Aggregator

On Cloudflare's blog, a senior research engineer shares a plan for "improving the trustworthiness of JavaScript on the web." "It is as true today as it was in 2011 that Javascript cryptography is Considered Harmful." The main problem is code distribution. Consider an end-to-end-encrypted messaging web application. The application generates cryptographic keys in the client's browser that lets users view and send end-to-end encrypted messages to each other. If the application is compromised, what would stop the malicious actor from simply modifying their Javascript to exfiltrate messages? It is interesting to note that smartphone apps don't have this issue. This is because app stores do a lot of heavy lifting to provide security for the app ecosystem. Specifically, they provide integrity, ensuring that apps being delivered are not tampered with, consistency, ensuring all users get the same app, and transparency, ensuring that the record of versions of an app is truthful and publicly visible. It would be nice if we could get these properties for our end-to-end encrypted web application, and the web as a whole, without requiring a single central authority like an app store. Further, such a system would benefit all in-browser uses of cryptography, not just end-to-end-encrypted apps. For example, many web-based confidential LLMs, cryptocurrency wallets, and voting systems use in-browser Javascript cryptography for the last step of their verification chains. In this post, we will provide an early look at such a system, called Web Application Integrity, Consistency, and Transparency (WAICT) that we have helped author. WAICT is a W3C-backed effort among browser vendors, cloud providers, and encrypted communication developers to bring stronger security guarantees to the entire web... We hope to build even wider consensus on the solution design in the near future.... We would like to have a way of enforcing integrity on an entire site, i.e., every asset under a domain. For this, WAICT defines an integrity manifest, a configuration file that websites can provide to clients. One important item in the manifest is the asset hashes dictionary, mapping a hash belonging to an asset that the browser might load from that domain, to the path of that asset. The blog post points out that the WEBCAT protocol (created by the Freedom of Press Foundation) "allows site owners to announce the identities of the developers that have signed the site's integrity manifest, i.e., have signed all the code and other assets that the site is serving to the user... We've made WAICT extensible enough to fit WEBCAT inside and benefit from the transparency components." The proposal also envisions a service storing metadata for transparency-enabled sites on the web (along with "witnesses" who verify the prefix tree holding the hashes for domain manifests). "We are still very early in the standardization process," with hopes to soon "begin standardizing the integrity manifest format. And then after that we can start standardizing all the other features. We intend to work on this specification hand-in-hand with browsers and the IETF, and we hope to have some exciting betas soon. In the meantime, you can follow along with our transparency specification draft,/A>, check out the open problems, and share your ideas."

Read more of this story at Slashdot.

Gus was playing in a mound of dirt at Oak Park station, under the care of his grandmother Shannon Murray as his mother Jessica and grandparent Josie were tending to their flock 10km away.

The Home Office yesterday revealed that 16 migrants were deported last week in the 'largest flight group yet' under the one in, one out agreement with Paris.

The BBC said Gaza hospitals sources claimed 44 people were killed in the Israeli air strikes on Sunday. However, Israel said it would resume its enforcement of the ceasefire.

A family dentist has shocked parents online after revealing the five things he would never give his own children.

The Big Brother host, 37, announced their engagement in June, beamed as she cosied up to the American Art Director.

Despite their obvious chemistry and genuine delight at starring alongside one another, an insider has told the Daily Mail that Paltrow was not Chalamet's first choice.

The Daily Mail has learnt that a single sentence, which appears to have been lifted almost word for word from Labour's 2024 manifesto, led to the China spy case collapsing.

Romesh Ranganathan is the new king of Saturday nights. Even Bruce Forsyth never hosted three weekend shows on separate channels, one after another.

As they led the winners taking home gongs at the ceremony, the soap stars claimed that they have no plans to retire despite being on the show for a combined 118 years

Sarah Ferguson lost her royal title after her ex-husband Prince Andrew agreed to give up his own on Friday. However seems unphased by the new change, according to HELLO!

"My boss thinks AI will solve every problem and is wildly enthusiastic about it," complains a mid-level worker at a Fortune 500 company, who considers the technology "unproven and wildly erratic." So how should they navigate the next 10 years until retirement, they ask the Washington Post's "Work Advice" columnist. The columnist first notes that "Despite promises that AI will eliminate tedious, 'low-value' tasks from our workload, many consumers and companies seem to be using it primarily as a cheap shortcut to avoid hiring professional actors, writers or artists — whose work, in some cases, was stolen to train the tools usurping them..." Kevin Cantera, a reader from Las Cruces, New Mexico [a writer for an education-tech compay], willingly embraced AI for work. But as it turns out, he was training his replacement... Even without the "AI will take our jobs" specter, there's much to be wary of in the AI hype. Faster isn't always better. Parroting and predicting linguistic patterns isn't the same as creativity and innovation... There are concerns about hallucinations, faulty data models, and intentional misuse for purposes of deception. And that's not even addressing the environmental impact of all the power- and water-hogging data centers needed to support this innovation. And yet, it seems, resistance may be futile. The AI genie is out of the bottle and granting wishes. And at the rate it's evolving, you won't have 10 years to weigh the merits and get comfortable with it. Even if you move on to another workplace, odds are AI will show up there before long. Speaking as one grumpy old Luddite to another, it might be time to get a little curious about this technology just so you can separate helpfulness from hype. It might help to think of AI as just another software tool that you have to get familiar with to do your job. Learn what it's good for — and what it's bad at — so you can recommend guidelines for ethical and beneficial use. Learn how to word your wishes to get accurate results. Become the "human in the loop" managing the virtual intern. You can test the bathwater without drinking it. Focus on the little ways AI can accommodate and support you and your colleagues. Maybe it could handle small tasks in your workflow that you wish you could hand off to an assistant. Automated transcriptions and meeting notes could be a life-changer for a colleague with auditory processing issues. I can't guarantee that dabbling in AI will protect your job. But refusing to engage definitely won't help. And if you decide it's time to change jobs, having some extra AI knowledge and experience under your belt will make you a more attractive candidate, even if you never end up having to use it.

Read more of this story at Slashdot.

A sacred image of Mary and a young Jesus, which leaks myrrh that is believed to heal illnesses, including cancer and demonic possession.

Some 74 per cent of young Brits were blissfully unaware of every bleep, screech and ding it used to take to get online, new research has shown. Pictured: File photo

The young girl was reportedly sexually assaulted by a man in a wooded area of Tunbridge Wells Common, Royal Tunbridge Wells, Kent, between 8pm and 9pm on October 18.

Planes were unable to take-off or land at Palma de Mallorca Airport from on Sunday evening, leaving thousands of passengers stranded.

This 'dearth' of information on symptoms and treatments is being filled by private companies who see menopausal women as a 'lucrative market', experts say.

Three in five medics said they cared for patients in temporary spaces such as corridors, offices and cupboards this summer.

Asking prices in London, the south east, the south west and the east of England have all ticked down as buyer confidence tumbles, Rightmove said.

The singer, 37, has been enjoying secret dates with the businessman and last month he whisked her off on a romantic trip to Portugal, which is the location of his medical cannabis farm.