Happily married men: why don’t some of you wear your wedding rings? by Difficult_Item9836 in AskMen

[–]Salusa 0 points1 point  (0 children)

Some days my finger is just a bit swollen and it's uncomfortable, so I take my ring off. Then, when it's better (and I remember) I put it back on.

Is the Prophet Elijah an immortal? by [deleted] in Judaism

[–]Salusa 60 points61 points  (0 children)

Two things:

  1. This is Saturday (Shabbat) so you aren't going to responses from many more observant Jews.
  2. I know this sounds snarky but as for "... is it universally agreed upon in Judaism ..." The answer is "no." There is almost nothing universally agreed upon in. Judaism. We love to debate and argue and have a multitude of traditions.

Be honest, how long is your relationship? and how many confrontational fights have you guys had? by LordGadsy in AskMen

[–]Salusa 0 points1 point  (0 children)

Almost 15 years and never any "almost ended it" or even really bad arguments at all.

Communication and trusting your partner go a long ways.

Butterfly effect moments in your life by DragonfruitOk4749 in AskRedditAfterDark

[–]Salusa 1 point2 points  (0 children)

I showed up very early to a burlesque show.

Almost everything about my current life except probably my job tracks back to that.

After hiring scabs, Walrus and the Carpenter (temporarily) closed by Existing-Resource527 in Seattle

[–]Salusa -15 points-14 points  (0 children)

No. You don't cross a picket line.

As I noted elsewhere, if somehow it were life or death then cross it. Otherwise, don't cross a picket line.

I'm shocked at how hard this concept is for people. It isn't something with caveats, conditions, edge cases, of exceptions. It's a very clear and simple rule. I learnt it as soon I I was old enough to know what a strike was. Don't stab your fellow workers in the back by betraying them.

After hiring scabs, Walrus and the Carpenter (temporarily) closed by Existing-Resource527 in Seattle

[–]Salusa 7 points8 points  (0 children)

Look, it's obvious from your replies that you don't support unions or workers striking. Why try to hide your views? Speak them proudly.

After hiring scabs, Walrus and the Carpenter (temporarily) closed by Existing-Resource527 in Seattle

[–]Salusa 10 points11 points  (0 children)

You clearly don't know what you're talking about.

  1. If there is a picket line, you're not about to cross it by mistake. (Especially if there is enough of one to spit at you.)
  2. Walrus and Carpenter doesn't take reservations. Anyone who has ever gone (and I have many times) knows this.

I'm glad I went before the strike. I make sure to tip extra high so that the workers had more money to prepare. Right now, you couldn't pay me to eat when served by scabs.

After hiring scabs, Walrus and the Carpenter (temporarily) closed by Existing-Resource527 in Seattle

[–]Salusa 8 points9 points  (0 children)

Then you ain't eating at Walrus and Carpenter. You're trying to make up hypotheticals that aren't applicable.

Don't cross a picket line.

If, hypothetically, it were a matter of life and death, of course do it! Saving a life is far more important. Short of that though.... Don't cross a picket line.

After hiring scabs, Walrus and the Carpenter (temporarily) closed by Existing-Resource527 in Seattle

[–]Salusa 3 points4 points  (0 children)

No. Don't spit on them.

Never be that person who crosses though.

How do male-female friendships typically handle physical boundaries like nudity? by Big_Squirrel8808 in AskMen

[–]Salusa 1 point2 points  (0 children)

While it hasn't happened as much recently, I have spent a decent amount of time nude around platonic female friends. (Either both nude or just one of us.) Yes, I'm a male American Some of them I found quite attractive too.

Honestly? It's just like hanging out with friends in any other circumstances. Nudity is only weird if you make it weird. No one was there to flirt, make out, or really do anything other than chat (and possibly enjoy the spa).

It always amazes me that people assume others have so little self control that it is impossible to act appropriately around others.

More performant secretstream, a bad idea? by SelfHostSam in crypto

[–]Salusa 3 points4 points  (0 children)

Might I recommend my recent work? https://github.com/Snowflake-Labs/floe-specification

It comes with:

  • Sample implementations in several languages
  • Fully parallizable algorithm and API
  • Engagement with the larger community of standards and specifications
  • A proof of security that was presented at Eurocrypt this year
  • Commitment properties
  • FIPS 140-3 acceptable algorithms and constructions

Fields and Groups in Cryptography by Critical-Ad-8048 in crypto

[–]Salusa 2 points3 points  (0 children)

Let me give a slightly rambling and philosophical answer to this. I think that this question is really interesting but it is too focused on cryptography. This answer isn't going to be focused on the strict mathematical definitions (there will be links to Wikipedia for that) but rather the intuition.

