This will be a bit more ranty than my usual articles. Fair warning. But I need to put this out there.
I may regret this at some point, but I felt the need to put down in writing how I feel about this moment in the tech industry.
It is not kind. You may well be insulted by it. If you are... then you really should question yourself.
I’m in the process of dropping US tech services. Here’s how I did it, and options you should consider.
People familiar with Microsoft's plans say that the company moving to streamline or remove certain Copilot integrations across in-box apps like Notepad and Paint in 2026, after pushback from users.
Meet Minneapolis city council member Soren Stevenson.
Incredible interview with Minneapolis city councilman Soren Stevenson who lost an eye to a "rubber" bullet shot at him by MPD during the Goerge Floyd protests.
"Truly, I see this as a moment when we are deciding right here in Minneapolis—in this country—are we going to have a democracy going forward, or are we not? The stakes are no greater and no smaller than that."
“We should not forget the lessons of history. And the lesson is those regulations have been very important.”...
In the 1970s, the U.S. Environmental Protection Agency (EPA) cracked down on lead-based products including gasoline because of their toxic effects on human health. Now, scientists at the University of Utah have released the findings of a study looking at 100 years' worth of human hair samples, and found that the regulatory action worked. Here's more from @arstechnica.
Docusign’s Allan Thygesen says his company’s pivot to AI is a necessity in the world of contract management.
TL;DR: Docusign CEO Allan Thygesen discusses the risks of relying on AI for contract management, highlighting the complexities involved in automating legal processes. With the company employing 7,000 people, he sheds light on the crucial human oversight needed in this technology-driven arena. https://www.theverge.com/podcast/871205/docusign-ceo-allan-thygesen-ai-contracts-e-signature-interview #law #tech #legaltech ⚖️ 🤖 #autosum
His meeting with the founder of 4chan and his quest to profit off the end of democracy
It’s not every day that we see mainstream media get excited about encryption apps! For that reason, the past several days have been fascinating, since we’ve been given not one but sever…
A few things about this article on the claims WhatsApp's E2EE is fake:
The most important thing to keep in mind here is that Meta’s encryption happens on the client application, the one you run on your phone. If the claims in this lawsuit are true, then Meta would have to alter the WhatsApp application so that plaintext (unencrypted) data would be uploaded from your app’s message database to some infrastructure at Meta, or else the keys would
They would not have to be sent as plaintext. They would be sent encrypted with some key that Meta owns.
The other simple way of doing this is to intentionally weaken the key generation function. If you are generating a key with 128 bits of entropy, you can start with a 96-bit secret shared between the server and the client. Then you add 32 bits of random number and feed the result through some cryptographic hash function. You end up with a key that, to an outside observer, is one of 2128 possible values. But to the server operator, it is one of 232 possible values and so takes a few seconds of CPU time to recover. And there are ways of doing this that look a lot like an honest mistake. Telegram has a thing in their protocol for the server to provide part of the entropy seed, which they claim is intended to provide additional defence for devices with weak entropy sources and critics argue is for exactly this kind of attack. Putting the same kind of entropy seed into an out-of-band request to another Meta service that WhatsApp uses would be quite feasible.
And there are ways of hiding this kind of thing from various forms of forensic analysis, such as dynamically patching the random number generator from another thread when some trigger is applied. It's not impossible to find, it's just really hard, and someone would have to be looking for the right thing.
There's also WhatsApp Web. This runs something in the web browser that talks to your phone and uses end-to-end encryption with a key exchanged by a QR code shown in the browser. Signal does not implement a feature like this because designing it in such a way that it's verifiably (by the user) secure is almost impossible.
Why listening to smart people doesn't make you more thoughtful. You're not bad at remembering podcasts. Podcasts are bad at being remembered.
© 2021 IN2 Digital Innovations GmbH . All rights reserved.