ricecake

@ricecake@sh.itjust.works

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Is it possible to design a (pen and paper) cipher that is secure against government cryptanalysis for at least 10 years?⁩ ⁨⁨7⁩ ⁨hours⁩ ago⁩:
So, the size of the key doesn’t directly relate to the size of the cipher, which also doesn’t directly relate to security. AES is 128 bit , can have 128, 192, or 256 but keys and is currently not known to have any workable weaknesses.

Largely a cipher isn’t weak if guessing the key is the only weakness, since every cipher is vulnerable to brute force. It’s weak if you can figure out the message without needing the key.
⁨Comment⁩ on ⁨Is it possible to design a (pen and paper) cipher that is secure against government cryptanalysis for at least 10 years?⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
That’s no longer a one time pad. That’s closer to a homebrew stream cipher with the weakness of having a key that you just hope no one notices.
⁨Comment⁩ on ⁨Is it possible to design a (pen and paper) cipher that is secure against government cryptanalysis for at least 10 years?⁩ ⁨⁨1⁩ ⁨day⁩ ago⁩:
You need a way to generate a psuedo random sequence that’s synchronized. You can then use that random stream as something that works like a stream cipher.

Getting synchronized sources of random numbers like that isn’t trivial, but it can be done.

To spitball a notion: get something like a small microcontroller that can drive a small screen, no wireless capabilities needed. Putting an implementation of something like the hotp algorithm on it will let you get some random data with each button press. That data can basically be used like a one time pad where you press a button each time you need more data. People decrypting the data just need to start at the same point in the sequence.

There are so many issues with this that I haven’t thought of, but it’s the most reasonable approximation of a pen and paper algorithm that has modern security levels and can be done in a reasonable amount of time.

Basically, you’re going to want to look into stream ciphers. Since those can be done without feeding the data into them, it’s possible to have a more disconnected system.

It’s worth noting that against a governmental adversary, you’re far more likely to be revealed via poor application of a custom crypto system than by a targeted bypass of a commonplace one.
If you’re under suspicion, a cop can grab the piece of paper you did your work on out of the trash if you forgot to burn it and no decryption is required. Being physically readable, the key material can be seized and it’s lost. If they have a warrant they can put a camera in your house and just record your paper.
With a cellphone, the lowest level of scrutiny that can use a backdoor that we know of would be a sealed fisa court order. Anything less official would require more scrutiny, since the NSA isn’t going to send a targeted payload to the phone of a generic malcontent/domestic subversive.

Widely used crypto systems address an extremely wide array of possible attacks, most of which aren’t related to the cipher but instead to issues of key management and rotation. This can give you guarantees about message confidentiality being preserved backwards in time if the key is stolen,cand only new messages being readable, as an example. (Perfect forward secrecy)

What you’re looking for can be made, but you need to strongly consider if it actually makes you more secure, or less. Probably less.
⁨Comment⁩ on ⁨Balatro wins formal appeal to reclassify poker game as PEGI 12⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
I don’t know that I’d agree with the notion that games that are engaging need to be rated higher. Is there harm to playing one game a lot?
I’ve read books that were so engaging I kept reading long after I should have stopped for the night. The author very much intended for the book to be engaging and to hold my attention. Should we rate the book as more mature because I kept reading it?

I don’t think balatro is any more addictive than most other games, it just has a low barrier to starting and a quick turn around.

Ratings should be informative and harm based. “This game is full of violence” and “this game has gambling”. Factual.
A game being prone to being played alot isn’t factual, it’s just an observation that some people find it fun. Without an associated risk of harm you’re just putting a scary number on something because of your opinion about it.
⁨Comment⁩ on ⁨If I was a Health Care CEO after Luigi and felt in fear of my life from someone else how would I hire security? What would be a good deal? And does security act like the Secret Service to take a bulle⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
So, for the actual answer to how you get private security: you hire a company like constellis (formerly blackwater, or Iraq war crime fame) or the honest to God pinkertons, who are actually still around.
You pay them unholy amounts of money and get some burly people to follow you around, with skills proportional to how much you’re paying them. If it gets to the six figure a month range, they also get more war-crime-y because you’re going for the highly qualified special forces folks who miss the fun of combat and murder.
If you try to pay what feels like a reasonable sum for private security you’re getting a cop working a second job who is definitely not taking a bullet for you, and probably not doing anything more to keep you alive than what’s coincidental to keeping themselves alive.

