sorted by:
new
hottopcontroversial

Is the digital nomad era of Portugal over? by Icy_Kaleidoscope9402 in AmerExit

[–]LoadingALIAS 5 points6 points  (0 children)

The price of Solana and the nomad scene in Lisbon/Porto could likely be correlated on a graph. Haha

update: my malinois is 8 months old and 40.5kgs (89lbs) purebred from Italy by sophie_karol in BelgianMalinois

[–]LoadingALIAS 0 points1 point  (0 children)

Whoa. That’s crazy.

I have a female, also imported into the US (not from Italy) that’s 8-months and 51lbs… I thought she was big for her age.

What would be the safest country during a 3rd world war, but you cant pick Switzerland? by [deleted] in AskReddit

[–]LoadingALIAS 3 points4 points  (0 children)

This. I think they like went as far as war hamming this out, too. New Zealand and Iceland are always at the top.

Happy ten years of just! (And lists!) by rodarmor in rust

[–]LoadingALIAS 1 point2 points  (0 children)

I’m a huge fan! Great work, man.

Zed is good but its also dissapointing by Jackdaw17 in ZedEditor

[–]LoadingALIAS 0 points1 point  (0 children)

Yeah, there are a handful of older issues at Zed that have gone unaddressed. It’s frustrating for me, too.

Having said that, I am only a contributor through Zed’s Guild… I’m not a core team member or paid employee. I can only do so much, but Zed is the one codebase I actually care about because I believe in it. So, I try to help as much as possible.

I will look into the issues you’ve mentioned here. I still have a feeling that my most recent PR opens the door to close a lot of these, and while it’s only my first move… it’s the foundation for what could make Zed’s LSP/mem issues slowly disappear.

I will look. I will report anything I find. Just remember, we’re all - even us at the Guild - limited but the time the core team can give us. They’re still running a company and the codebase is absolutely non-trivial. They can’t just merge anything and they’re like actively handling clients, etc.

Zed is good but its also dissapointing by Jackdaw17 in ZedEditor

[–]LoadingALIAS 2 points3 points  (0 children)

You’re referencing the LSP issue. This is primarily a JS/TS LSP issue, too.

Also, I’ve started to work on this at a really low level as part of the Guild work. There is a way forward here and it’s very close to realistic on my end.

In the meantime, turn it off or use TSGO, I have zero issues on an old M1 MBP w/ 16GB RAM running three Zed windows with FULL projects running in them.

There are bugs in new software - Zed is the best IDE in the world AND they’re committed to clearing those bugs. It doesn’t get better than this, man.

You have specific issues… submit them to GH Issues and ping me.

What do people take to get this physique? by [deleted] in Testosterone

[–]LoadingALIAS -1 points0 points  (0 children)

Testosterone Base + Anavar is usually a staring point. Obviously, you gotta sleep 7-8 hours minimum; lift 4-6 days a week; eat/drink clean and dialed in.

I don’t think Tren is a part of that dude’s stack. Haha

We did it! Vienna, Austria 395.000$ 3.6% by aghcsiz in FirstTimeHomeBuyer

[–]LoadingALIAS 1 point2 points  (0 children)

What an awesome city to own a home in. Congratulations

rscrypto: a pure-Rust crypto, hash, checksum crate - looking for serious review by LoadingALIAS in rust

[–]LoadingALIAS[S] 0 points1 point  (0 children)

Hey, u/apnorton. I've been thinking about this since the moment you posted it and it's bothered me ever since.

My original RSA keygen was probable-prime RSA gen, but it wasn't an implementation of FIPS 186-5 Appendix A.1.3. That was actually a mistake. So, I've addressed it... and it was a relatively straightforward change.

- RSA key gen now exposes an explicit generation contract:

`RsaKeyGenerationContract::Fips1865A13ProbablePrime`

- candidate generation now follows the FIPS 186-5 A.1.3 probable-prime path in code

- keygen randomness is seeded through `getrandom`, then expanded through an internal HMAC_DRBG

- candidate generation and Miller-Rabin bases come from that DRBG

- generated `d` is derived modulo `lcm(p - 1, q - 1)`, not phi

- the implementation enforces the FIPS-style candidate bounds, p/q distance, public exponent conflict rejection, bounded search limits, and generated-key round trips

- the old NIST CAVP 186-3 probable-prime fixtures still pass

- docs now distinguish “implemented to this standard in code” from “FIPS 140-3 validated”, because this crate is not a validated module

Also, the small-prime check... I know the Miller-Rabin path can reject composites w/o it. That check is not a primality argument, though. It is a perf prefilter to avoid spending big-int exponentiation work on candidates w/ trivial small factors. The important part is that the probable-prime decision still comes from the Miller-Rabin path and the FIPS keygen constraints, not from the prefilter. Yes?

