• 94 Posts
  • 3.83K Comments
Joined 3 years ago
cake
Cake day: August 4th, 2023

help-circle







  • It’s true that the public keys aren’t sensitive and nothing is compromised (in fact, it’s recommended) if the public key is available from, say, a key server.

    But MITM is always a concern. Public-key encryption is supposed to mitigate that by ensuring that any third-party listening in in the middle can only get the ciphertext and cannot derive the plaintext of the communication.

    But, if a jurisdiction legally forces a rule like the “we get to snoop on everything” one in this law, it changes things. They could, for instance, force key servers to to only give out keys that are generated/controlled by the EU agency so that they can MITM to their heart’s content. My guess at Aniki’s thought process is that if there’s a central distributor of keys, that can be legally strong-armed into bad things, but the people you’ve talked directly to are a different matter. “Web of trust” as it were.

    I do think there are probably better ways to deal with that than what Aniki’s getting at, though. If you have Alice’s public key, you can verify signatures she generated, and you can be sure (hand-waves, rubber-hoses, caveat emptor, blah blah blah) that if you have a valid signature signing Bob’s public key with Alice’s private key, Alice vouches for that specific public key being authentically Bob’s public key.

    Now, if you only ever get public keys from a small set of (compromiseable) central key servers, then the very first public key you get could be compromised and any other signature generated from the associated private key could be forged by an adversarial party (like the EU.) And theoretically the EU could generate a whole counterfeit web of signatures. So there’s benefit to having at least some of the public keys you trust come directly from the one who generated the key through a known-secure channel.

    Before this law goes into effect, (maybe) we can trust at least some of the signatures in public key servers and use those as a basis for secure communication from which we can create a pool of known-uncompromised (qualifier, caveat, tin hats, etc) public keys, and based on those (maybe) detect forgeries and such.

    (Mind you, I don’t know the details of this law or whatever. It might be that the law as written will require, say, GnuPG to introduce backdoors. Not that I think they should, no matter what the law says, but it might be that the EU isn’t really likely to engage in quite the lever of subterfuge that I’ve outlined above. It might be more of a blatant “fuck you, we’re the government and you’re going to comply” approach than a sneaky-sneaky trick-everybody-into-thinking-they’ve-got-security-they-don’t approach.)




  • I have to wonder how the intellectual property shakes out with Beholders and Mindflayers and Kuo-Toa and so on that WotC has trademarked. I think if you’re doing business on DM’s Guild, I think they let you do more than if you’re not, but I haven’t found any indication that MZ4250 is doing business on DM’s Guild.

    I once knew an author who wrote a book with a character whose name was the same as a D&D character (I don’t remember which one… it wasn’t “Vecna” or some super-well-known character name, though). Aside from the name, it was a completely unrelated character, and the name collision was entirely coincidental. He got a cease-and-desist from WotC. And he didn’t have the means to fight anything, so he quickly unpublished the book and hoped they’d leave him alone. (They did, AFAIK.) At least he didn’t get harassed by the Pinkertons.

    But yeah. WotC is basically Satan, and not in a cool way. (Oh, sorry. I misspelled “Hasbro”.)


  • TootSweet@lemmy.worldtoGreentext@sh.itjust.worksAnon buys a game
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    3 days ago

    Yeah, I’m pretty sure the PS3 was that way, even. I’d have to imagine a lot of discs that are already out there would case to work the moment Sony shut down its servers. (And probably similarly so for Microsoft games. Switch seems much better about that, though they do sometimes require a firmware upgrade… unless you hack your Switch of course. And I have no frame of reference for how much that is the case for the Switch 2, but I can’t imagine Switch 2 being better than Switch 1 in that regard.)








  • I think my favorite for just straight flavor is Baron West Indian Hot Sauce. A friend of mine came back from a Caribbean vacation and said they served something like this there. (He also said the bottled stuff didn’t quite live up, but was close.) And man is that stuff good. They used to have one they call “Bajan Style” that’s very similar but not as super spicy as the stuff I linked above, but I haven’t been able to find that on the Baron website. (Maybe it’s discontinued.)