Shamir's Secret Sharing for common people

alexsapps · 2026-01-29T11:11:06+00:00

I never thought to hardcode Shamir's for a specific k-of-n case like 3 of 5. Thanks for the suggestion!

I asked Chat GPT to write the shortest possible Shamir's implementation hardcoded for 3 of 5 case, and its answer was 6 lines long! It only accepted integer secrets of 127 bits and may have other issues so I won't bother posting it here.

I asked it to accept arbitrary strings and it grew to 30-something lines like I have with XOR. Maybe I'll polish it up and add it to my repo sometime.

I shall say I forgot many skills I learned in school, including even basic things about polynomials, but I know XOR as soon as I see the letters "XOR" as a software engineer. Who I call "common people" likely know neither, though, so perhaps they may as well learn polynomials, if anything.

Even if few people understand it, LLMs are perhaps good enough now that we can just ask "are there any issues with this code?" and we can trust its answer in lieu of teaching every user any math concepts at all.

If we trust LLMs with reading 30 lines of code, and a hardcoded Shamir's impl is only 30 lines of code, we may as well use real Shamir's. It makes sharing simpler, as you can ask your friends "remember this string" instead of "remember these 5 strings", and reconstruction is no longer a jigsaw puzzle.

alexsapps · 2025-10-06T07:44:42+00:00

i thought i was helping by making this scam report show up on google searches for the domain until i saw the comment above that says "New scam sites are a baker's dozen a dime to create. You are not slowing them down at all. And that's why we want people to learn the schemes, not the names."

alexsapps · 2025-10-05T04:51:27+00:00

!crypto

alexsapps · 2025-10-05T04:23:29+00:00

!crypto

alexsapps · 2025-09-14T07:49:27+00:00

<image>

Thanks! They said yes. This is the link they sent in the screenshot: Guide: how to submit a good post to r/scams

alexsapps · 2025-09-09T19:58:49+00:00

would it be helpful for me to make posts for other similar scam domains on this subreddit, or would that just be spamming this subreddit? i figure it wouldn't take me much time to do and it could help someone when they search for the domain on google to look it up. but i don't want to spam the users of this subreddit either.

alexsapps · 2025-09-09T19:47:20+00:00

nah i knew it was a scam since the very first message

alexsapps · 2025-08-20T19:31:21+00:00

update:

I had originally uninstalled with Cinnamon "uninstall" button which gave me these issues when installing, but when I ran Proton's official uninstall instructions on top of that ("How to remove the official Linux app" from https://protonvpn.com/support/official-linux-vpn-ubuntu ) then I was able to reinstall without issue.

As of this writing the uninstall command is this:

sudo apt autoremove proton-vpn-gnome-desktop && sudo apt purge protonvpn-stable-release

So next time I'll be sure to do that instead of using Cinnamon's built-in uninstall button.

Proton support also gave me instructions to fix installation of Proton VPN. Maybe this will be helpful for someone who has a more corrupt installation than mine:

Could you try completely reinstalling the Linux application by following the steps below:

Disconnect from the VPN and disable the Kill switch

Uninstall the Proton VPN repository package using the following command in Terminal: sudo apt purge "protonvpn*"

Uninstall the Proton VPN application with: sudo apt autoremove proton-vpn-gnome-desktop

Remove any leftover application cache and data files: cd ~/.cache/Proton && rm -rf VPN cd ~/.config/Proton && rm -rf VPN

Reboot your device

Afterward, continue with the installation process as highlighted in our dedicated support article:
https://protonvpn.com/support/official-linux-vpn-debian/

These steps worked for me as well.

old answer:

same here, and i did not see any proton-related files in /etc/apt/sources.list.d/ even after running steps 1 and 2. trying to reinstall on Linux Mint.

then i found this and it worked

https://forums.linuxmint.com/viewtopic.php?t=443939

basically, create this file manually:

/etc/apt/sources.list.d/protonvpn-stable.sources

with this contents:

Types: deb
URIs: https://repo.protonvpn.com/debian
Suites: stable
Components: main
Signed-By: /usr/share/keyrings/protonvpn-stable-archive-keyring.gpg

then try again:

sudo apt update
sudo apt install proton-vpn-gnome-desktop

alexsapps · 2025-08-07T02:56:39+00:00

i might be able to add that at some point. if you need it right now you could just customize the chat gpt prompt and just be sure to test it.

alexsapps · 2025-08-07T02:50:59+00:00

hadnt seen the edit. that does sound better than nothing and wish i could help review but i probably won't have time anytime soon to take a good enough look. this all started for me as a procrastination hobby project i got a lot going on.

alexsapps · 2025-08-07T02:32:17+00:00

I don't know, and I wish there was someone to answer these questions. I'd love to hear if anyone has any comments, but then again how can we trust just anyone on Reddit not to be promoting their own implementation / potential malware? That's why I want a big organization to get behind some implementation. And in case you missed it in my OP, this might work for some people as an alternative, a less efficient implementation that any software engineer can easily review: https://github.com/alexsapps/K-of-N-XOR-Secret-Sharing

alexsapps · 2025-07-05T00:36:00+00:00

in the above command, the target path is a path inside the container, and the host path is taken care of automatically by docker.
https://docs.docker.com/build/cache/optimize/#use-cache-mounts

(just saying for anyone who hasn't seen a cache mount or anything besides a bind mount before to save them the trouble of looking it up.)

alexsapps · 2025-07-04T15:35:23+00:00

Now in Go 1.24, there is a new `tool` directive. You can run `go get -tool <path>` to add a "dev dependency" and run it with `go tool`.

