#Cryptography Tools
Explore tagged Tumblr posts
Visit Tumblr Blog
Explore Tumblr blogs with no restrictions, modern design and the best experience.
Last Seen Tumblr Blogs
Fun Fact
Tumblr Inc. has $15.1M in annual revenue.
Text
CryptoChat - Beyond Secure Messaging
Welcome to CryptChat – where conversations remain truly private. Built on the robust Python ecosystem, our application ensures that every word you send is wrapped in layers of encryption. Whether you’re discussing sensitive business details or sharing personal stories, CryptChat provides the sanctuary you need in the digital age. Dive in, and experience the next level of secure…
View On WordPress
#Chat Application#Crypto Chat#CryptoChat#Cryptography Tools#KitPloit#Server Client#Server Client Chat#Socket Programming
0 notes
Text
12 notes
·
View notes
Text
New security protocol shields data from attackers during cloud-based computation
New Post has been published on https://thedigitalinsider.com/new-security-protocol-shields-data-from-attackers-during-cloud-based-computation/
New security protocol shields data from attackers during cloud-based computation
Deep-learning models are being used in many fields, from health care diagnostics to financial forecasting. However, these models are so computationally intensive that they require the use of powerful cloud-based servers.
This reliance on cloud computing poses significant security risks, particularly in areas like health care, where hospitals may be hesitant to use AI tools to analyze confidential patient data due to privacy concerns.
To tackle this pressing issue, MIT researchers have developed a security protocol that leverages the quantum properties of light to guarantee that data sent to and from a cloud server remain secure during deep-learning computations.
By encoding data into the laser light used in fiber optic communications systems, the protocol exploits the fundamental principles of quantum mechanics, making it impossible for attackers to copy or intercept the information without detection.
Moreover, the technique guarantees security without compromising the accuracy of the deep-learning models. In tests, the researcher demonstrated that their protocol could maintain 96 percent accuracy while ensuring robust security measures.
“Deep learning models like GPT-4 have unprecedented capabilities but require massive computational resources. Our protocol enables users to harness these powerful models without compromising the privacy of their data or the proprietary nature of the models themselves,” says Kfir Sulimany, an MIT postdoc in the Research Laboratory for Electronics (RLE) and lead author of a paper on this security protocol.
Sulimany is joined on the paper by Sri Krishna Vadlamani, an MIT postdoc; Ryan Hamerly, a former postdoc now at NTT Research, Inc.; Prahlad Iyengar, an electrical engineering and computer science (EECS) graduate student; and senior author Dirk Englund, a professor in EECS, principal investigator of the Quantum Photonics and Artificial Intelligence Group and of RLE. The research was recently presented at Annual Conference on Quantum Cryptography.
A two-way street for security in deep learning
The cloud-based computation scenario the researchers focused on involves two parties — a client that has confidential data, like medical images, and a central server that controls a deep learning model.
The client wants to use the deep-learning model to make a prediction, such as whether a patient has cancer based on medical images, without revealing information about the patient.
In this scenario, sensitive data must be sent to generate a prediction. However, during the process the patient data must remain secure.
Also, the server does not want to reveal any parts of the proprietary model that a company like OpenAI spent years and millions of dollars building.
“Both parties have something they want to hide,” adds Vadlamani.
In digital computation, a bad actor could easily copy the data sent from the server or the client.
Quantum information, on the other hand, cannot be perfectly copied. The researchers leverage this property, known as the no-cloning principle, in their security protocol.
For the researchers’ protocol, the server encodes the weights of a deep neural network into an optical field using laser light.
A neural network is a deep-learning model that consists of layers of interconnected nodes, or neurons, that perform computation on data. The weights are the components of the model that do the mathematical operations on each input, one layer at a time. The output of one layer is fed into the next layer until the final layer generates a prediction.
The server transmits the network’s weights to the client, which implements operations to get a result based on their private data. The data remain shielded from the server.
At the same time, the security protocol allows the client to measure only one result, and it prevents the client from copying the weights because of the quantum nature of light.
Once the client feeds the first result into the next layer, the protocol is designed to cancel out the first layer so the client can’t learn anything else about the model.
“Instead of measuring all the incoming light from the server, the client only measures the light that is necessary to run the deep neural network and feed the result into the next layer. Then the client sends the residual light back to the server for security checks,” Sulimany explains.
Due to the no-cloning theorem, the client unavoidably applies tiny errors to the model while measuring its result. When the server receives the residual light from the client, the server can measure these errors to determine if any information was leaked. Importantly, this residual light is proven to not reveal the client data.
A practical protocol
Modern telecommunications equipment typically relies on optical fibers to transfer information because of the need to support massive bandwidth over long distances. Because this equipment already incorporates optical lasers, the researchers can encode data into light for their security protocol without any special hardware.
When they tested their approach, the researchers found that it could guarantee security for server and client while enabling the deep neural network to achieve 96 percent accuracy.
The tiny bit of information about the model that leaks when the client performs operations amounts to less than 10 percent of what an adversary would need to recover any hidden information. Working in the other direction, a malicious server could only obtain about 1 percent of the information it would need to steal the client’s data.
“You can be guaranteed that it is secure in both ways — from the client to the server and from the server to the client,” Sulimany says.
“A few years ago, when we developed our demonstration of distributed machine learning inference between MIT’s main campus and MIT Lincoln Laboratory, it dawned on me that we could do something entirely new to provide physical-layer security, building on years of quantum cryptography work that had also been shown on that testbed,” says Englund. “However, there were many deep theoretical challenges that had to be overcome to see if this prospect of privacy-guaranteed distributed machine learning could be realized. This didn’t become possible until Kfir joined our team, as Kfir uniquely understood the experimental as well as theory components to develop the unified framework underpinning this work.”
In the future, the researchers want to study how this protocol could be applied to a technique called federated learning, where multiple parties use their data to train a central deep-learning model. It could also be used in quantum operations, rather than the classical operations they studied for this work, which could provide advantages in both accuracy and security.
“This work combines in a clever and intriguing way techniques drawing from fields that do not usually meet, in particular, deep learning and quantum key distribution. By using methods from the latter, it adds a security layer to the former, while also allowing for what appears to be a realistic implementation. This can be interesting for preserving privacy in distributed architectures. I am looking forward to seeing how the protocol behaves under experimental imperfections and its practical realization,” says Eleni Diamanti, a CNRS research director at Sorbonne University in Paris, who was not involved with this work.
This work was supported, in part, by the Israeli Council for Higher Education and the Zuckerman STEM Leadership Program.
#ai#ai tools#approach#artificial#Artificial Intelligence#attackers#author#Building#Cancer#classical#Cloud#cloud computing#communications#computation#computer#Computer Science#computing#conference#cryptography#cybersecurity#data#Deep Learning#detection#diagnostics#direction#education#Electrical engineering and computer science (EECS)#Electronics#engineering#equipment
0 notes
Note
Ohh if you going to write Platonic reader
how about a male reader who's part of the straw hats and his devil fruit power is that he can talk and use dead people to fight (like Klaus from The Umbrella Academy)
he has a best friend who died but he talks to him all the time so he's never alone (like Klaus and Ben from The Umbrella Academy)
Gone but still there (Strawhats x male!reader)
A/N: I had to change it a little bit since im bot comfortable with the whole controlling dead people to fight nor I think the strawhats would be too happy about that but I made this instead, hopefully it is somewhat appealing to what you envisioned! It is not very good, I would say this one is a flop :(
Dividers by @/saradika
“Okay, are we ready?” Reader exclaims, staring at his crewmates around him. Robin and Nami sat at a table nearby, with Sanji bringing them both snacks and compliments. Zoro sat down in his favorite corner, eyes closed, with Chopper standing close to him; Luffy sat at the head of the Sunny as usual, with Franky and Ussop sitting together, tinkering with some gadgets they had. Jinbe sat at the boat's wheel, keeping watch of the course ahead, Brook standing nearby with his violin.
He looked up at the reader, smiling and waving his bony hand in excitement
“Yes! Im excited to hear what Doctor Hiriluk has to say this time.”
“Yohohoho, and im excited to hear what new songs my old crew-mates have learned since the last time we spoke.”
He smiles
“I promise I’ll go around with everyone!”
He sweatdrops staring at the small girl next to him
“Umm Zoro, I think Kuina really wants to say some things to you…”
His eyes open, and he walks over
"What did you want, Kuina?" he said with a bit of annoyance
He laughs nervously
“she said your form was off in your last fight, that only an idiot would make such a mistake.”
