UK 1987

I'll never forget the day in high school where some rich kid bastard tried to say unions are bad. The reason? His rich parents don't benefit from it and it costs them taxes... luckily my AP US History teacher let me speak right after to tear him down because who the fuCk says that. I'll never forgive you privileged white boy!!!! He had the gALL to act as if he had said something profound!!!

Source

KEEP UP THE UNIONIZATION EFFORTS

"As the U.S. government continues to provide Israel with both weapons and diplomatic cover — most recently, by voting against a UN resolution demanding a ceasefire, coincidentally also on December 11 — activists like DBNY see collective direct action as their best means of curbing the violence. They also describe their organizing as a direct response to solidarity requests from Palestinian labor unions urging workers around the world to halt the flow of weapons to Israel.

... Since September, DBNY has been taking the fight to Easy Aerial’s doorstep. Each week, activists with the group distribute flyers to the more than 11,000 people who work for over 450 businesses in the 300-acre complex, including art studios, food vendors and entertainment companies. The flyers in English and Spanish provide background on Easy Aerial, Crye Precision and the Brooklyn Navy Yard itself .... In addition to the weekly flyering, DBNY has organized demonstrations to coincide with the corporation’s board meetings and public events. Activists have also been directly petitioning the corporation’s executives, board members and staff, demanding they evict Easy Aerial and Crye Precision from the Brooklyn Navy Yard.

While the response from the Brooklyn Navy Yard Development Corporation to DBNY has been official silence paired with harassment from hired security — including drone surveillance — the response from workers has been 'overwhelmingly positive,' according to the activists. 'Most of them have been shocked and disgusted to learn that they work alongside war criminals.'

... Ultimately, DBNY hopes to replicate the recent successes of other activists targeting weapons manufacturers supplying the Israeli military. Boycott, Divestment, Sanctions Boston, for example, was able to force the closure of Elbit Systems’s offices in Cambridge, Massachusetts, in August, following a year of demonstrations, as reported by Cambridge Day.

According to DBNY, until the Brooklyn Navy Yard ceases to host businesses trading in 'blood money' from targeting people in Gaza and the United States alike, all New Yorkers and visitors should boycott the complex. To that end, the activists have created a petition demanding the eviction of Easy Aerial and Crye Precision, as well as pledging a boycott until that time.

'We also urge all tenants and workers to take autonomous actions at the Brooklyn Navy Yard and by joining our campaign to disrupt, strike and boycott all genocide profiteers,' said the DBNY spokesperson."

Demilitarize Brooklyn Navy Yard: IG, Linktree Resources for locating genocide profiteers near you ACT UP Civil Disobedience Guide Small Group Direct Action Advice

Meta has engaged in a “systemic and global” censorship of pro-Palestinian content since the outbreak of the Israel-Gaza war on 7 October, according to a new report from Human Rights Watch (HRW). In a scathing 51-page report, the organization documented and reviewed more than a thousand reported instances of Meta removing content and suspending or permanently banning accounts on Facebook and Instagram. The company exhibited “six key patterns of undue censorship” of content in support of Palestine and Palestinians, including the taking down of posts, stories and comments; disabling accounts; restricting users’ ability to interact with others’ posts; and “shadow banning”, where the visibility and reach of a person’s material is significantly reduced, according to HRW. Examples it cites include content originating from more than 60 countries, mostly in English, and all in “peaceful support of Palestine, expressed in diverse ways”. Even HRW’s own posts seeking examples of online censorship were flagged as spam, the report said. “Censorship of content related to Palestine on Instagram and Facebook is systemic and global [and] Meta’s inconsistent enforcement of its own policies led to the erroneous removal of content about Palestine,” the group said in the report, citing “erroneous implementation, overreliance on automated tools to moderate content, and undue government influence over content removals” as the roots of the problem.

[...]

