Personally, I use them as frameworks to justify management processes.
A) I tie the cybersecurity activities to business revenue enabling outcomes (unblocked contracts), and second to reduced risk (as people react less to this when spending the buck).
B) with the political capital from point A) I actually operate a cybersecurity program, justify DevSecOps artefacts, threat modeling, incident response exercises, etc.
What this SOC2 reports, ISO27k certificates are, more like a standardization for communicating the activities of the org to outside people, and getting an external person to vet that the org doesn't bulls*t too much. but at the end of the day, the organization is responsible for keeping their house in order.
A million factions all trying to take their angst out on some other neighboring faction, with geography that also puts everyone in the crossroads of every conquering group.
KeibiDrop: A peer to peer synchronous IPV6 file sync tool.
I always struggle to share files between my devices, or to navigate them. Why do I need servers, or dropbox or wetransfer?
Inspired by croc, rclone, syncthing and magic wormhole, I'm close to releasing KeibiDrop as MPL2.0.
It has a nice slint.dev GUI, works cross platform on mobile, + desktop (via FUSE or no-FUSE), and has post quantum encryption at transport level.
No clear monetization path, but I also tinker with unikraft in order to host a relay server (for key negotiation, or other things) as a unikernel cloud function.
Also on this topic I want to make a shout out to slint.dev !
(I've fiddled with it, and the syntax is extremely easy to grasp - very react-ish). Can use Rust/C as a binding language, and you can even choose the rendering engine (for example QT).
slintpad.com uses the wasm port to run on a browser and is not the same as when using Slint to build a "native" app, especially on mobile.
Slint does support decent text input and IME. Including text selection with the native handle. As a demo for android you can try the demo from https://material.slint.dev/ ("Download APK")
+1 for Slint! I worked with it for a while and enjoyed it quite a lot. Florian was working on a more glossy compinent library, not sure what has been made of it.
The DSL was pleasant but still had some rough edges. I think they made some nice QoL improvements in the latest releases, but I've not kept up with it. The compile times were quite something, though you can use the previewer tool to prototype faster.
Definitely worth giving Slint a shot, they learnt a lot from QML imo
I’m not sure if this is just an “on mobile” thing, but I can’t find any reference to ISO 27001 or SOC2 at that datacentres URL. Taking your word for it being there previously, this seems like a major red flag! Faking these certs is no joke, and silently removing references to that after being called out would be even more of a bad look.
@ybceo you seemed to represent this org based on your previous comments, is the parent commenter missing something here?
You're right, we shouldn't have had those certifications listed. They've been removed. We're a new company, made a mistake, and we're fixing it. Appreciate you calling it out.
Sorry for continuing on this thread, but now I got more questions:
How do you monitor and enforce your uptime SLA? You state 99.9%, which is less than 9 hours downtime per year; what happens if you breach this guarantee?
Any other types of SLA's? What happens if you get breached/ your networks gets breached, or hardware failure, and my "anonymous" data is lost.
Besides that you make some claims, but are they real, or are they vaporwave?
like:
"All our datacenters maintain the highest security standards with 24/7 on-site security, biometric access controls, and CCTV surveillance.
Each facility features N+1 power redundancy with UPS systems and diesel generators, ensuring your services remain online even during extended power outages."
What is the definition of wasting developer time? If a developer takes a 2 hours break to recover mental power and avoid burnout, is it considered time wasted?
You built it because you wanted to share passwords:
And your flow is: I encrypt my password; I upload the encrypted password to your server.
And I share the password to the encrypted password as plain text.
Why do I have to upload the encrypted password to your server, and not just use signal disapearing messages, or telegram secure channel disappearing messages to share the encrypted password there.
And I can use any other side channel to share the second password, like whatsapp, or regular plain mail.
It feels to me that you made a two step process into a one step process but increased the risk by adding you in the middle.
Why would I offload my trust to you instead of doing the second step?
Your skepticism is valid and if your flow already includes: A secure messaging tool (e.g. Signal), a GPG workflow or local encryption or a team that uses shared password vaults. Then to be fair Stasher might not be better.
I built Stasher for me. I wanted an easy, CLI-first way to share one-time secrets without worrying about accounts, apps, or trust. If Signal or GPG works better for you that’s totally cool.
Stasher exists to make casual, secure sharing simpler not to replace tools you already trust.
A) I tie the cybersecurity activities to business revenue enabling outcomes (unblocked contracts), and second to reduced risk (as people react less to this when spending the buck).
B) with the political capital from point A) I actually operate a cybersecurity program, justify DevSecOps artefacts, threat modeling, incident response exercises, etc.
What this SOC2 reports, ISO27k certificates are, more like a standardization for communicating the activities of the org to outside people, and getting an external person to vet that the org doesn't bulls*t too much. but at the end of the day, the organization is responsible for keeping their house in order.
reply