It's no secret that I have a hold "professional organizations" and "registries" as a whole in pretty low regard. One of the reasons I got into hacking in the first place was because it was one of the few paths where progress was not gate-kept by useless bureaucratic bullshit.
I'd be inclined to just argue along those lines if it wasn't for the fact that I am genuinely fearful of the authoritarian direction the UK has been heading down for the last 15 years or so - and what governments will do with the ridiculous amount of power they are accumulating.
At face value all of these proposals are hilariously self defeating, and many are plainly unworkable given the state of the internet and the industry. But they hide a dark undertone which seeks to abolish any kind of public legitimacy for those deemed doing "unethical" work.
To drive this home: It's not hard to image a future in the UK where "revealing security flaws in public infrastructure" or 'building end-to-end encrypted systems" is conduct classified as "not-illegal but has the potential to cause harm" and thus censored by all "legitimate" orgs
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Deletion in p2p systems is weird because it violates many of the expectations that people have from centralized solutions.
e.g. If Alice purges all data about Bob as a contact, then the next time Bob attempts to connect to Alice it will be interpreted as a fresh request.
Alice is then left with 2 options: either add Bob as a contact again, or block Bob from all future conversations. Nether is great.
So "deletion" must mean something else to the app e.g. maybe we want to only display a new authentication request if Bob actually sends a message.
But that necessitates a "shadow record" or "placeholder" sitting in the storage engine that Alice might be unaware of if she has expectations other systems.
We can build UX to try and break those expectations, but "deletion" is then fundamentally the wrong word.
In one future: identity is "verified" through intrusive facial analysis & state documents. Data is hosted, & trivially censored, by large conglomerates.
In another future: identities are bound through cryptography & data is distributed through uncensorable overlay networks.
There are laws being debated around the world right now that attempt to set the course for a future where human interaction is mediated through universal surveillance.
There is a very real choice to make regarding which future you want to contribute to, and build towards.
Through action, or inaction, you will contribute towards building one of these futures.
You have to ask yourself if the paths you are, or the decisions that your are making, are leading to a future that you want.
In @cwtch_im, file sharing is done via a torrent-like protocol where the file is chunked & each part can be requested individually (maybe from different people). Only the root hash is initially sent.
How should acks work?
A few caveats:
(2) Is currently implicit in the protocol as all messages are acknowledged
(3) might not always be possible right away (in group contexts) and so requires some extra effort on the recipients end.
Option (3) Also viscerally *feels* like a read receipt to me, even though it isn't necessary (we do allow auto downloading of images e.g.) - and so I think if we went that direction I would feel compelled to make it optional (but then it isn't an ack...)
As PoS is seen as inevitable for some cryptos there is an interesting meta shift away from "stop saying our consensus is centralized" towards "yes, the consensus is 'technically' centralized but *how* we arrive at consensus is less important than *what* we do with the consensus"
A few years ago i think I would have been under the impression that such rhetoric would effectively kill a community as they drop their committent to decentralization and concentrate power in a few hands.
lol
It feels like we are heading towards a point where there are the very few PoW currencies that have enough staying power to survive, and the rest of crypto will blend into a handful of very centralized payment processing hubs.
In a decentralized metadata resistant messenger where direct peer to peer messages may be unavailable because the other party is offline - what is the best way to order the conversation list:
(Note: Any solution to offline delivery likely carries an additional security assumption either in order to protect the metadata inherent to the conversation or in the risk involved in outsourcing storage)
This is actually slightly complicated by another factor: @cwtch_im doesn't save p2p conversation histories by default. It's a UX preference we adopted from Ricochet and does mean that "last message time" might be "Never" for some contacts even if you talk to them often.
It's been a while since I've visited this topic, and with some vacation coming up I think I might want to dive into it some more. I would really like to find some kind of solution to this.
I'm going to dump some thoughts about approaches I've already tried in this thread.