Users of Meta’s products have documented what they say is technological bias in favor of pro-Israel content and against pro-Palestinian posts. Instagram’s translation software replaced “Palestinian” followed by the Arabic phrase “Praise be to Allah” to “Palestinian terrorists” in English. WhatsApp’s AI, when asked to generate images of Palestinian boys and girls, created cartoon children with guns, whereas its images Israeli children did not include firearms.

it's mostly memory-holed except when people want to use it to win points in arguments, but it's kind of fucking miserable to live in the cultural era where we're forever feeling the consequences of all western geek media deciding to be as racist as humanly possible about japanese games

there's also the under-discussed compounding factor of this scar, where all of this also happened around the time that USA companies were buying out the software japanese devs were using to make games, so a lot had to either learn english (its own selection process) or use increasingly outdated software, creating a software gap

you listen to japanese developers talk about having the word "japanese" anywhere near their software and there's this visceral sensation of discomfort, or in some cases, a stubborn sense of pride that is largely built in contrast to that shame

but any way you look at it, it's brutally depressing

Hi!👋, im back(again), sorry if im a little bit of an bother(english isn't my first language sorry😅), i want to have ANOTHER request of Yandere TFP ALL Autobots(poly pls🥺)with an same cybertronian s/o from my first request that is SUPER shy, easily flustered and hardly ever raises thare voice that comes out as VERY adorable whispers and thare...

🥰DROP🥰

💞DEAD💞

❤️‍🔥GORGEOUS❤️‍🔥

🥰🌌💗💜AND like my first request small scenario and headcanons💜💗🌌🥰

Hug🤗

YOU ARE NOT A BOTHER SHUT UP I LOVE YOU!!! (´▽`ʃ♡ƪ) And it's okay, english is also not my 1st language, but be patience and keep listening, reading and speaking it!! And you'll get the hang of it!

(〃￣︶￣)人(￣︶￣〃) Sending hugs too bestie!!!

(TFP) Yandere!Autobots w/ Shy Cybertronian!Reader (HCs & Scenario)

WARNING: Yandere behaviour, yandere harem, romantic relationships, overprotective and obsessive behaviour, soft kidnapping (?), typical violence from the series and a little bit more, Reader is gender neutral and in the Autobot faction. Long ass post ngl.

Don't worry guys I'm adding Ultra Magnus I ain't forgetting that fine mech again. And Cliffjumper, sorry baby I forgot you at first.

You were the little of hope the team protects dearly.

Everyone in the autobot team loved you so dearly and all of them had a little non-spoken vow: to protect and love you.

And how could they not do that? You were such a soft, spark-spoken bot, always trying to bring comfort to the others, never being too loud, supporting them and just being that light in the darkness they were in.

You arrived to earth with the original team - and if back in Cybertrone all of them were a little bit protective over you, being on a new planet it go 10 times more.

From the beginning after the autobots established on the base thanks to the human's militia and Agent Fowler, the team decided to forbid you from going on missions - you would have tried to gently speak in your defense of being able to fight alongside your friends, but after hearing the concerns of your teammates and feel as if their sparks would vanish at the mere thought of you getting hurt or... offlined by the Decepticons, it was more than enough to give in, smiling at them sweetly with a small 'I understand', deciding to become Ratchet's assitant.

All of them were so relieved - they didn't want to force you inside of one of the storages room and keep you there inside against your will. They were gonna do it to protect you! Alas, you were such a good, sweet bot that knew they were only looking after your well being! So good, so good!

The team cherishes every single little moment they have with you - every little smile, chuckle, conversation, inside-joke - anything became a dear memory within their softwares.

After Cliffjumper's death... the need to protect you grew, to the point the team started to develop such obsessive ideals about you.

Everyone's spark was clenching in pain, watching you cry your optics out while hugging Arcee, how was holding you closely and sobbing quietly, anger painted on her faceplate... she wasn't gonna let you get offlined like Cliffjumper did - no one was gonna let that happen.

