Show newer
R. A. Dehi boosted

The main news for today is that Ukraine is set to become the third largest arms importer in the world by 2022, the documentary film by Navalny won the Oscar for Best Documentary, which is a disgrace to the international community, President Lukashenko signed a cooperation agreement with Iran until 2026, the government has decided to submit amendments to the state budget for 2023 to the Verkhovna Rada, with expenditures increased by UAH 537.2 billion, of which 96.5% are allocated to the national security and defense sector, the first Ukrainian crews are completing training on Leopard A4 tanks in Spain this week, the US has extended the program for refugees from Ukraine for a year, and Putin's f*ck, Russia is the bottom.

R. A. Dehi boosted

It's now officially safer to keep your money in a bank -- no matter how much you have -- than under the mattress. With the Silicon Valley Bank bailout of all depositors, there's no longer a $250,000 limit on the 'insurance" -- and you can bet the crooks are going to take full advantage of this new loophole to loot the rest of us.

Death is preventable. Every day about 150.000 people die, because we do not yet have the technology to prevent their deaths.

Every day that we delay the arrival of that technology kills 150.000 people.

Every two months of delay kills ten million people, the same death toll as the Holocaust or COVID-19.

That's why is urgent to build and use AI, solar energy, Library Genesis, and other such generally applicable technology. Decelerationists are mass murderers.

R. A. Dehi boosted

As the team behind Anna's Archive pointed out in Twitter: "Much of the current revolution in AI is powered by shadow libraries."
Seems obvious. Yet hardly ever mentioned?

Regardless if one wants to call it a "revolution" or just a fancy autocomplete, the question remains relevant. What would a business like OpenAI be if it wasn't for the years of criminalized work that pirate librarians put into projects like Library Genesis?

R. A. Dehi boosted

The EU’s “chat control” legislation is the most alarming proposal I’ve ever read. Taken in context, it is essentially a design for the most powerful text and image-based mass surveillance system the free world has ever seen.

R. A. Dehi boosted

If you are discussing your abortion and you live in a place where abortion is now essentially illegal, please remember to speak only to people you trust and remember to use end-to-end encrypted comms with disappearing messages turned on.

texastribune.org/2023/03/10/te

R. A. Dehi boosted

This is just wild: "The P92 app will support ActivityPub, MoneyControl reported."

Then again, Facebook once adopted and promoted OpenID, so I won't hold my breath.

Embrace and extend, baby.

From: @caseynewton
mastodon.social/@caseynewton/1

R. A. Dehi boosted

😮

Wait. People are saying Meta's decentralized app will be powered by #ActivityPub, and will interoperate with Mastodon.

On top of it, it will be Instagram-branded.

Surprising. But again, I'll believe it when I see it.

moneycontrol.com/news/business

@fediversenews

R. A. Dehi boosted

I'm still looking for a job. Anybody need a programmer in the San Francisco Bay area? I'm a python programmer with experience in C/C++/Java/JS, I've done a bunch of CI/CD/SRE in the recent years, lots of tooling and back end web dev, and I've got a good deal of amateur experience doing reverse engineering and embedded development.
(I've done devops work but I'm trying to move away from that because too often it turns into just "ops", and I am a programmer.)

md5crypt() is from 1995, and although has been deprecated since 2012 because is too fast to be secure nowadays, cracking it takes 1000 times longer than Hive is claiming (or, more specifically, than @Tutanota is claiming by their choice of one of Hive's images.)

Is that what the password data breaches they talk about were using? Or were they really just using single-iteration MD5 like a fresh bootcamp graduate?

web.archive.org/web/2018031716

Show thread

If Hive is willing to assume that your security design is such shit that you're using MD5 without iteration for password hashes, why not just assume you're storing the password in plain text? That's pretty much the same level of incompetence, and it would make all the cells in the table read "Instantly". They actually do have this table further down in the post.

Hive also produced some tables for PBKDFs that have tunable difficulty parameters, such as bcrypt() and PBKDF2, but didn't specify which parameter settings are being used for these tables, or talk about the tradeoff space; also, incorrectly describe bcrypt() as not being "a key derivation function like PBKDF2", when that's exactly what it is.

