Replied with this on a different thread, but I built an extension[1] so that I could choose which sites are opened in Chrome... so that whenever I need to use Google Meet, it automatically opens it on Chrome.
I built an extension[1] so that I could choose which sites are opened in Chrome... so that whenever I need to use Google Meet, it automatically opens it on Chrome.
I wish I found your app before I wrote mine [1] :) you seem to be way better versed in cryptography than I am. What's the advantage of having the main document and the keys separated?
I wouldn't say I'm very well-versed in cryptography. The reason they're separated is that it allows you to:
* Further split up the trust such that the key shards can be held by one group but they don't have access to the document (maybe you keep a copy of the document with a lawyer but distribute the keys among your friends and family so that if your lawyer is hacked or bribed they can't reveal the secrets, same goes for if your friends conspire against you).
* Make the shards small, independent of the document size, so that they're always practical for friends to store even if you have a very large document to save.
* You can do a quorum expansion (create new shards that are compatible with the existing shards) without revealing the secret.
To be fair, for practical uses this is not super necessary but it adds flexibility without losing anything in return (I would argue the quorum expansion point is actually a useful feature).
And if you can't update your blog or can't pay for it because you lost your memory? The low tech solutions can't be beat, especially if you expect others to help you pick up the pieces with minimial technical sophistication.
I was once locked out of some pretty important accounts while traveling overseas. Ever since then, I've been thinking about the importance of being able to "shard" both secrets and authority.
If I were to be imprisoned, for example, I might want my lawyer and family to be able to access all of my emails from two years ago up to one week ago. If I were to suddenly die, I would want my family to have full access to all of my accounts, with little hassle.
I would like to be able to tell my email provider (through my account settings) that if at least two people out of each of these three groups agree that such-and-such condition has been met, then these people will be granted this sort of access. The process would notify the other members of the groups I defined and have a delay to allow some kind of veto/vote if there is any disagreement. It may be a bit fiddly, but if a standard were defined for how the interaction works from a user's perspective (including steps to make sure you understand the consequences of how you've configured it), at least it could work consistently across all kinds of accounts.
here you can see how I'm using Shamir Secret Sharing, I gave clear instructions on how to use the shares and in what circumstances.
based on their dynamics, I'm feeling pretty good. I know I have some people there that are tech savvy + some that will take good care of their shares and when they should send those to whom.
I was wondering, how much do you trust these tools? Cryptography can be extremely tricky to implement. For example, has the tool been checked for side-channel attacks? Has it had any other audits? (On the GitHub page of the library, it says it's no longer maintained)
I trust it enough no solve my DR scenario. If I was targeted by the NSA, I don't expect this to keep me safe.
I don't think SecretSharingDotNet has had any audits, and I'm pretty sure i hasn't been checked for side-channel attacks. I couldn't find anything in GitHub [1] saying it's no longer maintained though.
I'm pretty sure a well founded attacker would be able to hack me, but I think it's orders of magnitude more likely that I'll forget my master password, I'll get stolen, my apartment will catch on fire or I'll just die. Those are the scenarios I'm preparing for.
slack. I do so with my extension[0]. At one point they rewrote it and added CSP.
In order to inject my code before theirs, I had to come up with different approaches on FF and Chrome... and since it was starting to become a cat and mouse game, I just took the extension private.
After that, they didn't escalate their game. I'm thankful for that, so that I can keep enjoying it without spending lots of time figuring out how to mess with it.
ha, I'm also from Uruguay. A couple months ago I received 3 offers. One of them explained their offer was "the salary from Philadelphia adjusted to the local market". The other two offers where comparable to what I've been making (similar to a US salary). I didn't go for the "local-market adjusted" one.
The only thing they're doing is missing on some talent, but that could be ok for them.
at a macro level? sure. At a micro level, had I been convinced that my pay was fair (it was enough to cover my needs and save) and not asked for more, I’d be making upwork money.
There were two times where I more than doubled my pay. At one point I was 1 month into a contract and I got an offer from a previous client doubling what I was getting. I used that to make my case and we figured a schedule for me to make 2x my rate.
Then, I was bored and started playing with Asterisk and Twilio. I built an integration before there were docs on how to do it, I blogged about it and people started contacting me offering me to do it for them.
For each client I asked for more money. I started at 35/h and doubled it every time somebody contacted me.
One of those clients offered me a 40 hours/week contract. They got acquired and I was a key member working 60+ hours per week.
The new company wanted me to sign a long term contract and... to sign it I asked for even more money! since I’d be giving up opportunities to work with other clients.
Once you start making more money it’s easier to get the job because... you’re already being paid that. Obviously, you need to deliver according to the expectations, but luckily that wasn’t an issue for me.