You love dearly your teammates, and you know all of them love you! But... sometimes you feel like their love for you is too much. Sometimes.

Optimus Prime and Ratchet can be too overprotective, sometimes - You know they mean well, but sometimes you are mad at yourself for not telling them to chill. Optimus always remind you the promise you made to them before he leaves with the others for a mission - "to leave the base it is prohibited, even less if you don't have someone making you company." And you try to convice him, but his worried expression and your stuttering and passive behaviour always makes you close your mouth and whisper a "I'm sorry, I understand." It melts your spark at the sight of Optimus' soft, relieved smile and that forehelm gives you. And Ratchet, by Primus, he is always fretting about you - he is always checking on you even when you are on the same room, making sure you are well recharged and had your fill, always saying that "you are far more important than him" when you scold him for not having his fill of energon. You always remind him he is important too, but he is set on always prioritizing you over himself...

Your spark sinks a little at hearing Ratchet and Optimus speak quietly in the dead of the night - Ratchet was telling on detail everything you did on the day, as if it was a report. What it scares you is how precise his words and details are, it seems... obsessive, too obsessive. And Optimus thanks Ratchet for keeping you safe and sound, promising to keep fighting for a better world so all of the team and you could live happily back at Cybertrone... and you swear you felt Optimus' optics on you as you tried to recharge on your own berth, or heard Ratchet whisper sweet nothings to you as you recharged, too.

Bulkhead, Wheeljack and Ultra Magnus have silently vowed to be your guardians, your own personal wrecker-guards. Wheeljack is constatly flirting with you, as Bulkhead is the shy type to quietly give you small gifts like a small flower or pretty rock. Ultra Magnus always gives you praises and words full of - all three of them always get to make you blush. But lately, Wheeljack's flirting has become too... intense in your opinion. Bulkhead seems always too anxious whenever he gives you a small gift, fearing you are going to reject it. And Ultra Magnus seems to make his praise become worshipping, as if you were like Primus itself. You've also have started to notice how the three of them seem to always aim to get your favor, any kind of positive reaction - an approval from you, as if you were the one to have the last word and decision, like a god does. Wheeljack wishes for a flirt back, Bulkhead wishes for an approval, Ultra Magnus wishes your benevolence.

Bumblebee and Smokescreen can't never get enough of your affection and attention - like two young puppies. They also always try to have any kind of physical contact with you, which nearly always translates into hugs or servos holding. And these two are an intensified version of the three wreckers - Bee constantly seems to look after your approval, your words of affirmation and gentle praise. Smokescreen either flirts with you non-stop or spills too many worshipping praises like he did when he got to meet Optimus. But what makes them different is that they verbalize their protective promises. The two of them have said they are not afraid of ending any decepticon for the sake of keeping you safe and sound, to give you the Cybertrone you deserve so you can live happily and surrounded only by the bots that love you so dearly. And they promise this as they snuzzle gently their helms against yours, holding your servos softly... whispering their obsessive promises to your audials.

You know that, since the day Cliffjumper was killed, something inside of Arcee broke again. And thus, you became her light of hope, for whenever she was grieving or letting her spark poison with anger and a need for revenge, you were there to hug her or hold her servo, letting her cry on your shoulderplate. But she should be the one doing that! You cried and grieved the loss of Cliffjumper too! She is still has burn in her system the sight of you crying after finding out about the red autobot's murder. She was gonna avenge Cliffjumper (oh, how much he loved you - He would always tell Arcee everything he loved about you, and find such happiness at knowing Arcee thought the same) and keep you away from any danger. She wasn't gonna lose you. She was gonna offline anybot before that happened. She had become more touchy, overprotective, always seeming to act as a wall between everyone and you. "Cliffjumper always vowed to protect you... and I'll do the same - I won't let anything happen to you." She promised in a whisper as she hugged you. All you can do is hug her back, even when you were slightly... scared at how lost her optics seemed.