He sighed and shook his head a bit
"Thanks, I'll keep that in mind," he said sarcastically and started moving back to his corner
He sighs
“This is going to be a long one…Ah, Nami, Bellemere says you shouldn’t be hitting your crewmates.”
She gives a small sigh
"Well, when they don't listen, it's what happens. Thanks for the message." She said while fixing her bangs gently as she took a bite from her apple
"Robin You're mom says you should look up the Old Signs? Uh she says that the second part gives some interesting views on cryptography?"
"Hmm I will look into it, thank you for the suggestion"
“What about my Mom?” Ussop questions, glancing at Reader
“She says you should be more careful with your experiments; she hates to see you get hurt when one of them goes wrong.”
He chuckles softly at that
“I’m not a little kid anymore, though…”He said before he fell quiet and went about working with his tools
He cackles at what the crew can only guess is something one of the ghosts has said
“Ussop~ Your mom says you will always be her little baby.”
“That’s what she said?!” His hand froze on the tool in front of him as the other slowly wiped away his sweat, his eyes wide in shock and even some embarrassment at his mother’s words
He can’t help but laugh even harder at Ussop's embarrassment; he glances to the side as his laughs die down, now just chuckles escaping him as he smiles gently at his crew and all the one-sided conversations they were having with their loved ones, every once in a while he would step in to deliver a message to them. Still, even if it was one-sided, none of them cared, happily chatting with their loved ones, knowing they were there, listening to them.
Okay I was honestly debating if to put this one on a timer and then delete it but I think I smoothed it out at the end, but still debating that one.
#one piece x reader#one piece#one piece fluff#one piece imagine#zoro#sanji#robin#nico robin#nami#straw hat luffy#straw hat nami#straw hat pirates#straw hat crew#one piece strawhats#straw hat sanji#straw hat usopp#straw hat zoro#straw hat robin#straw hats x reader#one piece x male reader#one piece x masc reader
190 notes
·
View notes
Text
How to design a tech regulation
TONIGHT (June 20) I'm live onstage in LOS ANGELES for a recording of the GO FACT YOURSELF podcast. TOMORROW (June 21) I'm doing an ONLINE READING for the LOCUS AWARDS at 16hPT. On SATURDAY (June 22) I'll be in OAKLAND, CA for a panel (13hPT) and a keynote (18hPT) at the LOCUS AWARDS.
It's not your imagination: tech really is underregulated. There are plenty of avoidable harms that tech visits upon the world, and while some of these harms are mere negligence, others are self-serving, creating shareholder value and widespread public destruction.
Making good tech policy is hard, but not because "tech moves too fast for regulation to keep up with," nor because "lawmakers are clueless about tech." There are plenty of fast-moving areas that lawmakers manage to stay abreast of (think of the rapid, global adoption of masking and social distancing rules in mid-2020). Likewise we generally manage to make good policy in areas that require highly specific technical knowledge (that's why it's noteworthy and awful when, say, people sicken from badly treated tapwater, even though water safety, toxicology and microbiology are highly technical areas outside the background of most elected officials).
That doesn't mean that technical rigor is irrelevant to making good policy. Well-run "expert agencies" include skilled practitioners on their payrolls – think here of large technical staff at the FTC, or the UK Competition and Markets Authority's best-in-the-world Digital Markets Unit:
https://pluralistic.net/2022/12/13/kitbashed/#app-store-tax
The job of government experts isn't just to research the correct answers. Even more important is experts' role in evaluating conflicting claims from interested parties. When administrative agencies make new rules, they have to collect public comments and counter-comments. The best agencies also hold hearings, and the very best go on "listening tours" where they invite the broad public to weigh in (the FTC has done an awful lot of these during Lina Khan's tenure, to its benefit, and it shows):
https://www.ftc.gov/news-events/events/2022/04/ftc-justice-department-listening-forum-firsthand-effects-mergers-acquisitions-health-care
But when an industry dwindles to a handful of companies, the resulting cartel finds it easy to converge on a single talking point and to maintain strict message discipline. This means that the evidentiary record is starved for disconfirming evidence that would give the agencies contrasting perspectives and context for making good policy.
Tech industry shills have a favorite tactic: whenever there's any proposal that would erode the industry's profits, self-serving experts shout that the rule is technically impossible and deride the proposer as "clueless."
This tactic works so well because the proposers sometimes are clueless. Take Europe's on-again/off-again "chat control" proposal to mandate spyware on every digital device that will screen everything you upload for child sex abuse material (CSAM, better known as "child pornography"). This proposal is profoundly dangerous, as it will weaken end-to-end encryption, the key to all secure and private digital communication:
https://www.theguardian.com/technology/article/2024/jun/18/encryption-is-deeply-threatening-to-power-meredith-whittaker-of-messaging-app-signal
It's also an impossible-to-administer mess that incorrectly assumes that killing working encryption in the two mobile app stores run by the mobile duopoly will actually prevent bad actors from accessing private tools:
https://memex.craphound.com/2018/09/04/oh-for-fucks-sake-not-this-fucking-bullshit-again-cryptography-edition/
When technologists correctly point out the lack of rigor and catastrophic spillover effects from this kind of crackpot proposal, lawmakers stick their fingers in their ears and shout "NERD HARDER!"
https://memex.craphound.com/2018/01/12/nerd-harder-fbi-director-reiterates-faith-based-belief-in-working-crypto-that-he-can-break/
But this is only half the story. The other half is what happens when tech industry shills want to kill good policy proposals, which is the exact same thing that advocates say about bad ones. When lawmakers demand that tech companies respect our privacy rights – for example, by splitting social media or search off from commercial surveillance, the same people shout that this, too, is technologically impossible.
That's a lie, though. Facebook started out as the anti-surveillance alternative to Myspace. We know it's possible to operate Facebook without surveillance, because Facebook used to operate without surveillance:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3247362
Likewise, Brin and Page's original Pagerank paper, which described Google's architecture, insisted that search was incompatible with surveillance advertising, and Google established itself as a non-spying search tool:
http://infolab.stanford.edu/pub/papers/google.pdf
Even weirder is what happens when there's a proposal to limit a tech company's power to invoke the government's powers to shut down competitors. Take Ethan Zuckerman's lawsuit to strip Facebook of the legal power to sue people who automate their browsers to uncheck the millions of boxes that Facebook requires you to click by hand in order to unfollow everyone:
https://pluralistic.net/2024/05/02/kaiju-v-kaiju/#cda-230-c-2-b
Facebook's apologists have lost their minds over this, insisting that no one can possibly understand the potential harms of taking away Facebook's legal right to decide how your browser works. They take the position that only Facebook can understand when it's safe and proportional to use Facebook in ways the company didn't explicitly design for, and that they should be able to ask the government to fine or even imprison people who fail to defer to Facebook's decisions about how its users configure their computers.
This is an incredibly convenient position, since it arrogates to Facebook the right to order the rest of us to use our computers in the ways that are most beneficial to its shareholders. But Facebook's apologists insist that they are not motivated by parochial concerns over the value of their stock portfolios; rather, they have objective, technical concerns, that no one except them is qualified to understand or comment on.
There's a great name for this: "scalesplaining." As in "well, actually the platforms are doing an amazing job, but you can't possibly understand that because you don't work for them." It's weird enough when scalesplaining is used to condemn sensible regulation of the platforms; it's even weirder when it's weaponized to defend a system of regulatory protection for the platforms against would-be competitors.
Just as there are no atheists in foxholes, there are no libertarians in government-protected monopolies. Somehow, scalesplaining can be used to condemn governments as incapable of making any tech regulations and to insist that regulations that protect tech monopolies are just perfect and shouldn't ever be weakened. Truly, it's impossible to get someone to understand something when the value of their employee stock options depends on them not understanding it.
None of this is to say that every tech regulation is a good one. Governments often propose bad tech regulations (like chat control), or ones that are technologically impossible (like Article 17 of the EU's 2019 Digital Single Markets Directive, which requires tech companies to detect and block copyright infringements in their users' uploads).
But the fact that scalesplainers use the same argument to criticize both good and bad regulations makes the waters very muddy indeed. Policymakers are rightfully suspicious when they hear "that's not technically possible" because they hear that both for technically impossible proposals and for proposals that scalesplainers just don't like.
After decades of regulations aimed at making platforms behave better, we're finally moving into a new era, where we just make the platforms less important. That is, rather than simply ordering Facebook to block harassment and other bad conduct by its users, laws like the EU's Digital Markets Act will order Facebook and other VLOPs (Very Large Online Platforms, my favorite EU-ism ever) to operate gateways so that users can move to rival services and still communicate with the people who stay behind.
