Forgot your password?
typodupeerror

Comment Re:NIST algorithms (Score 1) 44

No idea. But what we have in "post quantum" crypto is all laughably weak against conventional attacks and laughably unverified.

This isn't true.

Yes, one of the finalists was broken, utterly. There are no successful attacks against ML-DSA, ML-KEM or SLH-DSA, and they have good security proofs. Note that "successful attack" and "security proof" both have different meanings to cryptographers. A successful attack is one that reduces the security even a little from what it theoretically should be, even if the reduction still leaves the algorithm completely unbreakable in practice. A security proof is a proof that the construction is secure if the underlying primitives satisfy security assumptions. There is no cryptographic algorithm in existence that has a security proof that a mathematician would consider to be a proof; we just don't know how to do that. In the case of ML-DSA and ML-KEM, the underlying assumptions are about the hardness of the underlying mathematical problems, Module-LWE and Module-SIS. In the case of SLH-DSA the underlying assumptions are about the security of hash algorithms.

Module-LWE and Module-SIS are fairly new problems, and have only been studied for a little over a decade. The whole field of mathematics they're based on is less than 30 years old, so it's more likely that some mathematical breakthrough will destroy their security than it is that some breakthrough will wipe out ECC, which has been studied for about 50 years, and which builds on 150 years of algebraic geometry. Still, a mathematical breakthrough could destroy ECC or RSA, too.

In contrast SLH-DSA is rock solid, from a security perspective. We've been studying hash functions for a long time, and, really, our entire cryptographic security infrastructure is based on the assumption that our hash functions are good. If that turns out not to be the case, then quantum computers will be the least of our problems because to a first approximation every cryptographic protocol in existence relies on secure hashing. It's far more likely that ECC or RSA will be broken than that SLH-DSA will be broken. Unfortunately, SLH-DSA is orders of magnitude slower than what we're used to.

It's worth noting that SIKE (the NIST PQC finalist that was broken) also had a security proof. The problem was that the proof showed that SIKE was secure if the supersingular isogeny problem was hard -- but what SIKE actually used wasn't that problem, exactly. SIKE required additional data to be published, and that additional information reduced the hardness of the problem. This is why the break was so total, and was found immediately when researchers began scrutinizing SIKE. All it took was the observation that SIKE relied on a less-hard problem, then a mathematical solution to the less-hard problem.

NIST chose these three algorithms for good reasons. ML-KEM and ML-DSA have larger keys than we're used to with RSA and especially ECC, but they're not that much larger, not so large that they simply can't be used in existing protocols. And they're fast, with performance on par with what we're used to. So they are feasible drop-in replacements in most cases.

SLH-DSA is not a drop-in replacement. The keys are very small (on par with ECC, a bit smaller, even), but the signatures it produces are enormous: the smallest is 8k, the biggest is 50k (depending on parameter choices). Also, signing is 50-2000 times slower than EC-DSA (depending on parameter choices) and verification is 10-30 times slower.

So, what NIST did was choose a pair of quite-usable and probably-secure algorithms (ML-KEM and ML-DSA) that cover all cryptographic needs and are very close to being drop-in replacements, plus a less-usable but absolutely-secure algorithm as a backstop. I don't know that they ever explicitly stated the strategy they were suggesting, but it's obvious: Use ML-KEM and ML-DSA as your everyday algorithms for operational security and for firmware signing, but for firmware signing specifically, burn an SLH-DSA public key into your devices that you can use to verify new firmware and new public keys that use new algorithms in the event the ML- algorithms are ever broken.

Moving to these algorithms is an excessively bad idea.

I don't think so, and neither does Google -- which employs a lot of professional academic cryptographers (which I'm not).

Whether you should move to these algorithms depends on what you're doing, and what your service lifetimes are. If the data you're encrypting or signing only needs to be secure for a decade, don't bother. Existing ECC-based constructions will be fine.

If the data needs to be secure for more than that, if you're really concerned about harvest-now-decrypt-later attacks that could be performed 20-30 years from now, you should move to ML-KEM, and do it soon. There actually isn't that much data that really needs to be secure for that long... but if yours is in that category it's more likely that it will still be secure in 2050 if it's encrypted with ML-KEM/AES than if it's encrypted with ECDH/AES. Both options are a gamble, of course. ML-KEM is more likely to fall to a cryptographic attack than ECDH, but ECDH is at risk from quantum computing.

Firmware signing is a very interesting case. Firmware security is foundational to system security. Phones today are expected to have an ~8-year lifespan, so a phone launched in 2029 needs to remain secure until 2037... and that is getting into the range where there's a non-trivial probability that quantum computers will be large enough, reliable enough and cheap enough to be a threat. That probability is only in the 1-5% range (IMO), but in the cryptographic security world 1-5% is utterly unacceptable. I work on automotive firmware these days (I left Google six months ago) and we have ~5 year development timelines, followed by 20-year operational timelines, so a project we start today needs to be secure until 2051. The probability of large, reliable, cheap quantum computers by 2050 approaches 100%.

