cultural reviewer and dabbler in stylistic premonitions
Ente doesn’t seem to require a CLA.
It turns out, they do have a CLA (with full copyright assignment 😢).
They’d need to implement something like SRP.
Update: I contacted the developers to bring my comment to their attention and it turns out they have already implemented SRP to address this problem (but they haven’t updated their architecture document about it yet).
series of tubes
It is, but in this case I think it isn’t actually a weakness for the reasons I explained.
That’s complicated to do correctly. Normally, for the server to verify the user has the correct password, it needs to know or receive the password, at which point it could decrypt all the user’s files. They’d need to implement something like SRP.
What I proposed is that the server does not know the password (of course), but that it knows a thing derived from it (lets call it the loginSecret
) which the client can send to obtain the encryptedMasterKey
. This can be derived in a similar fashion to the keyEncryptionKey
(eg, they could be different outputs of an HKDF). The downside to the server knowing something derived from the passphrase is that it enables the server to do an offline brute force of it, but in any system like this where the server is storing something encrypted using [something derived from] the passphrase the server already has that ability.
Is there any downside to what I suggested, vs the current design?
And is there some reason I’m missing which would justify adding the complexity of SRP, vs what I proposed above?
The only reason I can think of would be to protect against a scenario where an attacker has somehow obtained the user’s loginSecret
from the server but has not obtained their encryptedMasterKey
: in that case they could use it to request the encryptedMasterKey
, and then could make offline guesses at the passphrase using that. But, they could also just use the loginSecret
for their offline brute-force. And, using SRP, the server still must also store something the user has derived from the password (which is equivalent to the loginSecret
in my simpler scheme) and obtaining that thing still gives the adversary an offline brute-force opportunity. So, I don’t think SRP provides any benefit here.
edit: the two issues i raised in this comment had both already been addressed.
this was the developer’s reply on matrix:
- We do have a CLA: https://cla-assistant.io/ente-io/ente
- We will update the iOS app to offer you an option to point to your self hosted instance (so that you can save yourself the trouble of building it): https://github.com/ente-io/ente/discussions/504
- The portion of the document that deals with authentication has been outdated, my bad. We’ve adopted SRP to fix the concerns that were pointed out: https://ente.io/blog/ente-adopts-secure-remote-passwords/
AGPL-3.0
Nice
This would be nice, but, this repo includes an iOS app, and AGPL3 binaries cannot be distributed via Apple’s App Store!
AGPL3 (without a special exception for Apple, like NextCloud’s iOS app has) is incompatible with iOS due to the four paragraphs of the license which mention “Installation Information” (known as the anti-tivoization clause).
Only the copyright holder(s) are able to grant Apple permission to distribute binaries of AGPL3-licensed software to iOS users under non-AGPL3 terms.
Every seemingly-(A)GPL3 app on Apple’s App Store has either copyright assignment so that a single entity has the sole right to distribute binaries in the App Store (eg, Signal messenger) or uses a modified license to carve out an Apple-specific exception to the anti-tivoization clause (eg, NextCloud). In my opinion, the first approach is faux free software, because anyone forking the software is not allowed to distribute it via the channel where the vast majority of users get their apps. (In either case, users aren’t allowed to run their own modified versions themselves without agreeing to additional terms from Apple, which is part of what the anti-tivoization clause is meant to prevent.)
Only really nice when not CLA is required and every contributor retains their copyright. Ente doesn’t seem to require a CLA.
I definitely agree here! But if it’s true that they’re accepting contributions without a CLA, and they haven’t added any iOS exception to their AGPL3 license, then they themselves would not be allowed to ship their own iOS app with 3rd party contributions to it! 😱 edit: it’s possible this is the case and Apple just hasn’t noticed yet, but that is not a sustainable situation if so.
If anyone reading this uses this software, especially on iOS, I highly recommend that you send the developers a link to this comment and encourage them to (after getting the consent of all copyright holders) add something akin to NextCloud’s COPYING.iOS to their repository ASAP.
cc @ioslife@lemmy.ml @baduhai@sopuli.xyz @skariko@feddit.it
(i’m not a lawyer, this is not legal advice, lol)
edit: in case a dev actually sees this… skimming your architecture document it looks like when a user’s email is compromised (“after you successfully verify your email”), the attacker is given the encryptedMasterKey
(encrypted with keyEncryptionKey
, which is derived from a passphrase) which lets them perform an offline brute-force attack on the passphrase. Wouldn’t it make more sense to require the user to demonstrate knowledge of their passphrase to the server prior to giving them the encryptedMasterKey
? For instance, when deriving keyEncryptionKey
, you could also derive another value which is stored on the server and which the client must present prior to receiving their encryptedMasterKey
. The server has the opportunity to do offline attacks on the passphrase either way, so it seems like there wouldn’t be a downside to this change. tldr: you shouldn’t let adversaries who have compromised a user’s email account have the ability to attack the passphrase offline.
