306 Matching Annotations
  1. Last 7 days
  2. Jun 2021
    1. New Trusted Third Parties Can Be Tempting Many are the reasons why organizations may come to favor costly TTP based security over more efficient and effective security that minimizes the use of TTPs: Limitations of imagination, effort, knowledge, or time amongst protocol designers – it is far easier to design security protocols that rely on TTPs than those that do not (i.e. to fob off the problem rather than solve it). Naturally design costs are an important factor limiting progress towards minimizing TTPs in security protocols. A bigger factor is lack of awareness of the importance of the problem among many security architects, especially the corporate architects who draft Internet and wireless security standards. The temptation to claim the "high ground" as a TTP of choice are great. The ambition to become the next Visa or Verisign is a power trip that's hard to refuse. The barriers to actually building a successful TTP business are, however, often severe – the startup costs are substantial, ongoing costs remain high, liability risks are great, and unless there is a substantial "first mover" advantage barriers to entry for competitors are few. Still, if nobody solves the TTP problems in the protocol this can be a lucrative business, and it's easy to envy big winners like Verisign rather than remembering all the now obscure companies that tried but lost. It's also easy to imagine oneself as the successful TTP, and come to advocate the security protocol that requires the TTP, rather than trying harder to actually solve the security problem. Entrenched interests. Large numbers of articulate professionals make their living using the skills necessary in TTP organizations. For example, the legions of auditors and lawyers who create and operate traditional control structures and legal protections. They naturally favor security models that assume they must step in and implement the real security. In new areas like e-commerce they favor new business models based on TTPs (e.g. Application Service Providers) rather than taking the time to learn new practices that may threaten their old skills. Mental transaction costs. Trust, like taste, is a subjective judgment. Making such judgement requires mental effort. A third party with a good reputation, and that is actually trustworthy, can save its customers from having to do so much research or bear other costs associated with making these judgments. However, entities that claim to be trusted but end up not being trustworthy impose costs not only of a direct nature, when they breach the trust, but increase the general cost of trying to choose between trustworthy and treacherous trusted third parties.

      There are strong incentives to stick with trusted third parties

      1. It's more difficult to design protocols that work without a TTP
      2. It's tempting to imagine oneself as a successful TTP
      3. Entrenched interests — many professions depend on the TTP status quo (e.g. lawyers, auditors)
      4. Mental transaction costs — It can be mentally easier to trust a third party, rather than figuring out who to trust.
    1. Users who have installed it decided to trust me, and I'm not comfortable transferring that trust to someone else on their behalf. However, if you'd like to fork it, feel free.

      Interesting decision... Seems like the project could have been handed off to new maintainers instead of just a dead-end abandoned project and little chance of anyone using it for new projects now.

      Sure you can fork it, but without a clear indication of which of the many forks in the network graph to trust, I doubt few will take the (massively) extra time to evaluate all options and choose an existing fork as a "leader" (or create their own fork) to go with continuing maintenance...

  3. May 2021
    1. David Benkeser. (2020, November 9). Another view on uncertainty associated based on Pfizer’s results. Even if you were highly skeptical about MRNA vaccines (many are [were?]) with 50% prior belief that VE ~ 0, based on an 8:86 vax:placebo case split, the posterior probability that VE > 75% is ~ 1. Https://t.co/xtBONtGHmT [Tweet]. @biosbenk. https://twitter.com/biosbenk/status/1325856366225993729

    1. ReconfigBehSci. (2021, February 17). The Covid-19 pandemic has accelerated the erosion of trust around the world: Significant drop in trust in the two largest economies: The U.S. (40%) and Chinese (30%) governments are deeply distrusted by respondents from the 26 other markets surveyed. 1/2 https://t.co/C86chd3bb4 [Tweet]. @SciBeh. https://twitter.com/SciBeh/status/1362021569476894726

    1. ReconfigBehSci. (2021, February 17). The global infodemic has driven trust in all news sources to record lows with social media (35%) and owned media (41% the least trusted; traditional media (53%) saw largest drop in trust at 8 points globally. Https://t.co/C86chd3bb4 [Tweet]. @SciBeh. https://twitter.com/SciBeh/status/1362022502743105541

  4. Apr 2021
    1. Trust this answer. This is a very common idiom in Ruby, solving precisely the use case you ask about and for precisely the reasons you experienced. It may look "inelegant", but it's your best bet.
  5. Mar 2021
    1. Yufika, A., Wagner, A. L., Nawawi, Y., Wahyuniati, N., Anwar, S., Yusri, F., Haryanti, N., Wijayanti, N. P., Rizal, R., Fitriani, D., Maulida, N. F., Syahriza, M., Ikram, I., Fandoko, T. P., Syahadah, M., Asrizal, F. W., Aletta, A., Haryanto, S., Jamil, K. F., … Harapan, H. (2020). Parents’ hesitancy towards vaccination in Indonesia: A cross-sectional study in Indonesia. Vaccine, 38(11), 2592–2599. https://doi.org/10.1016/j.vaccine.2020.01.072

    1. a data donation platform that allows users of browsers to donate data on their usage of specific services (eg Youtube, or Facebook) to a platform.

