Forums and places like Reddit are something I enjoy using. While they are a social media platforms, but they are different. They have real, useful content and often very interesting discussions too.
> Building your own abstractions on top of AES directly is no less dangerous or prone to error.
You're telling me it's just as dangerous to implement a well-known library that has working AES-CFB as it is to roll your own AES-CFB implementation?
That's silly. Yes, it's dangerous to do any form of crypto. But there are really good resources on how to implement it correctly, and if you're using an existing library, the risks are significantly reduced.
This can be reduced to a simple mathematical equation:
(risk of hand rolling AES * risk of poor implementation) > risk of poor implementation
Also, if your assumption that the likelihood of introducing a catastrophic flaw is 1 was correct, there would be no correctly implemented crypto anywhere (although it would make the above equation false).
I agree with the nature of your arguments: crypto must be treated with care, and must be vetted by experts. However the whole "DON'T DO CRYPTO EVER!!" mindset is a lot more harmful in the long run. It's a powerful and dangerous tool, but it should be documented and understood instead of making us cower in fear.
Sorry, I missed your reply to this. In case you do ever read this, my point is that:
(risk of an amateur hand rolling AES * risk of poor implementation by an amateur) = risk of poor implementation by an amateur + epsilon = 1
Even experts make mistakes in these things, but amateurs don't even stand a chance. An amateur will make more mistakes doing both, for sure, but there are bound to be enough catastrophic flaws that it simply doesn't even matter at that point. More real-world attackers are going to try and exploit your abstractions on top of AES than try to exploit your AES implementation itself.
Version number is 0.2 so yes it has less features than KeepassX. There will be more features in the near future. This was just really "release early, release often"-kind of thing.
First of all it's nice to see Memo here in Hacker News. Memo started simply because I wanted note taking program for the command line. I never thought that it will become fairly popular as it is now.
Your bash completion is actually a great idea. I will start implementing it in the near future. It shouldn't be too hard to do and it will Memo much more nice to use. Thanks!
Oh... Wrong. Not everything needs to be cross platform. I wanted to make a native Windows program using C++ and WTL/Winapi. It has nothing to do with skills in programming. The only reason I did not make a Linux version of Butterfly is because I didn't want to. I've done portable programs for years. I use Linux every single day on my laptop. I don't even know why I'm trying to explain. Butterly is open source, GPL and can be used for free of charge. It's available for platforms I want it to be available. Feel free to create versions for other platforms or use some other music player that works on the operating system you want.
Agreed. Ignore the ignorance of the GP, open source coding is often done to scratch an itch - if Windows frameworks and platforms are your thing then more power to you!
I didn't downvote, but... It's actually pretty irritating that discussion of any project not hosted on GH gets "Why not Github?" question, every single f-ing time.
I hope this will end, together with LinkedIn invites.
It was more of a genuine question than of a criticism. There are obvious advantages about having a public repository if one is distributing the source code. But there might be disadvantages too, even as little as the setup time. I should have made the question more explicit.
Thank you for you comment. This kind of comments I was looking for.
What I've been looking into this today...It seems that it's not really worth it, as you said. I would kind of want it to worth it, maybe some day it will be.