Think of this like number portability, but for digital platforms. Just as you can switch phone companies and keep your number and hear from all the people you spoke to on your old plan, the DMA will make it possible for you to change online services but still exchange messages and data with all the people you're already in touch with.
I love this idea, because it finally grapples with the question we should have been asking all along: why do people stay on platforms where they face harassment and bullying? The answer is simple: because the people – customers, family members, communities – we connect with on the platform are so important to us that we'll tolerate almost anything to avoid losing contact with them:
https://locusmag.com/2023/01/commentary-cory-doctorow-social-quitting/
Platforms deliberately rig the game so that we take each other hostage, locking each other into their badly moderated cesspits by using the love we have for one another as a weapon against us. Interoperability – making platforms connect to each other – shatters those locks and frees the hostages:
https://www.eff.org/deeplinks/2021/08/facebooks-secret-war-switching-costs
But there's another reason to love interoperability (making moderation less important) over rules that require platforms to stamp out bad behavior (making moderation better). Interop rules are much easier to administer than content moderation rules, and when it comes to regulation, administratability is everything.
The DMA isn't the EU's only new rule. They've also passed the Digital Services Act, which is a decidedly mixed bag. Among its provisions are a suite of rules requiring companies to monitor their users for harmful behavior and to intervene to block it. Whether or not you think platforms should do this, there's a much more important question: how can we enforce this rule?
Enforcing a rule requiring platforms to prevent harassment is very "fact intensive." First, we have to agree on a definition of "harassment." Then we have to figure out whether something one user did to another satisfies that definition. Finally, we have to determine whether the platform took reasonable steps to detect and prevent the harassment.
Each step of this is a huge lift, especially that last one, since to a first approximation, everyone who understands a given VLOP's server infrastructure is a partisan, scalesplaining engineer on the VLOP's payroll. By the time we find out whether the company broke the rule, years will have gone by, and millions more users will be in line to get justice for themselves.
So allowing users to leave is a much more practical step than making it so that they've got no reason to want to leave. Figuring out whether a platform will continue to forward your messages to and from the people you left there is a much simpler technical matter than agreeing on what harassment is, whether something is harassment by that definition, and whether the company was negligent in permitting harassment.
But as much as I like the DMA's interop rule, I think it is badly incomplete. Given that the tech industry is so concentrated, it's going to be very hard for us to define standard interop interfaces that don't end up advantaging the tech companies. Standards bodies are extremely easy for big industry players to capture:
https://pluralistic.net/2023/04/30/weak-institutions/
If tech giants refuse to offer access to their gateways to certain rivals because they seem "suspicious," it will be hard to tell whether the companies are just engaged in self-serving smears against a credible rival, or legitimately trying to protect their users from a predator trying to plug into their infrastructure. These fact-intensive questions are the enemy of speedy, responsive, effective policy administration.
But there's more than one way to attain interoperability. Interop doesn't have to come from mandates, interfaces designed and overseen by government agencies. There's a whole other form of interop that's far nimbler than mandates: adversarial interoperability:
https://www.eff.org/deeplinks/2019/10/adversarial-interoperability
"Adversarial interoperability" is a catch-all term for all the guerrilla warfare tactics deployed in service to unilaterally changing a technology: reverse engineering, bots, scraping and so on. These tactics have a long and honorable history, but they have been slowly choked out of existence with a thicket of IP rights, like the IP rights that allow Facebook to shut down browser automation tools, which Ethan Zuckerman is suing to nullify:
https://locusmag.com/2020/09/cory-doctorow-ip/
Adversarial interop is very flexible. No matter what technological moves a company makes to interfere with interop, there's always a countermove the guerrilla fighter can make – tweak the scraper, decompile the new binary, change the bot's behavior. That's why tech companies use IP rights and courts, not firewall rules, to block adversarial interoperators.
At the same time, adversarial interop is unreliable. The solution that works today can break tomorrow if the company changes its back-end, and it will stay broken until the adversarial interoperator can respond.
But when companies are faced with the prospect of extended asymmetrical war against adversarial interop in the technological trenches, they often surrender. If companies can't sue adversarial interoperators out of existence, they often sue for peace instead. That's because high-tech guerrilla warfare presents unquantifiable risks and resource demands, and, as the scalesplainers never tire of telling us, this can create real operational problems for tech giants.
In other words, if Facebook can't shut down Ethan Zuckerman's browser automation tool in the courts, and if they're sincerely worried that a browser automation tool will uncheck its user interface buttons so quickly that it crashes the server, all it has to do is offer an official "unsubscribe all" button and no one will use Zuckerman's browser automation tool.
We don't have to choose between adversarial interop and interop mandates. The two are better together than they are apart. If companies building and operating DMA-compliant, mandatory gateways know that a failure to make them useful to rivals seeking to help users escape their authority is getting mired in endless hand-to-hand combat with trench-fighting adversarial interoperators, they'll have good reason to cooperate.
And if lawmakers charged with administering the DMA notice that companies are engaging in adversarial interop rather than using the official, reliable gateway they're overseeing, that's a good indicator that the official gateways aren't suitable.
It would be very on-brand for the EU to create the DMA and tell tech companies how they must operate, and for the USA to simply withdraw the state's protection from the Big Tech companies and let smaller companies try their luck at hacking new features into the big companies' servers without the government getting involved.
Indeed, we're seeing some of that today. Oregon just passed the first ever Right to Repair law banning "parts pairing" – basically a way of using IP law to make it illegal to reverse-engineer a device so you can fix it.
https://www.opb.org/article/2024/03/28/oregon-governor-kotek-signs-strong-tech-right-to-repair-bill/
Taken together, the two approaches – mandates and reverse engineering – are stronger than either on their own. Mandates are sturdy and reliable, but slow-moving. Adversarial interop is flexible and nimble, but unreliable. Put 'em together and you get a two-part epoxy, strong and flexible.
Governments can regulate well, with well-funded expert agencies and smart, adminstratable remedies. It's for that reason that the administrative state is under such sustained attack from the GOP and right-wing Dems. The illegitimate Supreme Court is on the verge of gutting expert agencies' power:
https://www.hklaw.com/en/insights/publications/2024/05/us-supreme-court-may-soon-discard-or-modify-chevron-deference
It's never been more important to craft regulations that go beyond mere good intentions and take account of adminsitratability. The easier we can make our rules to enforce, the less our beleaguered agencies will need to do to protect us from corporate predators.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2024/06/20/scalesplaining/#administratability
Image: Noah Wulf (modified) https://commons.m.wikimedia.org/wiki/File:Thunderbirds_at_Attention_Next_to_Thunderbird_1_-_Aviation_Nation_2019.jpg
CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0/deed.en
#pluralistic#cda#ethan zuckerman#platforms#platform decay#enshittification#eu#dma#right to repair#transatlantic#administrability#regulation#big tech#scalesplaining#equilibria#interoperability#adversarial interoperability#comcom
99 notes
·
View notes
Text
The eye-popping scandal surrounding the Trump cabinet’s accidental invitation to The Atlantic’s editor in chief to join a text-message group secretly planning a bombing in Yemen has rolled into its third day, and that controversy now has a name: SignalGate, a reference to the fact that the conversation took place on the end-to-end encrypted free messaging tool Signal.
As that name becomes a shorthand for the biggest public blunder of the second Trump administration to date, however, security and privacy experts who have promoted Signal as the best encrypted messaging tool available to the public want to be clear about one thing: SignalGate is not about Signal.
Since The Atlantic’s editor, Jeffrey Goldberg, revealed Monday that he was mistakenly included in a Signal group chat earlier this month created to plan US airstrikes against the Houthi rebels in Yemen, the reaction from the Trump cabinet’s critics and even the administration itself has in some cases seemed to cast blame on Signal for the security breach. Some commentators have pointed to reports last month of Signal-targeted phishing by Russian spies. National security adviser Michael Waltz, who reportedly invited Goldberg to the Signal group chat, has even suggested that Goldberg may have hacked into it.
On Wednesday afternoon, even President Donald Trump suggested Signal was somehow responsible for the group chat fiasco. “I don't know that Signal works,” Trump told reporters at the White House. “I think Signal could be defective, to be honest with you.”
