#audit — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #audit, aggregated by home.social.
-
https://www.europesays.com/afrique/101428/ Financement des associations: beaucoup d’argent, peu d’équité et de transparence ##Audit ##Comptabilite ##courdescomptes ##Evaluation ##FinancementEtranger ##JusticeSociale ##Reddition ##SocieteCivile #Associations #budget #contrôle #Démocratie #financement #gouvernance #Maroc #ONG #Politique #régulation #subventions #transparence
-
AI, которому запрещено быть правым
AI, которому запрещено быть правым Когда AI подключают к криптографической системе, обычно задают вопрос: может ли модель найти правильный ответ? Но в криптографии это неправильный вопрос. Правильный вопрос другой: можно ли встроить AI так, чтобы даже при ошибке он не мог принять опасное решение? В этой статье я показываю, как мы реализовали в nonce-observatory отдельный слой governed solver orchestration — архитектуру, в которой AI может: анализировать public-safe feature contract; предлагать solver routes; строить очередь запусков; помогать с triage и объяснением маршрутов; но не может : видеть truth/private/nonce поля; принимать candidate_d ; принимать k ; формировать recovery claim; превращать свой score в криптографическое evidence. Иными словами: AI suggests. Exact verifier decides. Разбираю, почему для high-assurance систем важен не “умный AI”, а AI без authority , как устроена граница non-escalation, где проходит deterministic integrity gate, и почему в зрелой криптографической системе модель должна оставаться только планировщиком, а не источником истины. Внутри статьи: ECDSA / Schnorr / BIP340 контекст; governed solver orchestration; non-escalation boundary; safe payload и forbidden fields; solver queue vs cryptographic evidence; deterministic verifier; clean-control refusal; claim boundary: что мы не утверждаем . Статья будет полезна не только тем, кто работает с криптографией, но и всем, кто проектирует AI в критических системах, где ошибка модели не должна автоматически становиться принятым фактом.
https://habr.com/ru/articles/1034540/
#cryptography #public_key #audit #HNP #QLLL #nonescalation_boundary #solver_orchestration #trustworthy_AI #AI_governance #безопасность_AI
-
AI, которому запрещено быть правым
AI, которому запрещено быть правым Когда AI подключают к криптографической системе, обычно задают вопрос: может ли модель найти правильный ответ? Но в криптографии это неправильный вопрос. Правильный вопрос другой: можно ли встроить AI так, чтобы даже при ошибке он не мог принять опасное решение? В этой статье я показываю, как мы реализовали в nonce-observatory отдельный слой governed solver orchestration — архитектуру, в которой AI может: анализировать public-safe feature contract; предлагать solver routes; строить очередь запусков; помогать с triage и объяснением маршрутов; но не может : видеть truth/private/nonce поля; принимать candidate_d ; принимать k ; формировать recovery claim; превращать свой score в криптографическое evidence. Иными словами: AI suggests. Exact verifier decides. Разбираю, почему для high-assurance систем важен не “умный AI”, а AI без authority , как устроена граница non-escalation, где проходит deterministic integrity gate, и почему в зрелой криптографической системе модель должна оставаться только планировщиком, а не источником истины. Внутри статьи: ECDSA / Schnorr / BIP340 контекст; governed solver orchestration; non-escalation boundary; safe payload и forbidden fields; solver queue vs cryptographic evidence; deterministic verifier; clean-control refusal; claim boundary: что мы не утверждаем . Статья будет полезна не только тем, кто работает с криптографией, но и всем, кто проектирует AI в критических системах, где ошибка модели не должна автоматически становиться принятым фактом.
https://habr.com/ru/articles/1034540/
#cryptography #public_key #audit #HNP #QLLL #nonescalation_boundary #solver_orchestration #trustworthy_AI #AI_governance #безопасность_AI
-
AI, которому запрещено быть правым
AI, которому запрещено быть правым Когда AI подключают к криптографической системе, обычно задают вопрос: может ли модель найти правильный ответ? Но в криптографии это неправильный вопрос. Правильный вопрос другой: можно ли встроить AI так, чтобы даже при ошибке он не мог принять опасное решение? В этой статье я показываю, как мы реализовали в nonce-observatory отдельный слой governed solver orchestration — архитектуру, в которой AI может: анализировать public-safe feature contract; предлагать solver routes; строить очередь запусков; помогать с triage и объяснением маршрутов; но не может : видеть truth/private/nonce поля; принимать candidate_d ; принимать k ; формировать recovery claim; превращать свой score в криптографическое evidence. Иными словами: AI suggests. Exact verifier decides. Разбираю, почему для high-assurance систем важен не “умный AI”, а AI без authority , как устроена граница non-escalation, где проходит deterministic integrity gate, и почему в зрелой криптографической системе модель должна оставаться только планировщиком, а не источником истины. Внутри статьи: ECDSA / Schnorr / BIP340 контекст; governed solver orchestration; non-escalation boundary; safe payload и forbidden fields; solver queue vs cryptographic evidence; deterministic verifier; clean-control refusal; claim boundary: что мы не утверждаем . Статья будет полезна не только тем, кто работает с криптографией, но и всем, кто проектирует AI в критических системах, где ошибка модели не должна автоматически становиться принятым фактом.
