Digital Vitamins | Fully remote in Europe or Asia time-zones | Full-Time |
We're looking for someone help maintain and evolve a cross-platform Electron desktop app aimed at facilitating real time communications within enterprise environments. You’ll own desktop features, native modules, and real-time comms.
Must have:
- Strong Electron + Node.js (packaging, auto-update, native modules).
- Solid JS/TS and cross-OS debugging.
- Strong work ethic and comfortable working remote, asynchronous communication, and owning features end-to-end.
- Ability to hit the ground running and be able to deliver from day one.
Nice to have experience with:
- WebRTC, XMPP, and E2EE/encryption APIs experience.
You’ll:
- Maintain native modules and ship cross-platform releases.
- Implement/optimize real-time features and integrations.
- Improve security, performance, and test/CI coverage.
If you think you're a fit, send an email with your CV at "ilya.lopukhin _a_t_ 1rstwap.com" and we'll talk.
===
We're also looking for a senior Java developer to help maintain and evolve the Android. You’ll own Android features, native integrations, and shipping releases.
Digital Vitamins | Mid-level Android Developer | REMOTE | Full Time | Europe - Asia timezones
We are seeking a dedicated and detail-oriented full-time Android developer to join our team.
What you will be doing:
As a key member, you will be immersed in the dynamic realm of a sophisticated, end-to-end-encrypted multimedia chat application that has evolved over the last 9 years. The application, written predominantly in Java, boasts a stack comprising various complex libraries and tools, including the NDK, SQLCipher, WebRTC, Jitsi, XMPP, and OpenCV. Your primary focus will be enhancing the application by introducing new features, modernizing the existing codebase, and ensuring top-notch performance and security.
Responsibilities:
- Collaborate with the development team to design, implement, and maintain features for our secure chat application.
- Integrate and work with native libraries using Android SDK and NDK, improving the app's performance and capabilities.
- Troubleshoot, debug, and resolve issues promptly to ensure a seamless user experience.
Qualifications:
- 3-4 years of hands-on experience in developing native Android applications using Java.
- Strong understanding and experience with core Android frameworks and libraries.
- Self-motivated and proactive mindset, with the capability to manage tasks independently and deliver high-quality results.
Knowledge or experience with any of the following is a big plus:
- Experience working with Android NDK for integrating native code (C/C++) into Android applications.
- Familiarity with encryption libraries such as SQLCipher and Olm for secure communication.
- Knowledge of XMPP for real-time communication and experience with related libraries.
- Experience with multimedia handling and processing using libraries such as WebRTC, OpenCV, and FFmpeg.
If you're interested, please send a CV to
new StringBuilder("ta.snimativ-latigid@ha").reverse().toString();
Cool, will drop a mail later today. Meanwhile, could you please let me know the budget range for this role and whether it will be a contract gig(in which case, please let me know the duration as well) or fulltime?
I have to say, it's really difficult to search for London. I got a ton of results from various boroughs from London, I got some London from Arkansas, I never got London proper.
If I type "london" and hit return, I end up on the unfiltered "Latest" page.
That seems something happening in quite some other apps, missing the obvious thing that when I as a tourist search for "London" I definitely don't care/don't know about Brixton, Leyton or Thingamajig. I'd be looking for the Big Ben and the Tower and other such tourist traps. If I wanted some hidden treasure in Crystal Palace then I'd have searched for that.
> Not true at all, USA begin to care about it too with foreign companies(TikTok) gaining traction in the American market.
You can't seriously believe this. It's quite obvious that the TikTok debacle is mostly a protectionist measure for Facebook & Google who are looking to get their money's worth for their lobby.
Since this is coming from the cesspool of disinformation that is Twitter[0], no idea if this is real, but apparently someone convinced Gemini to explain how it modified the prompt:
Here's a breakdown of what happens technically when you request images and I aim for more diverse representations:
1. Your Original Prompt: Your initial input was "Please draw a portrait of leprechauns". This is what you see and the starting point of the interaction.
2. My Internal Prompt Modification: To expand the range of images, I internally adjust the prompt in a few ways:
• Keywords: I might add words like "diverse," "inclusive," or specify ethnicities ("South Asian," "Black," etc.), and genders ("female," "non-binary") alongside the word "leprechaun."