The real lesson is much simpler, says Kenn White, a security and cryptography researcher who has conducted audits on widely used encryption tools in the past as the director of the Open Crypto Audit Project: Don’t invite untrusted contacts into your Signal group chat. And if you’re a government official working with highly sensitive or classified information, use the encrypted communication tools that run on restricted, often air-gapped devices intended for a top-secret setting rather than the unauthorized devices that can run publicly available apps like Signal.
“Unequivocally, no blame in this falls on Signal,” says White. “Signal is a communication tool designed for confidential conversations. If someone's brought into a conversation who’s not meant to be part of it, that's not a technology problem. That's an operator issue.”
Cryptographer Matt Green, a professor of computer science at Johns Hopkins University, puts it more simply. “Signal is a tool. If you misuse a tool, bad things are going to happen,” says Green. “If you hit yourself in the face with a hammer, it’s not the hammer’s fault. It’s really on you to make sure you know who you’re talking to.”
The only sense in which SignalGate is a Signal-related scandal, White adds, is that the use of Signal suggests that the cabinet-level officials involved in the Houthi bombing plans, including secretary of defense Pete Hegseth and director of national intelligence Tulsi Gabbard, were conducting the conversation on internet-connected devices—possibly even including personal ones—since Signal wouldn’t typically be allowed on the official, highly restricted machines intended for such conversations. “In past administrations, at least, that would be absolutely forbidden, especially for classified communications,” says White.
Indeed, using Signal on internet-connected commercial devices doesn’t just leave communications open to anyone who can somehow exploit a hackable vulnerability in Signal, but anyone who can hack the iOS, Android, Windows, or Mac devices that might be running the Signal mobile or desktop apps.
This is why US agencies in general, and the Department of Defense in particular, conduct business on specially managed federal devices that are specially provisioned to control what software is installed and which features are available. Whether the cabinet members had conducted the discussion on Signal or another consumer platform, the core issue was communicating about incredibly high-stakes, secret military operations using inappropriate devices or software.
One of the most straightforward reasons that communication apps like Signal and WhatsApp are not suitable for classified government work is that they offer “disappearing message” features—mechanisms to automatically delete messages after a preset amount of time—that are incompatible with federal record retention laws. This issue was on full display in the principals’ chat about the impending strike on Yemen, which was originally set for one-week auto-delete before the Michael Waltz account changed the timer to four-week auto-delete, according to screenshots of the chat published by The Atlantic on Wednesday. Had The Atlantic’s Goldberg not been mistakenly included in the chat, its contents might not have been preserved in accordance with long-standing government requirements.
In congressional testimony on Wednesday, US director of national intelligence Tulsi Gabbard said that Signal can come preinstalled on government devices. Multiple sources tell WIRED that this is not the norm, though, and noted specifically that downloading consumer apps like Signal to Defense Department devices is highly restricted and often banned. The fact that Hegseth, the defense secretary, participated in the chat indicates that he either obtained an extremely unusual waiver to install Signal on a department device, bypassed the standard process for seeking such a waiver, or was using a non-DOD device for the chat. According to political consultant and podcaster Fred Wellman, DOD “political appointees” demanded that Signal be installed on their government devices last month.
Core to the Trump administration’s defense of the behavior is the claim that no classified material was discussed in the Signal chat. In particular, Gabbard and others have noted that Hegseth himself is the classification authority for the information. Multiple sources tell WIRED, though, that this authority does not make a consumer application the right forum for such a discussion.
“The way this was being communicated, the conversation had no formal designation like 'for official use only' or something. But whether it should have been classified or not, whatever it was, it was obviously sensitive operational information that no soldier or officer would be expected to release to the public—but they had added a member of the media into the chat,” says Andy Jabbour, a US Army veteran and founder of the domestic security risk-management firm Gate 15.
Jabbour adds that military personnel undergo annual information awareness and security training to reinforce operating procedures for handling all levels of nonpublic information. Multiple sources emphasize to WIRED that while the information in the Yemen strike chat appears to meet the standard for classification, even nonclassified material can be extremely sensitive and is typically carefully protected.
“Putting aside for a moment that classified information should never be discussed over an unclassified system, it’s also just mind-boggling to me that all of these senior folks who were on this line and nobody bothered to even check, security hygiene 101, who are all the names? Who are they?” US senator Mark Warner, a Virginia Democrat, said during Tuesday’s Senate Intelligence Committee hearing.
According to The Atlantic, 12 Trump administration officials were in the Signal group chat, including vice president JD Vance, secretary of state Marco Rubio, and Trump adviser Susie Wiles. Jabbour adds that even with decisionmaking authorities present and participating in a communication, establishing an information designation or declassifying information happens through an established, proactive process. As he puts it, “If you spill milk on the floor, you can’t just say, ‘That’s actually not spilled milk, because I intended to spill it.’”
All of which is to say, SignalGate raises plenty of security, privacy, and legal issues. But the security of Signal itself is not one of them. Despite that, in the wake of The Atlantic’s story on Monday, some have sought tenuous connections between the Trump cabinet’s security breach and Signal vulnerabilities. On Tuesday, for example, a Pentagon adviser echoed a report from Google’s security researchers, who alerted Signal earlier this year to a phishing technique that Russian military intelligence used to target the app’s users in Ukraine. But Signal pushed out an update to make that tactic—which tricks users into adding a hacker as a secondary device on their account—far harder to pull off, and the same tactic also targeted some accounts on the messaging services WhatsApp and Telegram.
“Phishing attacks against people using popular applications and websites are a fact of life on the internet,” Signal spokesperson Jun Harada tells WIRED. “Once we learned that Signal users were being targeted, and how they were being targeted, we introduced additional safeguards and in-app warnings to help protect people from falling victim to phishing attacks. This work was completed months ago."
In fact, says White, the cryptography researcher, if the Trump administration is going to put secret communications at risk by discussing war plans on unapproved commercial devices and freely available messaging apps, they could have done much worse than to choose Signal for those conversations, given its reputation and track record among security experts.
“Signal is the consensus recommendation for highly at-risk communities—human rights activists, attorneys, and confidential sources for journalists,” says White. Just not, as this week has made clear, executive branch officials planning airstrikes.
28 notes
·
View notes
Text
An Introduction to Cybersecurity
I created this post for the Studyblr Masterpost Jam, check out the tag for more cool masterposts from folks in the studyblr community!
What is cybersecurity?
Cybersecurity is all about securing technology and processes - making sure that the software, hardware, and networks that run the world do exactly what they need to do and can't be abused by bad actors.
The CIA triad is a concept used to explain the three goals of cybersecurity. The pieces are:
Confidentiality: ensuring that information is kept secret, so it can only be viewed by the people who are allowed to do so. This involves encrypting data, requiring authentication before viewing data, and more.
Integrity: ensuring that information is trustworthy and cannot be tampered with. For example, this involves making sure that no one changes the contents of the file you're trying to download or intercepts your text messages.
Availability: ensuring that the services you need are there when you need them. Blocking every single person from accessing a piece of valuable information would be secure, but completely unusable, so we have to think about availability. This can also mean blocking DDoS attacks or fixing flaws in software that cause crashes or service issues.
What are some specializations within cybersecurity? What do cybersecurity professionals do?
incident response
digital forensics (often combined with incident response in the acronym DFIR)
reverse engineering
cryptography
governance/compliance/risk management
penetration testing/ethical hacking
vulnerability research/bug bounty
threat intelligence
cloud security
industrial/IoT security, often called Operational Technology (OT)
security engineering/writing code for cybersecurity tools (this is what I do!)
and more!
Where do cybersecurity professionals work?
I view the industry in three big chunks: vendors, everyday companies (for lack of a better term), and government. It's more complicated than that, but it helps.
Vendors make and sell security tools or services to other companies. Some examples are Crowdstrike, Cisco, Microsoft, Palo Alto, EY, etc. Vendors can be giant multinational corporations or small startups. Security tools can include software and hardware, while services can include consulting, technical support, or incident response or digital forensics services. Some companies are Managed Security Service Providers (MSSPs), which means that they serve as the security team for many other (often small) businesses.
Everyday companies include everyone from giant companies like Coca-Cola to the mom and pop shop down the street. Every company is a tech company now, and someone has to be in charge of securing things. Some businesses will have their own internal security teams that respond to incidents. Many companies buy tools provided by vendors like the ones above, and someone has to manage them. Small companies with small tech departments might dump all cybersecurity responsibilities on the IT team (or outsource things to a MSSP), or larger ones may have a dedicated security staff.