You love your teammates - you were so sure you wished to pass the rest of your life with all of them once the war was over, to bond with them and love them... but you've noticed how deep their feelings for you were.

Obsessive. Overprotective. Worshipping you as if you were like Primus. Promising to you with whispers about forever protecting you, about how important to them you were, that they were not going to be afraid to shed energon in your name if it meant to prove their love and devotion for you. Keeping tabs on you, whispering to one another everything about you, listening to you, watching you from time to time as you recharge, making sure you never leave the base.

You are their beacon of hope, the light in the darkness - Optimus and Ratchet are not afraid to taint their vow to not offline the enemy if it means to keep you safe and sound, keeping their optics on you. Bulkhead, Wheeljack and Ultra Magnus are ready to protect you from any danger as guardians and destroy anyone who tries to touch you. Bee and Smokescreen will keep giving you all the love and attention they can, promising you the universe and the stars. Arcee will make Cliffjumper's wish come true by keeping you away from danger and bring you the Cybertrone you derseve, just like the others aim to do.

And... there's nothing you can do about it.

All you can do is allow your teammates surround you as if the cocoon of a butterfly - keeping you warm, safe, loved.

Did my best!! Kind off felt like I didn't do good. (Uu￣ 3￣) Vhaos out!

‘Indie sleaze’ is not 2014, ‘Indie sleaze’ is not 2014, ‘Indie sleaze’ is not 2014, ‘Indie sleaze’ is not 2014!

It’s not tumblr-core and it’s not Lana Del Ray or 2013 AM, it’s not #girl interrupted, it’s not Ethel Cain (she literally is an artist of our time, what are you on about.)

It was 2001 with the Strokes on the cover of the NME every 2 weeks, it was cabaret night and English poetry with the Libertines in 2002, it’s those red and blue military jackets, it was the fucking grease in Julian Casablancas’ hair, it’s ’cocaine was the banker’s drug’ quoth Alex Kapranos, it was Don't Go Back To Dalston and the heroin, it was red and black horizontal striped tops and tight black shirts as evening wear, it was Russell Lissak’s mop top and a full page interview with London hairdressers in the NME in 2005, it was Jack and Meg’s saturated red and white dresses, it was glued glitter on the cover of Santigold’s first album, it was the sleaze and the sex of CSS’s music, it was ‘cold light, hot night’, it was the anti-Bush and anti-war stances of the bands at the time, it was America by Razorlight, it was Popworld on telly and Simon Amstel being a little shit to musicians, it was Karen O defying death on stage nightly, it was throwing up in shitty nightclubs on god knows what drugs, it was the fucking danger knowing this could all collapse any second—and rightly, it should. It was the godawful egos at DFA, it was knowing that while you were lucky to be seeing these bands live, you’d fucking hate them if you had to spend even a minute in their individual company. It was Amy Winehouse telling the world to get the fuck out of her business, it was Leslie Feist and Peaches sharing a dilapidated flat above a sex shop in Toronto.

It was horrible camera flash and red-eye editing softwares and putting your feet by the warm, spinning fans of your computer while it whirred away and downloaded your albums in *checks* 46 more minutes. It was horrible, it was dirty, it was gritty, we all hated it and thought the 90s were the last time music was good and that nothing good had happened since 1997. It was garishly bright clothes we were all embarrassed of by 2011, it was multiple layers and leggings and asking your mum to cut the itchy tag on the back of your low rise jeans only for her to snip your back. It was bell bottoms at the start of the decade. It being thankful that by 2017, no one would dream of wearing low rises anymore, please please, please let them never come back.

