>It shouldn't need more than 3 variables
But you do. Think about what it means to describe orientation. You need enough degrees of freedom.
When describing rotation of of a sphere projected onto a 2d plane, having two variables (X,Y) isn't enough. Because the sphere could rotate about the axis between the origin and that point. There's an an entire degree of freedom you could describe for a complete rotation about that axis.
In the same way, having 3 variables to describe a quaternion rotation is not enough. You again, have an entire degree of freedom you could rotate the quaternion about.
Apple doesn't get to dictate what constitutes a good user experience. Especially for me - that is my prerogative and mine alone.
So yes, I will be extremely happy with it. This opens doors to all kinds of software that can compete with one another, and if I don't like it, I can simply uninstall it myself.
Just one more bit of anecdotal evidence to support your view.
Our app was rejected after review until we updated an external support doc to which the app linked. The doc contained system requirements for both iOS and Android devices, and we were specifically rejected for even having mentioned the competing operating system.
> The doc contained system requirements for both iOS and Android devices, and we were specifically rejected for even having mentioned the competing operating system.
same, for us we just open all links in safari now, so if mentions of android show up its not "in the app"... an arguably worsened user experience for no good reason except to keep apple happy
You're confusing first party apps with third party apps. Also you're forgetting that this is a forum which is heavily biased to developers. I use Android because my phone isn't a fashion piece. Some of my users sadly use iOS. They want the software on the devices they purchased and own, but Apple is preventing us from delivering this to them unless we do exactly as Apple commands.
My phone is not a fashion piece. AFAICT the blue bubbles will show up with an old 4S just as well as with a 14 Pro Max.
I have an iPhone - which I got after many years with Android - because iMessage is an essential app for me. I live in the US, so my business partners do not have [choice of alternative messaging app] installed and they are not going to install it just for me. I'm a doctor working in a hospital that has two complete dead spots for cell reception, and whose IT department blocks WiFi calling. So I can't make phone calls on either service, and only on iOS can I get messages that are really, really important over the hospital WiFi.
I could talk until I was blue in the face about how other methods are better. Or how Apple is being a gigantic bunch of assholes by not using something other than vanilla SMS if you're not an iMessage user. But it's sitting at about 30:1, and you can either go along and be aware of important things going on, or you can be left out.
When business decisions are being made over those conversations, I'd be a fool to ignore it. I don't much like the iOS way, having gotten used to Android and LineageOS, but after my experience with the Nexus 6P that suffered the infamous "battery goes to shit overnight one day" problem that Google wouldn't fix, as well as being dropped from updates after two years, five years of security updates from model introduction sounded pretty nice.
But on Android, you can replace the default messaging app, and that app can have access to SMS as a fallback, so it's really easy to convince people to switch. "Hey, uh, plain messaging is annoying some of us, please install this app, we can all use it, but it will work even with people who don't have it over the regular text service."
It's still getting rolled out a lot of places. Google sees it as the successor to SMS and it's built into native messaging apps. I recently saw cross-carrier support get enabled locally and that made it universal enough that so far anyone I message that's running Android is already connected via RCS.
Apple intentionally doesn't support RCS in order to keep imessages from interoperating with android.
a system that can deliver messages through SMS or wifi is better, especially one that was a protocol, not a product, and would allow multiple platforms to access
You’re being downvoted (clearly by multiple people) for having a valid opposing opinion in a subjective debate. Hate to see that kind of behavior on HN. Upvoted you to balance it out.
I disagree. As far as technicality goes, PGP is a pretty strong decentralized model. GnuPG is a pretty solid implementation of PGP.
Are they perfect? No. Do they merit this much criticism? Obviously not. This whole thing reads like an opinion piece criticizing implementation details and attributing it to the whole design. I did a spot check on the guy's authoritative sources and found them _extremely biased_, with one referring to an article disparaging DSA, who prefixes his technicals with "more important articles" arguing that white people somehow cannot experience racism even if they experienced racial prejudice. And they expect to be taken seriously? It's insanity.
But back to the technical aspect - _Of Course_ you should not use 1024-bi RSA or DSA keys. Of course you should choose prime numbers. If someone chooses to use a non-prime field you're going to have problems - that's not a problem with the PGP protocol or with RSA or DSA. If you're trusting public keys from complete strangers, _you're doing it wrong_. If you're not verifying that the fingerprint matches, _you're doing it wrong_.
