Most pleasant gamer

It took me much longer than I’d like to admit to understand what the title meant. “But 1985 is 0 years from 1985???”

I am not a clever person.

Every accusation is an admission.

Literally every single time with conservatives. Eg. when they accuse us trans folks of being groomers and pedophiles, the reality is this:

Any bets on whether they were related? That’d be like an Alabama conservative bingo right there

Oh yeah I was specifically talking about all these new technologies, not just incremental improvements on the existing ones. Hybrid organic cells have been promised for a long time and it’s not just a question of scaling etc., but that they have had serious issues that have so far meant that they were a complete non-starter for any actual real-world use. I didn’t look into this any further so I don’t know of Longi solved the stability problem, though, so it may be that they’re finally actually ready to even start leaving the lab

Yeah, all these super-efficient panels are all well and good but like you said they’ve been promised for over a decade and have yet to leave the lab due to a bunch of different problems such as stability for these organic hybrids. I wonder if these newest ones have actually managed to solve the stability problem, or is this yet another cell revolution that’ll be coming Real Soon Now™ in 2034

It’s not like literally all Russian artillery gets destroyed before firing off a single shot. Fuzing absolutely does make a difference

Yeah that’s a fair point, although it’s still a bit… well, funny (not “funny ha ha”) that they even temporarily blocked those extensions. Not sure what Roskomnadzor could have done if Mozilla had refused even a temporary block, at least assuming the foundation doesn’t have any legal entities in Russia which they may well have

Browser maker decided not to follow Putin’s orders. Well done

Only after it caused a PR flap for them, though

Yeah, there’s a reason why they suddenly have a lot of trouble selling their military hardware even to countries that haven’t sanctioned them.

Well, other reasons in addition to the fact that the stuff they’re fielding themselves in Ukraine keeps getting blown the fuck up and they have had to replace it with something that was initially being built for an outside customer. “Yeah you remember those tanks you ordered? Weeelll you’re not going to be getting them quite on schedule, there’s been some… uh… complications. The turrets… they, uh… experienced rapid unplanned disassembly caused by… uh… assembly workers smoking in the crew compartment. Definitely not caused by inferior westoid antitank missiles in Ukraine, our cope cages work against those 100% of the time and it’s not like we’d use your tanks in combat, no siree Bob”

With “guarantees” I meant things like whether you want to have perfect forward secrecy, or whether you want to provide some degree of deniability, and so on, not so much what kinds of guarantees you’re relying on although they’re definitely also good to keep in mind.

“As secure as possible” is a very all-encompassing goal which doesn’t really say much – what I was trying to get at with my point about the guarantees you want to make is that you’ll want to have a clear idea of what you actually mean with “as secure as possible” so you’ll know what sort of eg. architectural decisions to make before you do a lot of work and paint yourself into a corner.

It’s a very ambitious project, but I can guarantee it’ll probably be very interesting to work on and you’ll learn a lot regardless of the outcome, and I’m definitely rooting for you.

It’s not “Brussels” pushing for this, it’s braindead MEPs who were lobbied by various shady organizations

Sure!

• article from Yle, the national broadcast company: https://yle.fi/a/74-20087808
• Reuters: https://www.reuters.com/world/europe/finland-introduce-200-euro-fine-participation-illegal-strikes-2024-02-22/
• more in depth article by SAK, a “labor confederation” (sort of like a union of unions): https://www.sak.fi/en/whats-new/serious-grounds/restrictions-right-strike

I have a background in distributed systems and some background in security (I’m by no means a cryptography expert but I do know more about the subject than average developers), and I’d say that at this stage you shouldn’t worry too much about meeting all parts of some guideline or another; they’re often geared more towards bigger teams and slightly more established projects. What I think could benefit you would be first of all to have a clear idea of what exactly you want to accomplish (from a security standpoint, not necessarily so much from a functionality standpoint) if you don’t already have have one, ie. what sort of guarantees do you want to be able to make. Doesn’t have to even be a public document at first, just some notes and sketches for yourself. Then you’d want to find other projects with similar guarantees and aims and see how they did things, find research papers on the subjects and so on. Security guidelines can be useful, but generally it’s more useful to understand why something is in a guideline in the first place. For a project such as yourst I would personally really emphasize design documents and research over code at an early stage, because you need to have a clear goal in mind before you start cranking out code which might turn out to be worthless (at least to some degree) after you run into problems with your approach. Not saying that the documentation has to be public, just that you / the team know exactly what the goal is.

“Encrypted P2P chat” can mean vastly different kinds of projects, with very different aims. For example, do you want perfect forward secrecy? If so, you’d want to find out the challenges associated with it, especially in relation to interactivity since you’re building a P2P architecture, etc. etc. Same with anonymity / user “traceability” like I mentioned earlier; you need to have a clear picture of what kinds of guarantees do you want the users to have to be even able to say what kinds of best practices you’d have to follow.

Sorry, that turned into a bit of a ramble and might be completely obvious to you already, since I have no idea about your background and the level of research you’ve already done.

Reportedly the Russian factory workers are being paid quite well.

Paid well for Russian factory workers

And the lack of quality is just a myth I think. There’s no indication that’s actually true.

Then you haven’t been paying attention.

Honestly, just properly funding anything that is designed to do benevolent things for the community as a whole is a tough sell with way too many US community politicians

This seems to be a problem with at least conservative politicians everywhere. In Finland where I live we do still have the vestiges of a welfare state (and it really is vestigial at this point), but right wing politicians keep dismantling it and cutting taxes on the rich, and later on leftist politicians find it impossible to roll back any changes due to resistance from the right.

Right that makes sense.

But yeah, after glancing through the links you provided, I’d agree that you’ll definitely need to pay someone for an audit / review, there are so many pitfalls and gotchas when it comes to encryption alone, and depending on the guarantees you want to be able to make you’ll find even more pitfalls and gotchas – especially if you want to make even relatively light guarantees about anonymity. The classic problem is that even with encrypted payloads the metadata / protocol itself leaks information, which might or might not be a problem depending on what your guarantees are.

I’d suggest writing at least some level of documentation for the protocol. I’d assume a lot of the more security-minded folks – who your app seems to be targeting – won’t be too enthusiastic about using a chat service that promises security but doesn’t tell you how it plans on achieving it.

Yeah. Government-owned companies producing shells that probably wouldn’t pass QC in “the west”, and paying employees a pittance in comparison. Also at least based on aerial photos, Russians seem to use contact fuzes a lot (you can see the difference from the “splash” patterns) which are a lot cheaper than airburst / multifunction fuzes, but admittedly those might well have been old Soviet stock and their new production could well be more modern.

Still, regardless of the fuze used it’s no surprise that Russian production is cheaper.

Is there a description of the protocol somewhere?