API tools faq
paste
RiptideTempora

@marshray @ioerror @kaepora Drama

RiptideTempora
Jun 25th, 2013
311
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.01 KB | None | 0 0
raw download clone embed print report
  1. _____
  2. | __ \
  3. | |__) |___ ___ __ _ _ __
  4. | _ // _ \/ __/ _` | '_ \
  5. | | \ \ __/ (_| (_| | |_) |
  6. |_| \_\___|\___\__,_| .__/
  7. | |
  8. |_|
  9. Today I had a Twitter conversation went something like this. I'm copying the conversation here for convenience, and in case someone gets upset and decides to DELETE FUCKING EVERYTHING, I'll still have a copy :)
  10.  
  11. @RiptideTempora -> @marshray
  12. > Is there an enumerated list of the issues that Cryptocat's crypto has?
  13. @marshray -> @RiptideTempora
  14. > No. Because I bet @kaepora can't remember all the bugs @ioerror and I have told him about.
  15. @RiptideTempora -> @marshray
  16. > Why don't you guys work on a list of issues you'd like fixed then?
  17. > That way even if @kaepora becomes stubborn everyone else can learn from it.
  18. > Otherwise, what are you really accomplishing? Giving @ED_Updates fresh content?
  19. @marshray -> @DefuseSec
  20. > Because even if @kaepora fixes the last bug *I* can exploit he will not have done it with secure engineering
  21. @DefuseSec -> @marshray
  22. > This is the most intelligent and correct tweet I have seen in this whole 'debate'.
  23. @RiptideTempora -> @marshray
  24. > Then make recommendations to improve the design. Make it a community effort. Get more criticism in the equation.
  25. @marshray -> @RiptideTempora
  26. > Secure engineering is a principle greater than myself, or @ioerror, or @kaepora.
  27. @RiptideTempora -> @RiptideTempora
  28. > See previous tweet. That sounds an awful lot like a recommendation to me. Write it down. That's list material!
  29. @marshray -> @DefuseSec
  30. > Now it is revealed that my trolling has not been mere trolling, but *compassion*.
  31. @RiptideTempora -> @RiptideTempora
  32. > The road to hell is paved with good intentions. How about actually helping make things better?
  33. @marshray -> @RiptideTempora
  34. > Alternatively, I may be just a sanctimonious bastard. This is for users to judge.
  35. @RiptideTempora -> @marshray
  36. > If @kaepora doesn't understand secure engineering, how about teaching people how to do it right? Including him
  37. @DefuseSec to @RiptideTempora ->
  38. > This is even more intelligent. :) We're headed in the right direction now...
  39. @RiptideTempora -> @marshray
  40. > Compassion without action is a spectator sport. If not for @kaepora then for other developers eyeing crypto
  41. @marshray -> @RiptideTempora
  42. > There are too many eager and willing to learn secure engineering to waste time on the likes of @kaepora
  43. @RiptideTempora -> @marshray
  44. > Ok, you just validated Nadim's claims that you're personally attacking him rather than helping.
  45. > You don't give a shit about security at all, you only care about feeling right.
  46. @marshray -> @RiptideTempora
  47. > You haven't tried to give him advice.
  48. @RiptideTempora -> @marshray
  49. > Let me spell it out for you why my idea was good and why refusing to do it makes you a fool. One sec.
  50.  
  51. Which brings you to the present moment. Hooray! Now put your thinking caps on, folks, because it's time for some...
  52. ________ __ __ _
  53. / ____/ /__ ____ ___ ___ ____ / /_____ ________ __ / / ____ ____ _(_)____
  54. / __/ / / _ \/ __ `__ \/ _ \/ __ \/ __/ __ `/ ___/ / / / / / / __ \/ __ `/ / ___/
  55. / /___/ / __/ / / / / / __/ / / / /_/ /_/ / / / /_/ / / /___/ /_/ / /_/ / / /__
  56. /_____/_/\___/_/ /_/ /_/\___/_/ /_/\__/\__,_/_/ \__, / /_____/\____/\__, /_/\___/
  57. /____/ /____/
  58. "The kind of stuff a fifth grader should grasp with mimimal difficutly."
  59.  
  60. So here's my argument: Instead of bitching that Nadim Kobeissi (@kaepora) didn't design his
  61. free and open source crypto software the way you (@marshray, @ioerror, Ian Goldberg, et al.)
  62. envisioned, I propose you get together and write a 95 Theses style essay on everything and
  63. anything wrong with Cryptocat or @kaepora's attitude: Covering the crypto, the architecture,
  64. the programming language, the security of browser extensions, his mindset, his approach,
  65. his logic, his personality, superfluous features that need to be axed, essential features
  66. that are missing. Everything. In one document. And release it publicly.
  67.  
  68. There are many reasons why this is a more advantageous approach than saying stupid things
  69. like "There are too many eager and willing to learn secure engineering to waste time on the
  70. likes of @kaepora" (It's no wonder he feels like he's being attacked):
  71.  
  72. 1. It will give him an idea on what to improve so he can improve the product. Pretty damn
  73. obvious, I'd say. That's why this is reason #1. You can't condemn someone without giving
  74. them a chance.
  75.  
  76. 2. A lot of developers look at Cryptocat as a starting point for building their own crypto
  77. apps. Personally, I learned how public key cryptography works from his specification.
  78. (My classes still haven't covered this yet :( )
  79.  
  80. So let's say you follow my suggestion, and Nadim is as bad as you seem to think, and he
  81. just scoffs and ignores the whole thing. Then Nadim and Cryptocat are both a lost cause,
  82. but the more people your criticisms of him and his work reach, the more aspiring crpyto
  83. developers will know not to do the same thing he did or make the same mistakes, thus
  84. improving the security of more than just Cryptocat and reaching out to the many folk who
  85. are "eager and willing to learn secure engineering".
  86.  
  87. So let's do a game theory/prisoner's dilemma type analysis of the possibilities. In this
  88. thought experiment, your actions dictate the row and @kaepora's personality dictates the
  89. column:
  90. _____ _____
  91. [ A | B ] <- Row 1: You compile your criticisms and publish them
  92. -------------
  93. [__C__|__D__] <- Row 2: You don't
  94. ^ ^---- Column 2: @kaepora is an asshole
  95. \---------- Column 1: @kaepora isn't an asshole
  96.  
  97. In condition A (row 1, column 1), you publish your criticisms and @kaepora goes over them,
  98. learns how to improve Cryptocat and maybe learns to better himself in the process. WIN-WIN
  99.  
  100. In Condition B (row 1, column 2), you publish your criticisms and @kaepora says "WONTFIX", but developers
  101. like myself will go, "Oh, so that's what Cryptocat does wrong. With this knowledge, I can
  102. do it better." Then we will do so and there will be a better product on the market (for
  103. free, if I'm behind it) and everyone who isn't @kaepora or Cryptocat wins.
  104.  
  105. Condition C (row 2, column 1) is where I suspect we are right now. Instead of doing
  106. something productive, you just belittle @kaepora because you're butthurt over past
  107. experiences with him or something. Get over it, and while you're at it, get over
  108. yourself. LOSE-LOSE
  109.  
  110. Condition D (row 2, column 2) is where you seem to suspect we are right now, in which
  111. case, no advantage is gained by persisting in being a narcissistic dipshit about this
  112. whole situation.
  113.  
  114. Any logical person should see why I call you a fool for staying in Row 2.
  115.  
  116. TL;DR - Put up or shut up. Crypto isn't about being nice, crypto is about designing
  117. secure systems that work. So I'm not being nice.
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!