For a journalist trying to report his findings in an unfriendly country to a secured third party, PGP is an excellent choice. For a client to secure communications with his lawyer, PGP is an excellent choice. And for anyone who would argue the contrary, I challenge them to forge a signature for the following identity. Go on, I dare you.
Only I own this private key, and only I can sign with it. It's stored offline, secured and airgapped. It'd take more energy than there is on the planet to crack it. But I can easily prove I'm the owner. Trapdoor functions are a wonderful thing. If I were given your public key, and it _followed protocol_ and was a strong key, I'd be able secure communications to you in such a way _even I wouldn't be able to decrypt them_.
----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Go on, forge something. I'm waiting.
-----BEGIN PGP SIGNATURE-----
Why is that any more valid than any other key that says "Anonymous"? When you "prove" you own it, how would I know there's not MITM happening over the internet?
Its use is securing communications over an insecure channel. I
can guarantee you that this message has not been tampered with
in any way by HackerNews admins if the public key validates
the signature of this message. If they have tried to tampered
with it, the fact that they don't have the public key would
demonstrate an invalid signature. So not only would you know
if this message is really from me, you'd also know if it was
tampered with.
The guarantee is worthless, HN could generate a new key with the same "Anonymous" name on it, and use it to sign whatever they wanted to sign, and modify your comment to post that.
I have no way of finding out whether this already happened or not.
Signing messages with a new key untrusted by anyone is worthless security-wise. In general posting GPG signed messages in forums is of dubious utility, unless you're a celebrity of some sort and have a key with a decent amount of signatures on it.
Even then, GPG makes path finding extremely inconvenient, so even though I'm very well connected on the PGP WoT, it'd take me a serious amount of work to verify a signature unless it belongs to one of the few hundred people whose keys I've actually signed (yup, I used to be quite serious about this).
>The guarantee is worthless, HN could generate a new key with the same "Anonymous" name
Actually, it's not. That new key is an entirely different identity, and if you're struggling making the distinction between its "name" and its "identity", I'd argue you're not the target audience for PGP in the first place. There are 45,000 John Smiths in the world. Are you going to also argue that the concept of identity is thwarted by this fact? No. I believe this argument is made in bad faith.
>and use it to sign whatever they wanted to sign, and modify your comment to post that. I have no way of finding out whether this already happened or not.
Have you tried checking the signature? (hint: it's invalid - HackerNews manipulates the whitespace). Verifying signatures is incredibly easy in GnuPG. Would you like me to walk you through it?
>In general posting GPG signed messages in forums is of dubious utility, unless you're a celebrity of some sort and have a key with a decent amount of signatures on it.
On the contrary, it's quite useful. Public key cryptopgraphy allows you to be absolutely certain that a messages with a valid signature were signed by the holder of the private key. You don't need to know who that person is, but you can be certain that he holds the corollary private key. Your argument seems to be conflating _that_ with an argument on the metadata e.g. the authenticity of the public key itself, and that's an entirely different discussion orthogonal to the _utility_ of PGP.
By the way, GPG is just an implementation of the OpenPGP protocol. There's more than one implementation (RNP, sequoia, and OpenPGP.js, to name some for instance).
>Even then, GPG makes path finding extremely inconvenient, so even though I'm very well connected on the PGP WoT, it'd take me a serious amount of work to verify a signature
So? I never said it was easy. At the end of the day, you'd have to trust someone. PGP allows you to trust your web of friends. TLS requires you to trust some certificate authority. You're not really making any case against PGP here. Moreover, it's net even close to the use-case I argued.
For a journalist trying to report his findings in an unfriendly country, PGP is an excellent choice. For a client to secure communications with his lawyer, PGP is an excellent choice. And I'm still waiting for you to forge that signature to prove me wrong.
> Actually, it's not. That new key is an entirely different identity
Yes, which is just as worthless as the one you used, and from my point of view neither is better than the other.
> Have you tried checking the signature?
No, there's no point. It is worthless whether it verifies or not.
> On the contrary, it's quite useful. Public key cryptopgraphy allows you to be absolutely certain that a messages with a valid signature were signed by the holder of the private key.
Yes, and anyone can make a key, and they're all equally worthless unless there's a way for me to develop trust into one of them. And in this situation, there's none.
