"一 百 二十 一 dollar "

Definitely chinese.

In Japanese, they say 'hundred' instead of 'one hundred' "百 二十 一"

Originally I thought they were just em dashes and part of the jumble so I ignored them. That's why I got it wrong in the first place. You're assessment is probably right though.

A fun little adventure either way! I'm sure you won't regret having learned a little more about these writing systems. :)

True. The only 'distributed' part of bluesky is in the PR. Otherwise there'd be more instances.

My mastodon account is not even on mastodon.social, because why would I, when I could have a home server closer to home

i get real tired of people trumpeting that bsky is distributed.

Can i run a private node? can i run a functional node completely within my network segment? because i can with gnusocial and misskey; i've never run mastodon; i am on fosstodon and a couple of other mastodon-likes.

bluesky is to discord what mastodon (fedi) is to IRC.

don't let the fact that most people use the main instances fool you, there's thousands (maybe tens of thousands) of instances. I haven't seen a tally recently, i forget the account that shows them for each "instance type", like pleroma, misskey, mastodon, pixelfed, whatever the reddit clone is, whatever the 4chan clone is, and so on.

anyhow when elon bought twitter mastodon surged. I hope they didn't spend millions upgrading the main instances because most of that dropped off because, you know, everyone's on twitter. only a few million on mastodon.

My whole point is, trying to shoehorn words like "distributed" into a system that i cannot run independently is, well it's just not distributed, that's all.

edit: maybe this is sour grapes because i never got an invite; but maybe i think it's just twitter with a different coat of paint and different buzzwords attached.

Two times some guys at Mastodon tried to convince me to try Bluesky.

I explicitly told them that I want something distributed and that's a high priority, not a nice-to-have.

Yesss, there's definitely some very cheeky marketing going on.

a bit misleading title.

> Publishing games that are available to players with either Roblox Kids (users under 9) or Roblox Select (users 9 to 15) accounts that we announced in our Newsroom will require additional verification steps than publishing games that are available to users over 16.*

x+y = ln(exp(x) * exp(y))

exp(a) = eml(a, 1) ln(a)=eml(1,eml(eml(1,a),1))

Plugging those in is an excercise to the reader

You use multiplication in the first line, which you have not expressed through eml yet.

Because of how exp and log turn addition into multiplication and vice versa, once you have the one, you get the other easily.

might need to turn the paper sideways

Not brainf*ck. This is the SUBLEQ equivalent of math https://en.wikipedia.org/wiki/One-instruction_set_computer#S...

Did you maybe mean to respond to the parent of my comment?

> Like addition

I'm perplexed to the claim that addition is cheaper than XOR, especially since addition is built upon XOR, am I missing anything? Is it javascript specific?

I work on the machine code level, so the only characteristic I'm interested in is how many ticks it takes to compute the result, not how many transistors it requires or anything like that. All modern CPUs take 1 tick to compute both XOR, addition, and many other simple arithmetic operations, so even though addition is technically more complicated in CPU designs, it never surfaces in software. In the context of this post, I preferred addition instead of XOR to reduce cancel-out and propagate entropy between bits.

The wording was a bit unclear. The previous paragraph mentions wanting something cheaper than "those pesky XORs and multiplications". The multiplication is the expensive part; the (very cheap) XORs are just mildly annoying because you have to think about what they're doing.

At least on x86, multiple additions and multiplications can be done with a single `lea` instruction so it's preferable to XOR. Though I have no idea about other architectures, compiler implementations, any interpreters...

That only helps with multiplications by statically known word sizes (4x, 8x, etc.) and not arbitrary x·y. It can help with many smaller constant multipliers if the complete is clever, but it has to be known at compile time.

Well it no longer constrains the data in a fixed output length.

Sure, but if you constrain to fixed output length, you will definitely have collisions (Pigeon Hole Principle). There's no way around that.

padding with zeroes to a fixed length and prepending the original length would suffice, but you’d have to have a fixed length of double infinity to account for both the length information and the hash information, and the hash is less efficient than the original information.

They have a switch tester board where you can press individual keys and you can see which switch you just pressed on the screen

I think 3ds is also reasonably in the sweet spot.

Check out this project, fully written in bare metal C

https://github.com/profi200/open_agb_firm

What good does certificate format do? Certainly won't make people not reuse it the same way.

> where the affected users might be surprised or alarmed to learn that it is possible to link these real-world identities.

I feel like it's obvious that ssh public keys publically identifies me, and if I don't want that, I can make different keys for different sites.

> > where the affected users might be surprised or alarmed to learn that it is possible to link these real-world identities.

> I feel like it's obvious that ssh public keys publically identifies me, and if I don't want that, I can make different keys for different sites.

You're probably not the only one for whom it's obvious, but it appears to be not at all obvious to large numbers of users.

ssh by default sends all your public keys to a server. Yes you can limit some keys to specific hosts but it's very easy to dox yourself.

Doesn’t it try one key at a time rather than send all?

True but a server that wants to "deanonymize" you can just reject each key till he has all the default keys and the ones you added to your ssh agent.

You can try it yourself [0] returns all the keys you send and even shows you your github username if one of the keys is used there.

[0] ssh whoami.filippo.io

Nice, tried it out. This wording is incorrect though:

"Did you know that ssh sends all your public keys to any server it tries to authenticate to?"

It should be may send, because in the majority of cases it does not in fact send all your public keys.

It does, and there's typically a maximum number of attempts (MaxAuthTries defaults to 6 IIRC) before the server just rejects the connection attempt.

Yep, but this is server-side setting. Were I a sniffer, I would set this to 10000 and now I can correlate keys.

Modern sshd limits the number of retries. I have 5 or 6 keys and end up DoSing myself sometimes.

This thread made me realize why fail2ban keeps banning me after one failed password entry :lightbulb:

so it's good practice to store key in non-default location and use ~/.ssh/config to point the path for each host?

What a great case of "you're holding it wrong!" I need to add individual configuration to every host I ever want to connect to before connecting to avoid exposing all public keys on my device? What if I mistype and contact a server not my own by accident?

This is just an awfully designed feature, is all.

> add individual configuration to every host I ever want to connect

Are you AI?

You can wildcard match hosts in ssh config. You generally have less than a dozen of keys and it's not that difficult to manage.

I have over a dozen ssh keys (one for each service and duplicates for each yubikey) and other than the 1 time I setup .ssh/config it just works.

I have the setting to only send that specific host’s identity configured or else I DoS myself with this many keys trying to sign into a computer sitting next to me on my desk through ssh.

Like I can’t imagine complaining about adding 5 lines to a config file whenever you set up a new service to ssh onto. And you can effectively copy and paste 90% of those 5 short lines, just needing to edit the hostname and key file locations.

I would say it's best practice to use a key agent backed by a password manager.

Specifically to use a different key for each host.

I had never thought about that. Seems like an easy problem to fix by sending salted hashes instead.

The server matches your purposed public key with one in the authorized keys file. If you don't want to expose your raw public key to the server, you'll need to generate and send the hashed key format into the authorized keys file, which at that point is the same as just generating a new purpose built key, no? Am I missing something?