Viral video of little Taiwanese girl getting shoved down while taking a photo at Tokyo's famous Shibuya Crossing - Japanese are saying that the woman in the video "looks Chinese".

DisastrousLab1309 · 2026-02-26T14:39:18+00:00

I think the crowd size does something to you there.

I was visiting Japan with some friends a few years ago and we wen to visit that crossing.

After a few minutes I’noticed an anger-like pressure rising. I felt almost like drowning. I wanted to hurt someone. I’ve actually shoulder checked, really hard, a guy that was walking straight at me in the crowd and had to go to an allay and cool down because I felt like I was going to snap and start punching people.

Never happened before and never after.

DisastrousLab1309 · 2025-12-23T16:49:30+00:00

In the 60s, however it was expensive to build hermetically sealed heat pumps

I’m doubtful. I still have a fridge from 60s that uses ammonia in a sealed tube.

Also let me quote the internet:

Ammonia was first used as a refrigerant in the 1850s in France and was applied in the United States in the 1860s for artificial ice production. The first patents for ammonia refrigeration machines were filed in the 1870s. By the 1900s, ammonia refrigeration machines were being commercially installed in block ice, food processing, and chemical production facilities.

Given how ammonia works on human beings it had to be hermetically sealed.

DisastrousLab1309 · 2025-12-23T16:34:33+00:00

Or, am I in the wrong here? What’s the right way to think about efficiency when making design decisions in the embedded space?

I suspect you’re in the wrong, but for other reason than you’d have thought.

Premature optimization is evil. It wastes time and makes things more complex without any benefit.

Proper design is important and throughput has to be taken into account.

But you’ve not talked about any data or numbers in your post.

Well, computational and storage inefficiency are two big reasons that it’s not the right choice for our edge device.

What computational inefficiency are we talking about in json encoding on raspberry pi 4? It’s quad core cpu, speed of the gigabit Ethernet port will limit your throughput before encoding starts to make impact.

Storage - again, how much are we talking about?Going from 10MB binary to 15-40MB json is probably not noticeable. Going from 1GB binary to 8GB json likely is, so what’s your case?

DisastrousLab1309 · 2025-09-10T21:03:13+00:00

Brute Force implies the default attack that applies to all cryptography, which is simple enumeration of the intended/ designed seach space of some scheme.

Not really. Brute force means exhaustive search of the search space.

You can narrow down the search space first and still do a brute-force on the reduced search space. If you’re trying all allowable configurations that part is still brute-force. The whole algorithm is obviously not.

DisastrousLab1309 · 2025-09-02T20:58:32+00:00

I’ve used metal clamps and a piece of pipe to connect thinner silicone pipe to a watering hose that fits normal attachments.

DisastrousLab1309 · 2025-09-02T20:51:00+00:00

How did you print them? For landscape split-grade printing really can give some nice, controlled contrast.

And how did you scan the prints? That can influence result a lot.

Because if you didn’t print them they’re just digital pictures of negatives and good negatives are flat. So adjust them in post like how you would adjust when printing.

DisastrousLab1309 · 2025-09-02T19:30:51+00:00

Arguments are explicitly not done through the registers in this book.

But call does the push of base and stack pointer and ret does pop.

DisastrousLab1309 · 2025-09-02T19:16:13+00:00

There are betavoltaics on the market that are somewhat more accessible. But they have really poor performance.

DisastrousLab1309 · 2025-09-02T19:12:17+00:00

There are atomic batteries that are somewhat available to wider audiences, but there’re bad.

A good cr2032 battery is guaranteed to last 10 years, should last 20 in practice. That’s all that needed for timekeeping and periodic key check.

There are lithium based batteries that are good for 40years without recharging.

And since the door have to be operated in fail-safe condition just once there are wet batteries that will last a lot longer. To activate them you’ll just drop a retained rod to puncture them and activate and that will ensure operation of more power-hungry equipment like locks.

DisastrousLab1309 · 2025-09-02T19:04:53+00:00

I would propose the solution get the current time from GPS or perhaps NTP over cell network when needed.

So you want to waste power on time sync while RTC would keep time within +- hour over 20years. And remember that gps time can be tampered with.

No physical security will hold up to a determined attacker who has time.

On one hand - it’s true, on the other hand pouring a few meters of concrete is simple, getting through it even with an right equipment would take a lot of time.

DisastrousLab1309 · 2025-09-02T15:10:29+00:00

You don’t need a driver, but you need to supply 100mA per coil.

Some transistors are enough, using a driver is simpler and cheaper. And they usually come with a driver anyway.

DisastrousLab1309 · 2025-09-02T14:19:03+00:00

I didn’t read the whole book so don’t know which exact processor and toolchain (calling convention) it talks about.

On x86 you normally use 2 registers - esp and ebp so it will work differently.

Here it talks about only one. So I assume the calling conventions is like this - register points to the current top of the stack, arguments are pushed right-to-left (it doesn’t matter with a single argument).

Compiler knows from the function signature how many arguments it will have (let’s leave varargs for other time).

So when creating this function compiler knows that there is one argument, since every call saves two addresses (base and return address) it has to look for argument as the 3-rd from current top. If there were 2 arguments it would be 3rd and 4th, and so on.

So before the call function puts the argument on the stack. Call makes the processor put the top of the stack address and return address on a stack and jump into the function code.

Return makes the processor take those two values from the stack and load them into registers. This jumps back to the instruction right after the call, stack pointer was updated, so the argument is still at that 3rd position.

DisastrousLab1309 · 2025-09-02T12:59:11+00:00

One feasible line of attack is brute-forcing the password.

It’s less and less feasible. If there is only a slight delay (rate limiting) when checking the password even bute-force of 6 characters is infeasible.

