I outlined it over in another comment[1] so I'm not gonna copy it all over but the point isn't to eliminate all trust. The point of trustless architectures (of which blockchain and smart contracts are one) is that you are eliminating implicit trust.
You are taking all the implicit trust, lowering it into explicit trust assumptions, and formalising who is allowed to make what decisions when, what happens when they do, and how the other parties are permitted to respond.
You are moving all of those implicit assumptions about how a contract, interaction, or relationship work and formalising them into something explicit and upfront so that all participants can evaluate their risk tolerance and trust levels prior to agreeing to a given contract or interaction.
And of course you are also sprinkling in a heavy dose of automation to smooth out the complexities of these explicit, mechanised contracts such that the happy paths are buttery smooth and the unhappy paths are at the least bearable and correspond to the contract you signed on to at the beginning of your interaction.
Clicked the link but ctrl+f doesn't find any posts by you.
> The point of trustless architectures (of which blockchain and smart contracts are one) is that you are eliminating implicit trust.
That is also the point of laws and contracts as we have them today. How does, explicitly, blockchain improve on that?
> You are moving all of those implicit assumptions about how a contract, interaction, or relationship work and formalising them into something explicit and upfront so that all participants can evaluate their risk tolerance and trust levels prior to agreeing to a given contract or interaction.
What implicit assumptions aren't removed by laws and contracts as we have them today that are removed by blockchain and smart contracts?
> And of course you are also sprinkling in a heavy dose of automation to smooth out the complexities of these explicit, mechanised contracts such that the happy paths are buttery smooth and the unhappy paths are at the least bearable and correspond to the contract you signed on to at the beginning of your interaction.
Without any examples of what is being automated, how and what it is that is made buttery smooth... you really aren't saying anything here. Can you expound on any of those claims?
TLDR: By what you said the only thing that blockchains and smart contracts bring is a new medium to write contracts on.
> That is also the point of laws and contracts as we have them today. How does, explicitly, blockchain improve on that?
It's essentially automated tooling. The happy path (i.e. buyer and seller are in agreement) "just works" but when there's a disagreement you can rely on the contract to walk through all of the conflict resolution paths with whatever level of complexity the contract builds in for consensus from multiple third parties, etc.
i.e. It's tooling that replaces manual bureaucratic arbitration with state machines and consensus algorithms.
For two party smart contracts this means there's no third party but there's an inherent risk of exploitation by one party or the other by the design of the contract. It's inherent to two party contracts relying on any physical exchange but if you trust the party the contract is weighted in favor of, it cuts out any opportunity for arbitration and the complexity that comes with that. Now the only trust assumption is the two parties trust in each other.
For contracts with some arbitration process however things get more complicated. Who all is involved in arbitration. Who does the buyer trust. Who does the seller trust. What's the reputation of one of these arbiters? This reputation can be loosely represented as a set of markets for the arbiter with demand from sellers and demand from buyers. If those two markets are out of sync from each other that suggests an impartial arbiter and both parties can reason about that.
> What implicit assumptions aren't removed by laws and contracts as we have them today that are removed by blockchain and smart contracts?
Well. Part of it is that laws are an inherently fuzzy thing and how they are upheld is entirely dependent on a long running and constantly evolving chain of interpretations from past court decisions. And of course how they are upheld in a specific case comes down to how well lawyers are able to convince a judge or a collection of jurors who were more or less selected at random with anyone semi-literate about the law thrown out ahead of time. So it boils down to "who is best able to sway the opinions of this random collection of people who are as illiterate about the law as the lawyers could manage to get them". Which mostly just boils down to feelings.
Of course contracts often go to arbitration instead of to court proper so it's a different case there but arbiters are single authorities that almost universally side with the bigger entity (i.e. whoever is paying them to handle arbitration). So unless you are two large orgs, arbitration is inherently biased.
