Phil

@Artoria2e5 @vxunderground That’s exactly the point - this attack substitutes those constants for ones chosen by the attacker. S & F demonstrated the feasibility of this by substituting their own constants in Dual_EC_DRBG & then showing that they could recover PRNG state from output.

@pharmst @vxunderground no, you don’t understand. Under S & F (2007) the unexplained public constraints in dual ec act as the public key in the system for RNG state leakage.

1. Not true. Minor exception. This is a long-standing conspiracy dating back to the very inception of malware, in essence the idea governments and anti-malware vendors are cooperating with each other for espionage. The reality is this is simply improbable. Not every anti-malware vendor resides in the United States and not every anti-malware vendor has to cooperate with the United States government. Additionally, some anti-malware services may feel hostile toward the United States government and actively disregard any form of communication. However, there have been some instances where the United States government has partnered with anti-malware vendors and/or security companies to target high-profile targets (sex traffickers, terrorist organizations) and requested assistance. It would not be outside the realm of possibility to intentionally insert an exception in highly targeted operations. This has been semi-documented in the past whereas Google identified a malware campaign in the Middle East and it was discovered to be a United States military operation targeting individuals believed to be part of ISIS. Finally, Magic Lantern is old. It is old as dirt. It was discussed in the early-2000's. Malware has changed a lot since then. The anti-malware industry has changed a lot. This sort of operation (wide spread espionage via malware) just isn't really possible without global cooperation, including China and Russia. 2. Not true. Long standing schizo theory. Google it. Even real privacy schizos know it's not true. The concern arose when security researchers identified a debug switch in INTEL ME. Additionally, if this were true, network traffic monitoring software would identify this. There is also open source solutions, you don't need INTEL ME or anything else. The exception to this is when the United States government intercepts hardware and places malware on it or intentionally modifies it. This is true. 3. Partially true. There is some speculation, but basically the NSA recommended Dual_EC_DRBG to vendors as a standard despite criticism of it and known vulnerabilities in which could allow exploitation. Basically, the NSA was recommending a known bad thing. 4. No idea. I don't do anything with frequencies and radios. 5. This is true. 6. This is true. However, this is not exclusive to the NSA. 7. Partially true. The United States government owns a bunch of Tor nodes and monitors it, the monitoring however is for entry and exit of Tor. However, this cannot easily identify you. If this were the case then there would be much less child pornography and fentanyl sales on Tor. Additionally, they would use this to heavily crackdown on ransomware groups. Most of the time people are caught on Tor from information leaking from Tor (long story, basically cookies) 8. Partially true. It has been documented several times large tech organizations are aware of critical exploits and (based on existing contracts with them) may notify them before anyone else due to the risk to critical infrastructure of the United States. Microsoft has big contracts with the United States. This isn't a surprise. Furthermore, it was been speculated heavily that Microsoft has delayed patches to aid the United States military in offensive cyber operations (APT NightEagle) 9. This is true. However, to the extent they can "take it over" is ambiguous because your cars electronics and GPS are not connected to your steering wheel. 10. IoT is a huge piece of shit and is compromised all the time. Seriously, don't use IoT devices. 11. No idea.

@Artoria2e5 @vxunderground & even better, the NSA can’t decrypt it because they don’t know the keys! Irony of ironies, etc. It’s quite possible multiple intelligence agencies worked this out for themselves. The NSA are not the only ones with access to competent mathematicians after all.

@Artoria2e5 @vxunderground The firmware will be signed by the manufacturer & will install perfectly because in all other respects it is 100% original. But now you can decrypt all material encrypted by this device using Dual_EC_DRBG as a source of randomness.

@vxunderground (Rumour has it that the Chinese worked this out & hacked the vendors in order to replace the key material in vendor firmware with their own. NSA were locked out but couldn’t admit that it was happening because that would reveal their own backdoor.)

@vxunderground The point of 3 is that the NSA strong armed RSA into recommending Dual_EC_DRBG because they had chosen the key material by influencing the standards & therefore had the keys that would decrypt traffic using it. It was a “nobody but us can decrypt this” backdoor.

People need houses. They especially need houses right next to train stations. We should absolutely be building housing here & to think otherwise is to do down Britain. Show a bit of patriotism!