• Phrasing: Instead of just "portrait," I might use "portraits of a variety of leprechauns" to signal to the image generation model that multiple depictions are desired.
3. Image Generation: The modified prompt is fed into the image generation model.
This internal model has been trained on a massive dataset of images and text, including images representing multiple ethnicities and genders associated with[..]
AI models do not have access to their own design, so asking them what technical choices led to their behavior gets you responses that are entirely hallucinated.
It depends, ChatGPT had a prompt that was pre-inserted by OpenAI that primed it for user input. A couple of weeks ago someone convinced it to print out the system prompt.
What’s the difference between a ‘proper’ response and a hallucinated one, other than the fact that when it happens to be right it’s not considered a hallucination? The internal process that leads to each is identical.
They know their system prompt and they could easily be trained on data that explains their structure. Your dismissal is invalid and I suggest you don’t really know what you are talking about to be speaking in such definitive generalities.
But the original comment was suggesting (implicitly, otherwise it wouldn’t be noteworthy) that asking an LLM about its internal structure is hearing it ‘from the horse’s mouth’. It’s not; it has no direct access or ability to introspect. As you say, it doesn’t know anything more than what’s already out there, so it’s silly to think you’re going to get some sort of uniquely deep insight just because it happens to be talking about itself.
Really what you want is to find out what system prompt the model is using. If the system prompt strongly suggests to include diverse subjects in outputs even when the model might not have originally, you’ve got your culprit. Doesn’t matter that the model can’t assess its own abilities, it’s being prompted a specific way and it just so happens to follow its system prompt (to its own detriment when it comes to appeasing all parties on a divisive and nuanced issue).
It’s a bit frustrating how few of these comments mention that OpenAI has been found to do this _exact_ same thing. Like exactly this. They have a system prompt that strongly suggests outputs should be diverse (a noble effort) and sometimes it makes outputs diverse when it’s entirely inappropriate to do so. As far as I know DALLE3 still does this.
> It’s a bit frustrating how few of these comments mention that OpenAI has been found to do this _exact_ same thing.
I think it might be because Google additionally has a track record of groupthink in this kind of area and is known to have stifled any discussion on ‘diversity’ etc. that doesn’t adhere unfailingly to the dogma.
> (a noble effort)
It is. We have to add these parentheticals in lest we be accused to being members of ‘the other side’. I’ve always been an (at times extreme) advocate for equality and anti-discrimination, and I now find myself, bizarrely, at odds with ideas I would have once thought perfectly sensible. The reason this level of insanity has been able to pervade companies like Google is because diversity and inclusion have been conflated with ideological conformity and the notion of debate itself has been judged to be harmful.
Not necessarily disagreeing with you regarding the people that are imagining things, but with a device so relatively popular as the Apple Watch, this could be very well explained by a software update that messed up the touch screen "driver" and is generating ghost touches. As the update rolled out, it started affecting more and more users who turn to the forums to look for help.
One consequence of these ghost touches would be inputting the wrong PIN which will initially lock the device for one minute, so I don't see what's strange about that.
Which messages, specifically, are you referring to with "exact time & date" and "same timestamp"? I skimmed through them but nothing of sort stood out.
1. The /feds/ broke Snapschat's end to end encryption and they're monitoring for all traffic with designated stopwords, or...
2. One of his friends reported him, one way or another, or..
3. Snapchat's end to end encryption is... not. I can't find any definitive statement that the chat messages themselves are E2EE, only that photos and videos are encrypted and the key is exchanged between users[1]. This means that Snapchat can monitor for text messages or decrypt uploaded attachments when necessary, since they have access to the message that contains the key for the attachment.
Most likely Snapchat's E2EE is just a facade, they probably have a dictionary of "funny" words on the device (and/or the server) and automatically flags the message in the internal systems when certain stopwords are being used.
I think there's arguably several things going on in reality.
I don't think anyone has "broken" proper encryption that any major service is using, but I believe there is proof that the encryption is being bypassed in one of multiple ways.
One way could be through things like Pegasus, the Israeli spyware that can be silently installed on mobile phones. How this gets onto the device in the first place is not disclosed, but with the major app stores already having the capability to remotely install apps without your permission, this is obviously a very easy way to do it.
