More

some_furry · 2024-10-31T17:05:07 1730394307

So glad that we're boiling the ocean for this.

igravious · 2024-11-01T17:18:04 1730481484

we're not boiling the ocean; neither literally nor (more crucially) metaphorically

it's okay, we're not destroying the world and you're not a better person because you purportedly care about what humans are supposedly doing to the world and because you think the rest of us don't

JSDevOps · 2024-10-31T22:18:42 1730413122

That’s what I thought

some_furry · 2024-10-31T04:03:53 1730347433

> Without any third party dependencies (not even openssl or similar).

In your pursuit of "no dependencies", you made a classic blunder: making AES vulnerable to cache-timing attacks.

https://codeberg.org/ezcrypt/ezcrypt/src/commit/3268d71e80d3...

I'm not going to review the rest of your code. This is sufficient for me to recommend everyone run the other way screaming.

ezcrypt · 2024-10-31T07:52:34 1730361154

Thanks for having a look. The software implementation of AES is actually mostly a copy-paste of https://github.com/kokke/tiny-AES-c (see https://github.com/kokke/tiny-AES-c/blob/master/aes.c#L189 ). I have been meaning to replace and/or improve it. Even moderately modern x86 machines will always take the fast AES-NI path, though.

some_furry · 2024-10-31T10:21:55 1730370115

"mostly a copy-paste" is also known as a dependency

Look to BearSSL for inspiration for how to implement cryptography right

ezcrypt · 2024-10-31T12:26:58 1730377618

"also known as a dependency" - There are different kinds of dependencies. The ones I'm usually concerned with are the ones that cause you headaches when you try to get the software working on an exotic platform ten years from now. I've developed software for 30+ years, and along the way I have grown a strong disliking to external dependencies (be it Python packages, Boost C++ libraries, 3rd party C libraries or a hefty Mono or Java runtime).

Thanks for the reference to BearSSL - it appears to be very much in line with my own preferred design principles.

some_furry · 2024-10-28T19:56:49 1730145409

"We kill people based on metadata."

https://www.justsecurity.org/10318/video-clip-director-nsa-c...

SketchySeaBeast · 2024-10-28T22:00:09 1730152809

It's certainly powerful, but that wasn't the claim I'm asking about.

some_furry · 2024-10-27T14:57:56 1730041076

The thing stopping people from moving on from today's theories is there isn't a better one available to move onto.

Loughla · 2024-10-27T16:36:08 1730046968

That's the point I was trying to get across. It's not that they're perfect or even right. They're just the best we have. Like aether and 4 elements and miasma. It wasn't great but it's what we had.

haccount · 2024-10-27T18:06:28 1730052388

We have a suspect. We know he didn't murder our victim as he was abroad. But until we have a better suspect we'll still charge him for the murder.

How law would work if it followed your patten of how science supposedly operate.

Loughla · 2024-10-27T19:22:13 1730056933

I do not, legitimately, know how to respond to you now. That is just amazingly uninformed and ridiculous. Have a nice week!

some_furry · 2024-10-26T00:47:11 1729903631

Yes, but what about IPv6 over Amazon S3?

https://xeiaso.net/blog/anything-message-queue/

bcrl · 2024-10-26T01:59:26 1729907966

Time to pull RFC 1149: A Standard for the Transmission of IP Datagrams on Avian Carriers. https://www.rfc-editor.org/rfc/rfc1149

some_furry · 2024-10-25T20:37:12 1729888632

Well now whenever I hear "Jesus H Christ!" I know what the H really stands for.

pfdietz · 2024-10-26T12:18:17 1729945097

It's because when he saw the moneylenders in the temple he went all Bruce Banner on them.

thaumasiotes · 2024-10-25T20:46:10 1729889170

As far as I know, the best available theory is that it comes from the first three letters of the name "Jesus", IHCOYC, but there's no real support for that (or for anything else).

psychoslave · 2024-10-25T21:15:01 1729890901

First time I read about this middle single letter, must be some invention of Amerigo U Vespucci.

some_furry · 2024-10-26T00:44:56 1729903496

It was a joke, not an invitation.

some_furry · 2024-10-12T17:01:27 1728752487

HN mangles submission titles.

If you submit "Why I care" it'll decide that you meant 'I care".

If you submit "10 More Secrets in Pokemon" it'll decide you meamt "More Secrets in Pokemon".

Conversely, there's an entire cottage industry focused on writing attention-catching headlines, which results in patterns like what HN mangles.

If it's annoying, OP can edit immediately after submitting to overwrite the mangled title with the correct one.

some_furry · 2024-10-01T19:11:26 1727809886

https://support.github.com/contact/report-abuse?category=rep...

This should save some time hunting for the link in GitHub's UI

some_furry · 2024-09-30T03:06:47 1727665607

I'm gonna buck the trend a bit:

I'm not working on anything. I'm resting.

I'll resume my previous projects in due time, but for the next few days, I only have my employer's problems to deal with, and have none of my own.

some_furry · 2024-09-21T01:48:04 1726883284

https://youtube.com/watch?v=1FuNLDVJJ_c

This talk from Real World Cryptography 2024 is probably a good place to start.