The company I work for does business in countries where kidnapping foreign business people is a common and lucrative way to make money (it’s effectively IT consulting, we’re not evil beyond the baseline capitalist level). We hire security people for preposterous sums and basically get former special forces who drive a car, make sure the person who showed up to the meeting is actually who they should be, orders delivery food, and tells you not to do stupid things. They try to keep you from getting kidnapped in boring ways, and if you do get kidnapped they coordinate the ransom exchange. (That I know of the most that’s ever happened was someone made the phone call to verify that the car they were about to get into at the airport was the pickup, and were told that it was not, abandon your bag if they’ve already loaded it and immediately go back into the airport and wait for the guard who showed up a minute later and handled the police interaction)

In general just try to avoid being in a position where you feel like you need to have hired a hero.
⁨Comment⁩ on ⁨Digital Fingerprinting: Google launched a new era of tracking worse than cookie banners | Tuta⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
blog.lukaszolejnik.com/biggest-privacy-erosion-in…

This article actually shares what changed, as opposed to just asserting that there was a change.
⁨Comment⁩ on ⁨Google Gemini: Fascist AI for the plebs⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Well, yeah. That’s what it said.

It’s trained by reading the horrible morass of stuff on the Internet. Topics with larger amounts of disinformation are areas where they’re very prone to making mistakes. Crossing those topics with ones that misinformation or the appearance of misinformation are particularly damaging to the world or to their reputation and you have a good list of topics that are probably not good candidates to let your chatbot talk about.

It doesn’t do “reasoning” or “critical thinking” in the way you might expect for something that can communicate articulately. It doesn’t know what’s accurate or not, only what’s likely to be stated on the Internet. Unfortunately, it’s very likely for people on the Internet to say some bonkers things about the 2020 election in specific, and anything political in general. Even in sources that normally might be ranked higher for factuality, like a news publication.
It’s not just trump, it’s anything political.

This type of AI isn’t an expert, it’s a mimic. It knows how to mimic patterns, and it’s been told to mimic something knowledgeable and helpful based on all the text on the Internet, where people regularly present themselves as knowledgeable regardless of their basic sanity.
⁨Comment⁩ on ⁨Thomson Reuters Wins First Major AI Copyright Case in the US⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:

Though the headnotes were drawn directly from uncopyrightable judicial opinions, the court analogized them to the choices made by a sculptor in selecting what to remove from a slab of marble. Thus, even though the words or phrases used in the headnotes might be found in the underlying opinions, Thompson Reuters’ selection of which words and phrases to use was entitled to copyright protection. Interestingly, the court stated that “even a headnote taken verbatim from an opinion is a carefully chosen fraction of the whole,” which “expresses the editor’s idea about what the important point of law from the opinion is.” According to the court, that is enough of a “creative spark” to be copyrightable. In other words, even if a work is selected entirely from the public domain, the simple act of selection is enough to give rise to copyright protection.

The court distinguished cases holding that intermediate copying of computer source code was fair use, reasoning that those courts held that the intermediate copying was necessary to “reverse engineer access to the unprotected functional elements within a program.” Here, copying Thompson Reuters’ protected expression was not needed to gain access to underlying ideas.

natlawreview.com/…/court-training-ai-model-based-…

It sounds like the case you mentioned had a government entity doing the annotation, which makes it public even though it’s not literally the law.
Reuters seems to have argued that while the law and cases are public, their tagging, summarization and keyword highlighting is editorial.
The judge agreed and highlighted that since westlaw isn’t required to view the documents that everyone is entitled to see, training using their copy, including the headers, isn’t justified.

