Search
Items tagged with: LynneTeachesTech
2019-04-18 02:41:47
2019-04-17 05:12:46
2019-04-17 05:12:34
175070
Content warning: what's keybase? why are so many people talking about it right now? what's with all those "it is proven!" posts? (long, serious)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
keybase is a website that allows you to prove that a given account or website is owned by you. to explain how this works, we'll need to briefly cover public key cryptography.
there are many ways to encrypt a file. one such way involves using a password to encrypt the file, which can then be decrypted using the same password. this is known as a symmetrical method, because the way it's encrypted is the same as the way it's decrypted - using a password. the underlying methods of encryption and decryption may be different, but the password remains the same. how these algorithms work is outside the scope of this post - i might make a future post about encryption.
public key encryption is asymmetrical. this means the way you encrypt it is different from the way you decrypt it. a password protected file can be opened by anyone who knows the password, but a file encrypted using this method can only be decrypted by the person you're sending it to (unless their private key has been stolen). if you encrypt a file using someone's public key, the only way to decrypt it is with their private key. since i'm the only one with access to my private key, i'm the only person who can decrypt any files that are encrypted using my public key.
my private key can also be used to "sign" a file or message to prove that i said it. anyone can verify that i was the one who signed it by using my public key. comparing the signature to any other public key won't return a match, and changing even one letter of the text will mean that the signature no longer works.
as the signing process can be used to guarantee that i said something, this means that i can use it to prove that i own, say, a particular facebook account. i could make a post saying "this is lynne" with my signature attached, and anyone could verify it using my public key. this is where keybase comes in.
the process of signing a post is rather technical, and everyone who wants to verify it will need to know where to get your public key. there are "keyservers" that contain people's public keys, but the average person won't know that, or what the long, jumbled mess of characters at the end of a message even means. keybase does this for you. after you create an account, it generates a public and private key for you to use. you don't even need to access these, it's all managed automatically. you can then verify that you own a given twitter, reddit, mastodon, etc. account by following the steps they provide to you. you just need to make a single post, which keybase will check for, compare against your public key, verify that it's you, and add to your profile. users can also download your public key and verify it themselves.
support for mastodon was only added recently and isn't quite complete yet, but it's ready to use and works well. this is why you might have noticed a lot of people talking about it recently. support for keybase is new in mastodon 2.8.
keybase can also be used to prove that you own a given website, again by making a public, signed statement. i've proven that i own lynnesbian.space with a statement here: https://lynnesbian.space/keybase.txt
it also provides a UI to more easily verify someone's signed message, without having to find and download their public key yourself.
keybase is built on existing and tested standards and technologies, and everything that it does can also be done yourself by hand. it just exists to make this kind of thing more accessible to the general public.
i've proven my ownership of this mastodon account (@lynnesbian), and you can verify that by checking my keybase page: https://keybase.io/lynnesbian/
keybase also offers encrypted chat and file storage, but it's main feature is that you can easily verify and confirm that you are who you say you are. so if you see a website claiming to be owned by me, and you don't see it in my keybase profile, you should be suspicious!