So an alternative is a largely automated system where multiple third parties who are selected ahead of time by the buyer and seller can be relied upon for arbitration and where their decision is for all intents and purpose final. The buyer and the seller have equal decision making power in the selection of these third parties and they can evaluate the reputations of these third parties prior to entering the contract.
i.e. you are moving away from trust in a large system with a thousand moving parts all performed by infallible people swayed by emotions and an endless process of appeals OR a single arbiter almost always paid by the larger party who will always rule in their favor. Instead putting your trust into a strict set of automated rules with a formal analysis of outcomes backing it + some optional assortment of selected third parties + a consensus mechanism for those third parties.
> TLDR: By what you said the only thing that blockchains and smart contracts bring is a new medium to write contracts on.
Yes. It is exactly that. A new medium to write contracts on. Manual bureaucratic systems and thousands upon thousands of people working in a complex legal system are replaced by a machine. Humans are still in the loop of course but only for making specific decisions at specific times in the process.
And at the time of agreeing to the contract the relevant parties can ideally rely on tooling to explicitly outline at what points each party is taking on a degree of risk, the likelihood of that risk, and the process for moving forward in those cases.
An extremely reductive TLDR is that the goal is to take a system that relies on an army of lawyers and legal analysts and reduce it down into something digestible and navigable by a single lawyer (or even a well educated layperson) with all the existing complexity abstracted away by formal methods tooling.
You are questioning the method when people just see the need.
If you're an engineer, no matter what you say about the method, you know a country at war will make you lose all your savings. Or if you're a foreign citizen in a country that will seize your assets, even "by accident".
They lost thousands of emails and they treated every customer individually while blocking people from complaining on their subreddit.
Then, it was posted here on HN and they finally decided to stand up and fix their reputation by saying they care and want to do better, after months of silencing the issue as much as possible.
Oh... It appears we were talking about 2 different things. After reading what you wrote, it appears that too is a storm in a teacup.
You are complaining about them "losing thousands of emails" when that is clearly not the case. The issue was with their IMAP bridge, meaning the emails in question would have been lost on a local host, not on Protonmail, and the 'lost emails' were fully recoverable just by logging into the web interface.
What if I need cron in my docker container? And ssh? And a text editor? And a monitoring agent? :P
Thankfully LXD is here to serve this need: very lightweight containers for systems, where your app runs in a complete ecosystem, but very light on the ram usage.
>What if I need cron in my docker container? And ssh? And a text editor? And a monitoring agent? :P
How are you going to orchestrate all those daemons without systemd? :P
As you mentioned, a container running systemd and a suite of background services is the typical use case of LXD, not docker. But the difference seems to be cultural -- there's nothing preventing one from using systemd as the entry point of a docker container.
fwiw I recently bootstrapped a small Debian image for myself, originally intended to sandbox coding agents I was evaluating. Shortly after I got annoyed by baseline vim and added my tmux & nvim dotfiles, now I find myself working inside the container regularly. It definitely works and is actually not the worst experience if your workflow is cli-focused.
My experience is if the tooling is set up right it’s not painful, it’s the fiddling around with volume mounts folder permissions and debug points and “what’s inside the container and what isn’t” etc that is always the big pain point
Very accurate - that was one of the steps that caused me to fiddle quite a bit. Had to add an entrypoint to chown the mounts and also some Buildkit cache volumes for all the package managers.
You can skip the uid/chown stuff if you work with userns mappings, but this was my work machine so I didn't want to globally touch the docker daemon.
Ideally, you have a separate docker container for each process (i.e. a separate container for the ssh service, one for cron etc). The text editor can be installed if it's needed - that's not an issue apart from slightly increasing the container size. Most of the time, the monitoring agent would be running on the host machine and setup to monitor aspects of the container - containers should be thought of as running a single process and not as running a VM along with all its services.
When you have torsocks or torify for everything, you're gonna leave your footprint through tor, whereas something like Tor Browser is designed specifically not to leave any print on the web.
Using tor directly on the kernel level means that your DNS is gonna leak. Your OS telemetry is gonna leak etc.
It's still a good idea but it should be implemented top to bottom and nothing left in between, otherwise you're de-anonymized quickly.