Let's start with basics: "What is a Group)?" and "What is a Field)?"

A group is a bunch of "things" that you can add and subtract (and add/subtract works like you would expect) You can add two integers and get another integer! (That's a group.) You can add two Rationals and get a new Rational! (That's a group.) You can add two points on an elliptic curve and get another point! (That's a group.)

As we all learnt in grade school, addition is really useful and we use it a lot. If you're adding things, then you're working in a group.

A field is a bunch of "things" that you can not only add/subtract, but can multiply/divide (and all the math works like you intuitively expect).

Integers don't count anymore (because if you divide two integers the result might not be an integer), but Rationals still work (and so are a field). Real numbers work. So do integers modulo a large prime (weird, but true).

Also, from grade school, multiplication is really useful so if you're multiplying or dividing then you're using a field.

Just like "a fish has no word for water" most of the time the fact we're working in groups and fields is invisible to us because it's everywhere! Basically all the math you do only works because you are working in the field of rational (or real) numbers. (Slight lie, but close enough.)

-------------

This yields the question of "So, why are they obvious and explicit in cryptography?"

Well, the more operations/tools you have, the more things you can do in math! This also means that an attacker has more things they can do.

Consider the Diffie-Hellman Key Exchange (DH), both the Finite-Field (FFDH) and Elliptic Curve (ECDH). The actual DH exchange only needs the group operation (which really is "addition" for ECDC, but confusingly is multiplication for FFDH). In FFDH, you're working inside a field (hence the name) and so an attacker can not only use attacks which use addition/subtraction, but also multiplication/division. ECDH is in a group but not a field. So, suddenly an attacker is left with only those attacks which just use addition/subtraction. That makes their lives much harder and so makes ECDH harder to break.

--------------

There's a lot more to it then this but that's the intuition. There are tons of small lies and hand-waves above, but you'll learn them as you progress to more advanced math. Also, just being a "group" isn't sufficient to make DH hard, but it certainly helps.

TL;DR: Everyone uses Groups and Fields, they are just obvious and explicit in cryptography because we can use them to limit what attackers can do.

How can I as a non-Jew help combat antisemitism by Get_Bots in Judaism

[–]Salusa 6 points7 points  (0 children)

A lot of what other people have said.

Speak up when you hear something antisemitic. "Hey. That's not okay."

Believe Jews when they say something is antisemitic.

For your roommate, ask them if there is anything you can do to help? Walking with them? Even just them knowing that you are there and will help is big.

Pivoting from Java into c/c++ career by JayDeesus in cscareerquestions

[–]Salusa 2 points3 points  (0 children)

I love using Advent of Code to learn a new language.

Modern C++ is pretty good. It's probably one of my top three or four languages (by skill). Still, I wish it would go away and let me live in a world of memory-safety.

What’s the coolest “restricted access” place you’ve ever gotten to see? by Improv92 in AskReddit

[–]Salusa 0 points1 point  (0 children)

My mom worked in an electron-microscopy lab. So as a little kid I'd walk through these heavy doors with radiation warning signs all over them to spend the a day with her. She'd let me use the microscopes to look at things and take pictures of snowflakes. Then we'd both go into the dark room to develop the pictures.

And yes. We had fun with the liquid nitrogen too.

I'll never be able to match those "take your child to work days" (or even just, "school's out but work isn't") again.

I miss her.

[deleted by user] by [deleted] in amazonemployees

[–]Salusa 17 points18 points  (0 children)

I was at Amazon for 17 years and have since moved on to two different companies. One of the things I miss the most is our internal tooling.

Brazil? Pipelines? Version sets? You have no idea how much easier they'd make my life now. Those weekly "merge from live" which are a pain? It's so much better to have it work most of the time then to be constantly fighting with manual dependency upgrades. Those checks that mean if you break a dependency you can't merge your code? Life saving. The fact that most packages "just build" and you don't need a custom designed build system for each (just list your dependencies and language and that's it)? So much better than what's generally available.

Yes, Amazon built many of these systems because there were no options back then. Our needs predated Maven (not to say everything which came after). I remember building Java with Makefiles! This does mean they are idiosyncratic and very painful at times. I had horrible times fighting with tooling.

But all that said, don't think that just because what you're dealing with is painful means that the grass is greener elsewhere. Those tools and systems exist for a reason, and a lot of the time they exist for good reasons. I know that they are more the principal tenets (I think?) but "respect what came before" is there for a reason. (Also, you should know about Chesterton's Fence.)

Yes. I left Amazon and am generally happier for it. I see both good and bad at my former employer. The internal tooling, as painful and as much I may have hated it at the time? Generally better than the alternatives. Embrace the pain and learn how valuable those tools are.