It’s much like how a set of stories being in the public domain means you can copy each of them, but my collection of those stories has curation that makes it so you can’t copy my collection as a whole, assuming my work curating the collection was in some way creative and not just “alphabetical order”.

Another major point of the ruling seems to rely on the company aiming to directly compete with Reuters, which undermines the fair use argument.
⁨Comment⁩ on ⁨Thomson Reuters Wins First Major AI Copyright Case in the US⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I don’t think that’s the best argument in favor of AI if you cared to make that argument. The infringement wasn’t for their parsing of the law, but for their parsing of the annotations and commentary added by westlaw.

If processing copy written material is infringement then what they did is definitively infringement.
The law is freely available to read without westlaw. They weren’t making the law available to everyone, they were making a paid product to compete with the westlaw paid product. Regardless of justification they don’t deserve any sympathy for altruism.

A better argument would be around if training on the words of someone you paid to analyze an analysis produces something similar to the original, is it sufficiently distinct to actually be copy written? Is training itself actually infringement?
⁨Comment⁩ on ⁨Iraq War was preceded by the largest worldwide non-violent protests in history and the war happened anyway.⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
I was a bit skeptical as well, but there’s at least one seemingly reputable academic researcher who says as much: en.wikipedia.org/…/15_February_2003_anti-war_prot… (first citation).
So even if it wasn’t, one could easily be forgiven for the mistake.
⁨Comment⁩ on ⁨Judge Rejects Sale of Infowars to The Onion⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
The estate has a duty to maximize the value of the liquidation, and pay back creditors as best it can. Specifically to settle the debts.

While a creditor can’t dictate the value of the estate, they can offer to forgive debt, which is the same for the purposes of the estate.

If the cancelled debt would have been worth more than the cash, then the creditors would be rightfully furious if the state instead sold the asset for less cash and paid them that way.

If you owe me $50k, and I tell you your watch is worth $5k to me, and instead you sell it for $250 and give me that while declaring bankruptcy so I don’t get anything else, that’s a terrible outcome for me, and great for you if you sold the watch to your friend who then gave it back to you in exchange for $250 later.
⁨Comment⁩ on ⁨Judge Rejects Sale of Infowars to The Onion⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
No, that’s actually still the market deciding. It’s a perfectly standard type of auction that discourages low-ball bids. Bidding is secret, you only get one bid, and you don’t know who or if anyone else is bidding.
If you want it, you make your best offer for what you’re willing to pay for it, and if someone else bid more they get it. If you would have been willing to pay more with more rounds of bidding, you should have bid that from the start.

Open-bid auctions get better prices for sellers when there are a lot of bidders, and better prices for buyers when there are few. Given there were two bidders, it’s fair to seek the most either party will bid, rather than seeking $1 more than the maximum the loosing party will pay.
⁨Comment⁩ on ⁨Judge Rejects Sale of Infowars to The Onion⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
So it’s unfortunately not actually a sale until the judge approves it, it’s just an accepted bid.
Sorta like when buying a car. The salesman tells you the price for the vehicle, overpriced perks, and how much your trade in is worth, and you accept the final price. Then the salesman has to get the floor manager to agree, which they always do, because they’re the ones with authority to approve the sale. Then you can sign the paperwork and exchange money and you’ve actually processed the sale. Until then either party can walk away for any reason.

In this case, it’s like the floor manager rejected the sale because the cash part of the sale price was less than MSRP, and they didn’t think the trade in value mattered.
It’s not common for the sale to get rejected, and it’s even weirder for them to reject “not cash” instead of paying attention to value.

The judge saying the estate can’t accept debt forgiveness in lieu of cash is just odd, since it reduces the debt more than the cash would.
⁨Comment⁩ on ⁨Judge Rejects Sale of Infowars to The Onion⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Sealed buds are usually better for that.

www.investopedia.com/…/sealed-bid-auction.asp

Each party is incentivised to make the highest offer they’re willing to pay from the beginning, as opposed to negotiating the best price they can get.

