The US Government did a study in the 1950s and discovered that the damage done to a roadway by a car is proportional to the fourth power of its axle weight.
Super heated water is a pretty effective disinfectant within the pipes. For interior spaces ventilation is a legitimate problem in non-forced-air systems.
Idiocy is gaining a foothold everywhere it seems to me. I keep wondering if this is how civilization collapses? We just forget how to do stuff and recede back into darkness?
I use Win10, Firefox (latest) and the "Open in Reader View" add-on. So when I right-click the link and select "Open in Reader View" on the menu, it bypasses all the scripts and shows me the full text.
This is how I open 99% of any links on HN or anywhere else (i.e. wanting to read a news article)(I always open in reader view to avoid menus/columns/ads/etc.)
It's (deliberately) a very soft paywall. The LRB offers a certain number of articles for free then hope to attract subscribers, but it's only really a semi-commercial proposition. The whole thing has been subsidised by the editor for decades; my suspicion is that they're much more interested in being read than being paid.
FWIW I'm a subscriber at least in the main because I want it to exist. Most months I don't read more than I'd get for free anyway. But it's gloriously chewy content of a kind that you can't quite find anywhere else.
* If you disable javascript, the content doesn't load.
* Copying is disabled.
* There's some kind of javascript function constantly toggling state so that if you right-click inspect, the content div collapses before you can further unroll it.
Someone really wanted users to see the article, then watch it disappear, and make them feel a sense of loss.
Have you found a decent bare bones starter theme? I've been using MkDocs Material, and I find the theme too complicated (HTML etc) - hoping to find a super simple one that looks decent - plain - and is a good base for theming / styling. Thanks & take care.
I'm someone not really aware of the consequences of each quantum of progress in quantum computing. But, I know that I'm exposed to QC risks in that at some point I'll need to change every security key I've ever generated and every crypto algorithm every piece of software uses.
How much closer does this work bring us to the Quantum Crypto Apocalypse? How much time do I have left before I need to start budgeting it into my quarterly engineering plan?
> But, I know that I'm exposed to QC risks in that at some point I'll need to change every security key I've ever generated and every crypto algorithm every piece of software uses.
Probably not. Unless a real sudden unexpected breakthrough happens, best practise will be to use crypto-resistant algorithms long before this becones a relavent issue.
And practically speaking its only public-key crypto that is an issue, your symmetric keys are fine (oversimplifying slightly, but practically speaking this is true)
You'll need to focus on asym and DH stuff. If your symmetric keys are 256 bits you should be fine there.
The hope is that most of this should just be: Update to the latest version of openssl / openssh / golang-crypto / what have you and make sure you have the handshake settings use the latest crypto algorithms. This is all kind of far flung because there is very little consensus around how to change protocols for various human reasons.
At some point you'll need to generate new asym keys as well, which is where I think things will get interesting. HW based solutions just don't exist today and will probably take a long time due to the inevitable cycle of: companies want to meet us fed gov standards due to regulations / selling to fedgov, fedgov is taking their sweet time to standardize protocols and seem to be interested in wanting to add more certified algorithms as well, actually getting something approved for FIPS 140 (the relevant standard) takes over a year at this point just to get your paperwork processed, everyone wants to move faster. Software can move quicker in terms of development, but you have the normal tradeoffs there with keys being easier to exfiltrate and the same issue with formal certification.
Maybe my tinfoil hat is a bit too tight, but every time fedgov wants a new algo certified I question how strong it is and if they've already figured out a weakness. Once bitten twice shy or something????
The NSA has definitely weakened or back-doored crypto. It’s not a conspiracy or even a secret! It was a matter of (public) law in the 90s, such as “export grade” crypto.
Most recently Dual_EC_DRBG was forced on American vendors by the NSA, but the backdoor private key was replaced by Chinese hackers in some Juniper devices and used by them to spy on westerners.
Look up phrase likes “nobody but us” (NOBUS), which is the aspirational goal of these approaches, but often fails, leaving everyone including Americans and their allies exposed.
You should look up the phrase "once bitten twice shy" as I think you missed the gist of my comment. We've already been bitten at least once by incidents as you've described. From then on, it will always be in the back of my mind that friendly little suggestions on crypto algos from fedgov will always be received with suspicion. Accepting that, most people that are unawares will assume someone is wearing a tinfoil hat.
Perhaps, but you got to ask yourself how valuable will your data be 20-30 years in the future. For some people that is a big deal maybe. For most people that is a very low risk threat. Most private data has a shelf life where it is no longer valuable.
I'm not sure anyone really knows this although there is no shortage of wild speculation.
If you have keys that need to be robust for 20 years you should probably be looking into trying out some of the newly NIST approved standard algorithms.
My slack profile, for years, has had a volcano emoji and the words "DMs are lava. Don't touch the lava."
It doesn't actually stop people from DMing me, but it does soften the blow a bit when I immediately move technical/product conversations out of DMs. (Obviously anything personal or sensitive stays private)
sales is literally you-eat-what-you-kill. you get paid % commission on sales regardless of your gender.
There are so many sales people nobody would actually bother creating a separate pay grade for women and separate for men (and it would be highly unethical and illegal ofc)
The point of the GP post is that the "w-4" token had very different results from ["w", "-4"] or similar algorithms where the "w" and "4" wound up in separate tokens.
https://en.wikipedia.org/wiki/Fourth_power_law
reply