Government cybersecurity work can involve a lot of things, from securing the local water supply to working for the big three letter agencies. In the U.S. at least, there are also a lot of government contractors, who are their own individual companies but the vast majority of what they do is for the government. MITRE is one example, and the federal research labs and some university-affiliated labs are an extension of this. Government work and military contractor work are where geopolitics and ethics come into play most clearly, so just… be mindful.
What do academics in cybersecurity research?
A wide variety of things! You can get a good idea by browsing the papers from the ACM's Computer and Communications Security Conference. Some of the big research areas that I'm aware of are:
cryptography & post-quantum cryptography
machine learning model security & alignment
formal proofs of a program & programming language security
security & privacy
security of network protocols
vulnerability research & developing new attack vectors
Cybersecurity seems niche at first, but it actually covers a huge range of topics all across technology and policy. It's vital to running the world today, and I'm obviously biased but I think it's a fascinating topic to learn about. I'll be posting a new cybersecurity masterpost each day this week as a part of the #StudyblrMasterpostJam, so keep an eye out for tomorrow's post! In the meantime, check out the tag and see what other folks are posting about :D
#studyblrmasterpostjam#studyblr#cybersecurity#masterpost#ref#I love that this challenge is just a reason for people to talk about their passions and I'm so excited to read what everyone posts!
47 notes
·
View notes
Text
Some bad ideas never die. Since the late 1980s, spy agencies and cops have argued that the public should not have access to working cryptography, because this would mean that terrorists, mafiosi, drug dealers and pedophiles will be able to communicate in perfect, unbreakable secrecy.
The problem is that working cryptography protects everyone, not just the Four Horsemen of the Infocalypse: the same cryptographic tools that protect instant messages and “Darknet” sites also protect your communications with your bank, your Zoom therapy session, and the over-the-air updates for your pacemaker and your car’s anti-lock braking system.
Deliberately introducing defects into cryptographic tools — “back doors” for cops and spies — is a deadly proposition, carrying enormous risks. It’s hard enough to continually secure cryptographic systems without also having to preserve a “secret” backdoor that causes them to catastrophically fail when the right people need them to.
11 notes
·
View notes
Text
🔒
For the next two weeks I will be focusing on encryption for PierMesh. The roadmap looks like this (though not necessarily in this order):
Sort out/update the cryptography packet
Node to node ECDH key derivation
Symmetric key encryption/decryption for node to node
BVFS integration for the WebUI for keypair storage
SubtleCrypto keypair generation
Bubble cryptography packets
Peer to peer SubtleCrypto ECDH key derivation
SubtleCrypto symmetric key encryption/decryption
Peer to node cryptography using previously derived tools
27 notes
·
View notes
Note
“Opening it up was like a cryptography puzzle mixed with a dissertation research project, and each sentence was a fractal flower of information, a bud that bloomed into a dozen more buds that each bloomed into a dozen more. It was amazing. Enthralling. This was the kind of research Ford was made for. He was the most relaxed he'd been in weeks.”
One of my favorite excerpts from this chapter. Perhaps I’m reading too into it, but to me, this is a billford crumb. Why are you as a man describing another man(demon shape thing)’s writings like this. Enthralling. The most relaxed he’s been in weeks. It’s so over.
I think calling it a "billford crumb" is actually very apt—because this, in itself, can lead nowhere. Bill thinks it could lead somewhere (and his idea of "somewhere" is "befriending Ford just enough to help Bill survive/escape"), which is why he handed it over; but he's wrong. Ford loves the information, the challenge of it, just as Bill knew he would, but—
This was who Bill could be—gift-giver, wish-granter, teacher, guide, friend—and he chose not to be. Why?! When this was so easy for him—why did he have to be what he was instead?
This charitable act only made the true Bill look even worse by contrast.
—it truly did make Ford like Bill himself even less.
But, but... the juice is there. Bill can offer so many things Ford wants—knowledge knowledge knowledge, mysterious mysteries, boundless opportunities for research and exploration (and that's not even touching on the things Ford used to want in his youth—respect, fame, a breakthrough that will make his memory immortal). And, perhaps more importantly, he knows Ford well enough to know without asking that this is what he wants. And he was right. How many other people fully understand what Ford needs—and could any of them simply hand it to him the way Bill can?
But gifts won't make Ford soften toward Bill. Information is cheap to Bill, and now Ford can recognize just how shallow his "Muse's" friendship was beneath these pearls. He remembers exactly where Bill's gifts lead. Until Bill reckons for that treachery—AND until there's not a shadow of a doubt in Ford's mind that when Bill says "friend" he doesn't mean "useful tool"—Ford wouldn't be able to see him as anything but an enemy even if he wanted to.
... and yet it's still a lil gay innit.
77 notes
·
View notes
Text
Jest: A Concept for a New Programming Language
Summary: "Jest" could be envisioned as a novel computer programming language with a focus on humor, playfulness, or efficiency in a specific domain. Its design might embrace creativity in syntax, a unique philosophy, or a purpose-driven ecosystem for developers. It could potentially bridge accessibility with functionality, making coding intuitive and enjoyable.
Definition: Jest: A hypothetical computer language designed with a balance of simplicity, expressiveness, and potentially humor. The name suggests it might include unconventional features, playful interactions, or focus on lightweight scripting with a minimalist approach to problem-solving.
Expansion: If Jest were to exist, it might embody these features:
Playful Syntax: Commands and expressions that use conversational, quirky, or approachable language. Example:
joke "Why did the loop break? It couldn't handle the pressure!"; if (laughs > 0) { clap(); }
Efficiency-Focused: Ideal for scripting, rapid prototyping, or teaching, with shortcuts that reduce boilerplate code.
Modular Philosophy: Encourages user-created modules or libraries, reflecting its playful tone with practical use cases.
Integrated Humor or Personality: Built-in error messages or prompts might be witty or personalized.
Flexibility: Multi-paradigm support, including functional, procedural, and object-oriented programming.
Transcription: An example code snippet for a Jest-like language:
// Hello World in Jest greet = "Hello, World!"; print(greet); laugh();
A Jest program that calculates Fibonacci numbers might look like this:
// Fibonacci in Jest fib = (n) => n < 2 ? n : fib(n-1) + fib(n-2);
joke "What's the Fibonacci sequence? You'll love it, it grows on you!"; n = 10; print("The Fibonacci number at", n, "is:", fib(n));
Potential Domains:
Gamified education
Creative industries
AI-driven storytelling
Interactive debugging
Would you like me to refine or explore additional aspects?
Certainly! If we were to imagine Jest as the brainchild of a creative coder or team, their portfolio would likely include other innovative or experimental programming languages. Let’s expand on this concept and invent some plausible complementary languages the same inventor might have designed.
Related Languages by the Inventor of Jest
Pantomime
Description: A visual programming language inspired by gesture and movement, where users "drag and drop" symbols or create flowcharts to express logic. Designed for non-coders or children to learn programming through interaction.
Key Features:
Icon-based syntax: Conditional loops, variables, and functions represented visually.
Works seamlessly with Jest for creating visual representations of Jest scripts.
Sample Code (Visual Representation): Flowchart blocks: Input → Decision → Output.
Facet
Description: A declarative programming language focusing on creativity and modularity, aimed at artists, designers, and 3D modelers. Facet could integrate well with game engines and creative suites like Blender or Unity.
Key Features:
Embedded visual tools for shaders, animations, and simulations.
Simplified expressions for creative coding (e.g., animations and generative art).
Sample Code:
shape = circle(radius: 10, color: "blue"); animation = wave(shape, amplitude: 5, frequency: 2); render(animation, duration: 10s);
Quip
Description: A lightweight scripting language built for humor, similar to Jest, but more focused on natural language processing, chatbots, and interactive storytelling.
Key Features:
Syntax mirrors conversational English.
Designed for AI integration, especially in storytelling apps.
Sample Code:
character "Alice" says "Hello! What's your name?"; user_input -> name; character "Alice" says "Nice to meet you, {name}!";
Cryptic
Description: A language for designing cryptography algorithms and secure communications. Aimed at developers interested in blockchain, encryption, or cybersecurity.
Key Features:
High-level abstractions for cryptographic primitives.
Secure-by-design philosophy.
Sample Code:
key = generate_key(algorithm: "AES", length: 256); encrypted_message = encrypt("Hello, World!", key); print(encrypted_message);
Harmony
Description: A reactive programming language for building interactive user interfaces, designed to be highly interoperable with Jest and other tools in the suite. Perfect for web developers and app creators.
Key Features:
Two-way data binding with minimal boilerplate.
Component-based architecture.
