Hacker News new | past | comments | ask | show | jobs | submit | more LionTamer's comments login

Isn’t it a bit disingenuous to equivocate terrorism, which actively targets/kills innocent civilians, with DDOS attacks against services which are responsible for moral atrocities? Could it be compared to vigilante justice? Perhaps. But comparing it to terrorism is unfair, to put it mildly.


Why do you think the law determines what is morally right?


Your aren't actually making the kind of point that you think you are.....


When was this done previously?


You can go down the rabbit hole at federalregister.gov. Here's a couple places where they talk about it:

https://www.ecfr.gov/current/title-15/subtitle-B/chapter-VII... https://www.federalregister.gov/documents/2006/04/24/06-3647...

You'll probably have to dig quite a bit to find the latest rules and regulations.

These regulations go back to at least the Export Control Act of 1968. Every CPU/GPU maker would have a legal team that understands these rules.


Hmm I’ll have to check that out, thanks for sharing


In many (most?) manufacturing industries there is an upper limit on export product performance. If you make steel, there are a bunch of types/grades subject to limits related to their use in nuclear technology. If you make microphones there is a limit on those that might be used in sonar arrays. Certainly all manner of limits exist in aerospace. Even game consoles have been limited (Iran). This is not an unusual regulation.


> If you make steel, there are a bunch of types/grades subject to limits related to their use in nuclear technology.

Assuming said steel is actually of the quality it's certified as [0]

[0] https://asiatimes.com/2017/10/nuclear-tentacles-kobe-steel/


There are all kinds of things subject to export restrictions:

https://www.bis.doc.gov/index.php/regulations/export-adminis...

For example, high resolution analog to digital converters have restrictions. In the past strong cryptography even had restrictions:

https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

Even travel for US citizens was restricted. I have relatives who were in the semiconductor and aerospace industries during the 1980s. They were advised by the government to not attempt to travel to the Eastern Bloc. Some kinda related reading:

https://academic.oup.com/dh/article-abstract/43/1/57/5068654...


I knew about the previous cryptography restrictions, but I also knew that the Supreme Court overruled them by ruling (as I understand it) that “code is speech”. I’ll have to check out the other links though


Not the Supreme Court, the Ninth Circuit in a subsequently-withdrawn opinion.

https://en.wikipedia.org/wiki/Bernstein_v._United_States

(Because the opinion was withdrawn, it's "persuasive" but not "binding".)


Good catch


This brings back memories of a t-shirt I had that had big red letters on it "Export Controlled" and an implementation of RSA in perl on it.


    #!/usr/local/bin/perl -s-- -export-a-crypto-sardine -RSA-6-line-PERL-fish
    '\~.         __......--------~~~~~~~~~~~~~~~~~~~~~~~~-------....____
     \  ~.__---~';($k,$n)=@ARGV;$m=unpack(H.$w,$m."\0"x$w),$_=`echo  "[o~~-._
      \  ]s!16do$w 2+4Oi0$d*-^1[d2%Sa2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]"\E[     ~.
      /  ]s!szlXx++p"|dc`,s/^.|\W//g,print pack('H*',$_)while read(STDIN,$m," .'
     /  .-~~--.._" +($w=2*$d-1+length($n||die"$0 [-d] k n\n")&~1)/2);'  __..-~
    ,/.~         ~~~~----........._______________________.......-----~~'


The opposite was of course done when the US sold a ton of Xeon Phi accelerators to China when they built the Tianhe-2 supercomputer.

My favourite conspiracy theory is that this was done deliberately by the US, since Xeon Phi was a large pile of steaming turd, so the Chinese wasted money on a machine with high theoretical FLOPS but crappy real world performance, and also wasted the time of their scientists and programmers who were porting code to a programming paradigm that went nowhere fast.


Intel processors were always a waste of money.


US tried to block PlayStation 2s from going to China as they were too powerful: https://archive.nytimes.com/www.nytimes.com/library/review/0...


Apple made a fairly big deal of the fact that the G5 processor, when they started putting it into their machines (or maybe it was when they went to dual G5s?), had just recently stopped being export-controlled by virtue of being classified as a "supercomputer".