> So? I never said it was easy. At the end of the day, you'd have to trust someone.
In the situation you're providing here, there's no way for me to trust anyone, so your signature might as well not be there.
>Yes, which is just as worthless as the one you used
Wrong. One produces a valid signature, the other does not. I couldn't care less for your point of view - my interest align with my clients.
>No, there's no point. It is worthless whether it verifies or not.
An invalid signature indicates the message has been tampered with.
>they're all equally worthless unless there's a way for me to develop trust into one of them
Have you tried engaging with the parent post instead of talking past it? Attributing trust to some key an entirely orthogonal issue to the utility of a PKI protocol.
> In the situation you're providing here, there's no way for me to trust anyone, so your signature might as well not be there.
Sigh. First off, it tells you two things. (1) The message was signed by the holder of the private key if the signature is valid, and (2) the message has been tampered with if the signature is invalid. And you don't even need to trust the key to deduce these facts. Second, you still haven't forged that signature, so the fact that you're arguing past me instead of posting a valid & forged signature only proves my point. You can't do it.
> Wrong. One produces a valid signature, the other does not.
Wrong. They obviously wouldn't be stupid enough to just modify the message. They'd create their own key, and create a valid signature with that.
Then as an end-user, what it looks like to me is that you signed one message with key BDEC7256 and another with key 1E81885. No way for me to tell which one of those is the actual you, because I don't know who you are.
> An invalid signature indicates the message has been tampered with.
Which is why they'll make a valid signature with their own key.
If they're smart about it, they'll take your text, feed it to their key and silently rewrite your comment. I won't ever get to see your intended signature, only theirs.
And to make it extra-devious, they could arrange so that you see your original submitted version, but I see the fake one.
You kind of do know who they are, the first message was signed by the the first key, so you know that key is associated with that message and the author who sent that message. You don't know their name, but you know that this author, whatever their name may be, has control of that key pair.
As an end user, you see that the first message and second message were signed with different key pairs. Since you know that the first key is controlled by the author of the first message, you use a little bit of logic to deduce that the second message must not be authored by them, because it was not signed by the key pair that signed the first message.
So PGP did do it's job here IMO. The end user sees that there are two different authors here, which is what it was meant to do!
>No way for me to tell which one of those is the actual you, because I don't know who you are.
You don't really need to know this oftentimes, you just need to know that author A is in control of key pair A, and any messages that aren't signed with key pair A must not be authored by author A.
An example of this is trust on first use. You find some python library that colors terminal output, and it happens to be signed with key pair A. Going forward if you check the signature of the release artifacts, you know that it was authored by the same person that authored the original library you used, even if you don't actually know who they are.
Another example of this is TLS certificates. When creating a TLS certificate for your domain name, there is no cryptographic guarantee that the person who paid for the domain name is in control of the machine that is used to create the certificates associated with that domain name.
The only guarantee that is made, is that the person in control of the machine used to create the certs is the only person who has access to the private key material. So in practice this only proves that the machine you connect to when going to $url is controlled by the person who controlled the machine used to create the certs.
We can imagine person A buying $domain. They setup their DNS records to point to an IP address. If the DNS servers used by lets encrypt (for example) lie about the record, it is possible that an untrusted party is able to create a certificate for person A's $domain.
For most forum posts where people aren't using real identities all I generally care about is that post X and post Y came from the same person. By including both the signature and the public key I can check that without having to look at anything other than X and Y. (That's assuming that the forum itself is not monkeying with posts).
Parents, for their children’s best interests, have a prerogative to control what their children are exposed to. Social media is absolutely within that domain. I’m inclined to believe anyone who disagrees with that principle is a potential predator who seeks to undermine that authority. Sexual preferences are fundamentally sexual in nature, and parents absolutely have the prerogative to gatekeep the kinds of content their children are exposed to, especially sexual content. Children cannot (and should not be) expect(ed) to have any real form of privacy while under the care and supervision and oversight of their own parents. If parents see their children on internet chats they have a right to be involved and snoop on the logs and intervene to nip bad ideas in the bud. They have a prerogative in influencing the upbringing of their children in every aspect of their lives. Children simply cannot consent to life-changing decisions such as having sex, or sexual reassignment surgeries, or taking puberty-blocking hormones (aka sterilization drugs also given to convicted pedophiles). This includes intervening when strangers on the internet are grooming their sons / daughters to convince them they are gay or trans orcc by whatever.
