Database maintenance

Oct. 25th, 2025 08:42 am
mark: A photo of Mark kneeling on top of the Taal Volcano in the Philippines. It was a long hike. (Default)
[staff profile] mark posting in [site community profile] dw_maintenance

Good morning, afternoon, and evening!

We're doing some database and other light server maintenance this weekend (upgrading the version of MySQL we use in particular, but also probably doing some CDN work.)

I expect all of this to be pretty invisible except for some small "couple of minute" blips as we switch between machines, but there's a chance you will notice something untoward. I'll keep an eye on comments as per usual.

Ta for now!

Where are we on X Chat security?

Oct. 20th, 2025 03:45 pm
[personal profile] mjg59
AWS had an outage today and Signal was unavailable for some users for a while. This has confused some people, including Elon Musk, who are concerned that having a dependency on AWS means that Signal could somehow be compromised by anyone with sufficient influence over AWS (it can't). Which means we're back to the richest man in the world recommending his own "X Chat", saying The messages are fully encrypted with no advertising hooks or strange “AWS dependencies” such that I can’t read your messages even if someone put a gun to my head.

Elon is either uninformed about his own product, lying, or both.

As I wrote back in June, X Chat genuinely end-to-end encrypted, but ownership of the keys is complicated. The encryption key is stored using the Juicebox protocol, sharded between multiple backends. Two of these are asserted to be HSM backed - a discussion of the commissioning ceremony was recently posted here. I have not watched the almost 7 hours of video to verify that this was performed correctly, and I also haven't been able to verify that the public keys included in the post were the keys generated during the ceremony, although that may be down to me just not finding the appropriate point in the video (sorry, Twitter's video hosting doesn't appear to have any skip feature and would frequently just sit spinning if I tried to seek to far and I should probably just download them and figure it out but I'm not doing that now). With enough effort it would probably also have been possible to fake the entire thing - I have no reason to believe that this has happened, but it's not externally verifiable.

But let's assume these published public keys are legitimately the ones used in the HSM Juicebox realms[1] and that everything was done correctly. Does that prevent Elon from obtaining your key and decrypting your messages? No.

On startup, the X Chat client makes an API call called GetPublicKeysResult, and the public keys of the realms are returned. Right now when I make that call I get the public keys listed above, so there's at least some indication that I'm going to be communicating with actual HSMs. But what if that API call returned different keys? Could Elon stick a proxy in front of the HSMs and grab a cleartext portion of the key shards? Yes, he absolutely could, and then he'd be able to decrypt your messages.

(I will accept that there is a plausible argument that Elon is telling the truth in that even if you held a gun to his head he's not smart enough to be able to do this himself, but that'd be true even if there were no security whatsoever, so it still says nothing about the security of his product)

The solution to this is remote attestation - a process where the device you're speaking to proves its identity to you. In theory the endpoint could attest that it's an HSM running this specific code, and we could look at the Juicebox repo and verify that it's that code and hasn't been tampered with, and then we'd know that our communication channel was secure. Elon hasn't done that, despite it being table stakes for this sort of thing (Signal uses remote attestation to verify the enclave code used for private contact discovery, for instance, which ensures that the client will refuse to hand over any data until it's verified the identity and state of the enclave). There's no excuse whatsoever to build a new end-to-end encrypted messenger which relies on a network service for security without providing a trustworthy mechanism to verify you're speaking to the real service.

We know how to do this properly. We have done for years. Launching without it is unforgivable.

[1] There are three Juicebox realms overall, one of which doesn't appear to use HSMs, but you need at least two in order to obtain the key so at least part of the key will always be held in HSMs
Tags:

fifteen minutes of tron

Oct. 20th, 2025 09:05 am
jazzfish: book and quill and keyboard and mouse (Media Log)
[personal profile] jazzfish
Joachim Rønning (dir.), Tron: Ares

Apparently I have developed sufficient distance to be at least somewhat objective about a Tron movie. Tron: Ares is ... not good.