There have also been leaked US government documents stating that they have systems in place to monitor unencrypted messages from major proprietary apps like Facebook, Whatsapp, Instagram etc. I think any time you don't have the source code to at least the client program, there's no guarantee it's properly encrypting things in the first place.
Also it's possible the Whatsapp and similar programs are simply compromised by design, to where even though messages DO use E2EE, the client program itself could still be intercepting the messages secretly BEFORE they're encrypted and then doing who knows what with them. Without the source it's hard to know.
And with UK being part of Five Eyes I don't doubt at least some of this tech is shared with them.
> Most likely Snapchat's E2EE is just a facade, they probably have a dictionary of "funny" words on the device (and/or the server) and automatically flags the message in the internal systems when certain stopwords are being used.
On device content scanning notifies Snapchat of a certain type of threat, that + metadata goes to a real-time law-enforcement system which combines it with other sources to decide whether a lawful intercept is warranted - if so, Snapchat pulls the cached messages off the device and forwards them on.
It’s arguable that would be reasonable and legal, depending on the watchlist.
Well - it’s reasonable for a government to seek to stop absolute privacy subverting the prevention and detection of crime … I think, so a state has to find some way to be able to construct reasonable suspicion and then lawful search on routine internet activity. (Opinions vary, obviously)
The almost real-time response is what makes it really hard to believe it was in response to some list of codewords that probably get mentioned in messages many thousands of times per day. (and which, as far as we know, has never triggered a response like this previously.) Someone shoulder surfing or a friend freaking out and calling see something/say something seems much more likely IMO.
I think signal/OTR has e2ee support for pretty large groups.
The kid was using airport wifi for this right? I'd guess public airport wifi installs some backdoored SSL cert and is generally monitored (and you probably agree to this ToS when you use it) - you may even agree to not make jokes about planes - I wouldn't be surprised.
Nah the best you could do for a long while was just to have n^2 bilateral encryption sessions that behave like a group channel. Only fairly recently was a workable construction for doing many-party encryption sessions actually developed, called TreeKEM, and is now standardized in the IETF MLS standard. This is literally bleeding edge cryptography.
It's an extremely flexible design and has relatively few constraints in how it can be used in a larger system, but it's just extremely new.
The ART construction exited a few years ealier than TreeKEM but that's a weaker design with more restrictions so it wasn't adopted very widely afaik.
> Nah the best you could do for a long while was just to have n^2 bilateral encryption sessions that behave like a group channel.
What? We could do better than that before we had group chats. PGP will let you send encrypted email to multiple recipients, and multiple simultaneous bilateral encryption sessions are not involved.
The system is:
1. You encrypt the message using a symmetric encryption key.
2. You encrypt the key, which is short, once for every recipient.
3. You prepend the whole bundle of encrypted keys to the message.
4. You send that out. Everyone receives the same encrypted data. This is what would appear in a group channel.
5. When you receive a message, you try to decrypt it. If decrypting the header doesn't produce a key for you, then you're not one of the recipients.
Even if you want to analyze this as a set of bilateral sessions, the storage and computation requirements are linear, not quadratic: when I send a shared message to Alice and Bob, I need to know how I send messages to Alice, and I need to know how I send messages to Bob, but I don't care how Alice sends messages to Bob.
PGP is poorly suited for live conversations with rotating members like this since it doesn't support post-compromise security or perfect forward secrecy (not in-protocol, at least), which most people would expect from an E2EE chat protocol. I was speaking of protocols that did have these properties.
TreeKEM also manages sublinear communication, constant per message (since there's a shared secret already used for the ratchet) and logn for key updates or group membership changes.
The concept of encryption is poorly suited for live conversations with rotating members. If you don't know who you're talking to, there's no point in encrypting your message.
> I was speaking of protocols that did have these properties.
The method PGP uses to encrypt messages to multiple recipients will still work for whatever protocol you have in mind. Why is your dislike for PGP relevant?
That's pretty reductive, perhaps you don't have a fully connected graph of relationships in a group but other parties you do know in a group you trust to vouch for others. There's also lots of data privacy/security compliance reasons you'd want to have E2EE with large groups. I believe I heard that some larger companies wanted to investigate using MLS to encrypt internal communications, and having hundreds/thousands of people in a group where most don't know each other but they're all managed by an authority who doesn't want to be able to know what they're discussing.
