aditya's recent activity
-
Comment on On the XZ Utils Backdoor (CVE-2024-3094): FOSS Delivered on its Pitfalls and Strengths in ~comp
-
Comment on I got my IELTS scores back and I need help in ~life
aditya LinkAim for starting in the fall. Your internship opportunities are better and you finish your program at a more appropriate time from the perspective of getting a job (if that’s what you want). Also,...Aim for starting in the fall. Your internship opportunities are better and you finish your program at a more appropriate time from the perspective of getting a job (if that’s what you want). Also, most US universities prefer TOEFL but IELTS should also be accepted by a bunch.
-
Comment on What 2023 Black Friday deals are you looking into? in ~talk
aditya Link ParentI suspect it’s so you don’t subscribe and immediately unsubscribe to just get the first year. Billed monthly, you can only unsubscribe in the last month, 11 months away? Possibly, some folks will...I suspect it’s so you don’t subscribe and immediately unsubscribe to just get the first year. Billed monthly, you can only unsubscribe in the last month, 11 months away? Possibly, some folks will forget and let it renew at full price?
-
Comment on Petition launched to save Marvin’s Marvelous Mechanical Museum from demolition in ~hobbies
aditya Link ParentI only knew the Tally Hall album. Interesting to see there’s more music with this as a reference.I only knew the Tally Hall album. Interesting to see there’s more music with this as a reference.
-
Comment on What programming/technical projects have you been working on? in ~comp
aditya LinkContinuing to work on gittuf. We’re now in the OpenSSF sandbox! We also had our first alpha release and someone posted the website on Hacker News. Exciting times overall!Continuing to work on gittuf. We’re now in the OpenSSF sandbox! We also had our first alpha release and someone posted the website on Hacker News. Exciting times overall!
-
Comment on Headphone recommends that actually block out voices in ~tech
aditya Link ParentYou can turn off the talk to pause feature on the XM4.You can turn off the talk to pause feature on the XM4.
-
Comment on <deleted topic> in ~food
-
Comment on Why is the iOS dialer so terrible? in ~tech
aditya Link ParentOn Android, I used to use KISS launcher to quickly search for apps / contacts etc instead of navigating to them specifically. So even there I wouldn’t actually go to the dialer app to find a...On Android, I used to use KISS launcher to quickly search for apps / contacts etc instead of navigating to them specifically. So even there I wouldn’t actually go to the dialer app to find a contact. It’s an incredibly powerful workflow for me, getting me quickly to what / who I want.
-
Comment on Why is the iOS dialer so terrible? in ~tech
aditya Link ParentYou don’t have to do that, though. Spotlight can search contacts and it’s one tap to call from there. Effectively, it’s the same number of taps / swipes.You don’t have to do that, though. Spotlight can search contacts and it’s one tap to call from there. Effectively, it’s the same number of taps / swipes.
-
Comment on What have you been listening to this week? in ~music
aditya LinkQuite a bit of https://en.wikipedia.org/wiki/Marvin%27s_Marvelous_Mechanical_Museum_(album). -
Comment on Quantum resistance and the Signal Protocol in ~tech
aditya LinkJust tried to submit this to ~comp, I always get thrown by ~tech vs ~comp. (Side note: I got a notice that this link was already submitted when in the past I've accidentally submitted duplicate...Just tried to submit this to ~comp, I always get thrown by ~tech vs ~comp. (Side note: I got a notice that this link was already submitted when in the past I've accidentally submitted duplicate topics, is that a new tildes feature?)
Today we are happy to announce the first step in advancing quantum resistance for the Signal Protocol: an upgrade to the X3DH specification which we are calling PQXDH. With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current encryption standards.
This post is written to introduce this work to non-experts, and will review what quantum computing is and the challenges it presents for current cryptographic algorithms, before providing a high level overview of how we are adapting our specifications to answer these challenges. If you would like to skip this summary and explore our PQXDH specification in depth, you can read our technical whitepaper here.
Link to whitepaper: https://signal.org/docs/specifications/pqxdh/
-
Comment on What programming/technical projects have you been working on? in ~comp
aditya Link ParentIt depends on the specific application / workflow. gittuf verify-commit and so on are helpers to align with guy’s own workflow but we’re building in some clone and fetch capabilities to verify...I guess this all depends on people running 'gittuf verify-commit?' It seems like making that happen automatically as part of 'git clone' would be the next step.
