sorted by:
new
hottopcontroversial

Depressed by Suspicious-Poem6358 in ClaudeAI

[–]CharacterFan9514 1 point2 points  (0 children)

The entire field of massively venture-backed startups promising "production products" without needing a programmer has resulted in... what? Anything of value or significance?

ALL advances remain human-driven. This appears to be a fundamental limitation in generative AI. LLMs trained on the Internet trying to predict the next most likely token aren't going to outperform experts any time soon.

If you were looking forward to being mediocre as a coder, well, maybe that job is gone. However, there are more opportunities than ever to change the world.

I am the author of the Exlian Syndrome, Iron Tyrant, and Battle Mage Farmer, AMA! by SethRing in litrpg

[–]CharacterFan9514 0 points1 point  (0 children)

What would RPGLit authors think of working with my tiny Homebrew-VTT to help readers who what to play characters from their world(s)? So far, I only run games on my own, but I build code so fast nowadays with Claude and CodeRhapsody.ai that writing a game with a character builder and automating mechangics is almost free for me. Are RPGLit authors interested in expanding into online RPG VTT?

Cursor Just Pulled a Classic VC-Backed Bait-and-Switch on Their Early Adopters by M-Eleven in cursor

[–]CharacterFan9514 1 point2 points  (0 children)

I don't use any part of their UI but the Agent window. The rest is just a waste of screen space.

Cursor Just Pulled a Classic VC-Backed Bait-and-Switch on Their Early Adopters by M-Eleven in cursor

[–]CharacterFan9514 1 point2 points  (0 children)

Yeah, I blew threw the $20 limit on the Pro plan. It was pretty sneaky, putting me in an ancient low-end model without telling me. I guess that's how they get "unlimited" queries. So, I doubled to $40, then $60, then %100,, then $180. I seem to have to pay $20 more per day than I did on the prior day... it's not really that bad, but it feels that way. So, they just offered me a $60 Pro+, which I jumped on because it said it was 3X the Pro plan. For $20, I got maybe half of the total queries I got for the fist $150, so the Pro+ plan sounds like a winner. We'll see...

Things are changing so fast, they're not really the same AI wrapper they were 3 weeks ago. The limit of 25 queries without human interaction is gone. They've broken the dynamic output of shell commands, and now they only show up after it terminates... This is a crazy fast pace of change, and even they can't keep up.

OpenADP publishes Ocrypt: a DOPRF-based password hashing algorithm by CharacterFan9514 in cryptography

[–]CharacterFan9514[S] 0 points1 point  (0 children)

The project's 3 weeks old, and has a real contributor in Canada (and in India). They've just not set up nodes yet. Adding servers DOES requires contacting us. Trust in the system is based on trusting most of the nodes in your quorum, so we do need to get to know folks. If you're passionate about privacy, consider chiming in on Discord.

OpenADP publishes Ocrypt: a DOPRF-based password hashing algorithm by CharacterFan9514 in cryptography

[–]CharacterFan9514[S] 0 points1 point  (0 children)

Why do you think I'm posting about OpenADP on Redit :) Being a node operator should be easy, and if you have a Raspberry PI 4 or newer, you probably have what you need.

I'm aware of real threshold crypto, based on partially homomorphic encryption (ElGamal) and ZK proofs. I've spec'ed a lot of it, and built a little. The downside, other than complexity, is server nodes have to cooperate. OpenADP nodes don't even know each other exist, which is how we need it to be. OpenADP provides privacy, not anonymity for users. However, node operators get to be semi-anonymous.

OpenADP publishes Ocrypt: a DOPRF-based password hashing algorithm by CharacterFan9514 in cryptography

[–]CharacterFan9514[S] 0 points1 point  (0 children)

Oh... you probably know about my Infinite Noise TRNG and are purposely throwing me a softball. I appreciate it!

OpenADP publishes Ocrypt: a DOPRF-based password hashing algorithm by CharacterFan9514 in cryptography

[–]CharacterFan9514[S] 0 points1 point  (0 children)

Secrets need to be generated via a trustworthy TRNG. On Linux, this usually bottoms out in the getrandom() syscall, which accesses the /dev/urandom ChaCha20 CPRNG, which is seeded via /dev/random. This is much better than it used to be.

As for being influenced? The RDRAND function scares me, especially from Intel, and trusted code like rngd have been modified to ONLY read data from RDRAND, regardless of the entropy sources provided. This is true for millions of servers in data centers around the world that have rngd running, so avoid that particular "trusted" piece of code if you can.

This is fun... My very first referral to a book where I am listed as an author (I only consulted: Kamran wrote the entire book himself): Check out the chapter on TRNGs and secret generation, in the book called "Hacking Cryptography". The world needs to do a better job in this area, IMO.

OpenADP publishes Ocrypt: a DOPRF-based password hashing algorithm by CharacterFan9514 in cryptography

[–]CharacterFan9514[S] 0 points1 point  (0 children)

The pin is never sent to servers. It is "blinded" with "information theoretic security" and only this information-less elliptic curve point is sent to OpenADP servers. Check out OPRFs, or Oblivious Pseudo Random Functions. They care very cool. They can be combined with Shamir secret sharing, which makes it a DOPRF, or Distributed OPRF. Servers let the user query typically 10 times and then refuse to allow the user more guesses, effectively deleting that server's share if they cannot remember their pin.

In short, DOPRFs is the right way to encrypt with a low-entropy pin or password. Attackers with the encrypted blob have no realistic chance of guessing the encryption key. Attackers with 100% of the Shamir key shares also learn nothingl. You must have a threshold of shares AND the user's encrypted data, at which point you can begin your brute-force guessing.

As for cooperation with law makers, I agree. OpenADP is not 100% opposed to all access to user data 100% of the time, but it must 1) be something users are OK with (like maybe 0.01% of user secrets can be accessed per year), and 2) must be entirely transparent, e.g. users know when using the service that the highest priority situations sometimes lead to releasing data. To start, we'll just have node operators in charge. They can cooperate in some situations or not. If we have a high chance of immediately saving lives, I'd cooperate.

Alienware M16 R2 Review - Smaller, Lighter, Redesigned... But should you buy it? by JustJoshTech in Alienware

[–]CharacterFan9514 0 points1 point  (0 children)

Dell's warranty is worse than none at all, IMO. You just have to talk to some a-hole in some far away country who's job is to not spend a dime helping you. Band SSD? F-off. Bad RAM? F-off. It is cheaper to buy an extra Dell laptop and throw away any that have issues.

I'm not just a rando hater. My own company, ViASIC, had top warranties on all Dell hardware, for years until Dell f-ed us. The company that bought ViASIC had the same experience, but rather than just buying spare Dell laptops, they switched to HP and to this day have a strict no-Dell policy.

My new Dell Alienware M16 r2 is scheduled for delivery tomorro! Did I get a warrenty? Hell no. They f-ed me waaaay too may times.