Forest @forestjohnson@pixie.town

@gwil I assumed that signing / verifying each chunk individually would be too computationally expensive.

@stillgreenmoss I've heard of one called wallabag

@gwil I came here to ask how this is different from just using a Merkle tree for the hashes of the chunks. Then I thought I'd better read further so that I can see if there's any details published that I can read about myself. And when I finally clicked through enough links to find it, I saw that it said that it uses a Merkele tree 😄

So say I wanted to "sign" a Bab stream while I hash it, say with ed25519. Would I just sign the top merkle tree nodes every few MB or so?

@dentangle https://github.com/OpenRC/openrc/pull/422

@dirtwizard666 I'll wait for the librarians to call it but I'm standing ready

@notplants @mayfirst @abekonge

In my limited experience, internal risk is way more relevant. Or at least I think people tend to severely underestimate it, and overestimate external risks.

I guess "oopsie" is one, but infighting and abandonment might be even more likely.

@notplants @mayfirst @abekonge

Well, this started out talking about security culture and practices. It kind of sounded to me like you were referring to internal risk, not external risk.

An example of an internal risk was when the person who operated kolektiva was raided by the cops and all the backups were seized.

DDOS is firmly in the external risk category. Besides the LLM scraper bullshit, I'm not convinced that DDOS is that big of a deal. It's very illegal. It's very expensive, and can't go on forever.

I have some ideas around how small servers can mitigate DDoS attacks, It's obviously an area of active development with Anubis, etc. And I think the development may continue with even more evasive solutions.

@notplants the primary risk is "oopsie", not malice or subterfuge IMO. Backups are the primary defense.

@notplants It's not a problem if you know the people in person.

@reese