khalid_salad
Noted going forward. Sorry about that! ❤
The way Checkers was solved was actually pretty cool. That he dismisses chess for this reason (even though it hasn't even been solved) speaks to the kind of dorky dipshit he is.
PS: this solution was considered AI in 2007.
[Schaeffer] carried out a mere 10^14^ calculations to complete the proof in under two decades. “This pushes the envelope as far as artificial intelligence is concerned,” he says.
Without knowing why you think they suck, it’s hard to say. I like having unphishable uncopyable credentials, and it irritates me that they aren’t more widely supported. On my desktop or laptop, they’re less irritating than TOTP, for example, which is neither unphishable nor uncopyable but much more widely used.
I've come around a bit since posting yesterday (after looking into the various hardware key options, like OnlyKey). The biggest issue I have is that the firmware cannot be updated (which I realize is somewhat a matter of taste regarding your threat model). Other than that, it's the added complexity of "use this physical device" and the concern I had about recovering accounts if I lost the Yubikey. Their page on spare devices does not inspire confidence.
Whilst there isn’t really such a thing as “too secure”, it is the case that things like passwords are not infinitely scaleable. Something like yescrypt produces 256-bit hashes (iirc) so there’s simply no space to squish all that extra entropy you’re providing into the output… it might not be any more secure than a password a quarter of its length (or less!).
128 bits of entropy is already impractical to brute force, even if you ignore the fact that modern password hashes like yescrypt and argon2 are particularly challenging to attack even if your password has low entropy.
Fair point! I chose 128 because it's the maximum allowed in Bitwarden (if it's going to be copy-pasted anyway, who cares). Assuming I didn't fuck up basic math, the entropy of a passphrase of length n selected uniformly at random from characters in A is given by nlog|A|, so to reach 128 bits of entropy with 70 chars (lower + upper + digits + special) requires a passphrase of length 21.
A note to the effect of:
You have basically no control over how Apple handles your data. When iOS users opted out of data collection, Apple still collected the data, they just didn't allow third-party access to it.
is a good idea if I ever do recommend a Mac.
I believe ungoogled-chromium does have MV2 support. Unfortunately, there are still real security concerns with Firefox. The good news is that Trivalent (a hardened version of Chromium developed by the Secureblue folks) has ad/content blocking built in. I am still mostly using Firefox, but the small amount that I have used Trivalent has been good.
Spent the last week playing with some security shit (thinking about a career change, since it looks like I will be mastering out of my PhD program) and fuck me everything about hardening your personal devices is exhausting. We are nowhere close to accessible privacy and security in our computers. The best solution right now may be "buy a Macbook and learn MacOS", which is so depressing.
Still deciding on a web browser. Used to be I could recommend Firefox because Righteous-Opposition-to-Google, but that doesn't really track anymore with Mozilla's behavior. Now I guess I would recommend Chrome, but it feels so gross (and I am unsure about things like Ungoogled-Chromium, for security reasons).
the basic laptop hardening
- Install Fedora Silverblue
- Be sure to set a good LUKS password
- Set a BIOS password and disable USB booting
- Rebase to secureblue
- Follow the Post Install Readme
- I personally couldn't figure out how to set the GRUB password. I will probably get around to it eventually.
As far as passwords, the only password I have to memorize is the one to my Bitwarden vault. Everything else is stored in Bitwarden. The passwords (except for my phone PIN) are 16 characters if I ever need to type them in manually (e.g. LUKS password), whereas passwords that will always be copy-pasted are 128 characters. I am looking into integrating a yubikey, but am leaning towards "fuck that shit, why would anyone actually want to use this?" If anyone here has comments on this (am I missing an obvious pitfall? do yubikeys suck as much as it looks like they suck?) I would be happy to hear them.
- I personally couldn't figure out how to set the GRUB password. I will probably get around to it eventually.
Anyway tl;dr is I spent the last week hardening all my devices and it sucks. In some cases it was a complete waste of time (my Steam Deck does not appear to have a way to set a password in the BIOS). In other cases (e.g. my Framework), it was probably worth it but a deeply terrible experience.
also which issues
I know this one!
- lefty on weed or sex work or w/e
- but fuck identity politics and what is this ladder doing here
I have the outline of a write-up about about category errors and measuring proxies (e.g. reported sexual orientation). I think I am a poor writer but the only critique I've ever gotten was from a "colleague" who writes like he gets paid by the word^1^. I will consider sharing the post once it is finished. ❤
1: one rejection on a collaboration with this guy was essentially "have you nerds heard of 'brevity' or 'wit'?"
from computer scientists 😭
Well, this Andy dipshit gave an absolute dogshit apology on reddit.
Snippets below:
sophistry and bullshitting
First, while the X post was not intended to be a political statement, I can understand how it can be interpreted as such, and it therefore should not have been made. While we will not prohibit all employees from expressing personal political opinions publicly, it is something I will personally avoid in the future. I lean left on some issues, and right on other issues, but it doesn't serve our mission to publicly debate this. It should be obvious, but I will say that it is a false equivalence to say that agreeing with Republicans on one specific issue (antitrust enforcement to protect small companies) is equal to endorsing the entire Republican party platform.
andy doesn't know his head from the DNC mascot
Second, officially Proton must always be politically neutral, and while we may share facts and analysis, our policy going forward will be to share no opinions of a political nature. The line between facts, analysis, and opinions can be blurry at times, but we will seek to better clarify this over time through your feedback and input.
The exception to these rules is on the topics of privacy, security, and freedom. These are necessarily political topics, where influencing public policy to defend these values, often requires engaging politically.
The operations of Proton have always reflected our neutrality. For example, recently we refused pressure to deplatform both Palestinian student groups and Zionist student groups, not because we necessarily agreed with their views, but because we believe more strongly in their right to have their own views.
deleted this because i realized i can't even explain how email works, why am i proposing anything