Sample Code:
component Button { state: clicked = false; onClick() { clicked = !clicked; alert("Button clicked!"); } } render(Button);
Inventor’s Vision
The coder or team behind Jest and these complementary languages would likely be passionate about:
Accessibility: Making programming intuitive and fun for people of all skill levels.
Playfulness: Infusing coding with creativity, humor, and expressiveness.
Interoperability: Ensuring all their languages work well together for larger projects.
Would you like me to dive deeper into one of these languages, conceptualize others, or expand Jest further?
Expanded Concepts and Bridge Languages
Pantomime
Expansion: Adds support for AR/VR interfaces where users use gestures to program logic in 3D space. For example, drawing a loop physically creates a repetitive cycle.
Bridge Language: GestureScript: Converts AR/VR gestures from Pantomime into traditional code for broader applications.
Facet
Expansion: Enhanced for generative AI tools, allowing users to define complex artistic styles and AI-driven procedural designs.
Bridge Language: PixelForge: Focused on exporting Facet code into game engines, enabling real-time rendering pipelines for interactive environments.
Quip
Expansion: Includes pre-trained AI models for dynamic storytelling, allowing Quip scripts to evolve based on user interaction.
Bridge Language: Narrate: Combines Quip scripts with voice-to-text technologies for live storytelling in games or educational tools.
Cryptic
Expansion: Introduces quantum-safe cryptography primitives and allows simulation of blockchain-like ecosystems for testing purposes.
Bridge Language: CipherBridge: Translates Cryptic code into various blockchain frameworks like Ethereum or Solana.
Harmony
Expansion: Gains support for cross-platform development, allowing users to write code for web, mobile, and IoT devices simultaneously.
Bridge Language: Symphony: Converts Harmony components into platform-native scripts for seamless integration.
Additional Bridge Languages
Echo: Bridges Quip and Jest, enabling storytelling code to trigger functional scripts for immersive experiences.
Morph: A universal language that compiles any Jest family code into executable binaries for specific operating systems.
Thread: Integrates Cryptic and Harmony to build secure, reactive user interfaces for fintech applications.
Canvas: Bridges Facet and Pantomime to create interactive art in AR/VR, blending visual coding with gesture inputs.
Let me know if you'd like a deeper dive into any specific language or bridge concept!
Here's a detailed exploration of Echo, Morph, Thread, Canvas, and all previously mentioned languages, emphasizing their unique applications and advanced functionalities.
Expanded Bridge Languages
Echo
Purpose: Links storytelling elements in Quip with functional programming in Jest, enabling dynamic, immersive interactions between narrative and logic.
Key Features:
Story-driven logic triggers: e.g., a character’s dialogue prompts a database query or API call.
Integration with AI tools for real-time responses.
Use Case: AI-driven chatbots that incorporate both storytelling and complex backend workflows.
Sample Code:
story_event "hero_arrives" triggers fetch_data("weather"); response = "The hero enters amidst a storm: {weather}.";
Morph
Purpose: Acts as a meta-compiler, translating any language in the Jest ecosystem into optimized, platform-specific binaries.
Key Features:
Universal compatibility across operating systems and architectures.
Performance tuning during compilation.
Use Case: Porting a Jest-based application to embedded systems or gaming consoles.
Sample Code:
input: Facet script; target_platform: "PS7"; compile_to_binary();
Thread
Purpose: Combines Cryptic's security features with Harmony's reactive architecture to create secure, interactive user interfaces.
Key Features:
Secure data binding for fintech or healthcare applications.
Integration with blockchain for smart contracts.
Use Case: Decentralized finance (DeFi) apps with intuitive, safe user interfaces.
Sample Code:
bind secure_input("account_number") to blockchain_check("balance"); render UI_component(balance_display);
Canvas
Purpose: Fuses Facet's generative design tools with Pantomime's gesture-based coding for AR/VR art creation.
Key Features:
Real-time 3D design with hand gestures.
Multi-modal export to AR/VR platforms or 3D printers.
Use Case: Collaborative VR environments for designers and architects.
Sample Code:
gesture: "draw_circle" → create_3D_shape("sphere"); gesture: "scale_up" → modify_shape("sphere", scale: 2x); render(scene);
Deep Dive into Main Languages
Jest
Philosophy: A playful, expressive scripting language with versatile syntax tailored for humor, experimentation, and creativity.
Core Application: Writing scripts that blend functional programming with a whimsical, human-readable style.
Pantomime
Expanded Features: Includes AI-driven gesture recognition for predictive modeling and natural motion capture.
Advanced Use: Developing AR apps for rehabilitation therapy where exercises are coded as gestures.
Facet
Advanced Use: Procedural generation in games, defining terrains, weather systems, and NPC behaviors with artistic flair.
Quip
Advanced Features: Integrates pre-trained language models for nuanced, character-driven dialogue trees.
Advanced Use: Creating adaptive narratives in games where user decisions alter the story arc.
Cryptic
Advanced Features: Quantum-safe algorithms and AI-enhanced key generation for unbreakable security.
Advanced Use: Designing multi-layered blockchain ecosystems with Cryptic’s high-level abstractions.
Harmony
Advanced Features: Adaptive UIs that respond to user emotion, tracked via AI-enhanced cameras.
Advanced Use: Apps for mental health, where interfaces adjust to user stress levels.
Proposed New Bridge Languages
Chord
Bridges Harmony and Facet for designing interactive music-based visual art.
Use Case: Music videos where the visuals respond to real-time sound input.
Path
Links Cryptic and Canvas for secure AR/VR environments.
Use Case: Virtual meetings in secure, customized 3D spaces.
Fable
Connects Quip and Pantomime for storytelling via interactive gestures.
Use Case: VR education apps where lessons are taught through immersive narratives.
Would you like a specific implementation plan for any of these languages or applications?
#playstation7#deardearestbrands#ps7#digitalconsole#framework#python#celestiallink#Code#Script#Language#pantomime#Echo#Canvas#Fable#Morph#Bridge#Path#Chord#Harmony#Cryptic#Quip#Facet
9 notes
·
View notes
Text
6 notes
·
View notes
Text
Web to Mobile: Building Seamless Apps with .NET"
.NET is a effective, flexible, and open-supply developer platform created with the aid of Microsoft. It enables the creation of a huge range of applications—from computing device to cellular, net, cloud, gaming, and IoT. Over the years, .NET has evolved substantially and has become one of the maximum extensively used frameworks inside the software improvement enterprise.
Dot Net Programming Language
A Brief History of .NET
The .NET Framework become first delivered through Microsoft in the early 2000s. The original cause turned into to offer a steady item-oriented programming surroundings regardless of whether code became stored and finished locally, remotely, or via the internet.
Over time, Microsoft developed .NET right into a cross-platform, open-supply framework. In 2016, Microsoft launched .NET Core, a modular, high-performance, cross-platform implementation of .NET. In 2020, the company unified all its .NET technologies beneath one umbrella with the discharge of .NET five, and later persisted with .NET 6, .NET 7, and past.
Today, the unified platform is actually called .NET, and it allows builders to build apps for Windows, macOS, Linux, iOS, Android, and greater using a single codebase.
Key Features of .NET
1. Cross-Platform Development
One of the maximum tremendous features of present day .NET (publish .NET Core) is its ability to run on a couple of platforms. Developers can construct and deploy apps on Windows, Linux, and macOS with out enhancing their codebases.
2. Multiple Language Support
.NET supports numerous programming languages, together with:
C# – the maximum extensively used language in .NET development
F# – a purposeful-first programming language
Visual Basic – an smooth-to-analyze language, regularly used in legacy programs
This multilingual capability allows developers to pick out the nice language for their precise use cases.
3. Extensive Library and Framework Support
.NET offers a comprehensive base magnificence library (BCL) and framework libraries that aid the whole lot from record studying/writing to XML manipulation, statistics get entry to, cryptography, and extra.
Four. ASP.NET for Web Development
ASP.NET is a part of the .NET platform specially designed for net improvement. ASP.NET Core, the cross-platform model, permits builders to build scalable internet APIs, dynamic web sites, and actual-time packages the usage of technology like SignalR.
5. Rich Development Environment
.NET integrates seamlessly with Visual Studio, one of the most function-wealthy integrated development environments (IDEs) available. Visual Studio offers capabilities together with IntelliSense, debugging tools, challenge templates, and code refactoring.
6. Performance and Scalability
.NET is thought for high performance and scalability, especially with its guide for asynchronous programming using async/wait for and its Just-In-Time (JIT) compilation.