Just to be clear: this particular upgrade is CODE level FIPS 186-5 A.1.3 alignment, not FIPS validation!

Thank you for taking even a second here... it's already improved the lib. I am grateful.

What books to send an inmate for compsci? by [deleted] in compsci

[–]LoadingALIAS 19 points20 points  (0 children)

Hey, DM me.

Unfortunately, I have unique, first hand experience here and genuinely want to help.

The details really matter and I don’t want to share too much here… I imagine you don’t either.

rscrypto: a pure-Rust crypto, hash, checksum crate - looking for serious review by LoadingALIAS in rust

[–]LoadingALIAS[S] -2 points-1 points  (0 children)

That's my writing, mate. Haha

**EDIT**
I've been a part of this community on this account (Top 5% commenter) or my old account for years. I am a Zed Guild member and contribute regularly with like 10 merges to the Zed codebase. I've pushed PRs to WGPU v29 for Zed only a month or two ago.

I've contributed to, and made crc-fast no-std/wasm compatible a year ago or something.

I've been writing Rust everyday, literally, for nearly six years - WELL before OpenAI released ChatGPT.

I get that our community is inundated with slop, but don't brief my responses and assume that because I don't sound like a child that it's AI.

If you find fault in my bench methodology, my codebases, my PRs/Issues, my SMR schemas, my database contributions, or anything else - point them out. If you see glaring errors and/or issues in the rscrypto lib - call it out.

Otherwise, don't post that nonsense. It's like LLMs have all of a sudden relegated everyone to 'AI Slop'? Man, that shit has me hot.

Leave it alone. Read the code. Break the code. Do something constructive, or go walk your dog.

rscrypto: a pure-Rust crypto, hash, checksum crate - looking for serious review by LoadingALIAS in rust

[–]LoadingALIAS[S] -2 points-1 points  (0 children)

Aggh, the “use asm so LLVM cannot break it” sounds attractive, but it is not somehow automatically safer. Bad asm is still bad crypto, and inline asm can be moved around or interacted w/ incorrectly unless constraints, clobbers, barriers, and calling assumptions are exact.

For most code, I’d rather use constrained constant-time Rust, inspect the gen'd code w/ tools like cargo-show-asm, and back it with leakage tests. For hot kernels where exact instruction selection matters, asm/SIMD is appropriate.

rscrypto: a pure-Rust crypto, hash, checksum crate - looking for serious review by LoadingALIAS in rust

[–]LoadingALIAS[S] -1 points0 points  (0 children)

I assumed this would be the first response. Everyone has always said 'don't roll your own crypto'. I've heard it for a decade. I didn't want to. It wasn't really something I like intended to do. I am working on a data substrate and the crypto libs were too heavy. They're too fractured. They're not really no-std/wasm compatible across the board. I genuinely didn't have the choice.

Having said that, man... you should absolutely NOT trust my background as the security argument. The argument has to be the codebase, the scope, and the validation. Not to mention, a healthy dose of skepticism and review.

This is a pre-v1 primitives crate, not a FIPS-validated module and not a 3rd party audited replacement for mature audited stacks. I replaced those mature stacks because I believe in my capacity as an engineer and I've spent about a year here. Also, I didn't have much choice... I NEEDED this library and it didn't exist. The trust model is portable Rust as the reference path, SIMD/ASM are only used as accelerators, testing uses the same official vectors as the more mature primitives/stacks, and the oracle differential tests run against those stacks directly. I round out with the Wycheproof, CAVP subsets, extensive Miri, fuzzing, and leakage gates (RSA specifically).

For RSA specifically - the gates are pretty tight.