https://habr.com/ru/articles/1034540/
#cryptography #public_key #audit #HNP #QLLL #nonescalation_boundary #solver_orchestration #trustworthy_AI #AI_governance #безопасность_AI
-
AI, которому запрещено быть правым
AI, которому запрещено быть правым Когда AI подключают к криптографической системе, обычно задают вопрос: может ли модель найти правильный ответ? Но в криптографии это неправильный вопрос. Правильный вопрос другой: можно ли встроить AI так, чтобы даже при ошибке он не мог принять опасное решение? В этой статье я показываю, как мы реализовали в nonce-observatory отдельный слой governed solver orchestration — архитектуру, в которой AI может: анализировать public-safe feature contract; предлагать solver routes; строить очередь запусков; помогать с triage и объяснением маршрутов; но не может : видеть truth/private/nonce поля; принимать candidate_d ; принимать k ; формировать recovery claim; превращать свой score в криптографическое evidence. Иными словами: AI suggests. Exact verifier decides. Разбираю, почему для high-assurance систем важен не “умный AI”, а AI без authority , как устроена граница non-escalation, где проходит deterministic integrity gate, и почему в зрелой криптографической системе модель должна оставаться только планировщиком, а не источником истины. Внутри статьи: ECDSA / Schnorr / BIP340 контекст; governed solver orchestration; non-escalation boundary; safe payload и forbidden fields; solver queue vs cryptographic evidence; deterministic verifier; clean-control refusal; claim boundary: что мы не утверждаем . Статья будет полезна не только тем, кто работает с криптографией, но и всем, кто проектирует AI в критических системах, где ошибка модели не должна автоматически становиться принятым фактом.
https://habr.com/ru/articles/1034540/
#cryptography #public_key #audit #HNP #QLLL #nonescalation_boundary #solver_orchestration #trustworthy_AI #AI_governance #безопасность_AI
-
What a racket! What are meant as sick leave insurance policies are now routes for public funds to be channeled to SPD and reduce availability of police officers. Perhaps more “use it or lose it” is necessary in SPOG contracts instead of current agreements. Thanks to Erica C Barnett, again!
#Seattle #SPD #SPOG #audit -
Nonce Observatory:
Nonce Observatory: как превратить цифровые подписи в систему наблюдаемых nonce-инвариантов Большинство историй про ECDSA/Schnorr nonce звучит одинаково: “повторили nonce — потеряли ключ”. Но реальные дефекты часто тоньше: короткие nonce, частичная утечка битов, смещение, recurrence, window-locality, prefix-семейства, ошибки в multi-signature контексте. Мы собрали исследовательскую систему Nonce Observatory — не “кнопку взлома”, а forensic framework для анализа слабых nonce-структур в: ECDSA • Schnorr/BIP340 • MuSig2/BIP327 Что внутри: protocol-valid bridges affine hidden-nonce families HNP / lattice routes Q-LLL + fplll same-case checks AI sidecar на gpt-oss-20b-TurboQuant-MLX-8bit exact evidence / redaction / claim boundaries full-system audit Главный принцип системы: сигнал ≠ восстановление; кандидат ≠ приватный ключ; claim принимается только если d·G == public key . В статье расскажу: — что такое HNP и зачем он нужен для ECDSA; — как подписи превращаются в affine nonce geometry; — почему BIP340 и MuSig2 требуют protocol bridge; — как Q-LLL используется как lattice backend, а не “магический oracle”; — зачем нужен AI sidecar и почему AI не имеет права принимать d ; — как мы дошли до full-range controlled HNP recovery без nonce brute force; — почему full-system audit важнее красивого demo. Это статья не про “сломать Bitcoin”. Это статья про инженерную дисциплину в криптографической форензике: наблюдаемость, воспроизводимость, проверяемость и честные границы заявлений.