I'd rather not share specific details due to privacy concerns, but I've personally needed to rescue a loved one who was groomed by a stranger on the internet, convinced their loved ones were manipulating them and oppressing them, then kidnapped (across state lines), then encouraged to start hormone replacement therapy.
To be clear: I support trans kids and I find opportunities to support them however I can. The loved one in the case I describe is not trans. They were a minor at the time, and according to them, didn't really have a sense for how they might identify. A stranger took advantage of that, inflicted severe emotional trauma and irreversible changes, and, thankfully, will remain in prison for at least another 3 years (for this one case).
Whether it's "the latest bullshit moral panic du jour" I can't speak to. According to the FBI and state police involved in my particular experience, they've seen a sharp uptick in cases like the one my loved one experienced. I've seen my young teen age nieces nearly fall into similar traps. I only know about those close calls because my nieces have the experiences of their older family member to lean on, and know to share sketchy communications with their parents and me.
I suspect the "gay or trans" angle is indeed "bullshit moral panic" motivated by politics/fear more than anything, but the idea that young people are being manipulated and sucked into dark places is very much real.
Note that libsoftiktok produces fake content alarmingly often. You ought to read the impact section of their wiki page where it describes how they like to accuse teachers who resign of being fired for grooming children without evidence, or how they manipulate footage from serious discussions between prison psychologists to produce such fantastic rage bait that even Russian propaganda networks use it.
If you follow accounts like these and take any of their content at face value you are choosing wilful ignorance via propaganda. There's nothing else to it, they show you nothing but a cruel facsimile of reality in an effort to make you into a bigot.
Here's a snippet from the end of the article, note that some of these targets did literally nothing other than criticize libsoftiktok
> After analyzing Libs of TikTok's online activity in April 2022 through November 2022, a counter-extremism research group called Task Force Butler Institute estimated Raichik singled out a specific event, location or person over 280 times, resulting in 66 incidents of harassment or threats against her targets.
If by "that account" (???) you mean the charity investigating right wing extremism in the USA then sure but I think that's a pretty sad response all in all.
> I’ll trust my eyes over what’s written in Wikipedia.
Wikipedia editors generally exhibit honest behaviour that your preferred propaganda outlet handler Chaya Raichik conspicuously lacks. The authors of the wiki page haven't sicced an online mob on anyone, I'd count them fairly trustworthy by comparison.
If you'd truly like to use your eyes I suggest the gigantic multi-paragraph list of abusive behaviour on behalf of Libsoftiktok, all replete with citations for proof so you can be certain it's the truth.
Righteous anger is a very dangerous human emotion, these accounts exist to exploit that part of you. I think anyone who makes it their business model to tell you who you should feel angry about should be treated with utmost suspicion.
> Wikipedia editors generally exhibit honest behaviour
Oh, shut up. Even the co-founder of wikipedia Larry Sanger no longer trusts wikipedia because its staff and biases are so far skewed to the left that he can no longer trust it. You are in a cult if you honestly think this kind of disingenuous editing is trustworthy.
It isn't totally shocking that someone who's made it their life's work to repeatedly try (and then fail) to replace Wikipedia would be sour about Wikipedia. I also don't as a matter of course trust the opinions of people who appear on Fox News, a network specifically for propaganda dissemination who admitted in court they do not aim to tell the truth.
That he's appearing on Timcast, hosted by yet another right wing propagandist agitator, does not shock me. It does mean I won't believe a word he says.
If you'd like to substantiate that feel free. I've provided plenty of evidence, GP has dismissed both replies without supplying any refutation.
Further, if you're unhappy about the points I'm making then explain why you think I'm wrong. Sniping at me from two different comment threads with out of hand accusations isn't doing you any favours.
In this case it's fake AND I dislike it :) Thankfully, both can be true.
Feel free to peruse the long cited list of occasions in which Chaya Raichik outright lied on libsoftiktok, it's in their wikipedia article which reads as one long controversy section.
> Just because a parent THINKS "being gay" is sexually suggestive doesn't mean that it IS.