It was faux nostalgic of the past itself. It was ‘please make sure baby you’ve got some colours in there’ in your clothes. It was moral panic over emos. It was wanting to escape into a better past that you could see was visibly impoverished in the present. It was watching your favourite programmes become less and less relevant on air. It was watching MTV decisively die a horrible death. It was watching important venues and nightclubs get bulldozed. It was watching the last regular broadcast of Top Of The Pops in 2006. It was seeing how the 2009 financial crisis most definitely put a stop to independent music in the western world for a decade, it was watching the rise of bedroom DIY and electronic music. It was seeing the phrase ‘SoundCloud rapper’ being coined. It was the rise of Disney pop. It was counter-culture Justin Bieber hatred. It was the MS paint meme of those tumblr girls thoroughly unimpressed by the guy.

It was not using the words ‘indie sleaze’ at all, in fact. That’s a retconned word. It was garage rock revival. It was ‘post-grunge’. We didn’t care what it was called, we hated it all the same. It was a lead into a decade of despair and nihilism, it was the last hurrah for the music industry before it splintered into a thousand little online ecosystems, it was the last time we had physical community and any shared pop cultural moments. It was Live8 2005. It was the same as it is now, and it was a time that’ll never happen again, for better and for worse.

But one thing is for sure: it was decisively dead by 2014. Santi and Karen O’s 2012 collab was its last hurrah and it was dead by Comedown Machine by the Strokes (2013). It has nothing to do with 2014.

I've debated for a couple of days about whether to say something because I don't want to be overly political on here, a place where I can just enjoy the things I love. However, I feel like this is a topic on which I have a pretty personal view on, so here I am.

A disclaimer, I want to make clear that I am not pointing fingers or anything. I just want to put my thoughts out there so people can perhaps see a different perspective. English is not my native language (obviously). I tried to make myself clear and be courteous, but sometimes my language skill fails me, so please be gentle and know I do not wish to offend anyone.

It's about people flocking to red note as a reaction toward the tiktok ban. I am happy for people who had their first genuine interaction with people behind the Chinese fire wall, it's always beautiful when people from different culture communicate and learn from each other. Hell that's the reason why I am on this website. But I also can't help feeling sick with concern at how people disregard information warfare and missed the point that the problem has never been the Chinese people but the CCP government.

I am a Taiwanese. If you know anything about Taiwan and China's complicated history, you can probably imagine I have FEELINGS toward China. It's strong, and it's NEGATIVE. (I am not trying to represent all Taiwanese. This is just my own feelings.) I am relatively young, but even in my limited time alive, I've personally witnessed how the Chinese government bullied and oppressed my country. There are active attacks toward us, and it has been for years, just not YET in the traditional military sense. The information warfare is as real as ever and we, in Taiwan, don't have the defense of the language barrier. China spent an unimaginable amount of money every year on information warfare against Taiwan. Spreading misinformation and propaganda, buying out internet accounts and influencers. Planting agents. Anything you can and can't imagine. They are smart and cunning.

There is no such thing as a private company in China. Look up what happened to Ma Yun. If the country wants to, they can take anything from you, even the company you founded. The CCP government can and WILL monitor and control the discussion happening on any social software/application that's run by a Chinese company. They WILL manipulate the algorithm for propaganda. That is not an empty threat. They literally built a firewall around China so Chinese people can't access the internet freely. You treat them with humanity and courtesy doesn't mean that you will get the same treatment from them. CCP does not abide by your law. We all want to live in an idealistic world where people are kind and honesty is the default. I want to live in that world, too. But reality is cruel and playing dirty will get you far ahead of people playing by the rules.

I wish people in the US (and any other country that do not have to worry about being invaded, really) can realize how privilege it is to be a citizen of a wealthy and stable country that never have to worry about losing your identity just because your huge and rich neighbor says you belong to them. How privilege it is to be able to think China is not a threat, the government overreacted. I envy them. I envy their confidence in their country's future, that it won't disappear when they wake up the next day. I envy that they can still count on international society recognizing them as citizens of a independent country without hesitation and reserve.