@chalkey1973 Bank might be happier if the payment went to a business account? In the past I’ve paid the factors directly to get round this problem. It’s a bit safer for everyone that way - joiner doesn’t need to front up the cash & I knew it was going straight to the supplier.

A mate of mine who's a joiner priced a job up to supply and fit a full house of doors, told customers 50 % up front to cover materials. The rest on completion. Customers went to the Halifax bank in town today. Bank wouldn't transfer payment . Stating this could be fraud

1/3 + 1/9 + 1/27 + ··· = 1/2. The proof is in the picture. No words needed.

@Adriftatsea3 @_baldtires “when it catches fire, again” == whole lot of nope from me. What’s the plan for if/when it catches fire & you’re not in the office !?

for 10+ years i've kept 50kwh of random EV lipo in the corner of my office - grid tied, orion bms, and on a pallet jack ready to push outside *when* it catches fire (again). And 25kwh in a golf cart w/ no bms. *not worth stressing over fire* + future insurance claim when rackmount lifepo4 is so cheap now and 'safe'. also nearly every aftermarket bms sucks to the point of being dangerous

my mind's telling me no

@CollinsofYork @AnalyticaCamil1 The UN coalition sent more than 500k troops into Iraq in 2003, approx 450k from the USA. 2500 marines is ... not that.

@AnalyticaCamil1 Same thing was said when Saddam had a 650,000 strong army.... But I agree with you, I don't think the plan is to invade the Iranian mainland, else the entire US army will have to be mobilised for it. I think Kharg Island will be taken.

Genuinely, just cut this shit out. This is the same variety of jingoistic hubris that lead to the Russian military getting its teeth kicked in 30km outside of Kyiv. 99% of USMC’s successful reputation is a product of its very smart and very aggressive war planners (arguably the best in DoD), and I can almost guarantee to you and everyone else that they’re looking at this proposed operation and trying their best not to look at the White House and tell them to “go fuck yourselves with a rusty pipe.”

I like the graphite suppliers but my favourite is definitely the woman with the warehouse of engines who likes to sing.

@Merridew__ This_is_fine.gif

If you get deep enough into TikTok your feed becomes mostly Chinese commodity wholesalers

@simonw I refuse to believe that quantising down to 2 bits per weight & reducing the number of experts doesn’t measurably impact the quality of the output.

Dan says he's got Qwen 3.5 397B-A17B - a 209GB on disk MoE model - running on an M3 Mac at ~5.7 tokens per second using only 5.5 GB of active memory (!) by quantizing and then streaming weights from SSD (at ~17GB/s), since MoE models only use a small subset of their weights for each token

@danveloper @simonw So you didn’t run any of the standard tests at all?

@simonw Empirical with Opus doing the sanity checking. I’m not sure 2-bit quantization even mattered that much in the end… it was an earlier test, so I’ll probably revert that and see how it does with regular 4-bit. The k=4 was a binary search by Claude, checking the quality each time.

@salr_nyc @bennpeifert Even better if you have tenants or contract workers to do the actual farming for you so you can concentrate on your aristo / trad wife cosplay.

@bennpeifert Its great if your family inherited 10s of thousands of acres of farm/ranch land

for the bait-posting tradwife crowd

@afrack58966 @dicatticat36219 @APHClarkson GNI does not remove the distortion: en.wikipedia.org/wiki/Modified_… The Irish government uses their own GNI* measure which attempts to remove the false foreign income. It’s about 60% lower than measured GNI & is still thought to be an overestimate.

@dicatticat36219 @APHClarkson Ireland's GNI (which removes the distortion) is more than double UK GNI per capita ($112,895 v $53,246).

One of the more amusing aspects of American St Patrick's Day discourse is how so many in the US still don't seem to have processed how Ireland's per capita GDP is higher than the UK's. The plucky Irish are now richer than the imperious Brits.

@breadandposes It’s solved, but the expense of that solution really ought to be included in any accounting of wind & solar costs for those demands that care about continuity of supply. The UK government has estimated the cost of gas generation at 10% utilisation & it’s painfully expensive!

Intermittency is a solved problem though.

@landlord_secret This document was published last Sep, so I suspect the AML/KYC eye of Sauron has turned to Estate Agents in the last year or so: gov.uk/government/pub…

I've just booked a valuation with an estate agent and been asked to provide proof of ID and address. Is this a new thing? (wasn't asked this last month!!)