#hypothes.is

I want to encypt messages with a public key

propagate them across the network

and have the node with the right private key read them

it would be nice if i could avoid some kind of nonce exchange scenario

maybe pgp is better?dunno

ah

well

if an attacker can't predict what's in the message

and the effect is idempotent

and doesn't "grant" anything to the sender, other than that the receiver processes the message

then I think you wouldn't need a nonce

idempotent + no "access" granted to the sender, no "session" of any kind or anything given in return for the message, would mean there's no threat of replay

and if an attacker can't predict the contents of the message, or cause arbitrary messages to be encrypted and sent, then there's no chosen plain text attack

yep, sounds about right

so for more background on what i'm building

normal asymmetric algorithms, public key cryptography, should do just fine

If there's no harm in the receiver getting a message a second time, from someone other than the sender, then I think you've got no need.

this thing produces chains of messages, each containing the hash of the previous message

and a squence number

sequence number is a great nonce

might as well use it :-D

yea true, it is public tho, but i guess it doesn't matter

doesn't matter at all

you could use it like a high water mark

rather than remember every nonce to be sure it isn't used

how?

just remember the last one and reject any message with a nonce <= the high mark

oh yea

you've effectively ensured that each one is only used once

that's part of the main thing anyway

consensus?

nah actually not

no global consensus

this is based on secure-scuttlebutt which i may have told you about but it is a bit different

Okay. I thought it might be a consensus algorithm, cause we were talking lots about those recently and paxos (I imagine raft, too) has this concept of a promise never to accept lower proposals

wait... you're gossipping these messages to get them from sender to receiver yeah?

that's not really specified

okay

i'd like to do something where nodes pay cryptocurrency for transit, but that's in the future

cause I was going to say if other parties are forwarding and replaying your messages by design, nonce makes no sense.

:-D

yea i think i should just disregard it

"Please deposit .004 BTC to continue"

you pay for internet access right?

OMG ROUTING FRAUD

ROUTING FRAUD?

I'm imagining operators forwarding packets along non-optimal routes to defraud the sender.

yea we talked about this stuff at gil i think

never mind, just getting excited

I don't remember that coming up specifically, but yeah, we talked a lot

yea that would be a big issue

im just starting small

anyway, I should maybe get back to figuring out how we broke our chrome pdf support :-(

oh man i hate pdf

in sympathy

looks like I have bigger issues

dwhly: I'm looking into it

Strange that I didn't catch this before I uploaded it and I can't reproduce it locally.

tx tilgovi

okay. no problems with a local dev chrome extension either

trying the prod extension

that fails

hm

minification issues?

tilgovi: it strikes me that the issue w/ the pdf reported on the forum may have to do w/ that particular one-- it being hosted on github.io w/ an .html suffix or something. seems adder doesn't show on that one, but i'm not seeing that elsewhere.

you can annotate other pdfs?

yes.

this one

it's my usual test pdf

OH

that's not a PDF file

you're right

that's where i noticed the other bug

that's the PDFjs viewer

yep

got it

:sweat_smile:

okay

that should fix it

now I gotta get this out, kill time until it propagates

and then go fix the permissions on any annotations people made in the last hour or so

but, I introduced this bug

so... I suffer

what's unfortunate is we added a bunch of tests for this code

and the tests didn't catch this case

well

some of it was me

and the part that I messed up, tests did not catch :(

other part would have required integration tests and all we had was unit tests

pushed and published

i'll wait for that to propagate before I go fixing permissions

and write some more tests right now

maybe one of these days we'll have an uneventful deploy ;(

Okay. I think was allll my fault.

tx for tackling that tilgovi :)

dwhly: np

sorry I caused it

glad I deployed in the middle of the night

and then didn't go to bed like I should have

we might consider going back to the staging extension as an alternative (not sure what was involved in this deploy)... at least to give it a couple hours shakedown.

dwhly: yeah. I'll make a plan for what to do with staging.

I pretty much discontinued it for the moment.

btw, there were 6 annotations made in the window of brokenness

one was the person on our user forum, how fortunate

so I'll respond there

one was you

one was me

K

actually

we were the only three people active

and I fixed the permissions

you sholud be able to edit/delete etc now

Ok. Will do.

well

when the extension updates

any moment now

I think you guys need more prominent labels on the little icons that drop down from the menu bar speech bubble icon

also, broken link: https://hypothes.is/$%7Brequest.route_url('...

dwhly: all set

Tx

woah: i'm going to bed, if you can file an issue for the broken link and where it appears that'd be great

night

Woah: you mean like something other than tooltips? Or more rapid tooltips?

dwhly just something that is part of the ui, that doesn't move. maybe to the left of the icon

rather, it moves along with the icon