I will never use TikTok (not even the US version) and RedNote. I will not install anything that I know has any relation to Chinese companies. Because I am worried for myself, for my family, and for my country. It's the least I can do as a defense as a single, insignificant Taiwanese. Seeing people jumping in voluntarily, giving CCP access to your personal information, makes me extremely anxious. I sincerely hope that there won't come a day when this decision backfires.

Some software company is hiring people who know English and can write, I wonder if I'll get that job.... Probably not but it's worth a shot!

So, like, I'm pro-piracy, I haven't watched anime through any sort of legal channel in years, but I'm getting increasingly annoyed by the people that try to champion as some sort of moral issue. Like, of course companies are going to try and take down those sorts of streaming sites, it's not a moral outrage that they're taking issue with people offering their paid product for free. Obviously, it's a whole other can of worms when this is accompanied by life-ruining fines for the people running these sites, but, ninety percent of the time, that's not what I see people complaining about.

--

Piracy can be a political act... but... like... people in third world countries stealing job-related software because rich countries won't license them stuff at a reasonable rate. Or media preservation of things that get removed from everywhere.

"Wah, it's coming out in the US, so they cracked down on the English language fan translation stuff" is less sympathy-inducing.

UK 1987

Shamir Secret Sharing

It’s 3am. Paul, the head of PayPal database administration carefully enters his elaborate passphrase at a keyboard in a darkened cubicle of 1840 Embarcadero Road in East Palo Alto, for the fifth time. He hits Return. The green-on-black console window instantly displays one line of text: “Sorry, one or more wrong passphrases. Can’t reconstruct the key. Goodbye.” 

There is nerd pandemonium all around us. James, our recently promoted VP of Engineering, just climbed the desk at a nearby cubicle, screaming: “Guys, if we can’t get this key the right way, we gotta start brute-forcing it ASAP!” It’s gallows humor – he knows very well that brute-forcing such a key will take millions of years, and it’s already 6am on the East Coast – the first of many “Why is PayPal down today?” articles is undoubtedly going to hit CNET shortly. Our single-story cubicle-maze office is buzzing with nervous activity of PayPalians who know they can’t help but want to do something anyway. I poke my head up above the cubicle wall to catch a glimpse of someone trying to stay inside a giant otherwise empty recycling bin on wheels while a couple of Senior Software Engineers are attempting to accelerate the bin up to dangerous speeds in the front lobby. I lower my head and try to stay focused. “Let’s try it again, this time with three different people” is the best idea I can come up with, even though I am quite sure it will not work. 

It doesn’t. 

The key in question decrypts PayPal’s master payment credential table – also known as the giant store of credit card and bank account numbers. Without access to payment credentials, PayPal doesn’t really have a business per se, seeing how we are supposed to facilitate payments, and that’s really hard to do if we no longer have access to the 100+ million credit card numbers our users added over the last year of insane growth. 

This is the story of a catastrophic software bug I briefly introduced into the PayPal codebase that almost cost us the company (or so it seemed, in the moment.) I’ve told this story a handful of times, always swearing the listeners to secrecy, and surprisingly it does not appear to have ever been written down before. 20+ years since the incident, it now appears instructive and a little funny, rather than merely extremely embarrassing. 

Before we get back to that fateful night, we have to go back another decade. In the summer of 1991, my family and I moved to Chicago from Kyiv, Ukraine. While we had just a few hundred dollars between the five of us, we did have one secret advantage: science fiction fans. 

My dad was a highly active member of Zoryaniy Shlyah – Kyiv’s possibly first (and possibly only, at the time) sci-fi fan club – the name means “Star Trek” in Ukrainian, unsurprisingly. He translated some Stansilaw Lem (of Solaris and Futurological Congress fame) from Polish to Russian in the early 80s and was generally considered a coryphaeus at ZSh. 