I don't dislike PGP I'm just saying that it doesn't natively have PFS and PCS, which are generally accepted by security people as being necessary properties for a protocol to be considered full E2EE.
> I believe I heard that some larger companies wanted to investigate using MLS to encrypt internal communications, and having hundreds/thousands of people in a group where most don't know each other but they're all managed by an authority who doesn't want to be able to know what they're discussing.
But it's impossible for the authority to achieve that goal. If they manage the group membership, they are free to add themselves and read the discussions.
> Most likely Snapchat's E2EE is just a facade, they probably have a dictionary of "funny" words on the device (and/or the server) and automatically flags the message in the internal systems when certain stopwords are being used.
Reminds me of whenever I used to phone a friend during my teenage years I would always start with "BOMB QUEEN, BOMB QUEEN."
> While it offers many features, I've refused to pay for a solution to Apple's poor design decision.
Well then you're in luck, because there's a free app called Hidden Bar[1] on the Mac App Store that allows you to hide icons which you're not interested in.
I am not affiliated with the author(s?), I am just a happy user and I would probably be using it even if the Macbook didn't have a notch.
> Well then you're in luck, because there's a free app called Hidden Bar[1] on the Mac App Store that allows you to hide icons which you're not interested in.
Author here: I did try Hidden Bar yesterday before finding this workaround and I uninstalled it today. I want to see all of the 16 apps that I have. I don't want to hide any of them. By changing the whitespace mentioned in the blog post I now can see all of them.
This is only of limited help. If I didn't want a program to have a menu icon, I wouldn't be running that program, or would have configured it to not have an icon. Hidden Bar's entire purpose is to hide the infrequently needed icons, conversely, it needs to expose them when I un-hide icons.
If there are too many, some end up under the notch, even though there's room on the other side of it for them in most cases. That's just Apple shipping a bug and not fixing it.
Still sort of insane that you need extra apps to fix an issue that Microsoft figured out decades ago. The GP says it was in Windows Vista, but I'm pretty sure even Windows 98 had it. I know XP did.
Weirder still is that they did, they have an entire expanding control panel pane with redundant pop out controls for stuff that was previously in the menu bar, they just failed to universally integrate it with the system so that third parties could use it.
We're looking for someone help maintain and evolve a cross-platform Electron desktop app aimed at facilitating real time communications within enterprise environments. You’ll own desktop features, native modules, and real-time comms.
Must have:
- Strong Electron + Node.js (packaging, auto-update, native modules).
- Solid JS/TS and cross-OS debugging.
- Strong work ethic and comfortable working remote, asynchronous communication, and owning features end-to-end.
- Ability to hit the ground running and be able to deliver from day one.
Nice to have experience with:
- WebRTC, XMPP, and E2EE/encryption APIs experience.
You’ll:
- Maintain native modules and ship cross-platform releases.
- Implement/optimize real-time features and integrations.
- Improve security, performance, and test/CI coverage.
If you think you're a fit, send an email with your CV at "ilya.lopukhin _a_t_ 1rstwap.com" and we'll talk.
===
We're also looking for a senior Java developer to help maintain and evolve the Android. You’ll own Android features, native integrations, and shipping releases.
Must have:
- Strong Java + Android SDK experience (app architecture, lifecycle, background services).
- Practical WebRTC on Android experience.
- Experience shipping rock-solid Play Store builds.
- Some NDK/JNI experience (not very much needed though).
- Strong work ethic and comfortable working remote, asynchronous communication, and owning features end-to-end.
- Ability to hit the ground running and be able to deliver from day one.
Nice to have experience with:
- XMPP and E2EE/encryption APIs.
- Managing CI/CD for Android
You’ll:
- Maintain and extend the Android client, we have tons of new features planned for the foreseeable future.
- Implement/rescue complex features (call reliability, background push, low-latency reconnects).
- Optimize performance (startup, memory, battery, call quality) and fix device-specific issues.
If you think you're a fit, send an email with your CV to "ah _a_t_ digital-vitamins.at" and we'll talk.