Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
TL; DR: Bringing up quantum computing is going to be the next catchall for everything and I'm already fucking sick of it.
Actual convo i had:
"You should really secure your AWS instance."
"Isnt my SSH key alone a good enough barrier?"
"There are hundreds of thousands of incidents where people either get hacked or commit it to github."
"Well i wont"
"Just start using IP/CIDR based filtering, or i will take your instance down."
"But SSH keys are going to be useless in a couple years due to QUANTUM FUCKING COMPUTING, so why wouldnt IP spoofing get even better?"
"Listen motherfucker, i may actually kill you, because today i dont have time for this. The whole point of IP-based security is that you cant look on Shodan for machines with open SSH ports. You want to talk about quantum computing??!! Lets fucking roll motherfucker. I dont think it will be in the next thousand years that we will even come close to fault-tolerant quantum computing.
And even if it did, there have been vulnerabilities in SSH before. How often do you update your instance? I can see the uptime is 395 days, so probably not fucking often! I bet you "dont have anything important anyways" on there! No stored passwords, no stored keys, no nothing, right (she absolutely did)? If you actually think I'm going to back down on this when i sit in the same room as the dude with the root keys to our account, you can kindly take your keyboard and shove it up your ass.
Christ, I bet that the reason you like quantum computing so much is because then you'll be able to get your deepfakes of miley cyrus easier you perv."9 -
I am the manager of a customer service team of about 10-12 members. Most of the team members are right out of school and this is their first professional job and their ages range from 22-24. I am about 10 years older than all of my employees. We have a great team and great working relationships. They all do great work and we have established a great team culture.
Well, a couple of months ago, I noticed something odd that my team (and other employees in the building) started doing. They would see each other in the hallways or break room and say “quack quack” like a duck. I assumed this was an inside joke and thought nothing of it and wrote it off as playful silliness or thought I perhaps missed a moment in a recent movie or TV show to which the quacks were referring.
Fast forward a few months. I needed to do some printing and our printer is in a room that can be locked by anyone when it is in use (our team often has large volumes of printing they need to do and it helps to be able to sort things in there by yourself, as multiple people can get their pages mixed up and it turns into a mess). The door had been locked the entire day and this was around noon, and the manager I have the key to the door in case someone forgot to unlock it when they left. I walked in, and there were two of my employees on the couch in the copier room having sex. I immediately closed the door and left.
This was last week and as you can imagine things are very awkward between the three of us. I haven’t addressed the situation yet because of a few factors: This was during both of their lunch hours. They were not doing this on the clock (they had both clocked out, I immediately checked). We have an understanding that you can go or do anything on your lunch that you want, as long as you’re back after an hour. Also, as you mentioned in your answer last week to the person who overheard their coworker involved in “adult activities,” these people are adults and old enough to make their own choices.
But that’s not the end of the story. That same day, after my team had left, I was wrapping up and putting a meeting agenda on each of their desks for our meeting the next day. Out in broad daylight on the guys desk (one of the employees I had caught in the printing room) was a piece of paper at the top that said “Duck Club.” Underneath it, it had a list of locations of places in and around the office followed by “points.” 25 points – president’s desk, 10 points – car in the parking lot, 20 points – copier room, etc.
So here is my theory about what is going on (and I think I am right). This “Duck Club” is a club people at work where people get “points” for having sex in these locations around the office. I think that is also where the quacking comes into play. Perhaps this is some weird mating call between members to let them know they want to get some “points” with the other person, and if they quack back, they meet up somewhere to “score.” The two I caught in the copier room I have heard “quacking” before.
I know this is all extremely weird. I wasn’t even sure I wanted to write you because of how weird this seems (plus I was a little embarrassed). I have no idea what to do. As I mentioned above, they weren’t on the clock when this happened, they’re all adults, and technically I broke a rule by entering the copier room when it was locked, and would have never caught them if I had obeyed that rule. The only company rule I can think of that these two broke is using the copier room for other purposes, preventing someone else from using it.
I would love to know your opinion on this. I tend to want to sweep it under the rug because I’m kind of a shy person and would be extremely embarrassed to bring it up.21 -
!dev
I'M SO GONNA GET MY OWN LOCKPICKING SET AND LEARN HOW TO FUCKING PICK LOCKS. I'M SICK OF GETTING LOCKED OUT OF MY OWN FUCKING ROOM. "WHY DON'T YOU USE A KEY?" YOU ASK? GOOD QUESTION. MY JERKBAG ARSEHOLE PARENTS DECIDED TO NOT GIVE ME A FUCKING KEY FOR MY OWN FUCKING ROOM *FOR 6 GODDAM YEARS* SINCE WE'VE MOVED IN. "WHY DON'T YOU JUST GO TO THE LOCKSMITH OR SOME SHIT-" DO YOU I THINK I CAN JUST FUCKING WALTZ IN, ASK FOR THE KEY AND BRING IT TO THE FUCKING LOCKSMITH TO GET A DUPLICATE? AS IF THEY WOULD!!! AND NOW I'M GONNA GET EITHER AN F OR GO FULL SUICIDAL BECAUSE COFFEE THROUGH THE NIGHT IS NOT A FUCKING OPTION FOR ME. BECAUSE ALL THE FUCKING MATERIAL I HAVE FOR MY GODDAM ASSIGNMENT, ALONG WITH MY LAPTOP IS IN MY FUCKING ROOM. THANKS DAD! YOU SURE ARE HELPFUL AS FUCK! FUCK YOU!12 -
I have a rant. A genuine rant, not a funny story, etc.
