Under wraps for quite some time, now that it is Patent Pending I can finally talk here about one of my latest inventions, the Flutino. It is likely the world’s smallest (playable) musical instrument. It has a range approaching two octaves and loudness over 100 dB. Better yet: it works in every scale, and never needs tuning or even batteries. No fingerings to learn, and you can be playing another instrument (or anything, really) at the same time. You can sound like a pro in very little time.
Some time ago, a user named Steven uncovered a weakness in the FibonaRNG cipher, leading to this other post as a reply. At that time, I did not think that FibonaRNG needed to be strengthened, but recently I have realized that it would not be very difficult to remove that weakness. The result is PolyCrypt. The “Poly” bit comes from the fact that it can not only add security, but also remove it, making it a good platform to test classic human-computable ciphers.
I confess that the development of PassLok learned a lot from a competing app called MiniLock, by Nadim Kobeissi. That app got a lot of press when it was launched 9 years ago but is now defunct. In fact, its successor is also defunct, and so is its successor’s successor. Meanwhile PassLok continues delivering various crypto-related functions and spawning new children. This post collects some of that history and tries to get at the root causes for such a diverse outcome. Morale: sometimes slower is better.
I have mentioned my new app for adding zero-knowledge encryption to file sharing services that don’t have it natively in this and this other post. Right now I have a group of alpha testers uncovering bugs, and the first one coming in is that the instructions on the app itself are rather terse. This post hopefully will help users as well as group administrators.
Problem: A well-defined group of people formerly working at a single location used to pass along pieces of paper containing confidential information so group members could comment and expand. But after covid they find it hard to get together in one place and, since every member has a computer, they would like to be able to do it online. But confidentiality remains very important, along with integrity of the information. What can they do?
Chances are that by now many readers will have moved on to Two-Factor Authentication (2FA) for their most sensitive logins. The industry has been relentless in its support of this feature, sometimes forcing it on you for your own good. But not everything has been a field of daisies. I had a near-miss this very morning, which encouraged me to write this cautionary tale and offer some solutions you may find useful.
Nine months have passed since I decided to learn to play the piano, and I’m still on it, which is good. Not a virtuoso by any stretch, but I can almost accompany songs and have a lot of fun practicing by myself, which is bound to lead to good results. In this article, I muse about what has worked, and what hasn’t worked so well, in case it might help you.