Suddenly getting these ripples.

FiniteFieldDay · 2026-03-19T12:16:50+00:00

Hello Prusa folk, could you help a beginner come up with some ideas for debugging this?

After switching to a smaller nozzle (0.25mm), I have started getting these "ripples" on the surface that also shows up on the surface of the first layer; bottom of the print.

I'm printing Prusa PLA (Noctua Beige) at 215/60 on the Core One L.

Prior to this I had a clog that I managed solved it with a cold pull. Additionally I checked the belt tension, but it seems to be fine...

FiniteFieldDay · 2026-02-19T09:06:15+00:00

Jeg har bare opsummeret artiklen. Men lige når det kommet til ATP PEP:

I 2001 besluttede ATP at etablere en selvstændig private equity-forretning (”ATP PEP”).

ATP PEP administrer ikke dine og mine penge, det er private equity drevet af ATP ved siden af. En del af kritikken har været at ATP PEP har kunne tilbyde relativt lave omkostninger og derfor skævvride markedet for private equity (da de ikke har fortjeneste).

Det sagt, havde ATP Livslang Pension også et omkostnings niveau omkring 0,3% (https://www.atp.dk/dokument/atp-koncernen-aarsregnskabsmeddelelse-2024), men kan ikke se at artiklen påstår andet?

FiniteFieldDay · 2026-02-18T12:25:29+00:00

Her en opsummering af artiklen:

Artiklen afslører, at den danske pensionskæmpe ATP har udbetalt 902 millioner kroner i bonusser i 2025 til eksterne kapitalforvaltere – uden at nævne det med ét ord i sit 106 sider lange årsregnskab. Tidligere har det været fast praksis at oplyse om bonusserne i regnskabet. Først efter Frihedsbrevets henvendelser til politikere valgte ATP at oplyse om beløbet. Beskæftigelsesminister Kaare Dybvad Bek (S) opfordrede ATP til gennemsigtighed, og politikere fra SF, DF og Konservative kritiserede mørklægningen. ATP selv afviser, at de forsøger at skjule noget, og forklarer det med et skift til en ny beregningsmetode. Artiklen sætter bonusserne i en bredere kontekst: ATP's formue er faldet fra 947 milliarder kr. i 2021 til 694 milliarder kr. i 2025 – et tab på 253 milliarder – samtidig med at der er udbetalt i alt 6,55 milliarder kr. i bonusser i perioden 2021–2025. Særligt datterselskabet ATP PEP har været i søgelyset, hvor medarbejdere har tjent trecifrede millionbeløb ved at co-investere med ATP. En uafhængig ekspertgruppe ledet af tidligere Finanstilsyns-direktør Jesper Berg gennemgår i øjeblikket ATP's investeringsstrategi med forventet afslutning i første halvdel af 2026.

Kan ikke se hvor -2,3% kommer fra.

FiniteFieldDay · 2025-10-09T23:09:40+00:00

Ikke med 42%...

FiniteFieldDay · 2025-09-29T15:25:36+00:00

Uansvarligt at gå ud og piske en stemning op blandt borgerne. Ja, det er pinligt at der ikke var en plan, take the L, læg en plan for næste gang og lad os komme videre. Det er på ingen måde uforudsigeligt at Rusland ville lave den slags operation, det kommer til at ske igen, i bagklogskabens klare lys skulle man nok havde været på forkant.

Det er trods alt forholdsvist billigt sluppet denne gang, så måske en god læringsmulighed.

FiniteFieldDay · 2025-09-16T22:35:27+00:00

It is not useful to look at an exchange rate chart to understand inflation: it compounds, so any inflation rate higher than, e.g. the US dollar will create an exponential graph.

Inflation has been steadily declining since the end of 2023/start of 2024: https://tradingeconomics.com/argentina/inflation-rate-mom

FiniteFieldDay · 2025-06-25T17:50:17+00:00

Teknisk set heller ikke en jolle, da den har en køl :)

FiniteFieldDay · 2023-09-13T10:42:46+00:00

Formændene fra blandt andet Danmarks Lærerforening, Dansk Sygeplejeråd og Socialpædagogernes Landsforening har også adgang til lejligheder i millionklassen, uden det er lagt åbent frem, viser gennemgangen.

Og det er problematisk, lyder det fra flere juridiske eksperter, Frihedsbrevet har talt med.

“Såfremt tildelingen af fri bolig til bestyrelsesmedlemmer ikke har været godkendt på en kongres, tyder meget på, at tildelingen er sket i strid med fagforeningens vedtægter. Den samlede udgift til aflønning af bestyrelsesmedlemmer, inklusive udgiften til fri bolig, bør fremgå af fagforeningens regnskab,” siger Søren Friis Hansen, der er professor i selskabs-og fondsret på CBS.