I want a keyboard. I need one. It can cost €500, as long as it won't break in a year and fulfils all my needs. Make it a €1000, I don't care. What are my needs then? Well...
It has to be a split keyboard - two halves. But wireless in every aspect, ergonomic, with multimedia keys on its outer edges (preferably pointing outwards, not up) and a heavy metal trackball on the right outer edge (preferably upper right corner). That's a bare minimum.
On top of that it probably some magnetic scrolls for things like navigating pages, changing volume and fidgeting in general wouldn't hurt. Also I'd prefer it to snap back into a one-piece whenever I need it to lie on my knees, e.g. when I type while sitting on a coach (I have a coach PC setup, no desk, and there's a reason). Why do I need it to split then...?
I had an accident. Kind of broke my back when I was 11. It's mostly okay now after couple years of rehabilitation and many more years of careful living. Luckily the only two wheels I ride on are powered by a 105.97 hp @ 9,970 rpm engine. Still, I try to be careful so I tried tons of work hygiene techniques over the years and I found out anything over 2 hours is best done while lying flat.
Coding while lying flat has its challenges, mostly focused around screen and input. Ever since I got a VR headset half of them got solved but the other half - acquiring a suitable keyboard - it's very hard to satisfy. I tried that with a one-piece keyboard lying on my stomach. Turns out actively bending elbows quickly wears them out (hello tennis players). So a split keyboard it has to be. So far I tried 4 different ones and I had to modify the cable connecting both halves in each and every one of them so that it'd be long enough to go behind my back. The main cable itself I only had to modify once because usually there're extensions available.
Apart from cables, all of those keyboards had issues. Starting from some kind of de-syncing when keys from both halves would randomly register in a wrong order - I didn't know it's possible with a cable connected halves... I did try two generic WiFi keyboards (using one for each hand) and they unfortunately suffered from that very same issue but I was sure it wouldn't happen if the device was designed to be a one unit from the very beginning, right? And yet it in 2 of the tested devices.
Other than that, plugs disconnecting on their own forcing me to take off the headset and fiddle around, too high key travel that'd strain the wrists after a few hours, even the noise that would wake up my girlfriend sleeping in a separate room were all a common issue (I briefly had an almost completely silent WiFi mechanical keyboard from Logitech we both really liked, but it was a one-piece). Once I got a split keyboard that was "natively" WiFi but not only the two halves were still connected with a cable that turned out to be way too short for my needs, it also had a very noticeable lag despite the high price - a lag way higher than any of the cheap WiFi keyboards I owned in the past. So I sent it back. Now IDK what to do because AFAICT there are no more models available, at least where I live.
So yeah, I need a keyboard and I'll probably have to make one myself. Sorry, just had to vent.5 -
After learning a bit about alife I was able to write
another one. It took some false starts
to understand the problem, but afterward I was able to refactor the problem into a sort of alife that measured and carefully tweaked various variables in the simulator, as the algorithm
explored the paramater space. After a few hours of letting the thing run, it successfully returned a remainder of zero on 41.4% of semiprimes tested.
This is the bad boy right here:
tracks[14]
[15, 2731, 52, 144, 41.4]
As they say, "he ain't there yet, but he got the spirit."
A 'track' here is just a collection of critical values and a fitness score that was found given a few million runs. These variables are used as input to a factoring algorithm, attempting to factor
any number you give it. These parameters tune or configure the algorithm to try slightly different things. After some trial runs, the results are stored in the last entry in the list, and the whole process is repeated with slightly different numbers, ones that have been modified
and mutated so we can explore the space of possible parameters.
Naturally this is a bit of a hodgepodge, but the critical thing is that for each configuration of numbers representing a track (and its results), I chose the lowest fitness of three runs.
Meaning hypothetically theres room for improvement with a tweak of the core algorithm, or even modifications or mutations to the
track variables. I have no clue if this scales up to very large semiprime products, so that would be one of the next steps to test.
Fitness also doesn't account for return speed. Some of these may have a lower overall fitness, but might in fact have a lower basis
(the value of 'i' that needs to be found in order for the algorithm to return rem%a == 0) for correctly factoring a semiprime.