https://habr.com/ru/articles/1031858/
#информационная_безопасность #биткоин #криптография #алгоритмы #nonce #ecdsa #signature #audit
-
https://www.europesays.com/cz/74104/ „Totální selhání“ Fialy, útok na Černochovou. Vetchý se neudržel #Audit #Černochová #Drony #Fiala #FunkčníObdobí #historie #komunismus #Nacismus #Nemesis #politika #Populismus #sbírka #Svět #Ukrajina #Vetchý #Voliči #World #WorldNews
-
Backdoor découverte dans logiciel client : code malveillant activé à Noël, isolement, correction, signalement CNIL/ANSSI. Leçon : audits réguliers. #CyberSécurité #Backdoor #Tech #ANSSI #CNIL #Audit ... https://www.linkedin.com/posts/gabriel-chandesris_cybersaezcuritaez-backdoor-tech-share-7455176908222275584-4_zC
-
Vandaag #trein en #audit dag #nen7510 de norm uit de #zorg
Gelukkig is de eerste klas stilte coupe er een met zittingen niet tegenover elkaar. Zo min mogelijk prikkels helpt de dag door te komen.
Hard gewerkt aan beleid, nu kijken wat de auditor gaat zeggen
#actuallyaustic -
https://www.europesays.com/ie/447266/ This Sequoia partner thinks AI-enabled services are the new software. Here’s why #Accounting #AI #ArtificialIntelligence #ArtificialIntelligence #audit #Consulting #Éire #EyeOnAI #IE #InsuranceIndustry #Ireland #LawFirms #MachineLearning #SequoiaCapital #Services #Technology #VentureCapital
-
From my "Yippee!" Files
The IAPP writes:
Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts for affected companies to identify and correct cybersecurity shortcomings. While compliance concerns may generate new anxiety, the audit requirement's impact on data breach litigation could have equally significant long-term implications for businesses operating in California.
Read more at https://iapp.org/news/a/california-s-cybersecurity-audit-rule-and-its-impact-for-class-litigation
-
From my "Yippee!" Files
The IAPP writes:
Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts for affected companies to identify and correct cybersecurity shortcomings. While compliance concerns may generate new anxiety, the audit requirement's impact on data breach litigation could have equally significant long-term implications for businesses operating in California.
Read more at https://iapp.org/news/a/california-s-cybersecurity-audit-rule-and-its-impact-for-class-litigation
-
From my "Yippee!" Files
The IAPP writes:
Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts for affected companies to identify and correct cybersecurity shortcomings. While compliance concerns may generate new anxiety, the audit requirement's impact on data breach litigation could have equally significant long-term implications for businesses operating in California.
Read more at https://iapp.org/news/a/california-s-cybersecurity-audit-rule-and-its-impact-for-class-litigation
-
From my "Yippee!" Files
The IAPP writes:
Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts for affected companies to identify and correct cybersecurity shortcomings. While compliance concerns may generate new anxiety, the audit requirement's impact on data breach litigation could have equally significant long-term implications for businesses operating in California.
Read more at https://iapp.org/news/a/california-s-cybersecurity-audit-rule-and-its-impact-for-class-litigation
-
From my "Yippee!" Files
The IAPP writes:
Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts for affected companies to identify and correct cybersecurity shortcomings. While compliance concerns may generate new anxiety, the audit requirement's impact on data breach litigation could have equally significant long-term implications for businesses operating in California.