Additionally, the families forgiving a significant amount of money as part of the bid should factor in, since the responsibility of the estate is to get the best deal, not the most cash.
⁨Comment⁩ on ⁨Petrichor⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
It’s worth remembering that evolution doesn’t select for the best as much as it selects against the worst.

The reason we have such sensitivity doesn’t have to be particularly game changing as long as it doesn’t make us less likely to reproduce.

You can plainly see our big niche adaptations being used everyday. We think good. We recognize patterns. We use tools. We walk a lot, efficiently and upright. We communicate with high precision. We have a surprisingly efficient digestive system.

We’re not busting out the ability to smell rain super often, which hints that it might be more in the “doesn’t hurt” category instead of being a big advantage.

My guess is that being able to smell disturbed soil is helpful for tracking, either where an animal has run or where something has been buried. Our ancestors were not above digging up a fresh-ish dead animal a canine had buried for later.
But it could just be that rain sense slightly more accurate than looking towards the horizon was as useful then as it is now: vaguely, I guess? It just doesn’t hurt anything.
⁨Comment⁩ on ⁨turned them into their final form!⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
And they’re delicious. ~Although usually not just plain meat, but filled with wonderful spices~
⁨Comment⁩ on ⁨I just WON'T⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
We colloquially call a lot of things I’ve cream that aren’t labeled ice cream, and aren’t legally ice cream.

The US has tediously long definitions for different foods, and ice cream needs specific proportions of milk products, as well as limits on other physical properties.

www.accessdata.fda.gov/scripts/…/cfrsearch.cfm?fr…

www.accessdata.fda.gov/scripts/…/cfrsearch.cfm?fr…

www.accessdata.fda.gov/scripts/…/CFRSearch.cfm?CF…

So while I might pick up some sherbet and say “I got ice cream”, and people would know what I meant, it would never be labeled ice cream.
I also like oat milk ice cream, but it’s actually labeled “frozen dessert” because it doesn’t contain dairy.

The company isn’t allowed to use a term that might mislead a unwitting or uninformed consumer, but the consumer is free to have a more relaxed definition, and stores can put things where you would expect.
⁨Comment⁩ on ⁨Anon questions our energy sector⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Not sure I get what you mean by “slow”.

And it’s not entirely shocking that we have more of the power source we’ve been building and less of the one we stopped building.
⁨Comment⁩ on ⁨The Onion buys rightwing conspiracy theory site Infowars with plans to make it ‘very funny, very stupid’⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Ha! I didn’t see that at first. I love “fuck you so hard that we can and will put a significant dollar value on it being more humiliating”.
⁨Comment⁩ on ⁨The Onion buys rightwing conspiracy theory site Infowars with plans to make it ‘very funny, very stupid’⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
The assets were auctioned off to pay his debt to the families of the Sandy Hook shooting.
So effectively they gave money to the families of children killed in a school shooting that he slandered in cruel and vile ways.

Given that the families pretty reasonably dislike him, the added bonus of his creation being used to openly mock him and promote a message they endorse is quality icing on the cake.
⁨Comment⁩ on ⁨These Guys Hacked AirPods to Give Their Grandmas Hearing Aids⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
I can actually forgive this one. A lot of medical devices regulations require that if you function as something or make it available, then you need to pass the certification for offering it.
You can’t just relabel a device as something else if you clearly intend for it to be used as a medical device. Shady Bob’s emergency electrical heart massager isn’t going to fly.

In the US, hearing aids required a prescription until 2022. What I can glean from translated sites is that India still has that requirement.
⁨Comment⁩ on ⁨Is there a way to precisely locate a Qi charging coil on a device?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Your easiest bet is to find a teardown video and pause when they have the case off.

Image

The coil is the coil shaped bit in the black plastic on the left.

