Please help contribute to the Reddit categorization project here


    + friends - friends
    5,182 link karma
    4,395 comment karma
    send message redditor for

    [–] How Google is making the Huawei Mate 20 Pro the best workplace handset yet | TechRadar ZergShotgunAndYou 12 points ago in Android


    Not even close and that's NOT what google said, prime example of clickbait title. Ofc the VP of marketing had to say something nice about the latest offering from a strategic partner,it's not like he can flat out say it's shit.

    They list the presence of a secure face recognition method to to unlock & authenticate payments as the reason why the device excels in the workplace?! o-ok.
    if you are adopting an Android phone in a corporate environment and it's NOT a Pixel(preferred,due to hardening,dedicated secure HW, monthly sec patches and seamless updates) OR a Samsung you're doing it wrong.

    [–] Constantinople Hard Fork Update Thread ZergShotgunAndYou 10 points ago in ethereum

    Nah, we appreciate your hard work.
    And yes even tho there are very few nodes running clients other than Geth and Parity, we should give the teams maintaining those projects time to review,update and test,they have less resources at their disposal and a consensus bug is pretty high up on the list of things you don't want to see happening on mainnet.

    It sucks but that's just the way things go sometimes.Having multiple clients implementing the same spec with different codebases is a boon to security and makes the network more resilient to attacks exploiting bugs in a single client but this is the tradeoff, the possibility of having potentially serious consensus bugs that fork the network.
    I say take the time to do it right, fuzz the shit out of it and ship somewhat reviewed code.ETH is securing Billions in digital assets,a delayed protocol update is bad but inconsenquential in the grand scheme of things while a forked and temporarily unusable mainnet network is catastrophic and the implications very long lasting, do what's right.

    [–] Constantinople Hard Fork Update Thread ZergShotgunAndYou 2 points ago * (lasted edited 2 days ago) in ethereum

    fuck you and your spammy link(apologies if it was malformed by a botched cut & paste and not intentionally)

    Also, this is a good thread by Lane explaining roughly what happened and what the current status is:

    [–] Devices with Android 9 Pie can perform encrypted Android Backups secured by their device passcode leveraging Titan chips in Google's Cloud Infrastructure - effectively making it a resilient zero knowledge backup solution for app data ZergShotgunAndYou 1 points ago in Android

    It is.

    While it doesn't function exactly like a traditional zero knowledge cloud backup,the whole purpose of the HSM/Titan chip in Google's cloud is that Google can under no circumstances access the crypto material and unilaterally perform a decryption of the data without having access to the device passcode.That IS zero knowledge.

    They boast about it offering Insider Attack Resistance,eg: a malicious/compromised Google Employee with root access to the machine where user data is stored is able to decrypt it. Zero Knowledge is needed to achieve that.

    Read the doc below, they DO make some assumption when declaring their threat model and the scope of the analysis but they're very reasonable and conservative:

    [–] Devices with Android 9 Pie can perform encrypted Android Backups secured by their device passcode leveraging Titan chips in Google's Cloud Infrastructure - effectively making it a resilient zero knowledge backup solution for app data ZergShotgunAndYou 95 points ago * (lasted edited 5 days ago) in Android

    It's unclear but i think Pixel 3 devices will be the first to support it, i don't think it's an exclusive feature.

    I don't know what changes,if any, OEMs needs to do to implement it.Based on some of the language used in the third party audit of the infrastructure performed by NGCC at the request of google i'm inclined to think that *maybe* it also uses the Titan M chip on the device itself since they mention this in the document:

    "This backup encryption key will be stored only in secure hardware on the phone and synced periodically with secure hardware hosted by Google."

    taken from:

    It's just an educated guess tho, i may be wrong and they are just referencing TrustZone, present in every ARM SoC.

    This would tie in nicely with what Rick Osterloh said on stage at the event recently about "the closed loop between on-device security and the datacenter :

    [–] Google Pixel 3 includes Pixel USB-C earbuds and dongle. What now, Apple? ZergShotgunAndYou 12 points ago in Android

    lmao. You are paying(dearly) for those.
    Prices are fucking insane all over the world,irrespective of VAT,currency rates etc.

    [–] MKBHD Google Pixel 3 impressions ZergShotgunAndYou 98 points ago * (lasted edited 10 days ago) in Android

    Fuck me it's even worse than i expected.

    They really did waste $$$ in the BOM to add a second front facing camera and no face recognition capabilities.

    So the only feature i'm looking forward to is the Titan M security module.

    [–] Google reportedly "permanently shutting down all consumer functionality" in Google+ after a data breach. ZergShotgunAndYou 246 points ago in Android
    Non paywalled version.

    This is bad...they didn't do a postmortem of the security incident - or rather they did one internally and condensed it for executives who decided NOT to inform the public based on it due to fears of attracting scrutiny from regulators, fines for having exposed private data and the potential damage to the brand.

    [–] Pixel 3 XL leaked in Hong Kong | First Look - Engadget ZergShotgunAndYou 63 points ago * (lasted edited 13 days ago) in Android

    i have an OP3T too and i work in infosec . i can guarantee you that any system not using a dot projector and an ir camera is an inferior technical solution that does NOT meet an acceptable threshold for security(and the reason why it's generally only used to unlock the phone and NOT to perform more sensitive actions like authorizing payments etc).I'm not claiming Apple's(or Xiaomi's) solution is perfectly secure but it has a remarkably better FAR & FRR.

    Face recognition biometric auth solutions using off the shelf cameras/hw are a gimmick and can't be compared to carefully engineered ad-hoc systems.Apple bought PrimeSense and RealFace(two start ups working on face unlock tech) for a reason

    Maybe the face unlock offered by OP is enough for you, it's not for me and for usage in an enterprise setting.

    [–] Pixel 3 XL leaked in Hong Kong | First Look - Engadget ZergShotgunAndYou 203 points ago * (lasted edited 13 days ago) in Android

    I swear if it turns out the 2nd front facing camera is only used for wide angle selfies and they don't have a decent face unlock mechanism(which is very likely since they would need a dot/pattern projector and the camera would need to be IR and i don't see it)i'm gonna lose it.

    I don't mind notches because i see them as free screen on the sides BUT this one is humongous and if they wasted precious real estate for a second camera uniquely dedicated to wide angle selfies...someone needs to be fired.

    [–] Interesting details about Bitmain gleaned from their IPO filing ZergShotgunAndYou 11 points ago in ethereum

    trained for the Ethereum


    They are HW/silicon engineers for the most part...not Solidity devs.
    And their core skillset is not gonna be relevant anyway when PoS is finally live.