Read more at https://iapp.org/news/a/california-s-cybersecurity-audit-rule-and-its-impact-for-class-litigation
-
#Google , #Microsoft , #Meta All #Tracking You Even When You #OptOut , According to an Independent #Audit
The #webXray #California #Privacy Audit viewed web traffic on more than 7,000 popular websites in California in the month of March & found that most tech companies ignore when a user asks to opt-out of #cookie tracking. California has stringent & well defined privacy legislation thanks to its California Consumer Privacy Act (#CCPA )…opt out of the sale of their info
-
#Google , #Microsoft , #Meta All #Tracking You Even When You #OptOut , According to an Independent #Audit
The #webXray #California #Privacy Audit viewed web traffic on more than 7,000 popular websites in California in the month of March & found that most tech companies ignore when a user asks to opt-out of #cookie tracking. California has stringent & well defined privacy legislation thanks to its California Consumer Privacy Act (#CCPA )…opt out of the sale of their info
-
#Google , #Microsoft , #Meta All #Tracking You Even When You #OptOut , According to an Independent #Audit
The #webXray #California #Privacy Audit viewed web traffic on more than 7,000 popular websites in California in the month of March & found that most tech companies ignore when a user asks to opt-out of #cookie tracking. California has stringent & well defined privacy legislation thanks to its California Consumer Privacy Act (#CCPA )…opt out of the sale of their info
-
#Google , #Microsoft , #Meta All #Tracking You Even When You #OptOut , According to an Independent #Audit
The #webXray #California #Privacy Audit viewed web traffic on more than 7,000 popular websites in California in the month of March & found that most tech companies ignore when a user asks to opt-out of #cookie tracking. California has stringent & well defined privacy legislation thanks to its California Consumer Privacy Act (#CCPA )…opt out of the sale of their info
-
#Google , #Microsoft , #Meta All #Tracking You Even When You #OptOut , According to an Independent #Audit
The #webXray #California #Privacy Audit viewed web traffic on more than 7,000 popular websites in California in the month of March & found that most tech companies ignore when a user asks to opt-out of #cookie tracking. California has stringent & well defined privacy legislation thanks to its California Consumer Privacy Act (#CCPA )…opt out of the sale of their info
-
Как минимальная потеря при округлении стоила Balancer более $128 млн
В начале ноября 2025 года децентрализованный протокол Balancer V2 (composable stable pools) подвергся атаке, суммарные потери по разным сетям превысили 128 млн долларов. Причиной стала не ошибка доступа, не реентерабельность и не баг в проверках прав, а потеря точности при расчете инварианта из-за округления. Формально проблема сводилась к округлению при масштабировании значений и выглядела как допустимый технический компромисс. Экономический эффект, однако, оказался значительным. Взлом Balancer, как и многие другие инциденты, уже подробно разобран в формате post-mortem — с реконструкцией того, как именно была проведена атака. В этой статье подход другой: мы посмотрим на тот же код глазами аудитора, который задается вопросом «что здесь может пойти не так?».
https://habr.com/ru/companies/pt/articles/1014954/
#blockchain #smartcontract #audit #security_research #balancer #scaling_factor #bpt
-
Как минимальная потеря при округлении стоила Balancer более $128 млн
В начале ноября 2025 года децентрализованный протокол Balancer V2 (composable stable pools) подвергся атаке, суммарные потери по разным сетям превысили 128 млн долларов. Причиной стала не ошибка доступа, не реентерабельность и не баг в проверках прав, а потеря точности при расчете инварианта из-за округления. Формально проблема сводилась к округлению при масштабировании значений и выглядела как допустимый технический компромисс. Экономический эффект, однако, оказался значительным. Взлом Balancer, как и многие другие инциденты, уже подробно разобран в формате post-mortem — с реконструкцией того, как именно была проведена атака. В этой статье подход другой: мы посмотрим на тот же код глазами аудитора, который задается вопросом «что здесь может пойти не так?».
https://habr.com/ru/companies/pt/articles/1014954/
#blockchain #smartcontract #audit #security_research #balancer #scaling_factor #bpt
-
Как минимальная потеря при округлении стоила Balancer более $128 млн
В начале ноября 2025 года децентрализованный протокол Balancer V2 (composable stable pools) подвергся атаке, суммарные потери по разным сетям превысили 128 млн долларов. Причиной стала не ошибка доступа, не реентерабельность и не баг в проверках прав, а потеря точности при расчете инварианта из-за округления. Формально проблема сводилась к округлению при масштабировании значений и выглядела как допустимый технический компромисс. Экономический эффект, однако, оказался значительным. Взлом Balancer, как и многие другие инциденты, уже подробно разобран в формате post-mortem — с реконструкцией того, как именно была проведена атака. В этой статье подход другой: мы посмотрим на тот же код глазами аудитора, который задается вопросом «что здесь может пойти не так?».
https://habr.com/ru/companies/pt/articles/1014954/
#blockchain #smartcontract #audit #security_research #balancer #scaling_factor #bpt
-
Как минимальная потеря при округлении стоила Balancer более $128 млн
В начале ноября 2025 года децентрализованный протокол Balancer V2 (composable stable pools) подвергся атаке, суммарные потери по разным сетям превысили 128 млн долларов. Причиной стала не ошибка доступа, не реентерабельность и не баг в проверках прав, а потеря точности при расчете инварианта из-за округления. Формально проблема сводилась к округлению при масштабировании значений и выглядела как допустимый технический компромисс. Экономический эффект, однако, оказался значительным. Взлом Balancer, как и многие другие инциденты, уже подробно разобран в формате post-mortem — с реконструкцией того, как именно была проведена атака. В этой статье подход другой: мы посмотрим на тот же код глазами аудитора, который задается вопросом «что здесь может пойти не так?».
https://habr.com/ru/companies/pt/articles/1014954/
#blockchain #smartcontract #audit #security_research #balancer #scaling_factor #bpt
-
https://www.europesays.com/dk/52957/ European Lithium Maintains Stake in Greenland Venture Amid Regulatory Review #amid #Audit #european #Greenland #lithium #Maintains #regulatory #review #stake #venture
-
We are excited about our partnership with Linova Software GmbH.