Technically, you could get one of those meters that measures the power draw of a device, hook it to a wireless charging puck and slide it around. The power draw will be higher the more closely aligned the two coils are.
Going that far is going to be really fiddly and probably not worth the trouble though.
⁨Comment⁩ on ⁨Not allowed to work from home⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Eh, it doesn’t need to be, you just need to do the work of putting together granular access controls that can account for your risk profiles.

The risk isn’t much different between a company owned telephone and a personal telephone.
They’re both susceptible to most of the same attacks, or being left on the bus.
⁨Comment⁩ on ⁨Not allowed to work from home⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
A totally reasonable stance.

For clarity, the android feature essentially makes a work dedicated partition on the phone. Their management app can manage that partition, and for the purposes of data movement it’s essentially a distinct phone.
If they’ve set it up correctly they can do a remote wipe without touching your personal data.

support.google.com/work/android/answer/7502354?sj…

In a lot of cases the drive to have users use their personal devices rather than employer owned ones comes from the users, not the workplace. Only needing to keep track of one device is easier in many cases.
⁨Comment⁩ on ⁨How does US "early voting" works logistically speaking ?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
What county is that? That sounds like the type of discrepancy that you don’t hear about often.
⁨Comment⁩ on ⁨How does US "early voting" works logistically speaking ?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
I have an assigned voting location, but there are several in my district that are all “valid”, and I was just assigned the one closest to my house. If I were to be confused and go to a valid location I wasn’t assigned to, I’m still in the ledger. Since I’m attempting to vote in the correct district, they don’t really have grounds to turn me away.

If I were in the wrong district, I’m still allowed to cast a provisional ballot, which lets you vote but they sort it out later.

You can also vote absentee and then also in person and not disclose that you need to invalidate the absent vote. Here that’s automatic, but in some places it’s a crime.

You’re also allowed to go to a clerks office, which has the equipment to print any ballot and handle it correctly.
⁨Comment⁩ on ⁨How does US "early voting" works logistically speaking ?⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
The exact specifics vary based on the state, but it’s roughly the same in each of them.
You track the voter, ballot, collection and counting.

Voter A issued ballot 3. Ballot 3 collected Ballot 3 counted.

The counting phase involves removing the tracking number from the ballot before removing a cover that keeps the vote private.

You can’t slip an extra ballot into the box because then the totals don’t add up, and you know where in the process the discrepancy occurred.
Making sure there are multiple eyes on issuing and counting means it’s hard to create or count a fake ballot.
When not observed by multiple people, the containers are locked with multiple locks with keys held by different people.

It’s why most voter fraud is a voter going to multiple valid voting locations to vote multiple times. Once the tabulations begin, you see you counted the number collected, collected the number issued, and that you issued one ballot to each voter except one, who got three.
⁨Comment⁩ on ⁨Horrors We've Unleashed⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
Most modern plans for eradication involve creating a virus that handles it, rather than a pesticide.
Have the virus introduce a gene that takes a few generations of breeding in the impacted population before it starts to debilitate or sterilize the mosquitoes. That way your virus can start to kill the population even as it spreads to areas that were missed.
⁨Comment⁩ on ⁨Horrors We've Unleashed⁩ ⁨⁨4⁩ ⁨months⁩ ago⁩:
All of our best data on the impact says that it really wouldn’t matter. Sometimes a species is a linchpin for the ecosystem, and sometimes it isn’t.

Sucks for mosquitoes, but there’s a very real chance that we’ll smallpox them, and the biggest concern will be our confidence that the virus we use doesn’t impact other species unintentionally.
⁨Comment⁩ on ⁨Phonebooks⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Yeah, and it’s not like you want the information out there, it’s just that in my opinion it’s not something I would pay money for. Having the authority to make the request doesn’t mean that the party on the other end is obligated to comply, or in some cases even legally permitted to.

I’ve used Google’s service where they send you an email to review results if they find something, and my Google results for my incredibly distinctive name are basically only professional resources that I kinda want to be findable.