But categorically, actually being gay is. By any dictionary, the word “gay”classifies a very specific sexual preference. Sexual preferences are fundamentally sexual in nature, and parents absolutely have the prerogative to gatekeep the kinds of content their children are exposed to, especially sexual content. I realize you might have your objections to this but it doesn’t make it any less true. The law is clear on this fact.
Is a book containing a husband and wife sexually suggestive, as it shows a heterosexual couple? Is a book containing a nuclear family even more sexually suggestive, since it implies the husband and wife must have had sexual intercourse to produce the child?
Predators go on social media sites to pass off as children in order to groom those children all the time. Don’t feign ignorance at the fact that age verification techniques helps site operators weed those weirdos out.
Is there nothing that cannot be justified by saying "think of the children"?
If this law is enforced, then I'm going to have to upload my driver's license to Hacker News, that is my complaint. And doing this isn't going to protect any children, predators aren't finding children on Hacker News. The law applies to all websites with more than 10 million users (HN is just barely there I think), and to even be able to see the content on HN I will have to submit my papers. If HN doesn't want to deal with that burden, they'll ban Utah IPs and it will become illegal for me to access Hacker News. Doesn't that seem like it's going to little to far?
Nice straw man, but I’m right here. Go see what I’m actually objecting to after reading my post a little more critically. Read the other post in this thread while you’re at it.
Anyone who’s looked critically at the studies of social media on teens, especially teenage girls, will observe how catastrophic its effects are on the mental health of the minors. It spikes anxiety, reduces confidence, and induces dopamine addiction, which hurts attention span and cognition. It’s a disaster, and I understand the intent of the bill on its face.
That said, I agree in principle that parents, for their children’s best interests, have a prerogative to control what their children are exposed to. Social media is absolutely within that domain. I’m inclined to believe anyone who disagrees with that principle is a potential predator who seeks to undermine that authority.
I do not think age verification with a government-issued ID is an effective way to do this. At least not as it is. There is undue risk exposing sensitive personal information. If the folks working in govt were more clever, they’d see that the verification would instead depend on some hash or digital signature and where the government would issue some certificate authority to mediate the legitimacy of the signatures. Zero-knowledge proofs are the answer here.
In all honesty though, I think the more appropriate solution is to simply have parents themselves (as opposed to governments) to moderate their children rather than control how content providers conduct their business. If their children cannot be trusted with a cellphone to keep away from tik-tok, then simply lock down their device or give their children a dumb phone. The margin of abuse and risk is far greater with a centralized power like the government. Governments turn corrupt all the time.
They deliberately ignore established scientific consensus with regards to the biological and physical differences between men and women. That’s why they say “men can get pregnant!” and insist that MtF transgenders should compete in women’s sports. They have eroded definitions of terms like “gender” which used to be synonymous with “sex” to push a narrative, and silenced physicians/pediatricians who (correctly) voice observations that the hormone-altering drugs given to children sterilizes them.
Climate change is another issue. No democrat had ever been able to demonstrate in a manner which its falsehood could can be verified, the degree to which human activity contributes to climate change (e.g. is it 2%? 5%? 50%?). Even though there’s a large push to “go green” and tear down the foundation to our modern infrastructure and energies (coal, petroleum, and gas). Just now there’s been a large push to ban gas stoves as an element to “combat climate change” despite the insignificant contribution to the global-warming pie chart.
There’s a lot more, and there’s a lot that the republicans & democrats are both guilty of (e.g. the suppression of studies of cognitive abilities between the races e.g. the gaussian distributions of IQ, despite IQs being comparably reliable in predicting academic success, job performance, career potential and creativity). They like to say “race is skin deep”, while ignoring the fact that even children of mixed-race parents cannot accept a bone-marrow transplant from their own parents - it will be rejected. It literally goes further than bone deep. These are just a handful of observations anyone can verify for themselves.
> Have you forgotten that the world is full of bad actors who are literally trying to eat people?
Your premise here is false. If X thing is bad, a number of other people doing it doesn’t make it OK. If anything, it makes it worse, not better. If all your friends jumped off the edge of a cliff to suicide, would you do it?
When describing rotation of of a sphere projected onto a 2d plane, having two variables (X,Y) isn't enough. Because the sphere could rotate about the axis between the origin and that point. There's an an entire degree of freedom you could describe for a complete rotation about that axis.
In the same way, having 3 variables to describe a quaternion rotation is not enough. You again, have an entire degree of freedom you could rotate the quaternion about.