(Summary: Cryptographically signing messages with my long-term PGP keys is too important to give up. Doing this on my Android telephone is easier than I thought. You should strengthen your secret key encryption if you’re also going to do this.) Recently, Filippo Valsorda, cryptography expert and TLS guy at Cloudflare, wrote that he was giving up on PGP, or at least on long term PGP keys. I agree with many of his points, especially the complexity of managing those keys, lack of forward secrecy (if someone were to steal my keys, they could decrypt all past conversations, unlike for example Signal) and accessibility (how do you verify a message with a baby on your left arm and your telephone in your right?
(With this edition of the WHV, I’m looking back through exceptionally forgetful lenses at the period of time spanning from Wednesday November 9 to Sunday December 4, 2016.) This post has been lying around in draft form since Sunday November 20. However, two of the bullet points I was planning to mention, one making the case for preferring short-form blogging over twitter and the other lamenting the sorry state of security on the Android operating system, somehow grew spontaneously into blog posts and then managed to make their way onto the Hacker News frontpage and various other high-traffic aggregators.
Oh happy day! Last night I released version 1.0.0 of nvpy, a cross-platform (linux, mac, windows) simplenote-syncing note-taking app. nvpy is also my most popular open source baby, at least by github stars and forks.Screenshot of nvpy 1.0.0 with a demo database of notes. Since I first released nvpy in 2012, automattic have released their own official open source desktop app for simplenote. Although the official app is prettier (it is electron-based), nvpy is faster and uses a fraction of the RAM (70MB RSS vs 1000MB+ RSS).
Summary Your phone probably contains banking, payment and personal information that can be remotely stolen via numerous known and unknown bugs in the Android software. This is attractive to criminals. Vendors (LG, Samsung, Xiaomi, etc.), after selling you their phone, have no incentive to keep your phone’s software up to date with Google’s fixes. Your Android phone is probably out of date and therefore a gaping security hole through which attackers can steal your stuff from the safety of their own laptops.
You can use any combination of the below options to follow this blog. If you’re not sure, subscribe via email! (each email has an unsubscribe link at the bottom, so that’s easy) Subscribe via email If you would like to receive an email whenever a new post has been published on this blog (mostly about one email per week), enter your email address in the box below, click the subscribe button, and then follow the instructions:
The whole music video was shot with high-speed video in one single, glorious 4.2 second take, and then played back at “normal” speed to result in this mind-blowing end-product: (BTW, since when are facebook videos a thing? Fortunately, WordPress immediately understood the facebook video link I pasted and correctly embedded it.)
In recent research (full paper also available), researchers from the Google Brain and Google Translate teams have shown intriguing evidence of a so-called interlingua, that is, a language-agnostic common representation of sentences with the same meaning from different languages. What I also found interesting about this work (and related to the above finding), is that they’re able to perform translations between language pairs that the system has never trained on.
Samsung’s 960 Pro M.2 NVME SSD is lust-worthy:Two Samsung 960 Pro M.2 NVME SSDs. Photo by Edward Chester at Ars Technica. In Ars Technica’s benchmarks, the 512 GB model clocked in at over 3500 megabytes per second sequential read and 2000 megabytes per second sequential write. Those are jaw-dropping performance numbers. What I find really interesting however, is that the 960 Pro does not perform much better than the previous generation 850 Pro SATA SSD in PCMark 7 and 8 real-world benchmarks.
One of my three subscribers was understandably less than happy about receiving email for every microblog-style post here. Using the Code Snippets plugin and the jetpack subscriptions exclude categories filter, I have now configured the blog so that in theory it should not mail subscribers when I post in the microblog category. In short: Email subscribers won’t receive any microblog post emails. I hope this helps!
(In my previous post, I promised I was going to micro-blog from here. That post is now on the HN frontpage, which makes for a perfect first micro-blog!)