• 0 Posts
  • 634 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle




  • Gotcha so you’re abstaining this election. That’s fine and your choice not to vote, but it also means you don’t get to complain if Trump wins (or Harris for that matter).

    As long as we have first past the post, we will never have a 3rd party candidate win.

    And you’ll be dead in the same amount of time.

    If you honestly believe Harris would do as much damage to this country as Trump would, you’re either one of the dumbest people I’ve ever met and there’s nothing more to say, or you just woke up from a coma that started in 2016 and haven’t caught up on anything that happened since then.


  • Our voting system is first past the post which means there are only two political parties, Republican or Democrat. If you happen to like the Republican or Democrat congratulations you get to actually vote for someone. For the rest of us our only option is voting against someone. If you hate the Republican more vote Democrat. If you hate the Democrat more vote Republican. If you don’t actually care whether the Democrat or Republican wins you can abstain by either staying home or voting 3rd party, the outcome is identical either way.

    If you don’t like this there is exactly one solution and that’s supporting efforts to get rid of first past the post voting, anything else is useless.

    If the Dems will not and cannot save us, if we have a gaping bullet wound and all they can offer is a wet band-aid, then we must find another solution.

    I’ll take the wet bandaid over the guy reloading to finish the job thank you very much.








  • That would run face first into proprietary info and corporate classified info.

    Behold all the fucks I do not give. If it’s that critical they lose all claim to being proprietary. It’s just like patent, there’s no such thing as a secret patent, so anything that safety critical doesn’t get to stay secret either.

    Regulation won’t detail what a company does to that level. They might say something like “fasteners shouldn’t come loose” but it wouldn’t have a torque spec.

    It doesn’t now but it’s utterly trivial to fix that. Just make the regulations say that components must meet the manufacturer specifications and require manufacturers to publish and maintain all the specifications of all safety critical components. If they want to keep it secret then that means it’s not safety critical and they’re responsible for any accidents resulting from its failure.



  • It’s because layering doesn’t really gain you anything so it only has downsides. It’s important to differentiate encryption and hashing from here on since the dangers are different.

    With hashing, layering different hashing algorithms can lead to increased collision chance and if done wrong a reduced entropy (for instance hashing a 256 bit hash with a 16 bit hashing algorithm). Done correctly it’s probably fine and in fact rehashing a hash with the same algorithm is standard practice, but care should be taken.

    With encryption things get much worse. When layering encryption algorithms a flaw in one can severely compromise them all. Presumably you’re using the same secret across them all. If the attacker has a known piece of input or can potentially control the input a variety of potential attack vectors open up. If there’s a flaw in one of the algorithms used that can make the process of extracting the encryption key much easier. Often times the key is more valuable than any single piece of input because keys are often shared across many encrypted files or data streams.


  • Banks usually have the absolute worst password policies. It’s typically because their backend is some crusty mainframe from the 80s that limits inputs to something absurdly insecure by today’s standards and they’ve kicked the upgrade can down the road for so long now that it’s a staggeringly monumental task to rewrite it all. Thankfully most of them have upgraded at this point, but every now and then you still find one that’s got ridiculous limits like a maximum password length of 8 and only alphanumeric characters (with no 2FA obviously).




  • A KDF is not reversible so it’s not encryption (a bad one can be brute forced or have a collision, but that’s different from decrypting it even if the outcome is effectively the same). As long as you’re salting (and ideally peppering) your passwords and the iteration count is sufficiently high, any sufficiently long password will be effectively unrecoverable via any known means (barring a flaw being found in the KDF).

    The defining characteristic that separates hashing from encryption is that for hashing there is no inverse function that can take the output and one or more extra parameters (secrets, salts, etc.) and produce the original input, unlike with encryption.