It depends on the specific application / workflow. gittuf verify-commit and so on are helpers to align with guy’s own workflow but we’re building in some clone and fetch capabilities to verify transparently. The thing is, on one end you may want verification by all users all the time but that’s just hard without building it into git itself. On the other end of the spectrum, I think there’s a lot to be gained from even just the maintainers using gittuf to verify all the time. Related is also Guix’s attempt to embed GPG keys trusted for their repository: https://arxiv.org/pdf/2206.14606.
That's pretty good, but it assumes GitHub is secure and none of the developers' GitHub accounts got broken into. Maybe that chain of trust could be pushed back earlier in the process, so GitHub is just a cache.
Absolutely! I think there’s also real scope to allow for signing go releases using the underlying git signatures because that’s the overwhelming majority of go packages anyway.
IMO there’s a lot of scope to work with GitHub, GitLab etc. for gittuf once we start exploring policy transparency and auditability of historic policy compliance. I’m hoping the OpenSSF is a good venue to sketch all of this out with the right people. :)
-
Comment on What programming/technical projects have you been working on? in ~comp
aditya Link ParentAh my bad, I got misled by the do / don't. I'm not sure I fully understand this. More generally, you can sign git commits and tags (and pushes but setting that aside for now...) using a few...Ah my bad, I got misled by the do / don't.
It seems like you could always do what you like in a git repo, you just can’t sign it. When are signatures checked?
I'm not sure I fully understand this.
More generally, you can sign git commits and tags (and pushes but setting that aside for now...) using a few different options. The default is PGP but Git also supports X.509 (used by gitsign for example) and, as of a few months ago, SSH keys. However, Git doesn't let you define policies around who can issue commit or tag signatures. That's left entirely to the user, you've got to use the web of trust to determine verification keys if the sigs are from GPG keys, elsewhere for the other options. Even when using the web of trust, you don't arguably have a clear association between the identity claimed by a key and the repository developers. To restate, you can have a valid signature from a key but it's not obvious that key is the right key for the repository.
This means that git signatures are largely not used at all, or if commits are in fact signed, verification is quite rare outside of possibly some major repos like the kernel. Git has
verify-commitandverify-tagbut that again relies on you to populate your keyring with the right public keys. (Also, verifying signatures across different methods, say you use GPG but someone signed using gitsign on a repo, is also broken as your default signing mechanism is used to verify all signatures. Overall, the defaults for signing and the verification story for commit / tag signatures is less than ideal.)What gittuf does is use a subset of the TUF spec (which is a secure software delivery framework) to solve these key management issues. While TUF has an overall focus on software distribution, it embeds several targeted PKI like features. So you can use TUF to distribute, rotate, and revoke trusted keys, and in gittuf, the keys apply to the repository itself. in gittuf, this is expressed as "policy" files, which are embedded in the Git repo in question.
What is a “TUF-style delegation?”
In addition to the key distribution and management, TUF has a notion of roles and delegations. My example above:
protect-main: {git:refs/heads/main} -> (1, {Alice, Bob, Charlie})is an example of a delegation. A "role" that is trusted to write to a namespace may "delegate" a subset of this trust to another party. Here, the policy delegates trust for the main branch to Alice, Bob, and Charlie. gittuf and TUF differ a fair bit in how delegations work but the overall idea is about the same.When are signatures checked?
By default, in Git, you can use verify-commit, verify-tag.
git mergehas a--verify-signaturesoption which is inherited bygit pull. But see above about policy management being left to the verifier. With gittuf, we want to associate the repo with its keys sogittuf verify-commituses the policy to verify signatures, also solving the multiple signing methods problem in the meantime.I hope this is clearer!
-
Comment on What programming/technical projects have you been working on? in ~comp
aditya (edited )Link ParentWe started with a variant of TUF-style delegations. In a gittuf policy, you define rules specifying the authorized signing keys for the namespaces you want to protect. For example, protect-main:...We started with a variant of TUF-style delegations. In a gittuf policy, you define rules specifying the authorized signing keys for the namespaces you want to protect. For example,
protect-main: {git:refs/heads/main} -> (1, {Alice, Bob, Charlie})is a rule that says you authorize one of Alice, Bob, and Charlie (rather their keys) to modify the state of your main branch, and this is verified against a signed entry in the repository's reference state log (akin to an authenticated and synced reflog). For file policies, the current (pre-alpha) implementation applies similar mechanisms on raw commit signatures. This doesn't scale to all scenarios and can't handle more complex workflows that need multiple authorizations, so we have support for in-toto / SLSA source attestations (still being developed) on our roadmap.Edit: We have a demo here: https://github.com/gittuf/demo. Note that gittuf needs Go 1.20 or higher.
