have quintupled your dollars. You need to think larger than this.
I highly recommend that you spend some time checking out these resources:
https://lopp.net/bitcoin.html
Once smart phones reach a lower price point ($10 or less), we can expect the 2.8 billion 'un-banked' people in the world to enter global financial markets using some form of crypto currency. Think of the prosperity that will spread across third world nations as a result.
Constantly hard-forking as you are suggesting here is a lot harder to do than you make it sound - haven't you been paying attention? You're basically suggesting centralization which undermines the value that bitcoin inherently has.
I use Dropbox and I'm a long time Linux user. You can't find a cheaper online storage solution.
When you use with EncFs, all your data on the Dropbox side is encrypted at the file level and the sync client works amazingly well. What's a cheaper, faster solution?
Just use EncFs
Please elaborate. Doesn't the Dropbox client app only have access to the specified Dropbox folder?
I use EncFs folders inside the Dropbox share. All of my content to Dropbox is encrypted. When I have an EncFs share mounted, the raw data becomes available elsewhere on my local filesystem. How would Dropbox have access to my unencrypted data in this case?
I understand that it's much easier (and cheaper) to emulate than to run on original hardware, but emulation doesn't bring the nostalgic factor like original hardware does and to be perfectly honest, it just isn't as cool. Also, half the fun in running old gear is keeping it clean, making repairs as needed and providing all the love necessary to keep things running clean and quiet.
I've been collecting Commodore hardware over the last decade and have quite the Commodore museum for an office. There's nothing more satisfying than writing a daily journal using Pen Pal on an original Amiga 2000 or using Paperback Writer on a Commodore 128 in 80 column mode with a 1802 monitor and 1571 disk drive.
>But why does the key work better than authenticating with a mobile phone?
Because it's trivial for someone to contact your phone provider, pretend they're you and have your phone number ported over to the hacker's device. This gives them SMS 2FA, call-back 2FA, etc.
Best to use a Yubikey and Yubico Authenticator for all 2FA websites that support Google Authenticator.
Not sure if you're trolling or what, but perhaps you have no idea how yubikey works.
https://www.yubico.com/solutio...
I work in the crypto asset space and these types of attacks have been going on for years now. If your 2FA is based on SMS or a call-back, you're doing it very wrong.
For those interested in doing 2FA correctly, buy a yubikey (USB-C if your phone supports) and couple that with Yubico authenticator which is 100% compatible with Google Authenticator. The major difference is that none of your 2FA codes appear until you plug your yubikey into your phone and nothing sensitive is stored on the phone itself. This way, the attacker would physically need your yubikey to authenticate as you - problem solved.
If what you're saying is true, then why has Google been almost the very last email provider to provide email end-to-end encryption?
Because of ads.
This is like saying that once all the gold and silver dries up, we can just switch to bottlecaps. It doesn't work this way. Something is only valuable if people give it value. Sure you can start a new coin, but if people don't give it value then it's worthless.
What gives something value is what people are willing to pay. If people are willing to pay $7000 for a single bitcoin, then that's the value. Just because you don't agree with it doesn't make the value wrong, it just makes the value wrong to you. If enough people think this way, then the value will be driven down by market forces, however that's not what we're seeing here.
It costs approx. $1000 to create a single bitcoin. How much money does it cost for the US Govt to print $100?
>>The government should be allowed to shake me down because I made some risky, but good financial decisions. Keep in mind that I take all the risk.
Make that, shouldn't be allowed to shake me down.
My car registration is my taxes paid for using public roads.
My taxes paid on my income pays for public services (and killing innocent women and children in foreign countries via drone strikes).
I enjoy living in a free country thanks to the actions of me and my military brothers that have fought in wars protecting this country.
The government should be allowed to shake me down because I made some risky, but good financial decisions. Keep in mind that I take all the risk.
>how can it back up your chat history to keep it accessible across all your devices?
That's why you typically scan the QR code between clients, you're sharing your private key across applications. All of your chat history is stored encrypted server-side.
The content would be the same. How the content is rendered, filtered, organized would be handled client side with something like javascript.
two different BBS software on a C-64: HAL9000 and CNET v10 in SoCal from 1983-1986. It started at 300 baud and ended at 1200. It was called The Pirates Galley and later, The Probability Broach. CNET v10 software had lots of basic parts to it, so was highly customizable. For example, the email section was fashioned after the wild west and visiting the old post office. File transfer section was science fiction themed. We only had a few thousand user accounts, but for a single line BBS, that's pretty good. I can still remember the phone number, 805-647-8093. No, don't try it, it's been offline for over 30 years.
I still have the basic portion of the CNET printed out on some dot-matrix printer around here somewhere..good times.