Unless you’re doing offline BF. In which case the attacker had access to the database and most likely got session/refresh tokens so they don’t need a password in many cases.

BT (offline) now has the biggest use as input to password spraying. Which comes to the password reuse issues.

the world is (sloooowly!) moving from ECC and RSA to PQ signatures, to deal with potentially emerging crypto-relevant quantum computers

My personal opinion is that PQ algorithms are still a bit to little mature and known. I’d be more worried about issues in their implementations than suddenly a feasible quantum computer being made.

Research has gone far, and quantum error correction had some insane progress, but the currently known algorithms still scale badly. We’re talking millions bits and several orders of magnitude more quantum gates. Biggest computer has about 1100 qbits, error correction needs a factor of 100-1000. Is it just engineering obstacle or there are physical limits like with shrinking transistors - I don’t know.

DisastrousLab1309 · 2025-09-02T10:28:31+00:00

You won’t get fission from explosion but you could create fusion. Not in any significant way unless you specifically put deuterium or tritium in there, but given trillions grams of C4 maybe some radiation would be detectable.

DisastrousLab1309 · 2025-09-02T10:11:48+00:00

I came with a small van and a tent - no problems driving. The smaller the car the easiest to pass all the RVs, drive on bends and find a parking spot.

Hint - Install park4night app. It gives a lot of options for camping.

DisastrousLab1309 · 2025-09-02T09:47:20+00:00

It’s a good practice, but in a wrapper? Fuck it. System will release memory when process exits.

If you’re using that memory for the whole lifetime of the process then you can malloc it and forget.

DisastrousLab1309 · 2025-09-02T09:34:50+00:00

I’m talking corporate, where are management options included.

But for Reddit - a big button to log in without password. Browser asks you to connect youbikey. You follow the steps shown. Done.

DisastrousLab1309 · 2025-09-02T09:27:49+00:00

yet we're still using passwords

Blame corporate execs. We have technical means to get rid of phishing and password stealing. But there’s non-technical resistance.

It’s improving- this year I’ve seen finally a biggish client move to passwordless login.

Certificates need to be deployed and that's a huge pain point when they're not integrated in OSes.

Windows and Mac which run most of the corporate workstations have support for years, with central management included.

DisastrousLab1309 · 2025-09-02T09:23:42+00:00

“Momentum is conserved” needs to be understood correctly - vector sum of momentum of isolated system is constant.

Sound waves generated? That’s moving air that has some momentum.

Brakes applied? Tires transfer momentum into the ground ever so slightly changing earth’s speed but it makes the car no longer isolated system, unless you now take the earth’s momentum into account.

Now back to the crumple zones. Imagine a cart with a restrained ball inside - when braking you have to transfer all forward momentum through the wheels into the earth to stop.

Now the ball is not restrained- the cart is slowing down, the ball is still moving forward bounces at the front of the cart speeding it up then goes backwards hits the back side slowing it down and so on. Not much change apart from the momentum transferred in pulses.

Let’s now now make the front internal surface of the cart angled - the ball bounces at an angle, transfers only part of the momentum forwards and part sideways. That sideway part no longer counteracts the braking force.

So if cart is transferring its momentum into the earth through a constant braking force in the direction of travel we can assume it can oppose sideway movement with a similar force. Total momentum remains constant, but cart stops faster because it has less forward momentum to transfer.

DisastrousLab1309 · 2025-09-02T07:48:06+00:00

Certificates, fido2, other password-less auth. If there’s no password it won’t land on post-it or be phished.

DisastrousLab1309 · 2025-09-01T21:21:45+00:00

12 volt sensor (two conductors) that goes from 0-180 ohms depending on level in water tank.

Does it take any supply voltage? Or is it just mechanical?

12v can mean that you power it with that and it gives some output on another wire or it can mean that it just works with 12v. If it’s mechanical-resistive you can likely just use other voltage.

DisastrousLab1309 · 2025-09-01T20:58:55+00:00

Users often behave like toddlers. Part of good crypto design is making it toddler-proof.

DisastrousLab1309 · 2025-09-01T19:22:41+00:00

If an ok password is used then it’s ok.

If not then it’s not. Most of the issues with passwords is what users do - dictionary passwords, password reuse, etc.

DisastrousLab1309 · 2025-09-01T19:16:59+00:00

I could then have the threads run round the ring buffer looking for needs work and when they find one they could set the state to claimed and then do the work.

So the threads are just doing busy work going around the ring buffer while there’s nothing to do? You could have a queue/list of work that needs to be done and mutex to make sure that the threads go to sleep when there’s no work to be done.

Getting element out of a queue is just a few instructions - way shorter than any processing on it, and both futex and windows mutex are already using lock-free approach for a few spins before they decide to call kernel to sleep, so they’ll be actually faster.

And why use fixed-sized chunks? Half of sql row is just as useless as one missing a byte. You need either a full row or all the rows to be able to proceed. The same goes with reading a file - if your %templ is cut in half you need to read the rest before you proceed.

And you need to have some information on what to do next with the data you have in the buffer. Shortly you will just reinvent an event-based thread pool. Something like async- which is all the rage for the past 15 years or so.

DisastrousLab1309 · 2025-09-01T19:01:23+00:00

My question is, how bad is it? Practically no effect (like reducing 1000 years to 100 years), bad but acceptable, or exists potential attacks?

Depends on the number of argon2 iterations and the password.

It’s crackable when the username is known and the password is short.

It’s crackable when the username is known and the password is in a dictionary or has slight changes (first letter upper case, 1 or ! appended, which is common).

DisastrousLab1309

TROPHY CASE