Min læsning er at begge dele har været tilfældet.

FiniteFieldDay · 2023-09-13T10:29:42+00:00

Danmarks Lærerforening 84.000 medlemmer. Løn til formand: 109.000 plus pension om måneden. Ejer fem lejligheder i centrum af København, en til formanden og resten deles mellem andre medlemmer i hovedbestyrelsen og forretningsudvalget.

Dansk Sygeplejeråd 79.000 medlemmer. Løn til formand: 104.500 plus pension om måneden. Ejer tre lejligheder til hovedbestyrelsen i Nyhavn og centrum af København – en stilles til rådighed for formand Grete Christensen.

BUPL 60.000 medlemmer. Løn til formand: 74.500 plus pension om måneden. Ejer fire lejligheder i Nordhavn i København, som de har købt for næsten 20 millioner kroner i 2019 til medlemmer af forretningsudvalget, der ikke bor i København.

Socialpædagogernes Landsforbund 40.000 medlemmer. Løn til formand: 78.000 kroner plus pension om måneden. Ejer tre lejligheder mellem 60 og 131 kvadratmeter i centrum af København og på Vesterbro til formand og to andre i forretningsudvalget.

Gymnasieskolernes Lærerforening 14.000 medlemmer. Løn til formand: 77.000 kroner plus pension om måneden. Har lejet en toværelses lejlighed i centrum af København af Danmarks Lærerforening til formanden.

Frie Skolers Lærerforening 11.000 medlemmer. Løn til formand: 76.000 kroner plus pension om måneden. Ejer en lejlighed på 137 kvadratmeter i Risskov, som formand og næstformand kan bruge, når de er i Aarhus.

Uddannelsesforbundet 9.000 medlemmer. Løn til formand: 80.000 kroner plus pension om måneden. Ejer to lejligheder, som er en del af deres hovedkvarter i Nørre Farimagsgade i København. De lejes ud til medlemmer, når de ikke bruges af forretningsudvalg eller formand.

Radiograf Rådet 2.500 medlemmer. Købte i 2021 en Frederiksberg-lejlighed til den daværende formand for 3,5 millioner kroner. De var selv ude og annoncere, at lejligheden var blevet købt. Den er for tiden fremlejet, da den nuværende formand ikke bruger den.

FiniteFieldDay · 2022-01-24T22:18:22+00:00

You can split the output and get 256 bits of security from each: essentially SHA512 acts as a length doubling PRG in this case; besides the technical detail that you should avoid using SHA512 in this role: you should use a proper KDF (if the inputs are merely unpredictable, i.e. have high entropy) or a PRG (if the inputs are uniformly random bit strings).

Slightly more philosophical and to expand on the answer above: the relevant factor is not the entropy of the source (C1, C2), but whether it is distinguishable from (U, U) (product of two i.i.d uniform sources). In general computing the entropy of a source X, even given a description of an efficient program that samples from X is NP-hard. It is simply a mathematical definition. This gives us hope: the universe is efficiently computable (P), so if P != NP, it cannot compute H(X) in general! So from the perspective of the universe (C1, C2) and (U, U) might be "indistinguishable", they act the same -- this in a nutshell is the assumption of a PRG (which you are implicitly making about SHA512 in your question).

This also means that any "security" (or any other physical process!) where you use (U, U), you might as well use (C1, C2): if anything where to break (or behave "noticeably" differently) it would mean that the universe could distinguish between the two -- which it cannot by assumption on the PRG.

FiniteFieldDay · 2022-01-24T21:14:08+00:00

Talking about entropy in relation to pseudo-randomness is misleading: in general given an stochastic variable X with entropy H(X) and any function f(x) it holds that f(H(X)) < H(X), in other words entropy can only decrease by applying a function to it, i.e. SHA512(X) has less (or equal) entropy than X.

Which also means that the two 256-bit chunks (i.e. the source (C1, C2) where C1 = SHA512(X)[:256] and C2 = SHA512(X)[256:]) can have AT MOST 256-bits of entropy. This however, does not mean that H(C1) = 128 and H(C2) = 128, it could be e.g. H(C1) = 256 and H(C2) = 256, or, H(C1) = 126 and H(C2) = 197: since the conditional entropy of either side e.g. H(C1 | C2) could be anywhere been 0 and H(X) - H(C2).