#LynneTeachesTech
finally, this post itself is digitally signed by me! you probably noticed that weird "begin signed message" thing at the top! you can verify that it's me simply by pasting the whole post, top to bottom, including the weird bits at the start and end, but *not* including the content warning, into this page here: https://keybase.io/verify
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.1.0
Comment: https://keybase.io/crypto
wsFcBAABCgAGBQJctrWtAAoJEPt7lwMDrOSZtrAP/0lV+51YF24TDOO5vJx43cq5
kBkIV61/JqRMTaT7+6O+H/0YBmXyF4RYITyKZ88wYyZD5mTnRLLGk/5BqGuDOdAd
wyKvkEUcBmO0kAr2p8w8LKsNVV/fpyXdBgcPqu7QXwGJiimJg39n0/A36NL1az2A
v11uYdLOUQ1t3Eh+pRryRQP8jMc2PEVIjBaQ5bAZ/BDbQzzmB+4tpdKEKHd92UVp
lclDR1j29d9hs0bSZ+yCZQCkAkuUIfbUag8ic+a27aqaWAm+gprT2JxG4BUz9aoJ
W5BnVZdh6egFkn1aTVhowXtGxzhbWKuRjNQl13zLw4czzXRncIrNQ/DkUGXfYhqk
Q89dlFZG6R4wWiM4nsnaxySaQVjmzt37nG58iYhkas3bTKXx9WZ1/pQb/ufk+ic5
P+abGZDB4NXK0nwh5Ap0W9Br82WelYdeVlpx0uoTMp9WWtouwGk3XLYDKV5SvUrF
Xkr5DkdfBcaJLJdj0EcXKBJfPfoKqKLPX2FdTBvA0TEn7Lxq/FxvfvWk5HLh9Xlp
rtHoFDL5Fq4Wz2omaR0Tpo51AfRpi0CHdaM+tL1uvqebb75MEMZhALyZVt6CmxBb
vVU+kXxSfGGbOTLDk8kpkmc6DJCNGnrn8k/qgDkETCDpAFOZK6c5k9XHrhMc5kp7
W2oysh2U+BtsNcRNA2+A
=23Bq
-----END PGP SIGNATURE-----
Hash: SHA512
keybase is a website that allows you to prove that a given account or website is owned by you. to explain how this works, we'll need to briefly cover public key cryptography.
there are many ways to encrypt a file. one such way involves using a password to encrypt the file, which can then be decrypted using the same password. this is known as a symmetrical method, because the way it's encrypted is the same as the way it's decrypted - using a password. the underlying methods of encryption and decryption may be different, but the password remains the same. how these algorithms work is outside the scope of this post - i might make a future post about encryption.
public key encryption is asymmetrical. this means the way you encrypt it is different from the way you decrypt it. a password protected file can be opened by anyone who knows the password, but a file encrypted using this method can only be decrypted by the person you're sending it to (unless their private key has been stolen). if you encrypt a file using someone's public key, the only way to decrypt it is with their private key. since i'm the only one with access to my private key, i'm the only person who can decrypt any files that are encrypted using my public key.
my private key can also be used to "sign" a file or message to prove that i said it. anyone can verify that i was the one who signed it by using my public key. comparing the signature to any other public key won't return a match, and changing even one letter of the text will mean that the signature no longer works.
as the signing process can be used to guarantee that i said something, this means that i can use it to prove that i own, say, a particular facebook account. i could make a post saying "this is lynne" with my signature attached, and anyone could verify it using my public key. this is where keybase comes in.
the process of signing a post is rather technical, and everyone who wants to verify it will need to know where to get your public key. there are "keyservers" that contain people's public keys, but the average person won't know that, or what the long, jumbled mess of characters at the end of a message even means. keybase does this for you. after you create an account, it generates a public and private key for you to use. you don't even need to access these, it's all managed automatically. you can then verify that you own a given twitter, reddit, mastodon, etc. account by following the steps they provide to you. you just need to make a single post, which keybase will check for, compare against your public key, verify that it's you, and add to your profile. users can also download your public key and verify it themselves.
support for mastodon was only added recently and isn't quite complete yet, but it's ready to use and works well. this is why you might have noticed a lot of people talking about it recently. support for keybase is new in mastodon 2.8.
keybase can also be used to prove that you own a given website, again by making a public, signed statement. i've proven that i own lynnesbian.space with a statement here: https://lynnesbian.space/keybase.txt
it also provides a UI to more easily verify someone's signed message, without having to find and download their public key yourself.
keybase is built on existing and tested standards and technologies, and everything that it does can also be done yourself by hand. it just exists to make this kind of thing more accessible to the general public.
i've proven my ownership of this mastodon account (@lynnesbian), and you can verify that by checking my keybase page: https://keybase.io/lynnesbian/
keybase also offers encrypted chat and file storage, but it's main feature is that you can easily verify and confirm that you are who you say you are. so if you see a website claiming to be owned by me, and you don't see it in my keybase profile, you should be suspicious!