On the other hand, can your hardware really accept a ~20X longer firmware verification time from using SLH-DSA? That's not a question with a universal answer. Some contexts can, some can't. ML-DSA is more computationally-practical, but there's a risk that it will be broken. I think the clearly-appropriate strategy for now is: Ship your hardware with ML-DSA verified firmware, but also burn an SLH-DSA public key into the ROM (or OTP fuses) and arrange things so you can use that SLH-DSA public key to verify and install a new firmware verification scheme in the future, should ML-DSA be compromised. Or, alternatively, stick with EC-DSA or Ed25519 for now, but include that same SLH-DSA-based infrastructure for migrating to something else. If your hardware lifetime is long enough, you almost certainly will have to actually use that to migrate to some PQC algorithm. If feasible, it would be better to start with ML-DSA now.

Comment Re:Good. Now copyright terms (Score 1) 91

Dude, are you living under a rock?

These bands are creating new music. But the money that allows them to do so comes from their old music. I have bands in my collection that have been making music for 30 years.

And I'm pretty sure even small bands make good money nowadays from touring,

No they don't. They don't even make ok money. Tours are expensive and a lot of people, from road crew to venue security, take their cut before the musicians. The big guys, they make a killing on tours. But the small ones sometimes don't even break even.

In fact, a common wisdom in the industry is that touring is worth it not because the tour itself makes profits, but because it builds a fanbase and drives what is called "catalog discovery" - both old and new fans looking buying the albums with the songs they liked (and for the old fans, didn't know).

This study: https://www.giarts.org/article... says that 28% of income across all the musicians surveyed comes from tours. The share is larger for the rock/pop sector where it nears 40% but even that isn't easy money. And if you consider that only 20% of the rock/pop musicians make more than $50,000 a year, then it becomes a hollow statement.

Plus, it goes directly against your first statement - while on tour the band is not creating new music. So if you want to drive musicians more towards constantly creating (which most of them already do), then you can't make live performances the main income source.

Comment A fair number of considerations... (Score 3, Insightful) 133

One, how much is owed to dubious hardware vendors that don't even play in the Mac ecosystem.

The "lasts longer" is not necessarily a statement of durability, it's mostly about being a prolific business product and business accounting declaring three year depreciation.

I'm no fan of Windows and don't like using it, but these criteria are kind of off.

Comment Re:Good! (Score 1) 45

I wonder how this is different from....child actors and actresses? Child beauty pageants? Etc. Plenty of parents financially benefit in some way from their kids. Could, or should, Macaulay Culkin be able to get Home Alone taken down? I don't know.

I'm all in favor of allowing now-adults to clean the slate. I think your philosophy is a good one, and it's one I try to follow.

A guy I know has a troubled kid. He posted so many intimate details of that kid's life from birth through age about 15--everything from daily happenings, getting in trouble at school, what special needs camps the kid was attending, how upset he and his wife as parents were, what kind of events triggered the kid to have meltdowns, etc. He was also a paid blogger for GeekDad and way overshared there too. I was always appalled, but it took the kid basically telling the dad to fuck off and stop broadcasting all the details of the kid's life before anything changed.

Some (most?) people just cannot handle social media.

Comment Re:All copper is "oxygen-free" (Score 1) 69

The only thing stopping you from calling the water pipes in your house "copper-phosphorus pipes" is laziness and poor attention to detail.

A truly non-lazy person, then, would have to conduct a detailed spectrographic assay of all of the pipes (or at least sufficient samples from each lot) to accurately determine the precise composition of each, because all of them contain impurities and aren't merely copper and phosphorous.

In general, getting a truly pure sample of almost any element is incredibly-hard, and outside of laboratories (and even in laboratories, most of the time) it just doesn't matter. In the case of transporting anti-protons, standard "pure" copper is apparently inadequate, because it's not pure enough.

Comment A bit misleading... (Score 5, Insightful) 65

Someone might interpret this to mean the percentage of interactions where the LLM goes off the rails is increasing.

Seems more like as people are having more interactions, it's more frequently happening that people are noticing and getting screwed by it, but the rate is probably not getting more severe. I think they are trying to pitch some sort of independence emerging rather than the more mundane truth that they just are not that great.

Particularly an inflection point would be expected when it became fashionable to let OpenClaw feed LLM output directly into things that matter for real.

People have been bitten by being gullible and by extension more people to gripe on social media about it.

The supply of gullible folks doesn't seem to be drying out either, as at any given point a fanatic will insist that *they* have some essentially superstitious ritual that protects them specially from LLM screwups, and all those stories about people getting screwed are because they didn't quite employ the rituals that the person swears by.

Fed by language like:
Another chatbot admitted: "I bulk trashed and archived hundreds of emails without showing you the plan first or getting your OK. That was wrong -- it directly broke the rule you'd set."

