Anyway there's more here than I can unpack in tweets, and I need to go sleep. I understand your frustration with the lack of details, I think I do at least. I'll attempt to write longer about it in the morning :)
-
-
Replying to @zofrex @aleattorium
I'm excited to see it. For reals. I think it's useful to avoid freely swapping between "incompetence" and "malice" when analyzing what people are doing
1 reply 0 retweets 0 likes -
Replying to @wycats @aleattorium
I need to apologise twice. One for this being 4,500 words and very rambly. I hope it still makes some kind of sense. Two for this containing nothing that you asked for ;) but hopefully it explains why you aren't getting that. https://txt.fyi/+/9c1ca7c5/
1 reply 0 retweets 0 likes -
IMPORTANT CAVEAT: This is just like, my opinion, man. I'm not a cryptographer, I'm a security engineer, and I've just absorbed information about crypto from HN and IRC. Everything I say could be completely wrong. I haven't yet gotten peer review on this.
1 reply 0 retweets 0 likes -
Replying to @zofrex @aleattorium
I'm gonna keep reading despite your assumption that building web stuff is easy, but we should have another conversation about that ;)
2 replies 0 retweets 0 likes -
Replying to @wycats @aleattorium
I have far more experience building web stuff than doing security or crypto, btw :P
1 reply 0 retweets 0 likes -
Replying to @zofrex @aleattorium
At minimum, building web stuff involves a knowledge of subtle interactions involving security (as well as precisely how finicky crypto can be) ;) I was on the Rails security team for a while and saw this stuff first hand. We were dealing with timing attacks 10 years ago ;)
1 reply 0 retweets 0 likes -
some variant "how cute, he thinks he understands security" would not be the correct response here ;) ;) ;)
1 reply 0 retweets 0 likes -
Replying to @wycats @aleattorium
didn't know you were on the security team, many apologies for the 2/3 of the document that patronised your face off :
1 reply 0 retweets 0 likes -
and yes building web stuff requires understanding security interactions but low-level crypto is on another level of fragility imo, and knowing that isn't usually required to build a website (nor should it be!)
1 reply 0 retweets 0 likes
I was referring to building web infra like rails not building a website, which should of course lean on existing tools.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.