-
Comment on What programming/technical projects have you been working on? in ~comp
aditya Linkgittuf that I've mentioned before is fast approaching an alpha release. We've applied to join the OpenSSF as a sandbox project which we think should happen in the next few weeks! Edit: gittuf is a...gittuf that I've mentioned before is fast approaching an alpha release. We've applied to join the OpenSSF as a sandbox project which we think should happen in the next few weeks!
Edit: gittuf is a security layer for Git repositories that can handle things like key distribution and write access control policies for Git repositories in a distributed and transparent way.
-
Comment on India launches space mission to orbit and study the sun a week after moon landing in ~space
-
Comment on When did you realize you were different? in ~talk
aditya Link ParentMy formal diagnosis was last year, several years after I moved to the US. I’m quite lucky that I had the opportunities to get the support I needed, the last year’s been a marked improvement over...My formal diagnosis was last year, several years after I moved to the US. I’m quite lucky that I had the opportunities to get the support I needed, the last year’s been a marked improvement over prior years.
-
Comment on When did you realize you were different? in ~talk
aditya Link ParentThis is pretty much exactly the story of my life. I grew up in India where, at least then, ADHD was just not well known or diagnosed. I don’t think too much will have changed now.This is pretty much exactly the story of my life. I grew up in India where, at least then, ADHD was just not well known or diagnosed. I don’t think too much will have changed now.
-
Comment on Apple’s decision to kill its CSAM photo-scanning tool sparks fresh controversy in ~tech
aditya LinkThis was debated quite a bit on Tildes back in 2021 when Apple first announced their plans to scan on devices.This was debated quite a bit on Tildes back in 2021 when Apple first announced their plans to scan on devices.
Today, in a rare move, Apple responded to Heat Initiative, outlining its reasons for abandoning the development of its iCloud CSAM scanning feature and instead focusing on a set of on-device tools and resources for users known collectively as Communication Safety features. The company's response to Heat Initiative, which Apple shared with WIRED this morning, offers a rare look not just at its rationale for pivoting to Communication Safety, but at its broader views on creating mechanisms to circumvent user privacy protections, such as encryption, to monitor data. This stance is relevant to the encryption debate more broadly, especially as countries like the United Kingdom weigh passing laws that would require tech companies to be able to access user data to comply with law enforcement requests.
“Child sexual abuse material is abhorrent and we are committed to breaking the chain of coercion and influence that makes children susceptible to it,” Erik Neuenschwander, Apple's director of user privacy and child safety, wrote in the company's response to Heat Initiative. He added, though, that after collaborating with an array of privacy and security researchers, digital rights groups, and child safety advocates, the company concluded that it could not proceed with development of a CSAM-scanning mechanism, even one built specifically to preserve privacy.
“Scanning every user’s privately stored iCloud data would create new threat vectors for data thieves to find and exploit," Neuenschwander wrote. "It would also inject the potential for a slippery slope of unintended consequences. Scanning for one type of content, for instance, opens the door for bulk surveillance and could create a desire to search other encrypted messaging systems across content types.”
-
Apple’s decision to kill its CSAM photo-scanning tool sparks fresh controversy
24 votes
Honestly, this wouldn't solve the problem. It'd be actively harmful to some who cannot share their identity, would shut out those whose online identities do not match their legal documents for whatever reason (think transgender people in certain places for example), and also raises the question of who really adjudicates on the validity of "official ID". Would a fake ID such as those used by underaged students to purchase alcohol suffice? What about cases you're dealing with a nation state actor who can trivially issue legitimate IDs for bad actors?
All of this is without getting into the fact that there are legitimately good reasons a FOSS maintainer may want to remain anonymous. The burden must be on those consuming open source software that they aren't implicitly trusting an upstream maintainer for critical packages. I mostly agree with your points on code review and want to point to efforts like the crev project which try and make the implicit trust explicit based off social code review. This is hard to scale but I remain hopeful organizations will eventually throw their might at it as well...Another thing we ought to be doing is making our tech less complex so things like review are more tractable but I suspect that's basically impossible now...