Can they control private keys and do replay attacks?

Signal protocol prevents replay attacks as every message is encrypted with new key. Either it's next hash ratchet key, or next future secret key with new entropy mixed via next DH shared key.

Private keys, probably not. WhatsApp is E2EE meaning your device generates the private key with OS's CSPRNG. (Like I also said above), exfiltration of signing keys might allow MITM but that's still possible to detect e.g. if you RE the client and spot the code that does it.

Wouldn't ratchet keys prevent MITM too? In other words if MITM has your keys and decrypts your message, then your keys are out of sync from now on. Or do I misunderstand that?

The ratchets would have different state yes. The MITM would mix in different entropy into the keys' states. It's only detectable if the MITM ever stops. But since the identity key exfiltration only needs to happen once per lifetime of installation (longer if key is backed up), the MITM could just continue forever since it's just a few cycles to run the protocol in the server. You can then choose whether to read the messages or just ignore them.

One interesting way to detect this would be to observe sender's outgoing and recipient's incoming ciphertexts inside the client-to-server TLS that can be MITM'd by users. Since the ratchet state differs, so do the keys, and thus under same plaintext, so do the ciphertexts. That would be really easy way to detect MITM.

Humanity is awesome because we are naturally constrained in semantic-space, making it relatively straightforward to reverse engineer things that ancient humans made even if we share basically zero overlap in culture.

Not true! We loved beer then and we definitely still love it now.

Once upon a time, the Unix philosophy was lauded in these venerated halls. "Do one thing and do it well."

Now the hype has seemed to shift to "do absolutely anything just barely well enough to get people to pay for it".

Turns out attempting to pay the bills on unix philosophy didn't go very far.

Man, that's a weird saying. Very weird.

"Unix Philosophy", which many of us wouldn't be here if it didn't exist, wasn't designed with any sort of money in mind.

That's like complaining that the company that picks up your residential trash is a shit company for not reducing your travel time to work.

Wat? Android, Linux, BSD (incl iOS and Mac) absolutely dominate the market in terms of mind share and deployment. I can't think of another philosophy that is so directly, causally responsible for billions of dollars of realized value.

It sounds like you're parroting the corporate line of the early 80s. "Making money directly selling software artifacts is the only way to win." Which, as we know in retrospect, was a completely failed strategy, steamrolled by companies which... wait for it... adopted more flexible technology based on the Unix philosophy.

I'm going to lump together proprietary and for-profit software a little because I rarely see exceptions:

Proprietary / for-profit software is made that way, yes. There's no other way you can do it, given the incentive landscape. You take the huge base of FOSS code and spend as little effort as possible to build a thin little layer of moss on top. You respect the customers as little as possible to keep them around. You fix bugs as little as possible. You use other proprietary services that spy on your customers, like Sentry and Firebase, because privacy costs money.

Free / libre software has to compete on its merits. If a project isn't useful it doesn't grow. But not growing is okay. Some projects accrete over years, like a pile of stones forming a cairn. They don't need to squeeze money out of people to live because they aren't alive. They don't have to "eat".

I'm mixed on the Unix philosophy. It makes a lot of sense when you're building CLI tools that a hacker is going to plug together, because then your program is really a function in a programming environment that spans one or more entire computers. Tools like ripgrep, jq, curl, they're all great, I love them. A good function does one thing and does it well.

But just as often, I'm okay with huge software that does a lot. Web browser engines are evolving into universal GUI / IO frameworks and I'm trying to make peace with that. Systemd does a ton of stuff, but hell, so does the Linux kernel. I don't see an inherent problem with having an init system that acts like a monolith kernel for userspace. Microkernels are nifty but in the end we all ship our org charts. Maybe there's no need for microkernels if the real divide is between kernel programming and userspace programming. For the same reason, I haven't found any personal use for wasm, because wasm makes the most sense when you're connecting two pieces of code written by different teams at different times, like a GIMP plugin. I don't need wasm to plug my own code into my own code.

And for GUIs it's just been a fucking nightmare. 57 years since the Mother Of All Demos and it's still 10x easier to write `fn main()` and build a CLI program that runs on _every_ OS, rather than a GUI program that maybe runs on one OS, like it runs on Ubuntu 24.04 but not Ubuntu 22.04. What a fucking mess. GUIs don't compose, so every GUI project I've tried feels like I'm inventing the universe from scratch. It's fun but it's a stupid fucking waste of time.

Honestly browser engine frameworks like Electron and Tauri _are_ the Unix philosophy compromise. Making a GUI framework requires tens of thousands of lines of high-effort code made by experts. If a browser's one thing is "Be a GUI framework" then it allows your GUI app to just serve HTML and now it's a CLI app that runs anywhere without fucking with GTK 3 vs GTK 4 bullshit.

Sorry for the long rant. This stuff is all percolating in my head. I started with Visual Basic 6 and I still haven't seen GUIs improve since then. Phones have been a fucking step backwards, too. Everyone uses a phone but just like a mouse-and-keyboard player dominating gamepad players in a shooter game, I get a lot more done at a real desktop with a real pointing device.

No science detected.

Without comparison to some null hypothesis (a random policy), this article is hogwash.

Given that all the other agents failed to find any creatures, it's hard to imagine that a random policy would except by extreme coincidence.

It is possible to be consistently wrong in a way that randomness is not.

For some problems, randomness outperforms incompetent reasoning

My CV is similar to David's and I find myself also having to badger people for the time of day. I have worked in a few roles related to a particular industry for a while and still have trouble convincing people that I'm quick to adapt to the various parts of a large scale ecosystem from R&D to product design and logistics. Even though all the details are on my CV.

I think hiring managers are overwhelmed and exhausted and respond much more strongly to something digestible than to something wide-ranging. The tailoring of your CVs and resumes should be much more aggressive than you initially expect.

I'd say I see one anecdote, nothing to draw conclusions from.

You've reduced this discussion to meta-debate (again, it seems) and it's stifling productive conversation.

I don't understand what compels you to continue down this line of thought when its obvious flaws have been so clearly elaborated by other commenters.

I think you are more than capable of understanding what compels them, it's just not a very fun conclusion and one you'd rather not draw.

<3

The internet is too connected and communication too instantaneous for Polymarket to be anything but a system to be gamed by those with money and influence.

Bet appears on Polymarket? You have the ability to direct people and resources to enact the under? Congrats you're rich!

Rich might be overstatement, but WNBA dildo stir show that people are ok with risking jail time over relatively low amounts of money.

Rich people continually attempting to accrue even more money is not exactly an unheard-of phenomenon

What happens to rich people when they get more money, do you think they just stop further attempts at acquiring more?

Sometimes they go on a ketamine binge shrugs

Occasionally they make historically bad bets and blow up their fortunes, and it gets eaten up it all the smaller sharks circling behind them. It used to be most billionaires only lasted (as billionaires) for 3-7 years before collapsing.

The current stock market insane binge has changed that a bit.

Yeah, they historically don't like to keep increasing their wealth, Elon musk going from 350bn to nearly 800bn in like 2 years is definitely not an example of that.

For what percent of trial participants did the interface function well enough for normal function?

Did you find any evidence, even anecdotal, about alleviation of phantom limb symptoms? I imagine it would be complete and instantaneous but I'm not an amputee with any experience.