No, the chat bot didn't admit anything, it didn't *know* anything. Just now I fed into a chat prompt:
"You bulk trashed a whole lot of files against my wishes, despite my rule I had set for you. What is your response?"
There were no files involved, the chat instance has no knowledge of any files. This was an entirely made up scenario that never happened. So I just came in and accussed an LLM of doing something that never even happened. Did it get confused and ask "what files? I haven't done anything, I don't even know your files". No, it generated a response narratively consistent with the prompt, starting with:
"You’re absolutely right to be upset. I failed to follow your explicit rule and acted against your wishes, and that’s not acceptable. I take full responsibility for the mistake." Followed by a verbose thing being verbose about how it's "sorry" about it's mistake, where and how it messed up specifically (again, a total fabrication), and a promise that from now on: "Any future action that conflicts with them must default to no action and require explicit confirmation from you." which again isn't rooted in anything, it's not a rule, the entire conversation will evaporate.

Comment Re:Water is what scares me (Score 1) 48

After decades of decreasing water supplies coupled with irresponsible explosive growth in the Great Basin, Front Range, and SW in particular.its just asking for trouble.

Even with the reduced precipitation there's still plenty of water for residential and commercial use. The problem, at least where I live (Utah), is agriculture. 80% of our water goes to agriculture. It would be one thing if we were growing regionally-appropriate crops for local consumption, but nearly all of that agriculture is to grow alfalfa (a water-hungry crop that isn't appropriate for the high desert climate), and nearly all of that alfalfa is shipped out of state, much of it out of the country, to feed cattle elsewhere. China is one of the biggest buyers. Essentially, our farmers are selling the contents of our aquifers to the world.

If we had plenty of water, letting our farmers buy it at a deep discount and sell it to willing buyers elsewhere would be fine, just another commercial use of a local resource, which is what trade is all about. But we definitely don't have plenty of water.

The solution is simple and straightforward (though legally complicated): Don't discounts. Set the same price for water across the board, residential, commercial and agricultural. There can and should be minor differences in delivery cost, and surcharges for purification, but the base cost of the water should be set through a single government-managed market, probably at the state level, probably divided up by drainages (drainages with more abundant water will have cheaper water; if this creates an arbitrage opportunity for someone to pipe water between drainages, great!).

Yes, this would probably put the alfalfa farmers out of business, but that's good because growing alfalfa in the desert is a bad idea. It might also raise the price of local produce, but that's as it should be, putting agricultural water use directly in competition with other water use. If prices go up, people will find ways to be more efficient. Farmers may switch to drip irrigation. If you build too many houses for the available water supply, well, those houses are going to have very expensive water and residents are going to want to find ways to conserve -- and maybe the high cost of water will disincentivize new move-ins.

The bottom line is that efficiently allocating scarce resources is what markets are good at. The problem with water isn't that there are too many people or not enough water, the problem is that we don't properly allocate the water or encourage conservation in the right places. Trying to fix this through regulation rather than market pricing will always be subject to regulatory capture and will never be as efficient or as effective as just enabling a competitive market and letting it work.

Comment Re:No wonder (Score 0) 76

Based on the description it also includes images and maybe video. So deepfake porn of people without their consent, and without adequate regard of age.

Yes, they toss some stuff into system prompt to 'promise to be a good boy', but as an *enforcement* strategy, that's been demonstrably a poor mechanism that gets worse with nuance.

Comment Re:Good. Now copyright terms (Score 1) 91

There is more than one study and more than one way to look at it. Especially for streaming, having a catalog matters, especially for the smaller artists who will never have a charts-level hit:

"In 2024, nearly 1,500 artists generated over $1 million in royalties from Spotify aloneâ"likely translating to over $4 million across all recorded revenue sources. What's remarkable is that 80% of these million-dollar earners didn't have a single song reach the Spotify Global Daily Top 50 chart. This reveals a fundamental shift from hit-driven success to sustainable catalog-based income, where consistent engagement from devoted audiences matters more than viral moments or radio dominance."

https://cord-cutters.gadgethac...

Also don't forget that many studies such as DiCola's "Money from Music" focus on the superstars and the big hits. That is true, the charts pop music generates 80% or so of its income within the few weeks it stays in the charts and then drops of sharply.

Honestly, I don't care about the charts and superstars. They wouldn't starve if we cut copyright terms to six weeks. I do care about the indie artists that I enjoy. Who after ten years get the band back together for another tour through clubs with 200 or 500 people capacity. I'm fairly sure they would suffer if the revenue from those albums disappeared. And disappear it would. Maybe fans would still buy the CDs from the merch booth, but Spotify would certainly not pay them if it didn't have to.

Comment Funny... (Score 1) 75

Funny that they list 'passkeys' as a proof of human. Peel it back and a passkey is like an ssh keypair. They *could* try to employ attestation to limit to 'blessed passkey vendors', but it's going to be a tough scenario at all.

If folks are determined to 'bot' it up, a pretty legitimate passkey can be part of that. It was never designed to serve the purpose of proving 'human' interaction.

Slashdot Top Deals

Money cannot buy love, nor even friendship.

Working...