What is Reddit's opinion of Buttondown?

Chats on Telegram are not end-to-end encrypted by default, which means Telegram's servers can read everything you send. Both Signal and WhatsApp do end-to-end encryption by default.

Furthermore, Telegram's end-to-end encryption once contained a flaw that looks suspiciously like a backdoor, which doesn't make it any more trustworthy in my eyes.

EDIT: Also, Telegram does not support end-to-end encrypted group chats.

That's funny. Looking at the network requests, the initial HTML includes all the content. I found another blog on buttondown.email with the same issue, so I blame the provider. Probably waiting for something to load before displaying the content.

In practice, applications (like TLS servers and web browsers) read random bits from /dev/urandom or RtlGenRandom on Windows. The OS CSPRNG collects noise/randomness/entropy from multiple sources and securely mixes it, with reseeding to maintain secrecy against attacker that had limited access to OS CSPRNG buffers.

All sane cryptographic functions internally use a randomness API that just provides the required number of random bytes (like reading from /dev/urandom or getrandom). Some things like HMAC and AES-GCM can just use those bytes as-is, other things like RSA code generate RSA keypairs using the randomness to deterministically generate candidate primes and primality-test them until it finds two primes of the right size (half the RSA key size).

A CSPRNGS can just be something that takes 256 bits generated by an unpredictable physical process (fair dice, electronic noise, whatever), and then just uses that as key in AES-CTR (or chacha20 keystream), generating 2 raised to the 68th power number of random bytes. This is probably enough, but if you need more, rekey it and run the same code again. This runs at gigabytes per second per core and is secure. The method to collect the initial seed is up to you - some don't trust Intel RDRAND and prefer to use the least significant bits from the timing of IO interrupts or whatever.

See for example this for more: https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-linux-csprng-is-now/

You may want to create a mailing list. Nothing fancy, just something like a https://buttondown.email/ URL you can point interested folks to where you'll announce the kickstarter. I'd subscribe.

Also, if running a kickstarter is a new idea, you may find the advice at https://stonemaiergames.com/kickstarter/to be useful.

This article from 2006 said he never read it personally, and also doesn’t imply anything about it being inaccurate.

http://anthonykiedis.net/magazine-scansarticles/2006-2007/2006-2/052006-q-238/

Interestingly for one who has experienced so much anguish both as a member and non-member of the Red Hot Chili Peppers, Frusciante has no interest in hearing the other side. He hasn’t read Scar Tissue.

“I’ve asked Anthony for a copy on three occasions. He says, Sure, but it never comes,” he smiles. But Frusciante has heard what’s in it. He is unimpressed.

“There are things in it that were supposed to be secrets. We said, We won’t talk about this, but it’s all there. It’s not the coolest shit in the world…but I forgive him.”

I’m sure like most autobiographies, there are parts that are fuzzy or cobbled together. Maybe things are misremembered, and possibly they are purposely misremembered (slightly) to make for a better narrative. And of course, sometimes people have different “sides” to the same basic story.

If you really want to see some comparison between Scar Tissue and other sources, there’s some great, thorough research done by Hamish ( /u/butter_wizard ) in his newsletters— https://buttondown.email/rhcpsessions Sometimes, Hamish will note where his research runs parallel or counter to the stuff in Scar Tissue.

> /u/FiloSottile would you trust your life and your children's life to the SINGLE OUTPUT of /dev/[u]random over top of the output from /dev/[u]random mixed with additional sources of independent entropy?

Easy question. Yes. /dev/[u]random (with the old-kernel-early-boot caveats /u/Soatok already provided) already aggregates whatever good sources are available, which is not an argument to cobble together more sources at the application level.

Only root can write to /dev/random, so you'd have to build your own CSPRNG to mix other sources, and you are going to introduce more issues than you solve.

> dev/random & dev/urandom do not work on system with broken AMD chips! That is just one example.

Nope. RDRAND is broken on those machines, /dev/[u]random is not. systemd tried to implement multiple sources and weird fallbacks, just like the SRP library, and ended up being bitten. That's an argument for urandom-only, not against it.

> https://pages.cs.wisc.edu/~swift/papers/oakland14-rng.pdf

This is about VM cloning. You are not going to win that fight in userspace. Your application pool is less likely to notice a snopshot/restore than the OS is.

> https://www.schneier.com/blog/archives/2013/10/insecurities_in.html

This is an academic analysis of post-state-compromise recovery and "it remains unclear if these attacks lead to actual exploitable vulnerabilities in practice", which is academic for "this is actually fine". Also willing to bet most userspace CSPRNGs don't handle post-compromise recovery at all.

