Posts by RichardNeill

Snap is atrociously wasteful

It's really wasteful. For example, this desktop machine, running Ubuntu 25.04 now has 15 copies of python installed! That's a terrible waste of bandwidth, disk, RAM, and energy, especially when we solved this years ago with (versioned) shared libraries and a package manager. Also, snap isn't even a very good security system - the "Inner platform" effect means that you have to allow so many exceptions - e.g. to allow the user access to their files - that you might as well just use the regular OS permissions model.

locate python3 | grep -E '/usr/bin/python3$'

/snap/core/17212/usr/bin/python3

/snap/core/17247/usr/bin/python3

/snap/core18/2947/usr/bin/python3

/snap/core18/2952/usr/bin/python3

/snap/core20/2599/usr/bin/python3

/snap/core20/2669/usr/bin/python3

/snap/core22/2133/usr/bin/python3

/snap/core22/2139/usr/bin/python3

/snap/core24/1196/usr/bin/python3

/snap/core24/1225/usr/bin/python3

/snap/gnome-3-28-1804/194/usr/bin/python3

/snap/gnome-3-28-1804/198/usr/bin/python3

/snap/kf6-core22/42/usr/bin/python3

/snap/kf6-core22/43/usr/bin/python3

/usr/bin/python3

IPXE's CX protocol solves this

Please take a look at https://cx.ipxe.org

This solves the distributed contact tracing problem in a privacy-preserving way.

The spec/protocol is complete and open-source; it just needs widespread implementation.

[IPXE is the project that was originally Etherboot]

From the features list:

* Zero information leakage: for users who do not choose to disclose any information for contact tracing (e.g. because they are never diagnosed with the disease), the information broadcast by that user is indistinguishable from an ideal random bitstring.

* Zero collection of location information: the devices running the protocol can choose to do so with no source of location information, and can therefore guarantee that no location history is collected.

* Zero privilege: there is no third party, central authority, or software provider who has privileged access to any data.

* Trusted diagnoses: governments and public health services provide trusted and digitally signed medical diagnoses, with the ability for users to distinguish between self-reported symptoms and medical test results.

* Distributed contact identification: users can identify only their own hazardous contacts, and no central authority has access to the information required to identify contacts.

* Immediate deployability: the protocol may be implemented as an app on existing Android and iOS devices, with no requirement for changes to the core operating system.

* Interoperability: the protocol may be implemented by any device and as part of any app, with all apps and all devices able to benefit equally from the same distributed data set.

* Flexibility: multiple interoperating apps may exist to cover different user niches and preferences, with no restriction on development of new apps and no need for users to be running the same app.

* International: the protocol allows for multiple healthcare providers in multiple jurisdictions, with support for distributed contact identification even for users travelling across national boundaries.

* Low bandwidth: the protocol includes measures to reduce the bandwidth requirements to manageable levels even when dealing with billions of users and frequent requests.

* Disconnected operation: the protocol will operate without a data connection, including in environments such as underground, at sea, or within an aircraft.

* Low resource: the protocol may be implemented on embedded systems such as an ESP32 microcontroller, enabling it to be deployed even in environments where typical Android or iPhone mobile devices are unaffordable.

* Ease of implementation: all cryptographic operations and data formats are chosen to be easily implemented using widely available and well-trusted existing libraries.