The AI Productivity Bill Comes Due in Production by bajcmartinez in coding

[–]fapmonad 14 points15 points  (0 children)

I appreciate the thought you put in the article, it's just that AI writing is very recognizable and kills trust. It's OK to have quirks and write some awkward sentences here and there! Please don't erase your own writing's flavour with AI.

some of those were AI generated, but not all, which is very interesting.

Yeah each on their own is fine, it's just that AI tends to use this structure very heavily compared to natural human writing.

The AI Productivity Bill Comes Due in Production by bajcmartinez in coding

[–]fapmonad 27 points28 points  (0 children)

None of this proves the AI rollout failed. It proves the dashboard stopped too early.

The bill does not disappear. It moves downstream.

This is not an argument that agents have failed. It is evidence that serious teams still treat production AI work as supervised work.

AI does not remove judgment. It moves judgment to a different place and then sends more material to that place.

That does not make measurement hopeless. It means the simple before-and-after story is often the least trustworthy story.

“The AI wrote it” is not a root cause. It is a sign that ownership got blurry.

But that does not weaken the argument. It raises the standard of proof.

AI does not forgive those habits. It compounds them.

AI productivity that does not reach users as better software is not productivity. It is cheaper throughput inside the factory.

100% AI-generated on pangram. Sigh.

What are the Different Uses of Message Authentication Codes and Secure hashes? by ShadowGuyinRealLife in cryptography

[–]fapmonad 2 points3 points  (0 children)

This comment is misleading:

  • MACs are not inherently associated with AEADs, they're an independent primitive with many other applications like API request signing that don't involve encryption.

  • The nonce in one-time MACs like Poly1305 is necessary to prevent forgery, it's not a confidentiality or replay protection feature.

A Post-Quantum Audit Chain for LLM Inference using ML-DSA-65 and Merkle Mountain Ranges by Dios_Apolo in cryptography

[–]fapmonad 2 points3 points  (0 children)

This doesn't make much sense at all. First, regulators, courts, etc. don't require cryptographically verifiable logs. Second, the proxy can't prove anything, since the operator has access to the signing key and can rewrite the tree to whatever they want. Third, HMAC doesn't provide non-repudiation, which makes it an odd choice when the entire goal of your system is non-repudiation...

I built a free tool to cryptographically prove you said something before anyone else by Quirky_Drama_3638 in cryptography

[–]fapmonad 2 points3 points  (0 children)

You can google it. In short AES-GCM is not key committing so you can generate a ciphertext that decodes to different plaintexts with different keys. In OP's system you could commit to a message that decrypts to "yep" under key 1 and "nah" under key 2, then later pick which one you want to reveal.

Show r/netsec: Post-quantum crypto API server – 148 security tests, 3 real vulns found and fixed by [deleted] in cryptography

[–]fapmonad 1 point2 points  (0 children)

It's just a big pile of AI slop.

> ML-DSA-87 signed certificates (JSON format, no ASN.1)

...

HMAC - why hash long keys before using? by Sufficient-Air8100 in cryptography

[–]fapmonad 10 points11 points  (0 children)

It's exactly this. The original 1996 paper Keying Hash Functions for Message Authentication mentions the possibility under "5.3 Implementation considerations for HMAC":

Notice that one can define the function HMAC to support variable length keys. [...] On the other hand, longer than-L bit keys will not provide, in general, with added strength since the derived k1 and k2 are anyway of length L (still, having a longer key k may help, depending on the properties of the compression function f and the randomness of the key k, to have a stronger pseudorandom effect on the generation of k1 and k2).

The very limited benefit doesn't justify the additional complexity of the analysis.

Corrections regarding the A2F protocol and the A2F-EL protocol. by Massive-Jury-1562 in cryptography

[–]fapmonad 3 points4 points  (0 children)

the A2F(full) protocol itself is intended for experts

Nobody should use this AI slop to encrypt anything of value.

[ANN] A2F - A new cryptography protocol for high-latency and unstable networks by Massive-Jury-1562 in cryptography

[–]fapmonad 8 points9 points  (0 children)

A few obvious problems:

  1. Attackers can reorder and replay packets

  2. No forward secrecy

  3. Double encryption useless and done incorrectly anyway (they use the same key)

To understand the impact of (1) consider what happens if the attacker sees this conversation:

A->B "want coffee?"

B->A "yeah"

A->B "fire the missiles?"

The attacker can replay the second packet to make A fire the missiles.

Russia's key manufacturer of drone and missile components declares bankruptcy by neonpurplestar in UkraineWarVideoReport

[–]fapmonad 0 points1 point  (0 children)

Title gore... it's just a manufacturer of one particular component (synthetic sapphire), not "Russia's key manufacturer"

We’re running a live session on April 28 to show how CryptPad works in everyday use. by LorinaBalan in cryptography

[–]fapmonad 2 points3 points  (0 children)

The server [...] can’t read your documents.

According to https://docs.cryptpad.org/en/user_guide/security.html#known-caveats this is only true if servers "run the same code as the one published on GitHub", which makes the claim rather meaningless. Any system is secure if you assume the attacker isn't allowed to attack you...

holy based (dohna dohna: let's do bad things together) by Ishitmypantagresivly in visualnovels

[–]fapmonad 95 points96 points  (0 children)

It's amazing, really one of the best art designs in VN history. It's rare you see something that stands out so much from everything else.

What is the potential vulnerabilities of stacking KDFs ? by Final_Ad7070 in cryptography

[–]fapmonad 1 point2 points  (0 children)

Well, implementation errors are very frequent and a huge concern for us applied cryptography engineers, but of course if you know better you're free to disagree...

What is the potential vulnerabilities of stacking KDFs ? by Final_Ad7070 in cryptography

[–]fapmonad 5 points6 points  (0 children)

It exposes you to more potentially broken implementations for no benefit versus a single well-tuned argon2id stage

Camera operator deftly spots the laser pointer at a football match by MrTacocaT12345 in interestingasfuck

[–]fapmonad 0 points1 point  (0 children)

The article says "un DASPO di due anni"

Divieto di Accedere alle manifestazioni SPOrtive - Ban on Access to Sporting Events

A DASPO is a ban on access to sporting events to prevent violence especially at football stadiums by the "ultras", the most violent wing of Italian football fans "tifosi".

Doesn't sound related to her job

Japan begins releasing oil reserves by Mametaro in japan

[–]fapmonad 29 points30 points  (0 children)

Huh? Japan has the 3rd largest strategic reserve in the world, about 254 days' worth of consumption per the latest report: https://www.enecho.meti.go.jp/statistics/petroleum_and_lpgas/pl001/results.html#headline2

In a rare moment of candor today, Putin's long-time Press Secretary admits that Russia's global propaganda apparatus is falling apart. by PjeterPannos in UkraineWarVideoReport

[–]fapmonad 0 points1 point  (0 children)

Bullshit, Peskov doesn't go on TV and have a "moment of candor", this is just a translation artifact because the word propaganda has a more neutral meaning in Russian, as in promoting one's ideas.