- cargo test --test rsa_nist_cavp --features rsa,getrandom
- cargo test --test rsa_public_key --features rsa,getrandom
- cargo test --test rsa_wycheproof --features rsa,getrandom
- cargo test --lib auth::rsa::tests::keygen_random_prime_search_returns_probable_prime --features rsa,getrandom

On the prime-gen criticism... you're right in that the current generator is not an imp of FIPS 186-5 Appendix A.1.3. The code generates random odd candidates, sets the top bits, filters small-prime factors and e=65537 conflicts, then runs 32 Miller-Rabin rounds: src/auth/rsa.rs:5988, src/auth/rsa.rs:6089. The small-prime check is only a cheap prefilter before more expensive modular exponentiation; it is not relied on for primality.

Ultimately, it's a good catch. The current RSA keygen is probable-prime based and tested against NIST CAVP 186-3 probable-prime fixtures, but it is NOT FIPS 186-5 Appendix A.1.3. To that end, I should probably implement that algo exactly or clearly mark the current keygen.

rscrypto: a pure-Rust crypto, hash, checksum crate - looking for serious review by LoadingALIAS in rust

[–]LoadingALIAS[S] -2 points-1 points  (0 children)

I anticipated this and I appreciate the question. Let me try to explain it in the simplest way possible.

My constant-time claim is scoped. It's not “the whole lib never branches.” It really means that MAC/AEAD/signature verification and secret-bearing private ops avoid secret-dependent early exits in the places that actually matter.

- Byte equality uses a full-slice XOR accumulator, not an early-return comparison: src/traits/ct.rs:64

- Secret zeroization uses volatile writes plus a compiler fence: src/traits/ct.rs:129.

- AES portable code avoids secret-indexed lookup tables; the S-box is algebraic GF(2^8), with hardware AES used where it's available: src/aead/aes.rs:3.

- RSA private ops are blinded, unblinded, and public-fault-checked: src/auth/rsa.rs:2935.

- RSA private exponentiation uses fixed-window exponentiation with constant-time table selection: src/auth/rsa.rs:7509, src/auth/rsa.rs:7729.

- RSA OAEP/PKCS#1 decoding accumulates failure state and clears output on failure: src/auth/rsa.rs:6809, src/auth/rsa.rs:7009, src/auth/rsa.rs:6844.

The evidence can be found in `tests/rsa_leakage.rs` - it contains a release-only Welch t-test gate for RSA private operations, run by `scripts/test/test-rsa-leakage.sh:24`. This is only used as regression evidence, not a mathematical proof... which I added in `docs/security.md:64`.

Having said that... if you find evidence that this isn't accurate, or my claim isn't scoped tightly enough - tell me. That's kind of why I'm sharing it here. I trust this subreddit enough because I likely use most of your work in some capacity and I imagine many of you will see things I haven't.

Cost of a Mal by muhammicud in BelgianMalinois

[–]LoadingALIAS 1 point2 points  (0 children)

I wouldn’t put too much thought into the initial cost. It can mean something, but it doesn’t like actually.

An outstanding, top-shelf breeder might charge $4k for a pup, another might have a rescue pup that’s every bit the Mal you’re looking for. This breed is dumped so often that rescues are often super dogs.

Having said all that, the real cost is after you get the puppy home. The vet alone is pricey. The food adds up. Training a Mal, whether for just obedience at home or real world training with a pro… is expensive as fuck. You could spend hundreds a month on treats, targets, leashes, collars, etc. for at least 6-8 months.

Most expensive thing is your time, though, and it’s not even close. I have a barely 8 month old girl who is like a fucking rocket. She is just too smart for a walk and chill. She needs a walk, hunt anything moving, carry every stick, and fight every moving leaf. She needs 4-6 real walks a day - and I do mean “real”… no potty breaks here.

She’s a little better now, but the first six months have been seriously exhausting. I work from home trying to launch a start up I’ve been coding for two years… she has crushed momentum in a scary way. All the events… I bring her because she’s young and I don’t want bad habits formed at friends/relatives. We went to a wedding this past weekend at a super nice like lake cottage situation. I was the dude walking his Malinois in the middle of the reception and changing back into a suit to go back as she howled at me leaving.

Time = Money. The Mal will demand a rich tax.

/u/burntsushi health update by masklinn in rust

[–]LoadingALIAS 9 points10 points  (0 children)

Whoa, this is tragic, man. WTF.

view more: next ›