"Telegram, another privacy-focused application, is completely invulnerable to this attack"
"Discord […] citing this as a Cloudflare issue other consumers are also vulnerable to"
"Cloudflare ended up completing patching the bug"
I wish Signal would react differently. I still remember the bubble color controversy when they changed their mind after the backlash and not before. :-)
I just sent a feature request[1] to Signal with the following text:
I understand that Signal does not consider this
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117 to be
a valid security bug, but it would be helpful to at least be able to
mitigate it.
Please add an option in settings to disable automatically downloading
attachments.
That should be enough to change the attack from 0-click (just opening the
conversation) to 1-click (click the attachment). Most people won’t care
about this, but for some every little bit of privacy is important.
Hold on, someone else in this thread noted this does exist
"
You can disable the auto-download. Settings > Data and storage > Media auto-download, you can choose what to auto download for mobile data/wifi/roaming."
So, that part is there, but my question is, it's still aissue when they manually download the image, right? Unless something never accepts images from someone they aren't expecting, who 's number or unique created ID has never been seen before
> "Cloudflare ended up completing patching the bug"
This short quote fragment is a little misleading: Cloudflare patched the bug in their systems that allow you to send HTTP requests to any CF data center, regardless of where the originator of the request lives. This is likely something they want fixed for a large variety of reasons, some probably much more important than the specific attack OP wrote about.
> I wish Signal would react differently.
The severity of a potential security issue, or the determination of who is responsible for fixing or mitigating it, is a matter of opinion. Just because you think this is important for Signal to fix, it doesn't mean it's some absolute truth that it does. At the risk of appealing to authority, I would expect that people who run a security/privacy-focused messaging project to have a better handle on classifying these sorts of things than random people on HN like you or me.
But of course, sometimes they'll get it wrong too. I'm not familiar with the bubble color thing you mention, but sure, nobody's perfect; we're all human and we make mistakes. I'm personally not convinced Signal needs to do anything here. A 250 mile radius is quite a large area, and users can already choose to not auto-download attachments. To be fair, though, I think a simple way for Signal to fix this would be to disable caching on the attachments HTTP endpoints, though that might increase their bandwidth bills and increase load on their servers, depending on what their access patterns look like.
> There's clearly a problem here as Cloudflare says consumers are responsible for protecting themselves against these types of attacks, while consumers (ex. Discord) are putting the blame on Cloudflare.
>I wish Signal would react differently. I still remember the bubble color controversy when they changed their mind after the backlash and not before. :-)
Can you blame them though? They're a non-profit with limited manpower and resources. There's quite a lot of cranks in the security field, and as many people have echoed in this thread, the bug report is rather sensationalist. At some point you just have to pattern match and ignore any reports that seems a bit too cranky. Is this ideal? No. But I don't see how it's any different than summarily dismissing a vaccine skeptic's claim that vaccines are bad, even if there's a kernel of truth buried in there (eg. that benefits for young people are questionable).
You're making this stuff up. In most threads about Signal, 1-2 commenters appear to post fabricated conspiracist stuff defaming the people who originally worked on Signal --- people extremely well-known to the real-world cryptography engineering community. I don't know why we're so chill about people being defamed here.
I'm non american too. They make this news look sad, while him and their companies let thousands of people dying at the hospital because they don't have the means to pay for their surgeries.
They have blood on their hands and americans can't have empathy for these people having the power to let someone live or not.
I'd say it's worse than this. The Americans UHC (and CEO) harmed were all paying customers who were denied coverage for claims. Apparently (quick Google search), UHC denies ~30% of claims, while the industry average is 16% [0]. Their net income has also doubled from $11b in 2018 to $22b in 2024 [1].
And just to be clear for those not living in the USA, the people being denied coverage by UHC are the same people paying health insurance premiums to UHC in order to have health insurance coverage.
Even for folks who can pay for medical care... UnitedHealthcare is notorious for denying claims from their policyholders.