Your benefits 🎯
✅ Centralized platform for processes, knowledge and so much more
✅ Integrated end-to-end system for audits, documentation, and knowledge management
✅ Lean, audit-ready IMS and ISMS
✅ Structured software and requirements documentationLearn more here: https://bluespice.com/hallo-welt-and-linova-are-strengthening-digital-knowledge-management/
#BlueSpice #Linova #KnowledgeManagement #IMS #ISMS #Audit #Digitalization
-
We are excited about our partnership with Linova Software GmbH.
Your benefits 🎯
✅ Centralized platform for processes, knowledge and so much more
✅ Integrated end-to-end system for audits, documentation, and knowledge management
✅ Lean, audit-ready IMS and ISMS
✅ Structured software and requirements documentationLearn more here: https://bluespice.com/hallo-welt-and-linova-are-strengthening-digital-knowledge-management/
#BlueSpice #Linova #KnowledgeManagement #IMS #ISMS #Audit #Digitalization
-
We are excited about our partnership with Linova Software GmbH.
Your benefits 🎯
✅ Centralized platform for processes, knowledge and so much more
✅ Integrated end-to-end system for audits, documentation, and knowledge management
✅ Lean, audit-ready IMS and ISMS
✅ Structured software and requirements documentationLearn more here: https://bluespice.com/hallo-welt-and-linova-are-strengthening-digital-knowledge-management/
#BlueSpice #Linova #KnowledgeManagement #IMS #ISMS #Audit #Digitalization
-
We are excited about our partnership with Linova Software GmbH.
Your benefits 🎯
✅ Centralized platform for processes, knowledge and so much more
✅ Integrated end-to-end system for audits, documentation, and knowledge management
✅ Lean, audit-ready IMS and ISMS
✅ Structured software and requirements documentationLearn more here: https://bluespice.com/hallo-welt-and-linova-are-strengthening-digital-knowledge-management/
#BlueSpice #Linova #KnowledgeManagement #IMS #ISMS #Audit #Digitalization
-
We are excited about our partnership with Linova Software GmbH.
Your benefits 🎯
✅ Centralized platform for processes, knowledge and so much more
✅ Integrated end-to-end system for audits, documentation, and knowledge management
✅ Lean, audit-ready IMS and ISMS
✅ Structured software and requirements documentationLearn more here: https://bluespice.com/hallo-welt-and-linova-are-strengthening-digital-knowledge-management/
#BlueSpice #Linova #KnowledgeManagement #IMS #ISMS #Audit #Digitalization
-
[ #EnVrac ] Mullvad : la nouvelle implémentation WireGuard GotaTun validée par un premier audit indépendant
-
Signal Protocol for a P2P Webapp
TL;DR: I have open-sourced a #Rust implementation of the #SignalProtocol that compiles to #WASM for #Browser-based #P2P messaging, overcoming the #NodeJS limitations of the official library.
I am sharing my implementation of the Signal Protocol designed specifically for the #Frontend. While the official libsignal is the gold standard, its #JavaScript targets are often optimized for Node.js, which creates integration challenges for client-side web applications.
My version is built in #RustLang and compiles to #WebAssembly, utilizing #ModuleFederation to provide robust #Encryption for decentralized environments. It currently powers the end-to-end security for my #P2P messaging project.
Protocol Demo:
https://signal.positive-intentions.com/P2P App Demo:
https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=storyI am looking for feedback from the #Dev and #Infosec community. If you have experience with #Cryptography audits or formal-proof verification, I would appreciate your eyes on the codebase as I work toward a more finished state.