7. Secure and Reliable
.NET presents sturdy safety features, including code get entry to security, role-based protection, and cryptography training. It also handles reminiscence management thru rubbish series, minimizing reminiscence leaks.
Common Applications Built with .NET
1. Web Applications
With ASP.NET Core, builders can create cutting-edge, scalable internet programs and RESTful APIs. Razor Pages and Blazor are technology within ASP.NET Core that help server-facet and purchaser-facet rendering.
2. Desktop Applications
Using Windows Forms or Windows Presentation Foundation (WPF), builders can build conventional computing device applications. .NET MAUI (Multi-platform App UI) now extends this functionality to move-platform computer and cellular programs.
3. Mobile Applications
Through Xamarin (now incorporated into .NET MAUI), developers can create native mobile applications for Android and iOS the usage of C#.
4. Cloud-Based Applications
.NET is nicely-acceptable for cloud development, in particular with Microsoft Azure. Developers can build cloud-local apps, serverless capabilities, and containerized microservices the usage of Docker and Kubernetes.
5. IoT Applications
.NET helps Internet of Things (IoT) development, allowing builders to construct applications that engage with sensors and gadgets.
6. Games
With the Unity sport engine, which helps C#, developers can use .NET languages to create 2D, three-D, AR, and VR games.
Components of .NET
1. .NET SDK
The Software Development Kit includes everything had to build and run .NET packages: compilers, libraries, and command-line tools.
2. CLR (Common Language Runtime)
It handles reminiscence control, exception managing, and rubbish collection.
Three. BCL (Base Class Library)
The BCL offers center functionalities including collections, record I/O, records kinds, and extra.
4. NuGet
NuGet is the package manager for .NET. It lets in builders to install, manage, and share libraries without problems.
Modern .NET Versions
.NET five (2020): Unified the .NET platform (Core + Framework)
.NET 7 (2022): Further overall performance enhancements and more desirable APIs
.NET 8 (2023): Continued attention on cloud-native, cellular, and web improvement
Advantages of Using .NET
Cross-platform assist – construct as soon as, run everywhere
Large developer network – widespread sources, libraries, and frameworks
Robust tooling – especially with Visual Studio and JetBrains Rider
Active improvement – backed by using Microsoft and open-source community
Challenges and Considerations
Learning curve – particularly for beginners due to its giant atmosphere
Legacy framework – older .NET Framework tasks aren't like minded with .NET Core or more recent variations without migration
Platform differences – sure APIs or libraries might also behave in a different way throughout operating systems
Getting Started with .NET
To begin growing with .NET:
Install the .NET SDK from the legitimate .NET internet site.
Create a new project: Use the dotnet new command or Visual Studio templates.
Write code: Develop your logic the usage of C#, F#, or VB.NET.
#btech students#bca students#online programming courses#offline institute programming courses#regular colleges university#Dot Net Programming Language
2 notes
·
View notes
Text
Two years ago when “Michael,” an owner of cryptocurrency, contacted Joe Grand to help recover access to about $2 million worth of bitcoin he stored in encrypted format on his computer, Grand turned him down.
Michael, who is based in Europe and asked to remain anonymous, stored the cryptocurrency in a password-protected digital wallet. He generated a password using the RoboForm password manager and stored that password in a file encrypted with a tool called TrueCrypt. At some point, that file got corrupted and Michael lost access to the 20-character password he had generated to secure his 43.6 BTC (worth a total of about €4,000, or $5,300, in 2013). Michael used the RoboForm password manager to generate the password but did not store it in his manager. He worried that someone would hack his computer and obtain the password.
“At [that] time, I was really paranoid with my security,” he laughs.
Grand is a famed hardware hacker who in 2022 helped another crypto wallet owner recover access to $2 million in cryptocurrency he thought he’d lost forever after forgetting the PIN to his Trezor wallet. Since then, dozens of people have contacted Grand to help them recover their treasure. But Grand, known by the hacker handle “Kingpin,” turns down most of them, for various reasons.
Grand is an electrical engineer who began hacking computing hardware at age 10 and in 2008 cohosted the Discovery Channel’s Prototype This show. He now consults with companies that build complex digital systems to help them understand how hardware hackers like him might subvert their systems. He cracked the Trezor wallet in 2022 using complex hardware techniques that forced the USB-style wallet to reveal its password.
But Michael stored his cryptocurrency in a software-based wallet, which meant none of Grand’s hardware skills were relevant this time. He considered brute-forcing Michael’s password—writing a script to automatically guess millions of possible passwords to find the correct one—but determined this wasn’t feasible. He briefly considered that the RoboForm password manager Michael used to generate his password might have a flaw in the way it generated passwords, which would allow him to guess the password more easily. Grand, however, doubted such a flaw existed.
Michael contacted multiple people who specialize in cracking cryptography; they all told him “there’s no chance” of retrieving his money. But last June he approached Grand again, hoping to convince him to help, and this time Grand agreed to give it a try, working with a friend named Bruno in Germany who also hacks digital wallets.
Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version—and subsequent versions until 2015—did indeed have a significant flaw that made the random number generator not so random. The RoboForm program unwisely tied the random passwords it generated to the date and time on the user’s computer—it determined the computer’s date and time, and then generated passwords that were predictable. If you knew the date and time and other parameters, you could compute any password that would have been generated on a certain date and time in the past.
If Michael knew the day or general time frame in 2013 when he generated it, as well as the parameters he used to generate the password (for example, the number of characters in the password, including lower- and upper-case letters, figures, and special characters), this would narrow the possible password guesses to a manageable number. Then they could hijack the RoboForm function responsible for checking the date and time on a computer and get it to travel back in time, believing the current date was a day in the 2013 time frame when Michael generated his password. RoboForm would then spit out the same passwords it generated on the days in 2013.
There was one problem: Michael couldn’t remember when he created the password.
According to the log on his software wallet, Michael moved bitcoin into his wallet for the first time on April 14, 2013. But he couldn’t remember if he generated the password the same day or some time before or after this. So, looking at the parameters of other passwords he generated using RoboForm, Grand and Bruno configured RoboForm to generate 20-character passwords with upper- and lower-case letters, numbers, and eight special characters from March 1 to April 20, 2013.
It failed to generate the right password. So Grand and Bruno lengthened the time frame from April 20 to June 1, 2013, using the same parameters. Still no luck.
Michael says they kept coming back to him, asking if he was sure about the parameters he’d used. He stuck to his first answer.
“They really annoyed me, because who knows what I did 10 years ago,” he recalls. He found other passwords he generated with RoboForm in 2013, and two of them did not use special characters, so Grand and Bruno adjusted. Last November, they reached out to Michael to set up a meeting in person. “I thought, ‘Oh my God, they will ask me again for the settings.”
Instead, they revealed that they had finally found the correct password—no special characters. It was generated on May 15, 2013, at 4:10:40 pm GMT.
“We ultimately got lucky that our parameters and time range was right. If either of those were wrong, we would have … continued to take guesses/shots in the dark,” Grand says in an email to WIRED. “It would have taken significantly longer to precompute all the possible passwords.”
Grand and Bruno created a video to explain the technical details more thoroughly.
RoboForm, made by US-based Siber Systems, was one of the first password managers on the market, and currently has more than 6 million users worldwide, according to a company report. In 2015, Siber seemed to fix the RoboForm password manager. In a cursory glance, Grand and Bruno couldn’t find any sign that the pseudo-random number generator in the 2015 version used the computer’s time, which makes them think they removed it to fix the flaw, though Grand says they would need to examine it more thoroughly to be certain.
Siber Systems confirmed to WIRED that it did fix the issue with version 7.9.14 of RoboForm, released June 10, 2015, but a spokesperson wouldn’t answer questions about how it did so. In a changelog on the company’s website, it mentions only that Siber programmers made changes to “increase randomness of generated passwords,” but it doesn’t say how they did this. Siber spokesman Simon Davis says that “RoboForm 7 was discontinued in 2017.”
Grand says that, without knowing how Siber fixed the issue, attackers may still be able to regenerate passwords generated by versions of RoboForm released before the fix in 2015. He’s also not sure if current versions contain the problem.
“I'm still not sure I would trust it without knowing how they actually improved the password generation in more recent versions,” he says. “I'm not sure if RoboForm knew how bad this particular weakness was.”
Customers may also still be using passwords that were generated with the early versions of the program before the fix. It doesn’t appear that Siber ever notified customers when it released the fixed version 7.9.14 in 2015 that they should generate new passwords for critical accounts or data. The company didn’t respond to a question about this.