So yeah, all your examples suggest using only getrandom/urandom is definitely better. If you want to read more about the Linux random subsystem and its history, I ~recently wrote about it (which I guess renewed my urandom ambassador appointment for a few years).

Probably referring to telegrams early backdoor, https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/

besides the trivial bypass: https://www.vice.com/de/article/435gbd/telegram-ueberwachung-bka-chat-app-verschluesslung

or known trojans: https://securelist.com/the-first-cryptor-to-exploit-telegram/76558/

Key is, you don't need to break the new encryption as it's trivial to bypass it for security services. And group messages are unencrypted, stored centrally.

Please don’t use telegram. It’s security and privacy is worse than WhatsApp. I’ve no idea how they’ve gotten this far. Their messages aren’t end to and encrypted by default and the method they do use for end to end encryption is their own weird invention.

https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/

Hey r/BehindTheClosetDoor!

Really excited to talk with you all about Closet Tools and Poshmark growth tactics.

I just sent out an email to email subscribers, so we'll have some more people joining us.

I expect to get lots of criticism about automation and how it is against Poshmark’s community guidelines, but I hope there will be some valuable questions that are asked and answered!

Here’s some questions you might want to ask (or at least something to get your mind thinking):

What’s the best way to grow my Poshmark Closet?
How can I use the Closet Assistant to make more sales?
Will you be making X feature?
What’s the long-term vision of Closet Tools?
What is your name, birthday, SSN, and credit card number?

(Kidding about the last one 😂)

So, if you’ve got any burning questions or just want to stop by and check out what other people are asking, feel free to do so!

I keep getting a "not found" error page. I was able to fix it by modifying the subscribe button link to "https://buttondown.email/mikebuntart". The button on your subscribe page goes to "https://buttondown.email/mikebuntart.". Notice the period at the end.

I like what you have going on though. I love comics and science fiction. I'm so glad I came across this yesterday and I look forward to reading more of Stratum.

> Using their own proprietary encryption protocol (for no reason whatsoever, btw) is not secure.

The reason is obvious, Telegram was launched because of Snowden's revelations, the other protocols could had backdoors. OK it's very risky to roll your own protocol but in this particular case Telegram has been successful.

> Look at stuff like this, it doesn't really inspire much confidence.

Interesting, thanks, so your guess is that Telegram induces a false sense of security to spy on even secret chats on behalf of governments or something else.

You don't need to spend money on giveaways! You can do it pretty much for free! You can do "RT this for a chance to WIN #giveaway" and then randomly select someone who RT'd and send them a copy via email. I do monthly giveaways (sometimes of my stuff, sometimes of recent releases in the genre by friends or people I'm doing a newsletter swap with) on my newsletter, just select someone at random that was subscribed (free newsletter software: https://buttondown.email). When I'm giving away other people's books in physical Rafflecopter will let you run free giveaways with multiple ways to enter for free (you can pay for more bells and whistles but they aren't necessary).

I'm not the best blurb writer out there, but I think you are writing space fantasy? I'd go maybe with something closer to this:

"Mark is pretty content in his life. He has a great job [doing x / his childhood dream ], a [girlfriend / a great group of friends / people he cares about], and maybe a chance at [ greater aspiration ]. But he's always wondered if there was something more.

He was not expecting that something more to be an undercover mission to take out the leader of a galactic empire, one he is supposedly descended from and who he had no clue existed until he was conscripted into this task. Now he must [ leave behind X / sacrifice Y ] or risk [ thing he holds dear ]. It does not help that the fate of the universe also rests in his hands. Will he be able to pull off a mission that requires [ skills ], or will everything he holds dear [cliche / metaphor a la: crumble to dust / turn to ash / cease to exist]?

Ha I just wrote about this, as a positive. Being able to get started with SwiftUI was a huge win over learning AppKit. I don't mind filling in the gaps as the app evolves.

https://buttondown.email/ryancarver/archive/a-mac-app/

Nothing. Signal is considerably more secure.

Telegram does not e2e encrypt chats by default, while Signal does (at the expense of cloud backups).

Plus, Telegram rolled their own crypto, which is a big no-no. Mistakes like this happened: https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/

This will tell you basically everything you need to know: https://buttondown.email/rhcpsessions/archive/c2a6ef77-37e6-4fc1-9e04-865f48241fb9

It wasn’t just a bad mix of styles, it was much much more than that.

I recently wrote a post about this in my newsletter here (it talks about what a self learner would have to do in order to reach parity with a undergrad student who took DS+Algos at a university).

