66
PNG is back! (www.programmax.net)

cross-posted from: https://kbin.earth/m/programming@programming.dev/t/1528736

After 20 years, PNG is back with renewed vigor! A new PNG spec was just released.

17
submitted 1 week ago by cypherpunks@lemmy.ml to c/worldnews@lemmy.ml
40
submitted 1 week ago by cypherpunks@lemmy.ml to c/usa@lemmy.ml
237
submitted 1 week ago by cypherpunks@lemmy.ml to c/linux@lemmy.ml
12
Three rules (lemmy.ml)
submitted 2 weeks ago* (last edited 2 weeks ago) by cypherpunks@lemmy.ml to c/tenforward@lemmy.world

the sign is canon but this image of it is not. here is some background information about it.

10
65
submitted 3 weeks ago by cypherpunks@lemmy.ml to c/worldnews@lemmy.ml
11
submitted 3 weeks ago by cypherpunks@lemmy.ml to c/music@lemmy.ml
76
submitted 3 weeks ago by cypherpunks@lemmy.ml to c/usa@lemmy.ml
25
Free and Libre (lemmy.ml)
submitted 3 weeks ago* (last edited 3 weeks ago) by cypherpunks@lemmy.ml to c/antiquememesroadshow@lemmy.world
3
submitted 3 weeks ago by cypherpunks@lemmy.ml to c/technology@lemmy.ml
56
submitted 3 weeks ago by cypherpunks@lemmy.ml to c/usa@lemmy.ml
[-] cypherpunks@lemmy.ml 98 points 1 month ago* (last edited 1 month ago)

Btw, DeadDrop was the original name of Aaron Swartz' software which later became SecureDrop.

it’s zero-knowledge encryption. That means even I, the creator, can’t decrypt or access the files.

I'm sorry to say... this is not quite true. You (or your web host, or a MITM adversary in possession of certificate authority key) can replace the source code at any time - and can do so on a per-user basis, targeting specific IP addresses - to make it exfiltrate the secret key from the uploader or downloader.

Anyone can audit the code you've published, but it is very difficult to be sure that the code one has audited is the same as the code that is being run each time one is using someone else's website.

This website has a rather harsh description of the problem: https://www.devever.net/~hl/webcrypto ... which concludes that all web-based cryptography like this is fundamentally snake oil.

Aside from the entire paradigm of doing end-to-end encryption using javascript that is re-delivered by a webserver at each use being fundamentally flawed, there are a few other problems with your design:

  • allowing users to choose a password and using it as the key means that most users' keys can be easily brute-forced. (Since users need to copy+paste a URL anyway, it would make more sense to require them to transmit a high-entropy key along with it.)
  • the filenames are visible to the server
  • downloaders send the filename to the server prior to the server sending them the javascript which prompts for the password and decrypts the file. this means you have the ability to target maliciously modified versions of the javascript not only by IP but also by filename.

There are many similar browser-based things which still have the problem of being browser-based but which do not have these three problems: they store the file under a random identifier (or a hash of the ciphertext), and include a high-entropy key in the "fragment" part of the URL (the part after the # symbol) which is by default not sent to the server but is readable by the javascript. (Note that the javascript still can send the fragment to the server, however... it's just that by default the browser does not.)

I hope this assessment is not too discouraging, and I wish you well on your programming journey!

[-] cypherpunks@lemmy.ml 192 points 3 months ago* (last edited 3 months ago)

No, SVG files are not HTML.

~~Please change this post title (currently "today i learned: svg files are literally just html code"), to avoid spreading this incorrect factoid!~~

~~I suggest you change it to "today i learned: svg files are just text in an html-like language" or something like that.~~ edit: thanks OP

SVG is a dialect of XML.

XML and HTML have many similarities, because they both are descendants of SGML. But, as others have noted in this thread, HTML is also not XML. (Except for when it's XHTML...)

Like HTML, SVG also can use CSS, and, in some environments (eg, in browsers, but not in Inkscape) also JavaScript. But, the styles you can specify with CSS in SVG are quite different than those you can specify with CSS in HTML.

Lastly, you can embed SVG in HTML and it will work in (modern) browsers. You cannot embed HTML in SVG, however.

[-] cypherpunks@lemmy.ml 88 points 3 months ago

I wonder how much work is entailed in transforming Fedora in to a distro that meets some definition of the word "Sovereign" 🤔

Personally I wouldn't want to make a project like this be dependent on the whims of a US defense contractor like RedHat/IBM, especially after what happened with CentOS.

[-] cypherpunks@lemmy.ml 113 points 9 months ago

Ads?! in Ubuntu? Never! They were simply "integrating online scope results into the home lens of the dash" 🤡

(that is an actual quote from the sentence immediately following "We’re not putting ads in Ubuntu" in Mark Shuttleworth's blog post responding to the entirely predictable backlash after they did this, twelve years ago...)

[-] cypherpunks@lemmy.ml 118 points 1 year ago

this isn’t remotely how this meme is used lol

"Robin Holding a Whiteboard" meme format with left column labeled "people who use this meme format correctly" and a tally of one, and the right column labeled "people who use this format like glasses dog" and a tally of 21

[-] cypherpunks@lemmy.ml 128 points 1 year ago

shoutout to the person who reported this post with "Reason: Bot meme, you can't even read it. whoever replies is a bot too" 😂

[-] cypherpunks@lemmy.ml 107 points 1 year ago* (last edited 1 year ago)
[-] cypherpunks@lemmy.ml 175 points 1 year ago* (last edited 1 year ago)
[-] cypherpunks@lemmy.ml 140 points 2 years ago

the famous "This incident will be reported" error was briefly removed last year before being replaced with a less ominous version.

[-] cypherpunks@lemmy.ml 124 points 2 years ago* (last edited 2 years ago)

I'm disappointed in arstechnica for only supporting their provocative headline (Judge in US v. Google trial didn’t know if Firefox is a browser or search engine) with this vagueness in the article:

While Cavanaugh delivered his opening statement, Mehta even appeared briefly confused by some of the references to today's tech, unable to keep straight if Mozilla was a browser or a search engine. He also appeared unclear about how SEM works and struggled to understand the options for Microsoft to promote Bing ads outside of Google's SEM tools.

What did he actually say?!

view more: next ›

cypherpunks

joined 3 years ago
MODERATOR OF