I tend to find that older (10+ years) t-shirts shrink a lot. Even if I don't wash them.
Same happens to me, but I don't think it's the T-shirts that are shrinking.
Readit Newsvayup commented on Why some clothes shrink in the wash and how to unshrink them swinburne.edu.au/news/202... · Posted by u/OptionOfT
vayup commented on If AI replaces workers, should it also pay taxes? english.elpais.com/techno... · Posted by u/PaulHoule
We don't want a rebellion sparked by 'Taxation without representation'. Do we?
Deleted Comment
vayup commented on NSA and IETF, part 3: Dodging the issues at hand blog.cr.yp.to/20251123-do... · Posted by u/upofadown
Dear some seasoned cryptographer,
Please ELI5: what is the argument for including the option for the non-hybrid option in this standard? Is it a good argument in your expert opinion?
My pea brain: implementers plus options equals bad, newfangled minus entrenched equals bad, alice only trust option 1 but bob only have option 2 = my pea brain hurt!
The strongest arugument made is that hybrid is more complex, more work and therefore more risky.
As someone who has been implementing such systems for 20 years, I don't buy this. In my mind, it's equivalent to saying "Seatbelts add complexity to the safety system, and it's more work. So let's get rid of it."
In this argument, the benefits of hybrid/seatbelts are not factored in adequately.
> Removed SD card. The manufacturer of the camera had requested certain components of
the device be redacted. Portions of this image have been redacted.
And so it is, but anyone who has ever seen a Sandisk SD card knows what they're looking at. I can even tell it's not the fastest V90 speed.
The things companies try ineffectually to keep out of public view are weird.
Especially when anyone can buy the product off the shelf, remove the casing to see what they are trying to redact in these images.
It is quite negligent that they are not using the threshold decryption ceremony, but at the same time, I don't think we should dismiss the framing of human mistake here. Even if there were a threshold decryption ceremony in place, such a failure mode could still happen; here, it simply makes it more visible. The question of how one would select the threshold seems pertinent.
A small threshold reduces privacy, whereas a large threshold makes human error or deliberate sabotage attempts more likely. What is the optimum here? How do we evaluate the risks?
You are absolutely right that it is easy to rule out obviously bad choices, such as 3 of 3. However, determining the actual quorum to use is a qualitative risk analysis exercise.
Considering that this is an election for a professional organization with thousands of members, I am going to go out on a limb and say that it should be easily possible to assemble a group of 5 people that the community/board trusts woudn't largely collude to break their privacy. If I were in the room, I would have advocated for 3 of 5 quorum.
But the lifecycle of the key is only a few months. That limits the availability risk a little bit, so I can be convinced to support a 2 of 3 quorum, if others feel strongly that the incremental privacy risk introduced by 3 of 5 quorum is unacceptable.
Few lessons to relearn here:
- Availability is a security requirement. "Availability" of critical assets just as important as "Confidentiality". While this seems like a truism, it is not uncommon to come across system designs, or even NSA/NIST specifications/points-of-view, that contradict this principle.
- Security is more than cryptography. Most secure systems fail or get compromised, not due to cryptanalytic attacks, but due to implementation and OPSEC issues.
Lastly, I am disappointed that IACR is publicly framing the root cause as an "unfortunate human mistake", and thereby throwing a distinguished member of the community under the bus. This is a system design issue; no critical system should have 3 of 3 quorum requirement. Devices die. Backups fail. People quit. People forget. People die. Anyone who has worked with computers or people know that this is what they do sometimes.
IACR's system design should have accounted for this. I wish IACR took accountability for the system design failure. I am glad that IACR is addressing this "human mistake" by making a "system design change" to 2 of 3 quorum.
vayup commented on Free software scares normal people danieldelaney.net/normal/... · Posted by u/cryptophreak
Good article, but the reasoning is wrong. It isn't easy to make a simple interface in the same way that Pascal apologized for writing a long letter because he didn't have time to write a shorter one.
Implementing the UI for one exact use case is not much trouble, but figuring out what that use case is difficult. And defending that use case from the line of people who want "that + this little extra thing", or the "I just need ..." is difficult. It takes a single strong-willed defender, or some sort of onerous management structure, to prevent the interface from quickly devolving back into the million options or schizming into other projects.
Simply put, it is a desirable state, but an unstable one.
Spot on. Defending simplicity takes a lot of energy and commitment. It is not sexy. It is a thankless job. But doing it well takes a lot of skill, skill that is often disparaged by many communities as "political non sense"[1]. It is not a surprise that free software world has this problem.
But it is not a uniquely free software world problem. It is there in the industry as well. But the marketplace serves as a reality check, and kills egregious cases.
[1] Granted, "Political non sense" is a dual-purpose skill. In our context, it can be used both for "defending simplicity", as well as "resisting meaningful progress". It's not easy to tell the difference.
Precisely defining what "Intelligence" is will get us 95% of the way in defining "Artificial General Intelligence". I don't think we are there yet.
vayup commented on Ask HN: How to boost Gemini transcription accuracy for company names? · Posted by u/bingwu1995
Something along these lines, as part of the prompt, has worked for me.
# User-Defined Dictionary
Always use the following exact terms if they sound similar in the audio:
```json
{{jsonDictionary}}
```