An example that was posted on Reddit recently from a physician:
"UHC denied my patient's prescription for a Lovenox bridge so her Coumadin could be held prior to surgery. The reason? I prescribed it twice daily instead of once daily, which is the standard of care for a Lovenox bridge. I was so pissed off I just paid for the medication out of pocket myself and gave it to my patient.
It was $12. Twelve. Fucking. Dollars. They were totally okay with the possibility of her suffering a stroke or major thromboembolic event to save TWELVE DOLLARS."
often, surgeries are denied if you can't pay. plenty pay insurance premiums diligently but then are routinely denied coverage. there was a story the other day about an insurance provider not continuing anesthesia in surgeries if they (the surgery) takes too long and the patient didn't pay up. healthcare is the #1 problem in the US right now and our legislators are only making it worse due to accepting bribes (i.e. lobbying monies) to keep the status quo or worse, enrich the corporations in our for-profit healthcare system.
It particularly interesting that high cost treatments seem to have motivated United to hire a college campus administrator as a secret budget specialist since the cost of a lifetime of treatment seemed high for younger people.
My god. I have Crohn's disease and am on remicade. I've had it refused by aetna and must try two "biosimilars" before being allowed to take the medicine I've been on for over a decade. They asked me if I'd tried them before because "some people do not tolerate them". So now I'm faced with potentially up to a year of decline and ruining health just to take the drug I've been on for a decade, _that the manufacturer pays for anyways_.
I had a 95% deviation to my septum. I spent years basically mouth breathing, because it was so occluded.
Finally went to an amazing ENT (where I got that number, and saw how bad it was on imaging). "Great, so when can we schedule surgery?"
He sighs. "First, I need to prescribe you these two nasal sprays so you can take them three times a day for four weeks and come back to me and tell me that surprise, surprise, they haven't realigned the cartilage in your nose. That way insurance won't deny the authorization of surgery."
is that why the allergist prescribed that nasal spray... i had to wait 6 more months for the nasal surgery that turned my life around. son of a bitch....
"Almost certainly", I'd say from my experience as a patient, as someone who worked in healthcare, and someone who worked for a company that wrote claims benefit management software for the industry.
> there was a story the other day about an insurance provider not continuing anesthesia in surgeries if they (the surgery) takes too long and the patient didn't pay up.
Thankfully, they've walked back that policy (for some unknown reason).
Yeah they will. Surgeons aren’t in it for the money, they’re in it for the glory.
Most doctors, nurses, EMTs, etc. would work for free if they could magically have them and their families taken care of, as evidenced by how much they go well above and beyond the requirements of their job, working heroic hours, buying stuff out of pocket when the system fails them, etc.
Not all health care professionals, but 90% of the ones I’ve met.
What about the surgical nurses and med techs? What about paying for the surgical room? The after surgery care? And a lot of surgeons are in it for the money.
This is pretty inaccurate. Proton's E2EE works by encrypting client side, and we can't just replace the GPG key because we have both key pinning and key transparency: https://proton.me/support/key-transparency
Proton does not claim no logs and has never claimed no logs. We do not retain logs by default, but our privacy policy has always been clear that we are legally obligated to follow Swiss court orders, which can ask for IP logging on specific accounts.
Listen, if you don’t trust their ProtonDrive - GPG encrypt before uploading. If you don’t trust their email, GPG your message and paste it in or include as an attachment. There are a lot of ways to be able to use proton without trusting them… and if you are an activist of any sort, like just stop oil or cnd, then I am sure they will be doing all of that.
I am not an activist so I don’t need to jump through such loopholes.
I don’t despise proton as much as I despise most of Silicon Vally though. I just hope they fight every single court order, because there will be lots of good people being targeted. However, I reckon that is wishful thinking.
The salary for the CEO of Mozilla is 6.9 million USD (almost 7 million). They fired developers to save money, and put all the money saved into the CEO's salary. I don't see Mozilla getting better anytime soon.
Most recent layoffs (i.e. what I can easily search for) was 250 heads, just for easy numbers if we say they were all (or on average) earning $100k, then if they got rid of the CEO position entirely.. Mozilla could've kept 69 of them and only laid off 181 (plus CEO).