#LynneTeachesTech
finally, this post itself is digitally signed by me! you probably noticed that weird "begin signed message" thing at the top! you can verify that it's me simply by pasting the whole post, top to bottom, including the weird bits at the start and end, but *not* including the content warning, into this page here: https://keybase.io/verify
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.1.0
Comment: https://keybase.io/crypto
wsFcBAABCgAGBQJctrWtAAoJEPt7lwMDrOSZtrAP/0lV+51YF24TDOO5vJx43cq5
kBkIV61/JqRMTaT7+6O+H/0YBmXyF4RYITyKZ88wYyZD5mTnRLLGk/5BqGuDOdAd
wyKvkEUcBmO0kAr2p8w8LKsNVV/fpyXdBgcPqu7QXwGJiimJg39n0/A36NL1az2A
v11uYdLOUQ1t3Eh+pRryRQP8jMc2PEVIjBaQ5bAZ/BDbQzzmB+4tpdKEKHd92UVp
lclDR1j29d9hs0bSZ+yCZQCkAkuUIfbUag8ic+a27aqaWAm+gprT2JxG4BUz9aoJ
W5BnVZdh6egFkn1aTVhowXtGxzhbWKuRjNQl13zLw4czzXRncIrNQ/DkUGXfYhqk
Q89dlFZG6R4wWiM4nsnaxySaQVjmzt37nG58iYhkas3bTKXx9WZ1/pQb/ufk+ic5
P+abGZDB4NXK0nwh5Ap0W9Br82WelYdeVlpx0uoTMp9WWtouwGk3XLYDKV5SvUrF
Xkr5DkdfBcaJLJdj0EcXKBJfPfoKqKLPX2FdTBvA0TEn7Lxq/FxvfvWk5HLh9Xlp
rtHoFDL5Fq4Wz2omaR0Tpo51AfRpi0CHdaM+tL1uvqebb75MEMZhALyZVt6CmxBb
vVU+kXxSfGGbOTLDk8kpkmc6DJCNGnrn8k/qgDkETCDpAFOZK6c5k9XHrhMc5kp7
W2oysh2U+BtsNcRNA2+A
=23Bq
-----END PGP SIGNATURE-----
2019-04-04 15:44:51
2019-03-26 12:47:23
2019-03-26 12:47:16
133382
Content warning: why are there so few web browsers? why do some browsers display websites differently to others? why are some browsers, like opera and vivaldi, just based on chrome instead of being their own thing? (long, serious)
a web browser is a program that displays a HTML document, in the same way that a text editor is a program that displays a txt file, or a video player displays MP4s, AVIs, etc. HTML has been around for a while, first appearing around 1990.
HTML alone is enough to create a website, but almost all sites bring in CSS as well, which allows you to customise the style of a webpage, such as choosing a font or setting a background image¹. javascript (JS) is also used for many sites, allowing for interactivity, such as hiding and showing content or making web games.
together, HTML, CSS, and JS make up the foundations of the modern web. a browser that aims to be compatible with as many existing websites as possible must therefore implement all three of them effectively. some websites (twitter, ebay) will fall back to a "legacy" mode if javascript support isn't present, while others (mastodon, google maps) won't work at all.
implementing javascript and making sure it works with HTML is a particularly difficult challenge, which sets the bar for creating a new browser from scratch staggeringly high. this is partly why there are so few browsers that aren't based on firefox or chrome² that are capable of handling these lofty requirements. microsoft has decided to switch edge over to a chrome-based project, opera switched to the chrome engine years ago, and so on, because of the difficulty of keeping up. that's not to say there aren't any browsers that aren't based on firefox or chrome - safari isn't based on either of them³ - but the list is certainly sparse.
due to the difficulty of creating and maintaining a web browser, and keeping up with the ever evolving standards, bugs and oddities appear quite frequently. they often manifest in weird and obscure cases, and occasionally get reported on if they're major enough. an old version internet explorer rather famously had a bug that caused it to render certain elements of websites completely incorrectly. by the time it was fixed, some websites were already relying on it. microsoft decided to implement a "quirks mode" feature that, when enabled, would simulate the old, buggy behaviour in order to get the websites to work right. most modern browsers also implement a similar feature. this just adds yet another layer of difficulty to creating a browser.
the complexity of creating a web browser combined with the pre-existing market share domination of google chrome makes creating a new web browser difficult. this has had the effect of further consolidating chrome's market share. chrome is currently sitting about about 71.5% market share⁴, with opera (which is based on chrome) adding a further 2.4%. this means that google has a lot of say over the direction the web is headed in. google can create and implement new ways of doing things and force others to either adopt or disappear. monopolies are never a good thing, especially not over something as fundamental and universal as a web browser. at its peak, internet explorer had over 90% market share. some outdated websites still require internet explorer, which is one of the main reasons why windows 10 still includes it, despite also having edge.
footnotes:
1. before CSS, styling was done directly through HTML itself. while this way of doing things is considered outdated and deprecated, both firefox and chrome still support it for legacy compatibility. having to support deprecated standards is yet another hurdle in creating a browser.
