@alesgenova hiii! Iirc you're coming home tomorrow... let's rally?
@spacekookie if you're in town for a while and have the energy / time / want to hang out, my evenings are generally free.
In my latest podcast episode, I share my experiences with converting my GM preparation tools to a web-based table generator system called Hex-Describe. What started as just taking spreadsheet tables to text tables ended up being a journey through the AD&D core books.
Remember 1965? 58 years ago? The first official government report on #globalwarming for US president Lyndon B. Johnson? 1/2
@virtulis Let me try to restate what you're saying to make sure I'm understanding it correctly.
You are looking for
(a) a system that lets you quickly get yourself into a state where you can convincingly claim that you are physically unable to unlock it
(b) to an adversary who might be well-informed on this system
(c) but is otherwise unsophisticated and only has a limited amount of time and resources to spend on you.
(d) Crucially, you do not need to hide the fact that you're using this system or the fact that your inability to unlock it is a direct consequence of your intentional actions.
You are proposing what is basically a passphrase lock, except that the passphrase is intentionally impractical to remember and designed to be entered via QR code, which the user can quickly destroy when necessary to lock themselves out until they can access a backup copy.
If my reading is correct, I think your proposal is pretty good! You probably want to actually use the QR code to encrypt the app's database (as opposed to relying on it solely as a UI-level locking mechanism) to avoid making this easy to bypass via adb. For ergonomics, maybe consider supporting NFC tokens as well (I hear Russian banks are handing those out like candy, I wonder how easy those are to rip).
For related prior art, check out 1password's Travel Mode (https://support.1password.com/travel-mode/).
If you were to implement this, it would be crucial for you to be very very clear that this is your threat model. "Plausible deniability" has a bad reputation among modern cryptoengineers mostly because of overly ambitious/naive proposals that purported to address a stronger threat where (c) and (d) are not true or because (d) sounds implausible to much of the Western audience, but if people on the ground are telling you they're willing to live with (d) this seems reasonable.
Medium article: *Coding won't exist in five years. This is why."
First paragraph: "once upon a time, in a world not to different from ours, handmade clothing was the norm."
Comrade. Friend. I really need to tell you that clothing is still hand made. We just exploit people in the global south to make tons of it cheaply.
RT @KristiRaik
Having listened to Macron and Scholz at #MSC2023 yesterday and as much as I appreciate their support to Ukraine today, I can’t help thinking that just a year ago they believed Putin more than they believed some of their allies. Trust takes time to build.
@timClicks for how long are you in the UK? What are your plans for the rest of the day?
An absolutely amazing workshop on #rust #async given by absolutely amazing @kookie!
I'm glad that I managed to do first two exercises with a very minor help from mentors.
I kind of slacked exercise 3, but I ended up learning about https://docs.irde.st/developer/technical/ratman/index.html
Which is a modular routing system that has a lot of properties that I was dreaming about while thinking about #selfhosting.
That https://doma.dev guy
#lean #rust #typescript #react #nix
In my non-existent free time I design and run #TTRPG
If you use tools made by genocide-apologists, you are a genocide-apologist.
#lemmy users aren't welcome here.