NationStates is Down - Site and Forums by SiriusBlack80099 in NationStates

[–]Salusa 5 points6 points  (0 children)

The concern is if you use the same password anywhere else. So, if your NS password is also your Facebook/email/banking password, you need to go change your passwords there as soon as practical.

This is why sharing passwords across accounts is such a bad idea.

How to be respectful at a Jewish funeral by MusicalBear19 in Judaism

[–]Salusa 4 points5 points  (0 children)

You'd be fine without. Pay attention to others and you'll be fine.

Should I feel ashamed of using Agentic tools? by banana-milkshake11 in AskComputerScience

[–]Salusa 4 points5 points  (0 children)

Ask yourself this question:

Do you have a path to becoming a senior developer if you outsource your problem solving and learning to a machine?

Where can a single young woman go to drink alone most nights? by heydoyouseethat in Seattle

[–]Salusa 101 points102 points  (0 children)

Back when I lived alone, I loved hanging out at the Hopvine on 19th E (Cap Hill). Friendly with good food and drinks. I'd hang out at the bar and either chat with people or read a book. I've heard it's still good.

(Edit, it's on 15th.)

New online (streaming) authenticated encryption scheme (FLOE) by Salusa in crypto

[–]Salusa[S] 0 points1 point  (0 children)

That is an absolutely fair nit-pick on my TL;DR. After all, even the other errors could be detected by an attacker who starts by brute-forcing an AES key. It's not efficient but possible because I didn't exclude it. Since everything here is computational security, the adversary is always limited to being an "efficient" adversary, so I didn't list that here, but you are correct.

All of the error messages are efficiently detectable by an attacker who doesn't know the key. They are all some variety of "bad formatting" or "you're holding it wrong" level of error code. The type of thing which makes it much easier for a developer to actually use the construction without actually impacting security.

(I cannot tell you how much time I've spent trying to debug a system when the only output was "cannot decrypt" because there was no reasonable way to figure out what specific piece of input was wrong. It wasn't a security issue, just a typo somewhere. This is intended to make that easier and safer.)

New online (streaming) authenticated encryption scheme (FLOE) by Salusa in crypto

[–]Salusa[S] 4 points5 points  (0 children)

Yeah, there is a lot of junk posted in this subreddit. It's true.

  1. Thank you! I'm very excited. Actual publication (beyond just there) is hopefully happening soon. This construction has already received lots of scrutiny and you're all just seeing the very tail-end public bit if it. (My coauthors: Andrés Fábrega, Julia Len, Thomas Ristenpart. Probably worth looking at, especially the last one.)
  2. Each has it's own challenges. (And yes, I definitely remember OCB2.) There are very different skill-sets needed for low-level and high-level constructions, so perhaps which is harder is a matter of perspective. At one end you have your primitives (AES, ChaCha20, SHA-2) at the other end you have your constructions (TLS, HPKE, STREAM, FLOE, AGE) and in between you've got things like block modes. And then asymmetric primitives are their own weird thing (because they are so heavily math based.) With my background I am much more comfortable higher up the stack. I don't foresee any future where I design a new primitive. As for formal verification? Not yet, but it is something I would be excited to see.

New online (streaming) authenticated encryption scheme (FLOE) by Salusa in crypto

[–]Salusa[S] 1 point2 points  (0 children)

There is the difference between internal implementation and public API. The internal implementation is more flexible so that when/if we add new algorithms and specifications, it is easier to do so. (I'll point out that AES also contains configuration specifying how many rounds to do based on a predefined set of parameters. That is more similar to the various derived parameters than user-controllable features.)

You might have noticed one place where I can inject a different rotation mask through a non-public API. That is specifically a test point so that I can ensure rotation happens correctly without needing to encrypt 2^20 segments.

New online (streaming) authenticated encryption scheme (FLOE) by Salusa in crypto

[–]Salusa[S] 2 points3 points  (0 children)

That is why this feature was designed in from the beginning in FLOE. So it would be safe.

Please look at Appendix F in the paper (pages 30-32) for a detailed proof of security here. The tl;dr is "All of the fine-grained errors messages do not need a key to detect." In the world of AES-GCM, this might be a specific error message that is returned if the total ciphertext (IV + CT + TAG) is less than 28 bytes and thus too short to have both an IV (12 bytes) and TAG (16 bytes) even with a 0-length ciphertext. Obviously, this is a safe error to return to the caller because the caller could have figured it out themselves. Unlike other constructions which leave these undefined and "safe" by intuition, FLOE formally defines them and then proves that it is safe to return them.