• mlg@lemmy.world
    link
    fedilink
    English
    arrow-up
    76
    arrow-down
    2
    ·
    5 months ago

    I’m actually gonna give the benefit of the doubt and assume this is actually a grown idiot lol

    • drathvedro@lemm.ee
      link
      fedilink
      arrow-up
      21
      ·
      edit-2
      5 months ago

      This ‘compress’ everything is such a waste of CPU and energy. Plus “oops, all your files are gone, tee hee”. GZ everywhere is fucking stupid. More complexity for zero benefit.

      - CTO at my previous company

      • twei@discuss.tchncs.de
        link
        fedilink
        arrow-up
        3
        ·
        5 months ago

        To be fair: there are many things where compression is a waste of CPU time, like fonts and about 90% of non-text media as they’re already compressed

        • frezik
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          5 months ago

          What, you don’t love downloading a zip file that contains an msi (which is perfectly capable of internally compressing much of its internal data)?

    • kia@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      5 months ago

      Found the thread and wow, this person goes on to desperately defend this dumb stance…

    • rottingleaf@lemmy.zip
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      5 months ago

      When it’s not E2EE, maybe they are right. What’s the point of encrypting something that gets decrypted midway by an organization with hundreds of employees, many of them with access, not even talking about law enforcement and accidental criminals.

      EDIT: I mean, illusion of security may be sometimes worse that lack of that little security which comes with it. Everything is complex.

      • patatahooligan@lemmy.world
        link
        fedilink
        arrow-up
        8
        ·
        5 months ago

        The point of encrypting something that gets decrypted midway by an organization is that there are worse actors than the organization out there. I’m not really scared of Steam abusing my credit card info, but I am afraid of random internet strangers.

        Also remember that https doesn’t just protect your data, it also verifies that you’re actually on the website you think you are. The internet is basically unusable without this guarantee, especially on a network you share with others.

    • trafficnab@lemmy.ca
      link
      fedilink
      arrow-up
      8
      arrow-down
      6
      ·
      edit-2
      5 months ago

      I still stand by full disk encryption accomplishing almost nothing for the average user but separating them from their own files

      If you don’t have data on your PC that someone might be willing to kill you for, you probably don’t need it, and Microsoft enabling it by default for Win11 installs is crazy

      • EuroNutellaMan@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        5 months ago

        I mean, I think it’s a good idea to enable it on a laptop.

        I mean if someone steals your laptop they can access all your files without it, and even though 90% of files may be useless there’s always chances to find passwords (often reused, even if encrypted can be decrypted if they aren’t strong), bank details, documents, etc oh and cookies for your browser sessions etc etc. If I were a laptop thief (which I’m not) I’d probably look for those too before formatting everything, that could be extra money.

        That’s why I encrypt my laptop’s drive. That way even if it’s stolen the only thing I have to really worry about is not having a laptop anymore.

        • trafficnab@lemmy.ca
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          Yeah but I don’t think the average smash and grab thief is going to be smart enough to recognize the potential value of the data on the laptop, they’re just going to pawn the thing off as quickly as possible

          Anyone smart enough to want the data probably doesn’t need to smash a window, they’ll just access the data remotely when the computer is on and the drive is unencrypted

          So even then, it only protects you from the very narrow overlap of thieves who are dumb enough to need to break into cars for a living, but smart enough to harvest data off of stolen laptops

    • KillingTimeItself@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      4
      ·
      5 months ago

      it depends on the application, if you’re just serving a static site, or talking on a public chatforum, yeah encryption is pointless.

      If you’re talking an SSH tunnel? Yeah no this is stupid.

      • frezik
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        5 months ago

        Encryption everywhere isn’t about the individual content. By making it ubiquitous, it’s harder for bad actors to separate the encrypted data they want from the one’s they don’t. If only special content is encrypted, then just the fact that it’s encrypted is a flag for them. It also makes it much harder to ban. It’s pretty much impossible to ban the algorithms in TLS at this point. Too much depends on it.

        • KillingTimeItself@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          it’s a good thing the entirety of https traffic has encrypted headers than…

          Regardless, if it’s properly encrypted it doesn’t matter if they have it, and are able to confirm who it’s from, unless we’re talking about a governmental agency or an org with access to one of those mythical quantum computers. In which case it’s probably a significant portion of future security.

          • frezik
            link
            fedilink
            arrow-up
            1
            ·
            5 months ago

            TLS already has algorithms hardened against QC. The effects of QC against encryption are greatly exaggerated, anyway. The number of qubits that would be needed to break encryption may be too large to ever be feasible.

            Get IPv6 going and stuff like SNI becomes unnecessary.