It's not awful. It's fine. It's a movie-shaped object. The dialogue, especially in the first third, is too on-the-nose, too screenwriter-school, too concerned with making sure the audience picks up what it's putting down in terms of plot and character. It spends an insufficiency of time inside the computer and too much time bringing inside-the-computer to the Real World.

However. It does look pretty. It has nonwhite characters, something both previous films were sorely lacking. Greta Lee absolutely carries the bulk of the movie, and Gillian Anderson does the heavy lifting for all her scenes. (Zarf: "A good movie would have stabbed the kid and let Mom carry the third act.")

There's a plot. It's ridiculous, as is traditional. The Macguffin is "the permanence code," an algorithm that can allow things to come out of the computer and not fall apart after twenty-nine minutes. The rival heads of rival big-tech-AI companies are trying to find it: one (the one whose computer-world is red) to sell weapons and soldiers to the military, one (the one whose computer-world is blue) to ... make orange trees in Alaska? Just go with it. It's still the case that good, as Jonathan L-- observed in the late nineties, is higher on the electromagnetic spectrum than evil. Eve Kim, the good CEO, finds the permanence code in some forty-year-old five-and-a-quarter floppies that used to belong to Kevin Flynn. Julian Dillinger pulls his main security program Ares into the real world and sends it to get the code from Eve. Ares gets cold feet at the thought of killing Eve and goes rogue, and plot ensues.

Having said that, I can't actually be all that objective about the movie. I imprinted hard on Tron as a kid. I enjoyed Tron Legacy even when it felt like it was trying really hard to visually distance itself from the original. The Ares script is a mess, but someone told the designers that they were making a sequel not just to Legacy but to the original as well. There's a portrait of David Warner, who played the human villain from the first movie, in his grandson's office in the evil corp. I laughed out loud in the theatre when Eve's phone rang and it was the descending-arpeggio motif from Wendy Carlos's Tron soundtrack.

And towards the end there's about a fifteen-minute sequence where Ares ends up in the 1980s 'grid'. It -is- the original Tron, dim lighting and lack of textures and all. I laughed again when the Bit turned up, and caught my breath as Ares shifted into a proper lightcycle. That made me so happy. It even had a few moments of appropriately airy philosophizing, this time about the value of mortality rather than "if you're a User then ... everything you've done has been according to a plan, right?". Jeff Bridges returns to full-on seventies guru mode, and that's pretty good too. (People will say "It's just The Dude from The Big Lebowski" but The Dude was always channeling the same flower-child vibe that Flynn embodied, just twenty years later.)

So, it was absolutely worth it to me, and I cannot in good conscience recommend it to anyone else.

Maybe I'll rewatch the multi-hour Making Of Tron stuff this week.

Postscript: I saw Ares in 3D. I mostly avoid things in 3D, it doesn't add much for me and costs a lot more. (My go-to "this was worth 3D" are Tron Legacy, which I might have a different opinion on now, and The Cave Of Lost Dreams, Werner Herzog's movie about cave paintings, which really did benefit from being able to see how the artists used the texture of the wall.) This was worth it mostly to say "yep, 3D movies do very little for me, even in the kind of effects extravaganza that they're sold for."
Tags:

AWS outage

Oct. 20th, 2025 10:11 am
alierak: (Default)
[personal profile] alierak posting in [site community profile] dw_maintenance
DW is seeing some issues due to today's Amazon outage. For right now it looks like the site is loading, but it may be slow. Some of our processes like notifications and journal search don't appear to be running and can't be started due to rate limiting or capacity issues. DW could go down later if Amazon isn't able to improve things soon, but our services should return to normal when Amazon has cleared up the outage.

Edit: all services are running as of 16:12 CDT, but there is definitely still a backlog of notifications to get through.

Edit 2: and at 18:20 CDT everything's been running normally for about the last hour.

There are no earlier entries to display. This page displays only the most recent 1000 entries posted within the last 14 days.

Profile

robbat2: (Default)
robbat2
Orbis-Terrarum Networks: Robbat2 resume

May 2017

S M T W T F S
 123456
78910111213
141516171819 20
21222324252627
28293031   

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags