15 Matching Annotations
  1. Jun 2022
    1. I want to suggest a different hypothesis: it is harder for governments to maintain control over public-private partnerships when the private partner can convert their market power into political power. In the US, this conversion is very easily done. In recent decades, corporations who serve as the private partner have been offered more opportunity to give money to policymakers who decide on the conditions of their partnership. Their employees can become political appointees for a spell. They can hire their current government overseers to lucrative post-government careers.

      !

    1. Requires Node>=16, and yarn Want to jump right in? Follow these steps to get a sample two server network up and running. This demo takes four terminal windows: two servers to show off data federation (you can use just one here if you like) two cli clients representing two users on separate servers interaction ⚠️ Please note, the server stores data in-memory. If you shutdown and restart a server, your account and related data will be deleted. The number in parentheses tells you which terminal to run each command in. From project root:

      I'm not sure this is a good sign

  2. May 2022
    1. which can also be provoked by vaccination

      red flag lol, paper credibility % low when they also cited a wakefield study and the last citation on the list is uhhhhhhh another thing about vax

    1. A message is eligible to be delivered to the client when all its dependencies have been delivered. Thus on every device in the group, messages are delivered to the client in a consistent order, even if the messages arrive at different devices in different orders. This can be used to implement causal consistency. When a message is delivered, the client validates the message in the context of its dependencies. If the client decides the message is invalid, BSP marks it as invalid and deletes it. Any messages that transitively depend on it are also marked as invalid and deleted.

      avoiding out of order reception

    1. The initial exchange of QR codes is assumed to be secure against man-in-the-middle attacks because the users can see which screens they are scanning. This allows each user to be sure that the QR code they scanned was provided by the person with whom they intend to exchange keys.

      no remote adds? this may be a dealbreaker, and the workaround will be... exchanging sceenshots, probably, like how people end up doing it for things like signal.

    2. || denotes concatenation

      oof

    1. The phone will try to go into deep sleep as soon as the screen is turned off. If it wakes up to process an interrupt then it will go back into deep sleep as soon as possible. If you come from a Linux background like me, it's hard to adjust to the idea that during normal operation, the phone is constantly dropping in and out of suspend.

      ahh

    1. When operating over a unidirectional transport like memory sticks, we skip the offer and request stages and just send any messages the contact hasn't previously acked. This cuts down the number of round-trips.

      another weakness?

      also more memory stick stuff

    2. BSP doesn't understand the content of messages. It just syncs the messages in each group with whichever contacts you've chosen to share the group with.

      strong separation

    3. Clocks on consumer devices can be very inaccurate because people don't always set the right timezone, so we assume a clock difference of up to 24 hours. This means the rotation period is at least 24 hours for all transports. For high-latency transports like memory sticks (which might be hidden in someone's shoe and smuggled across a border) we'll use a longer rotation period, maybe 4 weeks.

      weakness?

    4. The recipient keeps a sliding window containing the next few expected tags, so she can recognise streams that arrive out of order if the transport drops or reorders connections.

      also a key point to this

    5. The security of the data (authentication, confidentiality, integrity and forward secrecy) is handled by the transport security protocol, BTP. The same protocol is used for all transports. BTP is an obfuscated protocol: to anyone except the intended sender and recipient, all data is indistinguishable from random. So BTP's first job is to let the recipient know who sent the data, so the recipient can use the right key to authenticate and decrypt it.

      crypto protocol

    6. Each transport is implemented as a plugin, which has a simple interface for making and accepting connections. Plugins aren't responsible for authenticating the devices they communicate with or securing the data that's transferred. They just make connections.

      plugin system!

    7. You can communicate with your contacts over various transports: the Android version of Briar supports Tor, wifi and Bluetooth, and the desktop version will also support memory sticks and dialup modems (useful during internet blackouts).

      very forward thinking, especially dialup

    1. 7.1.2 Forwarding from Inbox Note: Forwarding to avoid the ghost replies problem The following section is to mitigate the "ghost replies" problem which occasionally causes problems on federated networks. This problem is best demonstrated with an example. Alyssa makes a post about her having successfully presented a paper at a conference and sends it to her followers collection, which includes her friend Ben. Ben replies to Alyssa's message congratulating her and includes her followers collection on the recipients. However, Ben has no access to see the members of Alyssa's followers collection, so his server does not forward his messages to their inbox. Without the following mechanism, if Alyssa were then to reply to Ben, her followers would see Alyssa replying to Ben without having ever seen Ben interacting. This would be very confusing! When Activities are received in the inbox, the server needs to forward these to recipients that the origin was unable to deliver them to. To do this, the server MUST target and deliver to the values of to, cc, and/or audience if and only if all of the following are true: This is the first time the server has seen this Activity. The values of to, cc, and/or audience contain a Collection owned by the server. The values of inReplyTo, object, target and/or tag are objects owned by the server. The server SHOULD recurse through these values to look for linked objects owned by the server, and SHOULD set a maximum limit for recursion (ie. the point at which the thread is so deep the recipients followers may not mind if they are no longer getting updates that don't directly involve the recipient). The server MUST only target the values of to, cc, and/or audience on the original ob

      Here's where things get spicy