(i’m not a cryptographer, but this is cryptography advice)
I really don’t know what it is
If you want to know you can start with this wikipedia article and then find lots of other discussion of it around the web.
I can change that
please do.
just one? they’re cheaper by the dozen
Has literally never happened. Texas Instruments is the only brand who continues to do it wrong […] all the other brands who were doing it wrong have reverted
Ok so you’re saying it never happened, but then in the very next sentence you acknowledge that you know it is happening with TI today, and then also admit you know that it did happen with some other brands in the past?
But, if you had read the linked post before writing numerous comments about it, you’d see that it documents that the ambiguity actually exists among both old and currently shipping models from TI, HP, Casio, and Canon, today, and that both behaviors are intentional and documented.
There is no bug; none of these calculators is “wrong”.
The truth is that there are many different math notations which often do lead to ambiguities
Not within any region there isn’t.
Ok, this is the funniest thing I’ve read so far today, but if this is what you are teaching high school students it is also rather sad because you are doing them a disservice by teaching them that there is no ambiguity where there actually is.
If OP’s blog post is too long for you (it is quite long) i recommend reading this one instead: The PEMDAS Paradox.
In Australia it’s the only thing we ever use, and from what I’ve seen also the U.K. (every U.K. textbook I’ve seen uses it).
By “we” do you mean high school teachers, or Australian society beyond high school? Because, I’m pretty sure the latter isn’t true, and I’m skeptical of the former. I thought generally the ÷ symbol mostly stops being used (except as a calculator button) even before high school, basically as soon as fractions are taught. Do you actually have textbooks where the fraction bar is used concurrently with the obelus (÷) division symbol?
I’m curious if you actually read the whole (admittedly long) page linked in this post, or did you stop after realizing that it was saying something you found disagreeable?
I’m a high school Maths teacher/tutor
What will you tell your students if they show you two different models of calculator, from the same company, where the same sequence of buttons on each produces a different result than on the other, and the user manuals for each explain clearly why they’re doing what they are? “One of these calculators is just objectively wrong, trust me on this, #MathsIsNeverAmbiguous” ?
The truth is that there are many different math notations which often do lead to ambiguities.
In the case of the notation you’re dismissing in your (hilarious!) meme here, well, outside of anglophone high schools, people don’t often encounter the obelus notation for division at all except for as a button on calculators. And there its meaning is ambiguous (as clearly explained in OP’s link).
Check out some of the other things which the “÷” symbol can mean in math!
#MathNotationsAreOftenAmbiguous
Anil Dash is posting on threads?! lmao 🤡
There is a version of VLC for the Nvidia Shield, but it has a somewhat irritating UI and I don’t know if it can actually read the menus like the desktop version can.
Fuck both of these companies, but, how can it make sense to sue Citrix for this? The article says they released an advisory and patch for the problem six days prior to when Xfinity says the breach happened, so, it sounds like Xfinity neglected to install their software updates.
“The ‘good chap’ theory of checks and balances has now been tested to destruction.”
cloudflare’s service puts them in the middle - so, HTTPS doesn’t encrypt traffic between the browser and your server anymore, but instead between the browser and CF, and then (separately) between CF and your server. CF is an antidote to intelligence agencies’ problem of losing visibility when most of the web switched to HTTPS a decade ago.
cloudflare is an intelligence company who’s flagship product involves them mitming your TLS.
why bother self-hosting, if you do it from behind cloudflare?
the upcoming release of Lemmy, v0.19 (which as of two weeks ago is planned for release “within the next weeks”) includes among its many improvements this PR: Adding a scaled sort, to boost smaller communities. Hopefully that helps!
…so you can avoid sharing your phone number with your contacts.
they are not planning to let you use Signal without having a phone number and sharing it with their (Amazon’s) servers.