(What really happened was that the Feds revised the definition of "supercomputer", and suddenly the G5 configuration they were using didn't qualify anymore... it had nothing to do with anything Apple did, except perhaps lobbying for it so they could build computers in China.)


Close, but it was actually the G4 where they started doing that.

They made a big deal about it in their commercials at the time: https://www.youtube.com/watch?v=OoxvLq0dFvw


There was also a ban export of strong cryptography. So Java couldn’t use string ciphers and algorithms without adding some additional jar which basically just turned the `enableStrongEncryption` flag on. This isn’t necessary anymore but I don’t know what changed legally.


I believe this is what changed legally: > One of EFF's first major legal victories was Bernstein v. Department of Justice, a landmark case that resulted in establishing code as speech and changed United States export regulations on encryption software, paving the way for international e-commerce

https://www.eff.org/deeplinks/2015/04/remembering-case-estab...


Let's not forget that these policies fostered the development of encryption in Canada, Australia and other countries (See SSLEay for example). So it ended up being counter-productive. The simplest way to stop competition is to subsidize a product. In this case, offer the tools openly.


Check out the limitations ITAR places on exported electronics.


Since the creation of the United States of America. One famous in the computer era is the banning of encryption algorithm.


That that looks rly helpful. I’ll check that out tonight, thanks for sharing


According to the website [1] there is a strict license to this programming language.

> The License is intended for free learning and hobbyists and is a personal use license which means the Software may be installed and run only on Licensee computer as required for the purposes of Licensee’s code to produce a binary executable output (the “Executable Product”) only on Licensee-controlled Endpoint. An Endpoint is defined as a computer operating system (“OSE”) of any type physically hosted, but limited to Licensee’s internal personal use and not for distribution or any other use. For certainty, Licensee may not: distribute, assign, sell or grant any rights in or to the Software OR the binary executable product created by using the Software.

People of course can license the fruits of their labor however they wish to, I just can’t understand why someone would license their compiler in a way that prohibits me from sharing a useful program I made with my family or friends.

[1] https://bolinlang.com/eula


I use that and chrome keychain - it’s honestly very good on the iPhone and great on the computer for safari although it doesn’t work on other browsers


What important differences are there between Apple’s iCloud Keychain password management and Minimalist Password? Is it just the (coming soon) Chrome support?


iCloud Keychain password manager is becoming more capable but still pretty limited. Aside from the extensions to support more browsers soon, Minimalist Password provides some of the sugar that 1Password has, like the ability to store different things beyond just passwords (credit cards, crypto wallet keys for hot wallets, software licenses, secure notes, etc.) It also includes the ability to add custom fields of various types to password entries, and tags for grouping. It's more of a comprehensive secrets manager.


> If someone asked me about my hobbies, I’d stare blankly, wondering if they really want to hear that I go to the gym, or the hours I spend on obscure corners of Wikipedia, or doing math for fun.

I have never related to something so much.


I just looked through the website and I’m struggling to understand exactly how it works - how do you have signing / verification without the risk of key compromise?


The same way LetsEncrypt makes compromised TLS certificates (almost) useless; short-lived certificats.

What the sigstore project does is having an oauth portal which can authenticate one of your online identities. It uses this to sign a temporary certificate for you with it's root CA. This certificate is what you use to sign commits and artifacts with.


+1 to this!

https://docs.sigstore.dev/fulcio/certificate-issuing-overvie... has a good overview of how the certificate issuing works.

With Gitsign, by default a new keypair is generated per signing event (i.e. per commit) and never hits disk. The cert in the commit signature holds the public key, which we can check against Rekor (https://docs.sigstore.dev/rekor/overview) to verify it was valid at the time of signing.

If you have the time, https://www.youtube.com/watch?v=PVhRQFS9Njg is a great deep dive into how Sigstore works in general!


I may be misunderstanding your question, but here is the answer if I understand you correctly.

This is all based on public key cryptography. In public key cryptography, there are actually 2 keys, a public key and a private key. Sites like get hub and the repose can store the public keys, while into while individual users keep their private key's secret. Anyone with the public key can verify a signature, but only an individual with the private key can create the equivalent signature.

The trick is to determine if a given public key corresponds to an individual. There are various methods to try to address that.

I hope that helps!


To be fair Paddle explicitly says that they are a payment solutions platform for SaaS companies


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: