Show newer

@grimalkina I was really interested to hear the story of your first grad stats class in this first episode. Hearing you talk about having to ask about all the Greek symbols (due to the less conventional path you took to get there), put me in mind of two things:

1. Once in grad school I sat through a whole lecture on nonlinear dynamics I really wasn't following. At the end someone asked a question on some specific point, and this lead to another few and then a deluge. It became clear that no one had followed the lecture, and the professor actually started over in the next class. So you were braver than a room full of physics grad students (including me).

2. I was recently helping a colleague who was taking a course in quantum computing. He is a couple years out of CS undergrad, and he said that his university was not very math and science focused, so his math training was not that rigorous. One result of this was that he was not familiar with the Greek alphabet (names or symbols), and this was a constant source of confusion for a while; it's hard to keep the symbols straight when they're unfamiliar. Before this experience I had never thought about what an unnecessary stumbling block this can be, and how radically different that is for students from different backgrounds.

@analog_ashley

Nick boosted

I listened to the first episode of the “Change, Technically” podcast from @grimalkina and @analog_ashley, and it was really hard not to spend the whole episode yelling out loud — either in vehement agreement, or to say “That but even more so! You’re not going far enough!!”

Good stuff for anybody interested in humans beings who write software: changetechnically.fyi

@hacks4pancakes @samofhearts Case in point: I have used Linux as my only OS on my personal computers for most of my adult life, and I used it for work for a long time. At my current work I use a Windows machine. Why? Because even though Linux is formally an option at my work, much of the work revolves around using MS tools and file formats, and because my organization is god awful at administering Linux machines, so I decided it would be more painful than it's worth (and watching others attempt it has only confirmed that suspicion). The point being that even for me, someone who prefers Linux and formally has the option to use it, it is not a practical option at my workplace.

Nick boosted

Stanford engineers have devised a new technique, called redox-couple electrodialysis, to extract lithium from brines at an estimated 40% of the cost of today’s dominant extraction method (evaporation), and at just a fourth of lithium’s current market price. The new technology would also be much more reliable and sustainable in its use of water, chemicals, and land. buff.ly/3AGOjt0 #ShareGoodNewsToo

Nick boosted

Ok, here's the deal on the "YubiKey cloning attack" stuff:

:eyes_opposite: yes, a way to recover private keys from #YubiKey 5 has been found by researchers.

But the attack *requires*:

👉 *physically opening the YubiKey enclosure*

👉 *physical access* to the YubiKey *while it is authenticating*

👉 non-trivial electronics lab equipment

I cannot stress this enough:

❗In basically every possible scenario you are safer using a YubiKey or a similar device, than not using one.

#InfoSec #YubiKey5

Nick boosted

@dangoodin “All YubiKeys running firmware prior to version 5.7—which was released in May and replaces the Infineon cryptolibrary with a custom one—are vulnerable.”

Check which firmware you have installed.

Nick boosted
Nick boosted

No matter what citation graph I explore, IEEE is without fail the most broken part of the graph. Ridiculous per-paper pricing, non-institution membership options so byzantine I gave up (vs. ACM, which wanted to take my money), and of course an iron fist of exclusivity and closed access for the IP they rip out of authors' hands.

If you publish in an IEEE journal, you might as well be chucking your research in the shredder as far as the world outside academia's concerned :(

Nick boosted

The YubiKey 5, the most widely used hardware token for two-factor authentication based on the FIDO standard, contains a cryptographic flaw that makes the finger-size device vulnerable to cloning when an attacker gains brief physical access to it, researchers said Tuesday.

The cryptographic flaw, known as a side channel, resides in a small microcontroller that’s used in a vast number of other authentication devices, including smartcards used in banking, electronic passports, and the accessing of secure areas. While the researchers have confirmed all YubiKey 5 series models can be cloned, they haven’t tested other devices using the microcontroller, which is SLE78 made by Infineon and successor microcontrollers known as the Infineon Optiga Trust M and the Infineon Optiga TPM. The researchers suspect that any device using any of these three microcontrollers and the Infineon cryptographic library contains the same vulnerability.

arstechnica.com/security/2024/

Nick boosted

Microsoft has confirmed that Windows 11 users will not be able to uninstall the controversial “Recall” feature, despite earlier reports suggesting otherwise. Recall, part of the Copilot+ suite announced in May, automatically captures screenshots of user activity on the operating system including sensitive information such as passwords or financial data digitalmarketreports.com/news/ Do yourself a favor and get rid of Windows from your life—enough of these greedy companies. #privacy #security

@npub1zp73w37v0kd2tjsqv9cdzfnh32jr54fsajplssw486fuvfvj4uys2rycpq Do I take it correctly that that's mostly focused on privacy (tracking/spyware) and not intrusion or other aspects of ?

Since I added my backup Yubikey to yesterday I went to revoke the "Authentication App" option (i.e. TOTP) as a method, but it looks like maybe there's no way to revoke the "Authentication App" as an authentication method once you've set it up?

I see this on a number of sites, where they offer lots of different methods and encourage you to have multiple so you won't get locked out. For , though, I think it's just as important to be able to revoke weaker methods when you setup stronger ones, but this seems to frequently be neglected, which looks like a sort of half-hearted attempt at security to me.

This wouldn't be surprising to me in general, but I guess I expected Github to meet a higher standard, given how many processes on the Internet expect to be able to trust the contents of specific Github repositories. Maybe I'm missing something in the UI?

Nick boosted

1: Programmer sets up a website that is just 1 million checkboxes, checking or unchecking them does so for everyone.

2: Hackers (the good, fun, quirky kind) find a way to encode text in it.

3:...and a whole lot more....

eieio.games/essays/the-secret-

(cc @dylanbeattie on the very faint chance he's not seen it already)

Nick boosted
Nick boosted

would love ideas for solutions to these issues with folders in the terminal if folks have them! (just reply in this thread)

docs.google.com/spreadsheets/d

(please don't try to explain to me *why* the problem happens, I'm only interested in solutions!)

Nick boosted

If someone sends me a toot link say mastodon.social/@AlSweigart/11 via slack is there a way on my iPhone to open the toot in Mona so I can retweet it? I’ve tried search in Mona, I’ve tried sharing it to Mona, and neither works

Nick boosted

I wrote up a little article about a problem that shows up in homomorphic encryption called "cheapest shift network" jeremykun.com/2024/09/02/shift

Nick boosted

Amazing how a high school experiment on ballistics, for a student who has issues engaging with science, changes when you start with:
"Call of Duty?"
"Hell yeah."
"So you know about bullet-drop?"
"Yeah...?"
"That's what we're looking at."

Nick boosted

Politico- Washington DC startup pitched as a service to integrate AI into lobbying is covertly run by a pair of well-known, far-right conspiracy theorists and convicted felons who are using pseudonyms in their new business. politico.com/news/2024/09/02/j

Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.