      This seems like a really promising pattern for many data-driven problems. Browsers can support opt-in donation to contribute their data to improve Web search, social media, recommendations, lots of services that implicitly require lots of operational data.

    1. Cailin O’Connor. (2020, November 10). New paper!!! @psmaldino look at what causes the persistence of poor methods in science, even when better methods are available. And we argue that interdisciplinary contact can lead better methods to spread. 1 https://t.co/C5beJA5gMi [Tweet]. @cailinmeister. https://twitter.com/cailinmeister/status/1326221893372833793

    1. And trust us, we’ve been playing with different APIs for two years and this was the easiest and fastest outcome.
  6. Feb 2021
    1. With blockchain, trust comes from the network itself. Instead of simply trusting a middleman institution, we can trust the blockchain code. The way that the blockchain is built means all parties in the system, not just the ones involved in the transaction, come to an agreement on what the facts are. And once they agree, a new block is added

      Trust in blockchain

    1. Brian Nosek. (2020, December 5). We need a #2020goodnews trend. Here’s one: Science keeps getting more open. One indicator from @OSFramework: OSF users posted 9,349 files of data or other research content PER DAY OSF users made 5,633 files public PER DAY EVERY DAY in 2020 #openscience is accelerating [Tweet]. @BrianNosek. https://twitter.com/BrianNosek/status/1335210552252125184

    1. We’ve always used the term ‘social networking’ to refer to the process of finding and connecting with those people. And that process has always depended on a fabric of trust woven most easily in the context of local communities and face-to-face interaction.

      Too much of modern social networking suffers from this fabric of trust and rampant context collapse. How can we improve on these looking forward?

    1. that's a point, but I would say the opposite, when entering credit card data I would rathre prefer to be entirely in the Verified By Visa (Paypal) webpage (with the url easily visible in the address bar) rather that entring my credit card data in an iframe of someone's website.
    1. As soon as you're displaying content from another domain, you're basically trusting that domain not to serve-up malware. There's nothing wrong with iframes per se. If you control the content of the iframe, they're perfectly safe.
  7. Jan 2021
    1. unlike a traditional computer, a blockchain computer can offer strong trust guarantees, rooted in the mathematical and game-theoretic properties of the system. A user or developer can trust that a piece of code running on a blockchain computer will continue to behave as designed, even if individual participants in the network change their motivations or try to subvert the system. This means that the control of a blockchain computer can be placed in the hands of a community
    1. DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.
  8. Dec 2020
    1. “Being under constant surveillance in the workplace is psychological abuse,” Heinemeier Hansson added. “Having to worry about looking busy for the stats is the last thing we need to inflict on anyone right now.”

      I really like the Basecamp approach (I forget where I heard this...could have been in one of the Rework podcasts):

      Don't try to get the most out of everyone; try to get the best out of them.

      If you're looking for ways to build trust in a team, I can't recommend the following books published by Basecamp:

      • Rework
      • Remote
      • It doesn't have to be crazy at work
    2. For example, to help maintain privacy and trust, the user data provided in productivity score is aggregated over a 28-day period.

      So that the fact that the metrics are collected over 28 days is meant to maintain privacy and trust. How?

  9. Nov 2020
    1. obviously it's too late, but it's a good practice to keep the 3rd party dependencies mirrored in your own infrastructure :) There is NO GUARANTEE that even a huge site (like launchpad for downloading DEBs) won't go down over a period of time.
  10. Oct 2020
    1. To ascertain whether this decrease in confidence was as a result of the Cummings events (a Cummings effect), we carried out analyses using two types of comparisons. First, we compared the responses for people living in England to those of people living in the devolved nations of Scotland and Wales who were asked to rate their confidence in their own devolved governments. There was no evidence of a similar large decrease in confidence in the governments of the devolved nations either descriptively (appendix p 1–3) or statistically

      Trust in government