This isn't a space I know too much about, but even if we all start using quantum-safe encryption for everything today, won't the arrival of quantum computers that can break traditional encryption not still be a big deal?
Given that intelligence agencies, tech companies and various bad actors have been storing encrypted data for a long time, hoping to decrypt when (if?) that day comes?
Sure it's still a big deal but it's not as if suddenly everybody get a quantum computer and can use it nilly-willy. It will be (or is) scarce enough that information has to be selected as critical in order to be deciphered a posteriori.
The time between the moment the information is recorded and when it's deciphered is what matters, rarely the information itself abstracted from all context.
So even if suddenly having a classical cryptography is broken, trivially, then there still need to be a way to search through it.
Typically for a random person that means their credit card pin and their email password for example. Well, you chance that and if, say the NSA, can decipher your old email password even 1 minute after you changed it, no big deal. If they can decipher your old emails it might be a big deal but probably not. I would argue it depends on actionable information (e.g. a coup happening tomorrow) and legal information (e.g. the proof that a certain person was an informant and should be extradited).
So... I would argue historically, huge deal, daily life... probably not much for most.
Intelligence agencies and companies for which industrial espionage is an actual concern will re-encrypt their data storage, or have already done so. The only risk is on data that was already obtained with a vulnerable encryption. So there is some risk that a few secrets are lost, but it won’t be everything. And if you were to start now and quantum decryption isn’t viable for a decade then any secrets that do get exposed are surely less of a problem than if they were discovered today.
Definitely, but then the damage is limited to the encrypted data that those actors managed to intercept some years before. Compared to QC arriving to an unprepared world, that's a very limited impact.
I have a direct mailto: link to my email address in the footer of my website. Zero obfuscation. I don't get any unusually large volume of spam. Maybe Fastmail's filters are that good, or maybe scraping emails off the web just isn't worth the spammers' time anymore and they've all moved on to posting thirst traps on Instagram. I dunno. Hasn't been a problem either way.
I host my own email. I use a default SpamAssassin configuration along with some basic greylisting. I barely get any spam. Maybe one every month or two.
I sort of need public contact info. Maybe I obfuscate a bit on my site though I would need to look. Modern hosted email systems seem pretty good at filtering the real spam.
But I also need to coordinate with folks with respect to conference meetings and the like so my email is pretty public.
not OP, but my current solution is to have a link which says "click to show email", with javascript handler that changes that link's href (and text) to email address, which is somehow computed. For example, by taking page URL and performing some regexp on it. It both avoids storing email in page source in plain text and requires human interaction, so feels good enough.
Another way I've seen elsewhere is to use a human-language explanation of how to build email address, something like this: "To get my email address, combine my first name (John) with my birth year (2000), separated by dash (-), and add email provider (@gmail.com)".
> my current solution is to have a link which says "click to show email"
Yeah was thinking of going down that route, but I like the simplicity of just having it there there as a mailto link when you land. Based on Mike's response I might try it!
I know I'm going against the HN hivemind a bit here, and I hope I don't get flamed too much for it - but I think that that Jeff Epstein fellow wasn't a very nice man.
There are plenty of brilliant people who use python. However, in every one of these boom cycles with python I dealt with A LOT of developers with horrific software engineering practices, little understanding of how their applications and dependencies work, and just plane bizarre ideas of how services work. Like the one who comes with 1 8k line run.py with like 3 functions asking to “deploy it as a service”, expecting it to literally launch `python3 run.py` for every request. It takes 5 minutes to run. It assumes there is only 1 execution at a time per VM because it always writes to /tmp/data.tmp. Then poses a lot of “You guys don’t know what you’re doing” questions like “yeah, it takes a minute, but can’t you just return a progress bar?” In a REST api? Or “yeah, just run one per machine. Shouldn’t you provide isolation?”. Then there is the guy who zips up their venv from a Mac or Windows machine and expects it to just run on a Linux server. Or the guy who has no idea what system libs their application needs and is so confused we’re not running a full Ubuntu desktop in a server environment. Or the guy who gives you a 12GB docker image because ‘well, I’m using anaconda”
Containers have certainly helped a lot with python deployments these days, even if the Python community was late to adopt it for some reason. throughout the 2010s where containers would have provided a much better story especially for python where most libraries are just C wrappers and you must pip install on the same target environments, python developers I dealt with were all very dismissive of it and just wanted to upload a zip or tarball because “python is cross platform. It shouldn’t matter” then we had to invent all sorts of workarounds to make sure we have hundreds of random system libs installed because who knows what they are using and what pip will need to build their things. prebuilt wheels were a lot less common back then too causing pip installs to be very resource intensive, slow and flaky because som system lib is missing or was updated. Still python application docker images always range in the 10s of GBs
Thanks for the detailed reply. I wrote and deployed a few dev-opsy python scripts in my last job that I wasn't massively proud of, but after reading that I all of a sudden don't feel so bad lol
This isn't a space I know too much about, but even if we all start using quantum-safe encryption for everything today, won't the arrival of quantum computers that can break traditional encryption not still be a big deal?
Given that intelligence agencies, tech companies and various bad actors have been storing encrypted data for a long time, hoping to decrypt when (if?) that day comes?
reply