Show thread

Oh, reading the page at hivesystems.io/blog/are-your-p, they're assuming your password hashing algorithm is just plain MD5 without any hash iteration, claiming is "2018 cybersecurity practices". @Tutanota, please tell me are not hashing your users' passwords with plain MD5 without any hash iteration? Because Unix has iterated its password hashing function since 7th edition Unix, 25 iterations of modified DES: en.wikipedia.org/wiki/Crypt_(C. That was in 1979. The password encryption approach Hive is suggesting has been known to be bad practice since 1979. When PHK implemented md5crypt for BSD in the 90s, it used 1000 iterations of MD5. A single iteration is not 2018 practice.

(Some people surely did commit this error in building their systems.)

Aren't actually proposing "a hacker" with a hundred times as much power as the entire Bitcoin network; are proposing to rent eight A100 GPUs from Amazon AWS which they say would get 523 billion hashes per second, the which is 16 million times less compute than the Bitcoin network. At this speed 2^90 hashes would take 75 million years, not the 3 weeks they state, the which is correct for 2^60.

Show thread

Seems incorrect; 10 "Numbers, Upper and Lowercase Letters" is 64^10 = 2^60, and with properly applied key stretching (a difficulty factor of 2^30, say), that's 2^90. To do 2^90 hash operations in 3 weeks would require to do almost 700 quintillion hash operations per second. Bitcoin hashrate is 7.983.858 terahashes per second, almost a hundred times lower. Hivesystems is proposing "a hacker" with a hundred times as much power as the entire Bitcoin network, assuming your PBKDF's difficulty factor is set to 2^30.

Tuta  
Time it takes for a hacker to brute force your password. #Cybersecurity Good to know: Tutanota checks your password upon signup and makes sure it...
R. A. Dehi boosted

i'm a big proponent of forethought -- planning, design work, et cetera -- but planning work can only ever be done effectively by people who are also capable of executing the plan, and while delegation is important, when technical work is deeply entangled it's not possible to plan and delegate work that you yourself do not substantially understand. in other words, non-technical management of technical tasks does not serve to produce actionable planning; instead, it simply forms a reporting layer that produces 'performance data' (always, by definition, nonsense bullshit) to upper management that must be ignored and that relays 'guidelines' to developers (typically nonsense bullshit, but almost always necessary to ignore) from upper management. basically, it's a layer that sits between developers and middle management & spews random noise in both directions. a good developer can perform all of the tasks involved in bringing a project to fruition (including getting user feedback, managing the project, communicating with and delegating to other developers, writing documentation, doing UX analysis & design, and performing maintenance in response to changing requirements), but non-technical management's skillset is limited to interfacing with institutional tooling for creating the illusion of taylorization around the inherent chaos of any real work (ex., using JIRA, holding scrum rituals).

R. A. Dehi boosted
R. A. Dehi boosted

@oskay Oh, I wanted to say, except through-feed dies, a cylindrical or planetary thread rolling die has threads on it, so is itself a screw. Assumed by "trilobular thread rolling screw" you meant such a thread rolling die, so the question was how to make the die with limited equipment. Was puzzled at the idea of trying to make such a die by rolling!

In how much grinding and EDM, grinding is already common for hardened ballscrews (maybe forgot about ballscrews), and EDM tapping is already common, so clearly EDM is an option for making threads, though don't know of anyone using it for outside threads now. Obviously is not competitive for volume production.

Now see that meant taptite.com/assets/files/tapti the which is a self-"tapping" machine screw with a non-circular cross-section. ("TRILOBULAR" is a trademark.) Seems like rare geometry is principal problem, together with surface finish.

The REMINC brochure emphasizes the need to request the brand name from distributors, so maybe are selling generic manufacturers clones of off-patent REMINC screws under different name. The brochure also gives geometry pretty detailed. Fascinating product, thanks.

R. A. Dehi boosted
R. A. Dehi boosted

@b0rk Many early computers used word sizes that were multiples of six bits, and used five or six bit character codes (predating ASCII and EBCDIC). 36 bits was common for big computers, 18 for medium, and 12 bits for small.

R. A. Dehi boosted

You have nothing to hide until the government suddenly declares your behaviour illegal. #abortion #usa #meta #facebook #google #e2ee #encryption

R. A. Dehi boosted

Are there ANY car manufacturers NOT selling data about you / your car?

Reading @pluralistic 's Feb 28 piece about VW tracking cars (and not providing the info unless you pay): pluralistic.net/2023/02/28/kin

Cory Doctorow writes:
---
> And yet, here we are. Like most (all?) major car makers, Volkswagen has filled its vehicles with surveillance gear, and has a hot side-hustle as a funnel for the data-brokerage industry.
---

Is anyone keeping a list of car manufacturers who are NOT doing this?

Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.