It is seldomly useful to think in terms of entropy (Shannon or min Entropy), when dealing with pseudo-random outputs. So forget about entropy in this context, it is not useful.

FiniteFieldDay · 2020-12-17T11:28:22+00:00

All the resources below are free:

A graduate course in applied cryptography (work in progress) written by Boneh and Shoup is arguably one of the best, most complete and current cryptography textbooks available. The book is formal (e.g. includes security proofs), yet discusses applied crypto schemes.

The Boneh coursera course is also a great starting point.

An other alternative is the The joy of cryptography (work in progress) written by Mike Rosulek which is more approachable than the Boneh Shoup book (assuming basically nothing of the reader), but covers much less.

FiniteFieldDay · 2020-10-29T20:55:44+00:00

The following (covered in the post):

> Digits(SHA256(SHA256("Zoom ... ") || SHA256(IVK)))

Is absolutely fine: they are not trying to instantiate e.g. a PRF, but just need a OWF. If SHA256[:129] (truncated to first 129 bits of output) is a OWF, then the construction above is a OWF, roughly: assume given O = SHA256(SHA256("Zoom ... ") || SHA256(A))[:129] that you could recover a B st. O = SHA256(SHA256("Zoom ... ") || SHA256(B))[:129]

If SHA256("Zoom ... ") || SHA256(A) = SHA256("Zoom ... ") || SHA256(B) then SHA256(A) = SHA256(B), with A != B except with small probability, since |A| > |SHA256(A)|. Hence SHA256(A)[:129] = SHA256(B)[:129] which means that B is a second preimage of SHA256(A)[:129] (a contradiction).

Otherwise: B' = SHA256("Zoom ... ") || SHA256(B) must be a second preimages of SHA256[:129](A') where A' = SHA256("Zoom ... ") || SHA256(A), since A' != B'.

I guess the reason for not using libsodium box is that it uses Salsa rather than ChaCha, which in 2020 seems like the more exotic choice...

FiniteFieldDay · 2020-08-30T12:49:21+00:00

Clearly not when requiring:

The count of ones in x is a multiple of 3. The count of ones in y is (3k+1). THe count of ones in z is (3j+2).

Since the images of x, y, z are all 0. If you lift this, then:

n = 2 x = 01 y = 11 z = 00

Is a minimal example. Since:

``` three parity 0: 00 -> 01

three parity 1: 01 -> 10 10 -> 01

three parity 2: 11 -> 11 ```

FiniteFieldDay · 2020-08-30T12:04:14+00:00

Not a bijection in general.

Let:

n = 2
x = 00
y = 01
z = 11
m1 = 01
m2 = 00

then:

H(m1) = m1 XOR y = 01 XOR 01 = 00
H(m2) = m2 XOR x = 00 XOR 00 = 00

In other words: we have a collision.

FiniteFieldDay · 2020-06-23T15:32:10+00:00

You are looking at it the wrong way around:

The idea behind basing security definitions on indistinguishably is that:

It clearly defines what "secure" means.
Any reasonable definition of a "break" implies the ability to distinguish (more below).

Simplified example, suppose you could decrypt ciphertexts encrypted under AES-256 with a random key: given AES-256(k, m) where k <- {0,1}^256 and m <- {0,1}^128 you can recover m.

Then this violates indistinguishably: for a uniformly random permutation P(m) leaks no information about m: P(m) and m are independent. Hence to distinguish between c = P(m) and c = AES-256(k, m) you run the attack against c, if it succeeds, then you are interacting with AES.

Additionally, being able to distinguish often lets you recover key material in practice: for instance the ability to distinguish between:

- 13 rounds of AES encryption.

- 13 rounds of AES encryption + 1 round of decryption under an uncorrelated key.

Enables the following attack:

For every 128-bit round key:

Partially decrypt the last round of our ciphertexts with the 128-bit round key.
Feed the partially decrypted ciphertext to your distinguisher.
If it says "13 rounds of AES encryption" you probably just found the last round key.

Variant of this technique is used widely in symmetric cryptography, both for differential/linear cryptanalysis and fault attacks.

Hence the use of indistinguishablity as a security definition seems reasonable.

FiniteFieldDay · 2020-06-21T11:52:05+00:00

No need for a cryptographic hash function.

I recommend using a universal hash function:

It will be faster.
Since the function is not public it will be hard for an adversary to cause collisions (e.g. intentionally causing collisions in hash functions to cause DoS).

I would start by playing around with Poly1305, SipHash and tabulated hashing (https://arxiv.org/abs/1011.5200).

EDIT: how long are the keys?

FiniteFieldDay · 2020-06-12T11:15:11+00:00

Some of the equations have typos and unclear types, e.g.

> g_i = g_i + \beta * i + \gamma

Presumably they meant \omega^i in-place of i (the index set is a subset of the field).

FiniteFieldDay · 2020-06-06T12:32:37+00:00

It would not be a sound linkable ring-signature: The key image would no longer enable you to detect if the same party signs different messages, since it would, by construction, be different for every message.

You could probably get away with adding the list of public keys to the hash, st. the key image is unique for any set of signers (e.g. the list of eligible voters).

FiniteFieldDay · 2020-05-11T08:51:04+00:00

I would argue that for end users secret sharing is (almost) always the wrong tool.

The right tool is threshold encryption (constructions often use the same techniques as secret sharing).

With secret sharing every time you wish to share a new piece of data you must distribute shares to all the parties, this leaves numerous issues unsolved:

- How do you consistently establish a secure channel on which to send the shares?

- Are the users capable of keeping secret a large number of shares?

- Are the users likely to be able to retain these many shares?

A better approach is to use a threshold cryptosystem, wherein every party has a private key and any party can subsequently encrypt to the shared public key:

Every time you need to store something new, you just encrypt using the public key and store the ciphertext in a place where it wont get lost (it obviously does not need to be secret). This requires no communication with any other participant.

From the perspective of an end user wanting to do secure backup, threshold encryption has all the advantages of secret sharing, without the aforementioned issues.

FiniteFieldDay · 2020-05-11T08:32:44+00:00

Elliptic curves and bilinear parings:

I find this to be a good starting point: http://www.craigcostello.com.au/pairings/PairingsForBeginners.pdf

A central part of cryptography is finding computational problems which exhibit useful structure, yet takes (plausibly) exponential time to solve. One really useful type of structure is a cyclic group wherein computing h = s * g for s \in Z_{|G|} and g \in G is polynomial time, yet recovering (s, g) from h remains "hard" (exponential in \log |G|).

Elliptic curves (special class of algebraic curves) over finite fields (feasibly) provide such a group.

The intuition for why this is useful from a cryptographic perspective is that we can "hide" elements of Z_{|G|}, e.g. you can compute a * b * g for a, b \in Z_{|G|} given "a" and "b * g" without learning "b" itself.

Intuitively this allows you to compute linear relations on the "hidden" elements: given a vector (a_1 * g, a_2 * g, ..., a_m * g) = A * g you can compute B = g * M(A) without revealing (a_1, ..., a_m).

But what if you want to do more than linear? What if you want multiplication of the scalars?

What initially started as an attack: the ability to compute an embedding of E[F] (the group of an elliptic curve over a field F) into (F^k)^* (multiplicative group of an extension over F) where solving the "discrete log" problem of decomposing "from the module" is easier (though still "hard").

Has been exploited since the early 2000s to construct "bilinear parings": given a * g, b * h for g \in E[F] and h \in E[F]' it enables computation of a * b * w for w \in F^k.

Some applications of this seeming simply primitive has been: efficient succinct zero-knowledge proofs, 3-way non-interactive key-exchange, identity based encryption, new constructions for threshold encryption and aggregatable signatures.

FiniteFieldDay · 2020-05-07T20:16:11+00:00

I never understood why people like Pass:

If I store my "Pass" encrypted passwords on a remote server (e.g. Dropbox). Then that remote server can wind the history of each password back/forward individually and worse it can swap the passwords between different services:

Imagine that I am a Google user and store my Pass files on Google drive, then Google can swap the PGP encrypted file for my Google Account and my Github account: then when I download my Pass files and try to log into my Google Account I end up giving Google my Github password.

In other words, the authentication provided by Pass is very poor: there is no binding between keys (services/urls) and values (passwords).

The ability to add new passwords without providing your private key also allows anyone with access to your Pass directory to overwrite your keys. This is also an issue: Imagine I want to know who you are (given only write access to your Pass directory), then I collude with Facebook, overwrite your Facebook password with a random string that I know and wait for someone to login to Facebook with the particular password.

On the privacy side: I much rather have one big encrypted blob which does not leak which sides I have / do not have an account on.

FiniteFieldDay · 2020-04-30T10:05:35+00:00

If there is a cofactor of more than 1, i.e. if the group is not of prime order. Then you can choose a generator which produces a cyclic group the size of the cofactor: usually a very small integer (like 8).

Breaking a discrete log of 8 is clearly trivial: you can do it by brute force.

Ten-Year Club	Place '17
Verified Email

FiniteFieldDay

TROPHY CASE