GitHub Repository:
https://github.com/positive-intentions/signal-protocol#Signal #SignalProtocol #Rust #RustLang #WASM #WebAssembly #OpenSource #OSS #Privacy #Encryption #E2EE #WebDev #Frontend #BrowserTech #Decentralized #WebApps #Coding #Security #SoftwareEngineering #Networking #PeerToPeer #P2P #Cryptography #Audit #CyberSecurity #Tech #JavaScript #Programming #ModuleFederation #P2PWeb #PrivacyTech #SecureMessaging #WebPerf #TechCommunity #InfoSec #WebSecurity
-
Signal Protocol for a P2P Webapp
TL;DR: I have open-sourced a #Rust implementation of the #SignalProtocol that compiles to #WASM for #Browser-based #P2P messaging, overcoming the #NodeJS limitations of the official library.
I am sharing my implementation of the Signal Protocol designed specifically for the #Frontend. While the official libsignal is the gold standard, its #JavaScript targets are often optimized for Node.js, which creates integration challenges for client-side web applications.
My version is built in #RustLang and compiles to #WebAssembly, utilizing #ModuleFederation to provide robust #Encryption for decentralized environments. It currently powers the end-to-end security for my #P2P messaging project.
Protocol Demo:
https://signal.positive-intentions.com/P2P App Demo:
https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=storyI am looking for feedback from the #Dev and #Infosec community. If you have experience with #Cryptography audits or formal-proof verification, I would appreciate your eyes on the codebase as I work toward a more finished state.
GitHub Repository:
https://github.com/positive-intentions/signal-protocol#Signal #SignalProtocol #Rust #RustLang #WASM #WebAssembly #OpenSource #OSS #Privacy #Encryption #E2EE #WebDev #Frontend #BrowserTech #Decentralized #WebApps #Coding #Security #SoftwareEngineering #Networking #PeerToPeer #P2P #Cryptography #Audit #CyberSecurity #Tech #JavaScript #Programming #ModuleFederation #P2PWeb #PrivacyTech #SecureMessaging #WebPerf #TechCommunity #InfoSec #WebSecurity
-
Signal Protocol for a P2P Webapp
TL;DR: I have open-sourced a #Rust implementation of the #SignalProtocol that compiles to #WASM for #Browser-based #P2P messaging, overcoming the #NodeJS limitations of the official library.
I am sharing my implementation of the Signal Protocol designed specifically for the #Frontend. While the official libsignal is the gold standard, its #JavaScript targets are often optimized for Node.js, which creates integration challenges for client-side web applications.
My version is built in #RustLang and compiles to #WebAssembly, utilizing #ModuleFederation to provide robust #Encryption for decentralized environments. It currently powers the end-to-end security for my #P2P messaging project.
Protocol Demo:
https://signal.positive-intentions.com/P2P App Demo:
https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=storyI am looking for feedback from the #Dev and #Infosec community. If you have experience with #Cryptography audits or formal-proof verification, I would appreciate your eyes on the codebase as I work toward a more finished state.
GitHub Repository:
https://github.com/positive-intentions/signal-protocol#Signal #SignalProtocol #Rust #RustLang #WASM #WebAssembly #OpenSource #OSS #Privacy #Encryption #E2EE #WebDev #Frontend #BrowserTech #Decentralized #WebApps #Coding #Security #SoftwareEngineering #Networking #PeerToPeer #P2P #Cryptography #Audit #CyberSecurity #Tech #JavaScript #Programming #ModuleFederation #P2PWeb #PrivacyTech #SecureMessaging #WebPerf #TechCommunity #InfoSec #WebSecurity
-
Signal Protocol for a P2P Webapp
TL;DR: I have open-sourced a #Rust implementation of the #SignalProtocol that compiles to #WASM for #Browser-based #P2P messaging, overcoming the #NodeJS limitations of the official library.
I am sharing my implementation of the Signal Protocol designed specifically for the #Frontend. While the official libsignal is the gold standard, its #JavaScript targets are often optimized for Node.js, which creates integration challenges for client-side web applications.
My version is built in #RustLang and compiles to #WebAssembly, utilizing #ModuleFederation to provide robust #Encryption for decentralized environments. It currently powers the end-to-end security for my #P2P messaging project.
Protocol Demo:
https://signal.positive-intentions.com/P2P App Demo:
https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=storyI am looking for feedback from the #Dev and #Infosec community. If you have experience with #Cryptography audits or formal-proof verification, I would appreciate your eyes on the codebase as I work toward a more finished state.
