That's a great writeup. Is it possible to create a really long passphrase whose hash can't be reversed easily? Perhaps a diceware passphrase with six randomly chosen words?
The difficulty of breaking Deepsound is basically equivalent to the difficulty of reversing a SHA-1 hash. For dictionary words and shorter passwords, consider them broken instantaneously through pre-computed lookup tables.
For more complex passphrases (and remember, only the first 32 characters count here), exponential growth probably works in your favor, even with today's Bitcoin-fueled hyper-accelerated SHA-1 implementations.
Even then, the scheme where they use the password directly as the AES key is flawed. For example, in ASCII, every octet's most-significant bit is zero, so 32 bits of your AES key are fixed. I don't know if this enables practical attacks, but anyone who cares about securing their data shouldn't rely on amateur cryptography like this.
Edit: Oh right, and aside from the password aspect, it uses ECB mode for the encrypted content. That’s not good.
Yeah and we have better training material for AI now. For example it could be possible to create a program that mimics Hackernews comments. There's more than enough training material on HN to create plausible-looking comments that aren't a bunch of nonsensical gobbledygook and that also pander to people's emotions.
> I can understand what they mean if they use "shill"
You kind of answered your own question. Many people never differentiate between bot and shill, instead preferring to lump those two words together. A bot is programmatic; a shill is a human agent that likes to amplify messages or spread disinformation manually. Although some shills may still use some level of automation, for example, often using several accounts at the same time using some bespoke software arrangement.
All the so called 'neo banks' are still in their infancy which is good reason to avoid them at all costs. I'm waiting until these startups mature (and they are startups).
In the UK, anyone with the banking license Monzo has is protected by the insurance mandate which was put in place after the collapse of Northern Rock. The service from Monzo is substantially better than any other British bank, so it's a risk I'm willing to take.
One thing I never got about premium password managers is the question of: If I stop paying for the subscription, do I still get to access my secrets? I imagine there is still some grace period to backup your stored secrets, but I still think PW managers should offer a free tier so that you can be assured you will still be able to access your secrets, regardless of payment obligations.
I always loved the whimsy present in Unicode. For nostalgia, here's a HN post from 2010 pointing to the `Unicode Snowman for You` site (which is still up!)
I wish I understood what the keepers of Unicode were thinking by including so much bloat in a character set (or character encoding). I realize that Unicode is going to have a huge number of symbols no matter what, if they're going to represent all the world's languages and math and punctuation, but I'd draw the line at emoticons, emojis, playing card symbols, and snowmen.
One of the major goals of Unicode was to support round trip conversion from all the widely-used character sets into Unicode, and then back out again. In particular, supporting popular Japanese character sets was important for technical and commercial reasons.
There was a lot of weird stuff in the world's character sets.
Emoji were first used by Japanese cell phone carriers. They were encoded as Shift JIS characters, but in incompatible ways. The Unicode Consortium had no real interest in this until Google and Apple basically said, "If we're going to have to support all these character sets, could we please standardize them?"
I think it's just the reality of standardizing the world's character sets. A lot of weird legacy stuff will slip in, and other countries will want to standardize things that seem unnecessary. Personally, I'm very thankful that somebody wants to do all the exhausting political work of coming to a consensus. A few snowmen are small price to pay.
Playing card symbols are -- like chess symbols -- typeset inline with ordinary text in books that deal with the strategy of those games. So, IMO it makes since to include them in a character set that a font and typesetting engine will support.
You might be right, but where are you getting the 2% from?
Are you thinking of just emoticons, emojis, playing card symbols, and snowmen? There's more than that I'd question.
It would be cool if MDN had a Stack Overflow question-and-answer style format alongside the main offering. Then Mozilla could take advantage of the gamification model where users earn badges and awards for their efforts.
Jeff Atwood said it once: `If you put a number next to someone's name, then that person will try everything to increase that number`. Also: it would look good on CVs and would be a good heuristic to determine if a person's really fit for a position.