What is your goal with DS and Algos? Is it just to learn them to be a better programmer? Is it to prepare for job interviews? I think the best way to learn DS & Algos. is to first learn the theory of them i.e. learn how they operate and how to use them. That's step one and step two is actually using them using them with code. Programming is one of those things where if you don't actually use it then it won't make sense intuitively.If I have some guidance on why you want to learn these I can provide some more details as what you might want to do.

Yeah some but not all, I just keep an excel file for now and will reformat/print them once the goal is reached. I've written a few down but haven't sat down to go over all of them.

Mailchimp actually introduced this postcard function recently. Would be wonderful to make some kind of post card and send it out. Alan Jacobs wrote about this old tradition a few weeks ago. But that might put pressure on singlestateserenity to produce stuff (which I wouldn't want to do), plus I don't know how people feel about that stuff in general. I like things like that though.

Good question. I came across this article, saying K8s is like a general-purpose cluster operating system kernel. If K8s is 'just' the kernel, then now everybody is building their own OS around it (read custom software stacks). If we would call those software stacks (in the Linux analogy) k8s independent (open source) distro's, then everybody could choose between those distros. Which company now builds its own Linux distro?

You would make it open source, otherwise there would be no trust in the platform. It would be achieved with subtle, but intentional security defects that would allow someone to exploit them to obtain access. Look at previous backdoored crypto protocols and mechanisms.

Here's an example of a suspected backdoor in Telegram. https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/

I’m just going to leave this article here, it helped me when I was in my “I’m pretty sure I’m trans but what if I’m not” phase and it’s seemed to help others too. I’d recommend reading through it and seeing if it resonates with you, it directly addresses common trans doubts and questions.

https://buttondown.email/dylanthyme/archive/all-my-current-answers-to-all-the-questions-i/

You seem very trans to me. I can definitely relate to most of your post, and I’m trans, so there’s that. I would maybe question if you’re non-binary, based on your reaction to having to live as a girl for the rest of your life. Boy and girl are not the only options, and I’m sure you already know that, but it’s still worth looking into more deeply if you haven’t before.

A friend of mine shared this article with me, which helped me clear up a lot of my doubts about being trans. I’m going to leave it here, and if you’re interested, check it out, and see if it hits home for you at all. It did for me.

https://buttondown.email/dylanthyme/archive/all-my-current-answers-to-all-the-questions-i/

Also, just gonna leave this at the end, the fact that you’re worried you’re faking it is a really good sign that you’re not cis. People who are faking things tend to know that they’re faking them

FOR SHARE is not a free performance gain if many transactions are using it. Reason being FOR UPDATE only has to consult the row itself to see if it is locked (because only one transaction can lock the row) whereas FOR UPDATE has to consult a separate store to see which transactions currently have a read lock on the row (because multiple transactions can read-lock the same row). If VACUUM is not configured aggressively enough to clean up the outdated locks, every query that tries to modify the row has to consult this store and they all end up queueing behind a single lock. More information here, CTRL+F for 'MultiXact IDs'.

If you’re interested in the rarer things check out these 2 articles by u/butter_wizard

https://buttondown.email/rhcpsessions/archive/me-and-my-friends-28-rareware-part-1/

https://buttondown.email/rhcpsessions/archive/me-and-my-friends-35-rareware-part-2/

They’ve always done plenty of Japanese special editions including different bonus tracks and such. Always cool seeing the art on them.

Ha! I have an idea for this! If you want to subscribe to my newsletter, I plan on writing about this soon. It won't be quite as easy as "edit xlsx in vim," but it is an idea I've played around with regarding vim/Excel.

We meet weekly but as the organizer we do take breaks. We'll be there tomorrow! If you're interested an email goes out as a notification for each meeting, usually a day or two in advance.

You can sign up here > https://buttondown.email/tacobelldrawingclub

Or follow us on IG where we post work we create and promote future meeting dates. https://www.instagram.com/tacobelldrawingclub/

Are you required? No. Fansplaining recently did a survey about this, and while most people have usually consumed at least some canon, there are plenty of readers perfectly willing to dive into fic ice-cold. https://www.fansplaining.com/articles/the-fic-and-the-source-material

I read plenty of fic I haven't the slightest intention of consuming canon for, and personally don't normally find it any more difficult than reading any other story about characters I don't yet know. Sure, there are sometimes in-jokes you won't get if you haven't seen Season 3 Ep9, or particular things a character always does which are based on a canon quirk or actor's mannerism — but same thing happens in original stories? Plus, read a few fan stories in any particular canon and you'll very quickly figure out the distinctive callbacks.

After that survey was released, The Rec Centre newsletter put out a call for recs that people had read without canon knowledge, and you can see some of those in issues 272 and 273. (unfortunately the archive link for issue 272 seems to be broken).

In general, if you want to read fic without canon knowledge, recs are often a more fun way to go about it than simply prowling the archive; let other people pre-select the quality stuff for you. If you want anything more than fluff or p0rn (in which case, honestly, who cares what you know or don't know about the canon or the characters), AUs or canon divergence are very often more rewarding to the casual reader than strictly canon-compliant stories. For one thing, in an AU, most writers need to do enough setup and explaining that they naturally give enough context to understand what's going on. For another, the very best AUs are quite often self-sustained original stories that just happen to include recognisable characters from somewhere else.

Closing in on announcing the GB date, here’s a sneak peek at the packaging. It’s been wild behind the scenes working on a bunch of yet-to-be-announced collaborations, and preparing everything for a smooth GB.

Wanna stay up to date?

It's also worth noting that Telegram has had what appear to be cryptogrpahic backdoors in their code before. Could have been a little "oopsie" but if so, at that level, it's so bad that it's not much better than a real backdoor.

source: https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/

Not knowing the underlying math can be really dangerous. Composing functional pieces as a programmer usually does yields in extended functionality. Composing cryptographic black boxes without opening them leads to less black boxes. Just look at this: https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/

I don't have any paper handy, but you can take a look at this for instance Cryptography Dispatches: The Most Backdoor-Looking Bug I’ve Ever Seen • Buttondown

Using their own proprietary encryption protocol (for no reason whatsoever, btw) is not secure.

Look at stuff like this, it doesn't really inspire much confidence.

group chats in telegram are not encrypted and there seems to be no way to enable it.

Telegram is a trash fire. See also: https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/

And how much unencrypted metadata is sitting on their database?

What kind of encryption does Telegram use in the cloud, when and how is plaintext data (i.e. data during searches) protected from leaks?, can you be sure they're using a strong random number generator? how do you know they haven't backdoored anything?

Why are you so sure that Telegram won't hand over unencrypted data when the courts issue a warrant, when their entire business could be fined or products banned from regional economy if they don't comply with the law.

Why risk having your data on their servers trusting them with your data and metadata when you could just use Signal?

The best thing about Signal is they will hand over your "data" and the police can't do anything with it, and since they haven't broken the law there will be less political pressure to remove them from regional economies.

>Falhas e bugs não são intencionais. É muito mais complicado encontrar um bug do que uma ou mais linhas de código que tem um efeito específico e esperado.

Pior que não. É muito fácil esconder uma falha de segurança atrás de um bug, são os "bugdoors". Um exemplo aleatório que li recentemente sobre o Telegram https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-the-most-backdoor-looking/

Don't use Telegram, though: https://buttondown.email/cryptography-dispatches/archive/45cace9a-4f74-4591-8fd1-8ae54d14e156

My personal belief is that interneting is hard is like this. They have different sections on HTML & CSS. It's only engaging if you do what the author asks though, which is to write the same code he displays as he does it. I also have a newsletter where I recommend resources on different topics you can see the archive here

Sure, you can subscribe via RSS using this link https://buttondown.email/tinyjs/rss

The archive is hosted on buttondown.email, I'll be putting it on the site itself in sometime, and sure, the newsletter archive is going to be open to all, feel free to scrape it.

Hey, I manage a newsletter that promotes beginner-friendly issues (or good first issues when discovering new repos). Every Monday, 4-5 issues are emailed to your inbox. You can learn more about it here: https://buttondown.email/goodfirstcommit

Thanks

>https://github.com/pluja/Parasitter

Hey u/hoiru, is it okay if I can promote your issues labelled with "good first issue" on my newsletter? Hopefully this can attract more contributions.

Here's some info about the newsletter: https://buttondown.email/goodfirstcommit
It's a mailing list that sends beginner-friendly github issues every Monday to anyone who wants to get involved with open-source or want to learn something new.

Hi u/piano-person, the app looks pretty awesome. If you can create some "good first issues" for your repository, I'd be happy to promote it on my newsletter to attract new contributions.

Here's some info about the newsletter: https://buttondown.email/goodfirstcommit
It's a mailing list that sends beginner-friendly github issues every Monday to anyone who wants to get involved with open-source or want to learn something new.

Thanks

The only two companies that I have seen that are more private are Buttondown, and Revue. With either of these you can turn off (or asked to be turned off) all sort of collecting details (like clicks and open rates).

no exact date yet. i have a personal newsletter for designs here: buttondown.email/cutekeyboardboard or if you prefer social media, i'm u/mintlodica on twitter and ig, where i will be extra noisy when dates are announced!