GitHub Repository:
https://github.com/positive-intentions/signal-protocol#Signal #SignalProtocol #Rust #RustLang #WASM #WebAssembly #OpenSource #OSS #Privacy #Encryption #E2EE #WebDev #Frontend #BrowserTech #Decentralized #WebApps #Coding #Security #SoftwareEngineering #Networking #PeerToPeer #P2P #Cryptography #Audit #CyberSecurity #Tech #JavaScript #Programming #ModuleFederation #P2PWeb #PrivacyTech #SecureMessaging #WebPerf #TechCommunity #InfoSec #WebSecurity
-
Signal Protocol for a P2P Webapp
TL;DR: I have open-sourced a #Rust implementation of the #SignalProtocol that compiles to #WASM for #Browser-based #P2P messaging, overcoming the #NodeJS limitations of the official library.
I am sharing my implementation of the Signal Protocol designed specifically for the #Frontend. While the official libsignal is the gold standard, its #JavaScript targets are often optimized for Node.js, which creates integration challenges for client-side web applications.
My version is built in #RustLang and compiles to #WebAssembly, utilizing #ModuleFederation to provide robust #Encryption for decentralized environments. It currently powers the end-to-end security for my #P2P messaging project.
Protocol Demo:
https://signal.positive-intentions.com/P2P App Demo:
https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=storyI am looking for feedback from the #Dev and #Infosec community. If you have experience with #Cryptography audits or formal-proof verification, I would appreciate your eyes on the codebase as I work toward a more finished state.
GitHub Repository:
https://github.com/positive-intentions/signal-protocol#Signal #SignalProtocol #Rust #RustLang #WASM #WebAssembly #OpenSource #OSS #Privacy #Encryption #E2EE #WebDev #Frontend #BrowserTech #Decentralized #WebApps #Coding #Security #SoftwareEngineering #Networking #PeerToPeer #P2P #Cryptography #Audit #CyberSecurity #Tech #JavaScript #Programming #ModuleFederation #P2PWeb #PrivacyTech #SecureMessaging #WebPerf #TechCommunity #InfoSec #WebSecurity
-
We hid backdoors in ~40MB binaries and asked AI + Ghidra to find them
-
We hid backdoors in ~40MB binaries and asked AI + Ghidra to find them
-
We hid backdoors in ~40MB binaries and asked AI + Ghidra to find them
-
We hid backdoors in ~40MB binaries and asked AI + Ghidra to find them
-
We hid backdoors in ~40MB binaries and asked AI + Ghidra to find them
-
"Idk, I think it's less about empathy or compassion, and more about making sure the (hopefully small) group of uncaring people who enter medicine or allied health professions are incentivised to act pro-socially.
Like, in your region, what studying conditions and working conditions are clinicians expected to tolerate? Do they receive a living wage throughout study and work? Is their livelihood for a single person or big enough they can build a household?Do they feel comfortable being a whistleblower when something goes wrong? (Numbers-wise, mistakes will happen over time.)
How robust is the inspection or regulation? How flexible are the logistics of each sector?
How many crises at once can be weathered without change to patient care? How long will it take to build back up that 'extra' capacity / contingency margin?Who (in what position, in which teams) is responsible (or in what order) for noticing angels of death? What about anyone with less final but still harmful motives?
How severe are the consequences for failure? How many people feel compelled to hide errors rather than remedy them? What options for remediation are accessible to all staff, including contractors?"
#MedMastodon #DoLessHarm #SystemsThinking #HarmReduction #Medical #Medicine #MD #Systems #NonExpert #LayPerson #RubberNecking #Risk #RiskAssessment #RiskManagement #Risk_Management #Audit #Efficiency #Efficacy #Flexibility #TrueCrime #Crime
-
https://www.fogolf.com/1158558/defence-will-sell-off-16-properties-in-victoria-but-no-plans-are-in-place-for-what-comes-next/ Defence will sell off 16 properties in Victoria, but no plans are in place for what comes next #adf #Audit #defence #Golf #GolfCourse #GolfNews #PROPERTY #RealEstate #Sell
-
Các vấn đề thực tiễn trong GenAI sản xuất: chi phí LLM bùng nổ nhưng không biết chi tiêu theo mô hình/đội/người dùng; rủi ro bảo mật (PII, prompt injection) không được phát hiện ngay; thiếu audit trail để giải thích quyết định AI. Cần giải pháp kiểm soát chi phí, bảo mật và ghi lại toàn bộ workflow mà không tăng độ trễ hay xây dựng nhiều stack. Mọi người có kinh nghiệm, công cụ (LangSmith, script tự viết…) chia sẻ nhé! #GenAI #LLMOps #AI #BảoMật #ChiPhí #Audit #AI_Observability #CôngNghệ
https:
-
Il post LinkedIn della professoressa Elisa Giomi, membro dissidente del collegio di AGCOM
Rispetto alla sanzione di #Agcom da oltre 14 milioni a #Cloudflare ho preso convintamente le distanze, come sull’intero procedimento che ha portato alla nascita di #PiracyShield.