2. chrome is the non-free (as in freedom) version of the open source browser "chromium", also created by google. compared to chromium, chrome adds some proprietary features like adobe flash and MP3 playback.
3. the engine safari uses is called webkit. chrome used to use this engine, but switched to a new engine based on webkit called blink. safari therefore shares at least some code with chrome.
4. based on http://gs.statcounter.com/browser-market-share/desktop/worldwide. note that it's impossible to perfectly measure browser market share, but this is good for getting an estimate.
#LynneTeachesTech
HTML alone is enough to create a website, but almost all sites bring in CSS as well, which allows you to customise the style of a webpage, such as choosing a font or setting a background image¹. javascript (JS) is also used for many sites, allowing for interactivity, such as hiding and showing content or making web games.
together, HTML, CSS, and JS make up the foundations of the modern web. a browser that aims to be compatible with as many existing websites as possible must therefore implement all three of them effectively. some websites (twitter, ebay) will fall back to a "legacy" mode if javascript support isn't present, while others (mastodon, google maps) won't work at all.
implementing javascript and making sure it works with HTML is a particularly difficult challenge, which sets the bar for creating a new browser from scratch staggeringly high. this is partly why there are so few browsers that aren't based on firefox or chrome² that are capable of handling these lofty requirements. microsoft has decided to switch edge over to a chrome-based project, opera switched to the chrome engine years ago, and so on, because of the difficulty of keeping up. that's not to say there aren't any browsers that aren't based on firefox or chrome - safari isn't based on either of them³ - but the list is certainly sparse.
due to the difficulty of creating and maintaining a web browser, and keeping up with the ever evolving standards, bugs and oddities appear quite frequently. they often manifest in weird and obscure cases, and occasionally get reported on if they're major enough. an old version internet explorer rather famously had a bug that caused it to render certain elements of websites completely incorrectly. by the time it was fixed, some websites were already relying on it. microsoft decided to implement a "quirks mode" feature that, when enabled, would simulate the old, buggy behaviour in order to get the websites to work right. most modern browsers also implement a similar feature. this just adds yet another layer of difficulty to creating a browser.
the complexity of creating a web browser combined with the pre-existing market share domination of google chrome makes creating a new web browser difficult. this has had the effect of further consolidating chrome's market share. chrome is currently sitting about about 71.5% market share⁴, with opera (which is based on chrome) adding a further 2.4%. this means that google has a lot of say over the direction the web is headed in. google can create and implement new ways of doing things and force others to either adopt or disappear. monopolies are never a good thing, especially not over something as fundamental and universal as a web browser. at its peak, internet explorer had over 90% market share. some outdated websites still require internet explorer, which is one of the main reasons why windows 10 still includes it, despite also having edge.
footnotes:
1. before CSS, styling was done directly through HTML itself. while this way of doing things is considered outdated and deprecated, both firefox and chrome still support it for legacy compatibility. having to support deprecated standards is yet another hurdle in creating a browser.
2. chrome is the non-free (as in freedom) version of the open source browser "chromium", also created by google. compared to chromium, chrome adds some proprietary features like adobe flash and MP3 playback.
3. the engine safari uses is called webkit. chrome used to use this engine, but switched to a new engine based on webkit called blink. safari therefore shares at least some code with chrome.
4. based on http://gs.statcounter.com/browser-market-share/desktop/worldwide. note that it's impossible to perfectly measure browser market share, but this is good for getting an estimate.
#LynneTeachesTech
Lo, thar be cookies on this site to keep track of your login. By clicking 'okay', you are CONSENTING to this.