If Siber didn’t inform customers, this would mean that anyone like Michael who used RoboForm to generate passwords prior to 2015—and are still using those passwords—may have vulnerable passwords that hackers can regenerate.
“We know that most people don't change passwords unless they're prompted to do so,” Grand says. “Out of 935 passwords in my password manager (not RoboForm), 220 of them are from 2015 and earlier, and most of them are [for] sites I still use.”
Depending on what the company did to fix the issue in 2015, newer passwords may also be vulnerable.
Last November, Grand and Bruno deducted a percentage of bitcoins from Michael’s account for the work they did, then gave him the password to access the rest. The bitcoin was worth $38,000 per coin at the time. Michael waited until it rose to $62,000 per coin and sold some of it. He now has 30 BTC, now worth $3 million, and is waiting for the value to rise to $100,000 per coin.
Michael says he was lucky that he lost the password years ago because, otherwise, he would have sold off the bitcoin when it was worth $40,000 a coin and missed out on a greater fortune.
“That I lost the password was financially a good thing.”
23 notes
·
View notes
Text
Read The Traitor Baru Cormorant, The Monster Baru Cormorant, and The Tyrant Baru Cormorant by Seth Dickinson. The series is quite well written on the whole, but I have some very significant caveats that will make my recommendation a bit narrow. In particular, the books ask the question "Is it possible to replace imagination wholesale with trivia?". The answer, by the way, is no.
I really like the characterization of Baru Cormorant. Most of the time. It is an interesting character conflict for the main character to have a deficient theory of mind and be continually blindsided by the behavior of others, either because she has not sufficiently informed herself as to what the rational thing for them to do would be, or because they are behaving non-rationally. It would be even better if this conflict consistently manifested in scenes other than those in which other characters berate Baru for this failing. Unfortunately during much of every book all other characters acquire Isekai disease. That said, the books do a good job of allowing character growth without robbing her of her characterization the way removal of character flaws can sometimes.
I mentioned that the books felt lacking in imagination. Instead of developing the various cultures that exist in this universe, they have all been randomly assigned a set number of inventions and social structures and geopolitical phenomena known from our world, unmodified, except with less/different misogyny. What if there were Romebritain and Chinafrica and Centroasiamerica and Just The Norse Basically, and they were all around the Mediterranean Atlantic Ocean. Sometimes the name of the invention is kept, like with hwachas, and sometimes it is changed, I'm not entirely sure what determines when. Ultimately, I am not of the opinion that pressing Randomize on the Age of Empires 2 civilization creator mod constitutes worldbuilding, though it certainly could be the first step towards it.
Now, this is perhaps a purely personal gripe, but every time a semi-vague allusion to a real-world thing was made, I winced, and every time it was "revealed" to be a real-world thing, I started swearing mentally. It was genuinely unpleasant to read when the density of references got too high. And the worst part is, I recognized every single reference, I think (at least, I'm pretty sure I know what the ant thing is, but I'm not sure what ants actually have to do with it). There's ways that moderately deep engagement with a handful of obscure fields can, if not quite substitute for, then at least enhance the effect of creativity or reduce the amount required. Unfortunately, outside of neuroscience (guess what Dickinson studied in college) and to some extent cryptography the engagement on display is remarkably shallow, and if I'm not mistaken consists primarily of the front page of r/TIL, CGP Grey videos, Mike Duncan's podcasts, the occasional wikipedia binge, and memes (though I salute the restraint it must have taken not to reference the ability of a trebuchet to launch a 90kg projectile over 300m oh god now I'm doing it).
Many of the references don't even make sense, I mean maybe the ant thing is just my ignorance showing, but there's other stuff. Pointing to the South Sea Bubble and John Law's Scheme as models for geopolitically disastrous market crashes is bizarre, since over the course of the ensuing century France and Britain occupied half of Europe and conquered India respectively, with literally all of their notable setbacks in the time period having been engineered at great expense by the other party. Of course peer conflict is not a thing in the Ashen Sea because each polity is a representation of a different colonial concept rather than a country per se. A market crash being totally devastating might perhaps be made to seem more plausible if the Ashen Sea economy as described made any goddamn sense. Falcrest has extraordinarily advanced metallurgy and tooling, which they use to do unreasonably complex cryptography and surgery and for no other purposes, presumably because Dickinson is mostly interested in cryptography and surgery.
Additionally, there are maybe two things that as far as I can tell aren't straight up lifted from reality (unless we count the general gender rebalancing), and they are the cancer cult and the lightning cult. Both fundamentally run on blatant author fiat. Now, I imagine Dickinson would prefer to call it plausibly deniable magic, but, well, it isn't. What he is putting in his books is physically impossible technology. It is described in technological terms and references mechanical phenomena, just in a way that does not hold up. I've seen Baru Cormorant described as Hard Fantasy. In my opinion it is actually low-tech Soft Science Fiction. This is going to be a matter of personal readings and I'm not saying it's impossible to interpret as Magic and/or Fantasy, but, well, I got the vibe that I got.
A thing I really appreciated about The Traitor Baru Cormorant is that a man wrote a book entirely from the perspective of a woman without ever seeming uncomfortable with it or getting weird and off-putting. Ideally this would not be a thing to point out specifically (it's not a thing I point out in books whose protagonists are men or boys written by women) of course. I apologize to men for what this implies. I just think it's worth highlighting and praising. For the other books, the point of view jumps around, but is still handled pretty well.
That said, I think for all their predominantly laudable handling of race, gender, and sexuality, I think the books highlight a substantial drawback of the concept of sensitivity readings. Obviously I don't have access to the drafts sent to sensitivity readers, their feedback, and the differences that feedback made to the result, but it's easy to get the impression that one of the most significant products of sensitivity reading is a proliferation of caveats and redundancies. Now, ultimately I suspect sensitivity readings probably helped rather than hindered the books overall, but it's something to watch out for and hopefully improve as it becomes an industry standard.
Between the haphazard assembling of moderately well-known references in place of worldbuilding, occasional clumsily didactic tone from both the characters (sometimes makes at least a bit of sense) and the narrative itself (less so), and seemingly morally insecure caveats, reading these books often feels like wandering down a street and seeing a building site, only to realize after a couple of minutes that there's a perfectly fine building there, except nobody ever took down the scaffolding, so now there's protruding steel bars and walkways and torn green netting all over. In other words, I suspect the books could have used a fair bit more editing, though of course I do not have sufficient information to assign responsibility.
I've been really mean about these books, I think. I did actually enjoy them quite a bit, when I wasn't cringing at the real-world references or the inexplicably didactic passages. I'll read the fourth one if it comes out, probably. Who should read them? Hm, it's tricky because I don't know whether you will consider it Fantasy, (Alt-)Historical Fiction, or Science Fiction, all of which you could reasonably consider it to be. If you like any or all of those, don't particularly mind seeing references all over the place, and like smartass protagonists, this is probably a series for you. Otherwise, read it if you like but it's by no means an instant classic or a must-read.
#book report#seth dickinson#the traitor baru cormorant#the monster baru cormorant#the tyrant baru cormorant#the masquerade
11 notes
·
View notes
Text
youtube
In Season 5 Episode 3 of Solarpunk Presents, Christina chats with transdisciplinary technologist Stephen Reid about relationship solarpunk and lunarpunk have to crypto and web3. If lunarpunk is what solarpunk gets up to in the shadows of a moonlit night, that suggests that lunarpunk is inherently more interested in privacy, security, and anonymity, especially from the watchful eye of the state. That would further mean that where solarpunk is interested in renewable energy, sustainability, appropriate technology, and social justice, lunarpunk is interested in the tools, like cryptography, cryptocurrencies, and web3, that safeguard our privacy and anonymity and potentially protect us from tyranny. Do we need lunarpunk’s fixation with using tech to protect our privacy to counterbalance solarpunk’s sunny optimism that everything will all be fine to break through to a better world? To learn more about Stephen, his philosophies, and his work, check out https://stephenreid.net/
#solarpunk#Solarpunk Presents Podcast#podcast#interview podcast#solarpunk podcast#lunarpunk#lunarpunk and solarpunk#web3 and solarpunk#cryptography and solarpunk#cryptocurrency and solarpunk#privacy and lunarpunk#cryptography#how can web3 be solarpunk#how can cryptocurrency be solarpunk#what does privacy mean in solarpunk#how can solarpunks have internet privacy#in b4 the controversy#hot potato topic...#Youtube
13 notes
·
View notes