Non condivido, però, neppure la concezione di tutele e #regole, per quanto perfettibili, come inutili fardelli.In ogni caso, tra chi ci vede una svolta nella lotta alla #pirateria e chi un preoccupante “salto di qualità” verso #blocchi infrastrutturali sempre più automatici, il provvedimento ha riaperto un confronto importante.
Che merita meno tifoserie e più #metodo.Tipo: discutere di proporzionalità, #garanzie e sostenibilità operativa. Metto dunque a fattor comune gli aspetti che ritengo possano fare la differenza tra costruire uno strumento stabile o un #contenzioso permanente.
1) Se l’enforcement si estende verso servizi infrastrutturali come #DNS pubblici, CDN o altri intermediari tecnici, il tema non è se i fornitori possano avere un ruolo nel contrasto ai contenuti #illeciti ma come evitare criteri troppo larghi che finiscano per trascinare nella rete anche usi pienamente leciti.
Un’infrastruttura molto diffusa può comparire spesso anche nei contesti illeciti, ma questo non dovrebbe tradursi automaticamente in #obblighi applicati in modo indistinto.2) Alla velocità del blocco dovrebbe corrispondere una velocità comparabile di correzione, con procedure chiare, tracciabili e tempi di ripristino espliciti, perché gli errori o gli #overblocking per quanto non desiderati sono sempre possibili e quando accadono ne derivano danni immediati.
3) È fisiologico che le segnalazioni operative arrivino dai titolari dei #diritti o da soggetti incaricati ma un sistema di accertamento delle #violazioni credibile nel lungo periodo dovrebbe poggiare su standard pubblici minimi di qualità della prova, #audit indipendenti periodici e un #contraddittorio effettivo e tempestivo, almeno nei casi dubbi o ricorrenti.
4) Chi sostiene i #costi tecnici, legali e organizzativi di questa operatività quotidiana? Se una quota rilevante ricade su #ISP e intermediari, è ragionevole aprire una discussione su governance, cost-sharing (o criteri trasparenti di ripartizione), responsabilità in caso di segnalazioni errate e reportistica pubblica su volumi, #tempi ed esiti.
In sintesi: proviamo ad uscire dal manicheismo del “pro” o “contro” e chiediamoci invece quali garanzie e quali metriche nel sistema dei blocchi è necessario implementare...
-
Linking California with the Minnesota food aid probe is a stretch
An applicant signs up for food stamps, known as CalFresh in California, at a low-income health clinic in Contra Costa County. (Foe; photo by Anne Wernikoff/ CalMatters) This column was originally published by CalMat…
#dining #cooking #diet #food #Food #audit #california #CALmatters #Foodaid #GavinNewsom #Minnesota #Politics
https://www.diningandcooking.com/2463124/linking-california-with-the-minnesota-food-aid-probe-is-a-stretch/ -
Linking California with the Minnesota food aid probe is a stretch
An applicant signs up for food stamps, known as CalFresh in California, at a low-income health clinic in Contra Costa County. (Foe; photo by Anne Wernikoff/ CalMatters) This column was originally published by CalMat…
#dining #cooking #diet #food #Food #audit #california #CALmatters #Foodaid #GavinNewsom #Minnesota #Politics
https://www.diningandcooking.com/2463124/linking-california-with-the-minnesota-food-aid-probe-is-a-stretch/ -
Linking California with the Minnesota food aid probe is a stretch
An applicant signs up for food stamps, known as CalFresh in California, at a low-income health clinic in Contra Costa County. (Foe; photo by Anne Wernikoff/ CalMatters) This column was originally published by CalMat…
#dining #cooking #diet #food #Food #audit #california #CALmatters #Foodaid #GavinNewsom #Minnesota #Politics
https://www.diningandcooking.com/2463124/linking-california-with-the-minnesota-food-aid-probe-is-a-stretch/ -
Linking California with the Minnesota food aid probe is a stretch
An applicant signs up for food stamps, known as CalFresh in California, at a low-income health clinic in Contra Costa County. (Foe; photo by Anne Wernikoff/ CalMatters) This column was originally published by CalMat…
#dining #cooking #diet #food #Food #audit #california #CALmatters #Foodaid #GavinNewsom #Minnesota #Politics
https://www.diningandcooking.com/2463124/linking-california-with-the-minnesota-food-aid-probe-is-a-stretch/