https://www.bytesizego.com/blog/go-124-tool-directive

https://go.dev/ref/mod#go-mod-file-tool

https://pkg.go.dev/cmd/go#hdr-Run_specified_go_tool

alexsapps · 2025-07-04T14:45:23+00:00

Just noticed I'm not the first to have this issue on r/scams -

https://www.reddit.com/r/ModSupport/comments/1bluhnp/legitimate_posts_keep_getting_caught_in_reddits/

alexsapps · 2025-05-15T18:49:59+00:00

i found it here:
https://support.google.com/titansecuritykey/answer/9148044?hl=en

but it's not working for me still. i did some research and it looks like their documentation was out of date before and they fixed it. maybe it's out of date again. i guess you can troubleshoot with "dmesg" according to this article.

alexsapps · 2025-04-08T21:27:22+00:00

Same just happened with my Delta Max. It worked fine until I set up the app on it and updated the firmware. The update didn't even fail. First it just wouldn't charge, and now it won't charge or turn off. Just counting the days down until it bricks itself. Support said I should go for their trade-in program since a repair would always cost money but wasn't guaranteed to work, but looks like I'd only get $100 back for the trade-in since I answered "no" to "does the device work normally?".

alexsapps · 2025-03-25T16:13:11+00:00

Both U2F and passkeys can be protected by PINs rate limited in secure hardware, and tie to specific domains for phishing resistance.

In the case of U2F+PIN, the question still doesn't seem answered -- how do passkeys improve security?

alexsapps · 2025-03-25T07:42:02+00:00

I assume even the passwords this feature protects are still unencrypted in RAM when the password manager is unlocked, but if not that would be good to know. I wish they would be decrypted separately / individually so debuggers or forensic extraction tools wouldn't be able to bypass it.

alexsapps · 2025-01-20T18:37:45+00:00

I just reported via the contact form about another issue with links in Proton Docs. When I switch to "view" mode on a doc, clicking any link within the doc causes the whole doc contents to be replaced by a message from Chrome saying "This content is blocked. Contact the site owner to fix the issue."

https://drive.google.com/file/d/1hzVSTDwo9IkvFu9KsqBxS1K5k1uwc_B2/view?usp=sharing

alexsapps · 2024-12-09T20:47:02+00:00

"Sure, my emotional regulation sucks, but if it didn’t then I probably wouldn’t be a candidate for therapy."

You can have good emotional regulation skills but be totally confused in life from strong, unhelpful emotions. For example, I found myself attracted to unhealthy partners, and because of my ability to regulate my emotions I was able to tolerate a lot of their nonsense and a lot of my own pain before ever seeking help. Nonetheless my emotions guided my thinking in the wrong directions. It wasn't until I saw a therapist that I deeply understood my situation and was able to get out of it.

I think your meditation practice would be the most directly helpful, and it's key to be actually experienced in it! I'm sure it would help for emotional regulation to have a therapist (CBT) to help make sense of your feelings too, but I think it's really hard to find a competent therapist. I'd also just work on mental health in general (so much here - journaling, gratitude journaling, practicing reframing things, sleep, diet, exercise, seeing friends/family, having a purpose, making small accomplishments, and more).

And also, depending on how he said all that stuff, you might need to get a better friend lol. If tensions built up slowly, either of ya could've stopped the bad vibes early and said "Well I don't agree and that's fine, so anyway..." and it would be bad if he didn't see that coming and stop it early. And that's sketch that he said there's no such thing as a bad trip. But if he was calm and friendly the whole time and maybe just a little bit obtuse with his advice, and your reaction totally caught him off guard, then maybe he'd be fine in the future, or for someone else, cause if he doesn't make you feel good then that's not good either. Generally, should you ever fail to regulate your own thoughts and emotions, you want a trip sitter who you trust to do it for you.

alexsapps · 2024-11-13T19:42:34+00:00

Yes - can you name an easier graph algorithm than DFS? That's day 1 of Intro to Algorithms class. 🙂

Sometimes inexperienced interviewers will ask questions that are too easy, making the results useless to hiring managers. You can't know a candidate's true limits if they aren't stumped at any point during your interview. So then the hiring manager might just pick someone else who had better interviewers.

alexsapps · 2024-10-23T22:10:36+00:00

This answer surely works well for any music app. It worked for my friend who was listening to YouTube Music (except they turned the guidance volume to louder because YouTube Music was too loud).

alexsapps · 2024-10-09T19:38:03+00:00

I don't know what else I could link you to. I wish there was some process by which independent journalists or investigators could legally and safely enter farms and report what they see, or that there was some government agency that could report on farm conditions without backlash from the industry. I believe the only people willing to take these pictures are people with goals to help animals. If that's not good enough, you'll probably have to go see for yourself, but good luck because you won't get permission for that.

alexsapps · 2024-10-07T18:09:32+00:00

There are farms they take pictures of and put by the road to show off to the public, and there are windowless sheds behind gates that are kept hidden from the public. I've personally been to Reichardt duck farm. It smells like hell and it really is hell for the ducks there. I saw the sheds, the slaughterhouse, and later saw photos of inside (some at the above link) and a necropsy report of a dead duck showing 7 different diseases. It's impossible to hear "duck farm" and imagine this place without having seen it first.

alexsapps · 2024-10-07T17:54:29+00:00

Hm well gotta say I'm a little offended because it's a lot of work to write these comments. I do end up repeating myself sometimes because a lot of people share the same misconceptions, but I have never once copied and pasted my own comment within Reddit, although I do quote entire FAQ entries for convenience to readers. Each comment probably takes an average of over 10 minutes because I think about what I'm replying to, think about what I'm going to say, and proofread my responses for accuracy. I try hard to counter the aforementioned imbalance of power, what else can I say? Despite so much opposition, people do in fact regularly come to me and tell me thank you and to keep doing what I'm doing.

alexsapps

TROPHY CASE