why do you assume GP is talking about general users? as you point out, this is HN: it’s reasonable to think that most comments here are written for that mostly-tech-literate HN audience, unless they state otherwise, no?
Yeah. And somebody may put up an Open Source repo for doing that 'easier'. But of course, nothing that any average user on the net could even know to exist, leave aside actually use...
Extraordinarily difficult, judging by GP's cynicism. Personally it is appalling just how little people are motivated to be nomically tech-literate in this extremely tech-driven society.
Tech is the only industry that asks this of it’s users, it’s just laziness on the developers part. People needing to know about hashing in order to save photos would be like people needing to know what refrigerant their A/C uses in order to keep cool.
Can you? Sure. Are their weird edge cases where it’s mildly helpful to know as opposed to having to ask someone? Debatably. Should you need to in order to not have things break for no reason? Absolutely not.
Lots of things are complex and confront people to deal with it directly, we just also have legions of people that we can pay to step in for us and a culture where laziness and convenience are core principles to our everyday lives. Not to mention a political establishment that touts the "virtues" of a simple, ignorant life.
Maintaining a house or yard, for example, or taxes. Driving also has a pretty high learning curve -- high enough to mandate driving lessons -- but once we learn it we're set for life. (Tech is the same way here....)
I kind of agree with you both. We do ask a lot of our users. But also, there is no A/C system out there nearly as complex as software. It is hard. For everyone. We can do better, but what does that even look like? Consumer level technology consumption is not in a great spot, but it also isn’t horrible. Power users who can get more out of computing will be a thing for a long time to come.
I think you misinterpreted the comment you're responding to; they meant that "sadly, you [the user] never thought to store a high-quality hash (e.g. SHA256) for integrity comparison with your stored data; and the hash you did decide to archive for integrity-comparison was a low-quality one (e.g. MD5) that can be trivially preimage-attacked such that a cloud provider could silently replace your data with a different one — with the same low-quality hash — without your knowledge."
Nothing about rsync.net per se, other than the general idea that any data you put on "somebody else's server" can't be trusted to stay the same if you don't have a high-quality integrity-comparison content-hash of that data kept somewhere.
To be fair, it may yet turn out that MD5 is (and has always been, we just didn't know it yet) a low-quality hash that can be trivially preimage-attacked. I think that's unlikely[0], but I can easily imagine someone reasonable being a bit more pessimistic. I certainly wouldn't willingly rely on MD5 preimage resistance for anything important.
0: I'd be willing to bet money at 1:1 odds that MD5 preimages still cost at least 2^96 bit operations (out of a nominal 2^127 hash invocations) 5, 20, or 100 years from now.
Well, let's see:
ssh user@rsync.net sha256 photos/IMG_1234.HEIC
Yep, checks out.