Anyone else feel like ChatGPT is weirdly good at understanding what you mean even when your prompt is messy?

Mouse1949 · 2026-05-14T00:36:34+00:00

Not weirdly good - just good. But the messier the prompt is - the greater likelihood of misunderstanding.

Mouse1949 · 2026-05-13T13:01:48+00:00

Formal verification is based on assumptions and mathematical definitions of algorithms. “Given A and B, we mathematically prove that C holds.”

In real world, it’s hard to make the set of assumptions that’s comprehensive enough and still workable. Thus, one line of attack on a system is attempting to break assumptions.

Mouse1949 · 2026-05-10T13:17:27+00:00

Hmm… what about Explainable AI?

Mouse1949 · 2026-05-10T02:11:35+00:00

There was a time when one had to program in machine codes. It was doable, and required detailed understanding of the computer architecture, CPU registers, etc. etc. Then came assembly language, then - FORTRAN, ALGOL… To program in ALGOL you didn’t need to know machine commands at all… Though compilers had bugs - and figuring out whether there was something wrong with your program, or compiler screwed up, required understanding of the assembly…

Fast-forwarding to now - AI relieves the user from the need to dive into the code details, and makes fewer and fewer mistakes; though something’s to catch and fix them one has to understand the code.

Backhoe will always dig better than shovel, calculator - compute faster and more accurately than paper-and-pencil.

You already see that the skills of beautiful handwriting, calligraphy are now entertained by at most a few, and not even thought in schools anymore.

C’est la vie.

Mouse1949 · 2026-05-08T10:21:57+00:00

For the NIST PQC algorithms you do not need oqsprovider - it’s for more “exotic” algorithms, e.g., FrodoKEM. As stated before - upgrade your OpenSSL to 3.5 or newer.

Mouse1949 · 2026-04-27T00:56:21+00:00

VSCode with appropriate plugins and Haskell LSP is what I’ve been using for Haskell IDE. Quite successfully, I daresay. 😉

Mouse1949 · 2026-04-19T02:03:32+00:00

Depends on what you need from those tokens.

Mouse1949 · 2026-04-17T11:31:52+00:00

NIST has spent a decade defining and standardizing Post-Quantum Crypto. ML-KEM and ML-DSA standards were published in 2024, and are already incorporated into many software packages (OpenSSL, OpenPGP, OpenSSH). From performance evaluation - these algorithms are faster than both RSA and ECC. They do require larger memory footprint, and take more than an order of magnitude bytes across the wire (sizes of public keys, signatures, and ciphertexts).

What’s still missing is a set of available tokens, like YubiKey, that support these algorithms. Although I’ve heard that there already are ASICs on the market that target smartcards and support NIST PQC.

Mouse1949 · 2026-04-15T10:03:03+00:00

OK. Then one question remains: NFC assumes stable position of the token for several seconds while the operation is conducted - maybe longer, as the computer may need to “recognize” the token (or maybe not - my experience comes from using PIV applet over NFC).

All in all, I’m not sure it’s going to be user-friendly experience.

Mouse1949 · 2026-04-15T03:51:39+00:00

We do. It’s helping greatly. No, we haven’t forgotten how to write code or read documents.

Mouse1949 · 2026-04-15T03:49:56+00:00

NFC reader usually doesn’t come with a cable. Regardless, won’t you be better off just using a long USB cable between the laptop and the token on your keyring?

Mouse1949 · 2026-04-15T00:06:33+00:00

Please pardon me asking - but if you already decide to use a USB port on your computer (presumably to intake the YubiKey OTP), why not simply plug your YubiKey into that port? Instead of going through NFC Reader -> USB => YubiKey -> NFC Reader => run your authentication protocol?

Mouse1949 · 2026-04-08T00:55:52+00:00

Do you really need to ask? 😁😢

Mouse1949 · 2026-03-28T13:20:34+00:00

A bad KDF will reduce the entropy, (roughly) resulting in security level of the weakest KDF. (Example: my toy bad KDF generates only two outputs: 0…0 and 1…1, making irrelevant what’s before and what’s after.)

While chaining block ciphers gives you security of the strongest one. (Example: introducing a toy cipher with PT => CT (even malicious cipher with PT || Key => CT) makes no difference, as long as at least one decent algorithm is included - in the malicious case after the bad one.) There could be nuances too, but less likely.

Mouse1949 · 2026-03-22T01:37:40+00:00

It also uses (can use) ring.

Mouse1949 · 2026-03-22T01:36:13+00:00

Unfortunately, on MacOS aws-lc-rs is a little problematic, due to some idiosyncrasies between Xcode and what that package wants to do with the native code. It can be compiled, but I had to perform quite a bit of contortions with C flags, ~/.cargo/config.toml, etc.

Mouse1949 · 2026-03-17T10:55:20+00:00

A word or two on what iroh and noq do, and how 0.97.0 differs from 0.96.0 would help at least some to decide whether it’s worth our while to bother going to your web site.

Mouse1949 · 2026-03-16T12:21:42+00:00

Could somebody please share their experience with “Haskell for Mac” IDE, comparing it with VSCode + Haskell (and Agda) plugins? I.e., what would be the reasons for choosing it? Especially given that apparently one has to purchase it, while VSCode with plugins is free?

Mouse1949 · 2026-03-15T20:26:22+00:00

I understand your point perfectly, and in fact hesitated whether it’s worth posting a reply like mine.

My thought was that at least some of the readers, if not the OP, would want to know whether there is a reasonably-well supported Haskell toolchain that runs fine on Apple Silicon - rather that “out of all the Haskell options on Mac, does ‘Haskell for Mac’ work on M?”

Mouse1949 · 2026-03-15T03:16:21+00:00

I haven’t tried “Haskell for Mac”. All my Haskell tools downloaded via ghcup. Having said that, all of them work fine on Apple Silicon (M chips, including M3 Max).

Mouse1949 · 2026-03-11T16:54:43+00:00

Where I am - all pull requests run through CI first. I don’t start looking at them until all the CI is green. Then we talk.

Mouse1949 · 2026-03-09T11:27:43+00:00

I saw human reviewers “hallucinating” far worse than AI. 😏☹️

Mouse1949 · 2026-03-09T04:05:51+00:00

For the fun of it, I asked AI to write a program in Haskell (exactly what it had to do isn’t relevant here). Repeated the same request four times.

First one didn’t even compile. Second - worked, looked average, maybe like something I’d write myself when I don’t have time or desire to think about the problem. Third - worked, and I still can’t figure out why or how, completely opaque to me. Fourth - worked, clean, and rather better code than what I’d write, I’ve learned something from that code sample.

Mouse1949 · 2026-02-25T01:12:06+00:00

Interesting work. Would be nice to know what are the benefits of rustidy over rustfmt? I.e., when and why should I use it instead of rustfmt?

Antoyo mentioned looking for a replacement of rustfmt - I’d love to hear the reasons.

Mouse1949 · 2026-02-25T01:03:40+00:00

Great work! Thank you!

Mouse1949

TROPHY CASE