While USSR was more or less informationally isolated behind the digital Iron Curtain until the late ‘80s, by 1990 or so, things like FidoNet wriggled their way into the Soviet computing world, and some members of ZSh were now exchanging electronic mail with sci-fi fans of the free world.

The vaguely exotic news of two Soviet refugee sci-fi fans arriving in Chicago was transmitted to the local fandom before we had even boarded the PanAm flight that took us across the Atlantic [1]. My dad (and I, by extension) was soon adopted by some kind Chicago science fiction geeks, a few of whom became close friends over the years, though that’s a story for another time. 

A year or so after the move to Chicago, our new sci-fi friends invited my dad to a birthday party for a rising star of the local fandom, one Bruce Schneier. We certainly did not know Bruce or really anyone at the party, but it promised good food, friendly people, and probably filk. My role was to translate, as my dad spoke limited English at the time. 

I had fallen desperately in love with secret codes and cryptography about a year before we left Ukraine. Walking into Bruce’s library during the house tour (this was a couple years before Applied Cryptography was published and he must have been deep in research) felt like walking into Narnia. 

I promptly abandoned my dad to fend for himself as far as small talk and canapés were concerned, and proceeded to make a complete ass out of myself by brazenly asking the host for a few sheets of paper and a pencil. Having been obliged, I pulled a half dozen cryptography books from the shelves and went to work trying to copy down some answers to a few long-held questions on the library floor. After about two hours of scribbling alone like a man possessed, I ran out of paper and decided to temporarily rejoin the party. 

On the living room table, Bruce had stacks of copies of his fanzine Ramblings. Thinking I could use the blank sides of the pages to take more notes, I grabbed a printout and was about to quietly return to copying the original S-box values for DES when my dad spotted me from across the room and demanded I help him socialize. The party wrapped soon, and our friends drove us home. 

The printout I grabbed was not a Ramblings issue. It was a short essay by Bruce titled Sharing Secrets Among Friends, essentially a humorous explanation of Shamir Secret Sharing. 

Say you want to make sure that something really really important and secret (a nuclear weapon launch code, a database encryption key, etc) cannot be known or used by a single (friendly) actor, but becomes available, if at least n people from a group of m choose to do it. Think two on-duty officers (from a cadre of say 5) turning keys together to get ready for a nuke launch. 

The idea (proposed by Adi Shamir – the S of RSA! – in 1979) is as simple as it is beautiful. 

Let’s call the secret we are trying to split among m people K. 

First, create a totally random polynomial that looks like: y(x) = C0 * x^(n-1) + C1 * x^(n-2) + C2 * x^(n-3) ….+ K. “Create” here just means generate random coefficients C. Now, for every person in your trusted group of m, evaluate the polynomial for some randomly chosen Xm and hand them their corresponding (Xm,Ym) each. 

If we have n of these points together, we can use Lagrange interpolating polynomial to reconstruct the coefficients – and evaluate the original polynomial at x=0, which conveniently gives us y(0) = K, the secret. Beautiful. I still had the printout with me, years later, in Palo Alto. 

It should come as no surprise that during my time as CTO PayPal engineering had an absolute obsession with security. No firewall was one too many, no multi-factor authentication scheme too onerous, etc. Anything that was worth anything at all was encrypted at rest. 

To decrypt, a service would get the needed data from its database table, transmit it to a special service named cryptoserv (an original SUN hardware running Solaris sitting on its own, especially tightly locked-down network) and a special service running only there would perform the decryption and send back the result. 

Decryption request rate was monitored externally and on cryptoserv, and if there were too many requests, the whole thing was to shut down and purge any sensitive data and keys from its memory until manually restarted. 

It was this manual restart that gnawed at me. At launch, a bunch of configuration files containing various critical decryption keys were read (decrypted by another key derived from one manually-entered passphrase) and loaded into the memory to perform future cryptographic services.