The key thing here is that because all the entries generated here are dependent on in an outer loop that specifies [i] must never be greater than a/4 (for whatever the lowest factor generated in this run is), we can potentially push down the value of i further with some modification.
The entire exercise took 2.1735 billion iterations (3-4 hours, wasn't paying attention) to find this particular configuration of variables for the current algorithm, but as before, I suspect I can probably push the fitness value (percentage of semiprimes covered) higher, either with a few
additional parameters, or a modification of the algorithm itself (with a necessary rerun to find another track of equivalent or greater fitness).
I'm starting to bump up to the limit of my resources, I keep hitting the ceiling in my RAD-style write->test->repeat development loop.
I'm primarily using the limited number of identities I know, my gut intuition, combine with looking at the numbers themselves, to deduce relationships as I improve these and other algorithms, instead of relying strictly on memorizing identities like most mathematicians do.
I'm thinking if I want to keep that rapid write->eval loop I'm gonna have to upgrade, or go to a server environment to keep things snappy.
I did find that "jiggling" the parameters after each trial helped to explore the parameter
space better, so I wrote some methods to do just that. But what I wouldn't mind doing
is taking this a bit of a step further, and writing some code to optimize the variables
of the jiggle method itself, by automating the observation of real-time track fitness,
and discarding those changes that lead to the system tending to find tracks with lower fitness.
I'd also like to break up the entire regime into a training vs test set, but for now
the results are pretty promising.
I knew if I kept researching I'd likely find extensions like this. Of course tested on
billions of semiprimes, instead of simply millions, or tested on very large semiprimes, the
effect might disappear, though the more i've tested, and the larger the numbers I've given it,
the more the effect has become prevalent.
Hitko suggested in the earlier thread, based on a simplification, that the original algorithm
was a tautology, but something told me for a change that I got one correct. Without that initial challenge I might have chalked this up to another false start instead of pushing through and making further breakthroughs.
I'd also like to thank all those who followed along, helped, or cheered on the madness:
In no particular order ,demolishun, scor, root, iiii, karlisk, netikras, fast-nop, hazarth, chonky-quiche, Midnight-shcode, nanobot, c0d4, jilano, kescherrant, electrineer, nomad,
vintprox, sariel, lensflare, jeeper.
The original write up for the ideas behind the concept can be found at:
https://devrant.com/rants/7650612/...
If I left your name out, you better speak up, theres only so many invitations to the orgy.
Firecode already says we're past max capacity!5 -
I’m working on a new app I’m pretty excited about.
I’m taking a slightly novel (maybe 🥲) approach to an offline password manager. I’m not saying that online password managers are unreliable, I’m just saying the idea of giving a corporation all of my passwords gives me goosebumps.
Originally, I was going to make a simple “file encrypted via password” sort of thing just to get the job done. But I’ve decided to put some elbow grease into it, actually.
The elephant in the room is what happens if you forget your password? If you use the password as the encryption key, you’re boned. Nothing you can do except set up a brute-forcer and hope your CPU is stronger than your password was.
Not to mention, if you want to change your password, the entire data file will need to be re-encrypted. Not a bad thing in reality, but definitely kinda annoying.
So actually, I came up with a design that allows you to use security questions in addition to a password.
But as I was trying to come up with “good” security questions, I realized there is virtually no such thing. 99% of security question answers are one or two words long and come from data sets that have relatively small pools of answers. The name of your first crush? That’s easy, just try every common name in your country. Same thing with pet names. Ice cream flavors. Favorite fruits. Childhood cartoons. These all have data sets in the thousands at most. An old XP machine could run through all the permutations over lunch.
So instead I’ve come up with these ideas. In order from least good to most good:
1) [thinking to remove this] You can remove the question from the security question. It’s your responsibility to remember it and it displays only as “Question #1”. Maybe you can write it down or something.
2) there are 5 questions and you need to get 4 of them right. This does increase the possible permutations, but still does little against questions with simple answers. Plus, it could almost be easier to remember your password at this point.
All this made me think “why try to fix a broken system when you can improve a working system”
So instead,
3) I’ve branded my passwords as “passphrases” instead. This is because instead of a single, short, complex word, my program encourages entire sentences. Since the ability to brute force a password decreases exponentially as length increases, and it is easier to remember a phrase rather than a complicated amalgamation or letters number and symbols, a passphrase should be preferred. Sprinkling in the occasional symbol to prevent dictionary attacks will make them totally uncrackable.
In addition? You can have an unlimited number of passphrases. Forgot one? No biggie. Use your backup passphrases, then remind yourself what your original passphrase was after you log in.
All this accomplished on a system that runs entirely locally is, in my opinion, interesting. Probably it has been done before, and almost certainly it has been done better than what I will be able to make, but I’m happy I was able to think up a design I am proud of.8
Top Tags
Weekly Rant
View