Four or five of us on the engineering team knew the passphrase and could restart cryptoserv if it crashed or simply had to have an upgrade. What if someone performed a little old-fashioned rubber-hose cryptanalysis and literally beat the passphrase out of one of us? The attacker could theoretically get access to these all-important master keys. Then stealing the encrypted-at-rest database of all our users’ secrets could prove useful – they could decrypt them in the comfort of their underground supervillain lair. 

I needed to eliminate this threat.

Shamir Secret Sharing was the obvious choice – beautiful, simple, perfect (you can in fact prove that if done right, it offers perfect secrecy.) I decided on a 3-of-8 scheme and implemented it in pure POSIX C for portability over a few days, and tested it for several weeks on my Linux desktop with other engineers. 

Step 1: generate the polynomial coefficients for 8 shard-holders.

Step 2: compute the key shards (x0, y0)  through (x7, y7)

Step 3: get each shard-holder to enter a long, secure passphrase to encrypt the shard

Step 4: write out the 8 shard files, encrypted with their respective passphrases.

And to reconstruct: 

Step 1: pick any 3 shard files. 

Step 2: ask each of the respective owners to enter their passphrases. 

Step 3: decrypt the shard files.

Step 4: reconstruct the polynomial, evaluate it for x=0 to get the key.

Step 5: launch cryptoserv with the key. 

One design detail here is that each shard file also stored a message authentication code (a keyed hash) of its passphrase to make sure we could identify when someone mistyped their passphrase. These tests ran hundreds and hundreds of times, on both Linux and Solaris, to make sure I did not screw up some big/little-endianness issue, etc. It all worked perfectly. 

A month or so later, the night of the key splitting party was upon us. We were finally going to close out the last vulnerability and be secure. Feeling as if I was about to turn my fellow shard-holders into cymeks, I gathered them around my desktop as PayPal’s front page began sporting the “We are down for maintenance and will be back soon” message around midnight.

The night before, I solemnly generated the new master key and securely copied it to cryptoserv. Now, while “Push It” by Salt-n-Pepa blared from someone’s desktop speakers, the automated deployment script copied shard files to their destination. 

While each of us took turns carefully entering our elaborate passphrases at a specially selected keyboard, Paul shut down the main database and decrypted the payment credentials table, then ran the script to re-encrypt with the new key. Some minutes later, the database was running smoothly again, with the newly encrypted table, without incident. 

All that was left was to restore the master key from its shards and launch the new, even more secure cryptographic service. 

The three of us entered our passphrases… to be met with the error message I haven’t seen in weeks: “Sorry, one or more wrong passphrases. Can’t reconstruct the key. Goodbye.” Surely one of us screwed up typing, no big deal, we’ll do it again. No dice. No dice – again and again, even after we tried numerous combinations of the three people necessary to decrypt. 

Minutes passed, confusion grew, tension rose rapidly. 

There was nothing to do, except to hit rewind – to grab the master key from the file still sitting on cryptoserv, split it again, generate new shards, choose passphrases, and get it done. Not a great feeling to have your first launch go wrong, but not a huge deal either. It will all be OK in a minute or two.

A cursory look at the master key file date told me that no, it wouldn’t be OK at all. The file sitting on cryptoserv wasn’t from last night, it was created just a few minutes ago. During the Salt-n-Pepa-themed push from stage, we overwrote the master key file with the stage version. Whatever key that was, it wasn’t the one I generated the day before: only one copy existed, the one I copied to cryptoserv from my computer the night before. Zero copies existed now. Not only that, the push script appears to have also wiped out the backup of the old key, so the database backups we have encrypted with the old key are likely useless. 

Sitrep: we have 8 shard files that we apparently cannot use to restore the master key and zero master key backups. The database is running but its secret data cannot be accessed. 

I will leave it to your imagination to conjure up what was going through my head that night as I stared into the black screen willing the shards to work. After half a decade of trying to make something of myself (instead of just going to work for Microsoft or IBM after graduation) I had just destroyed my first successful startup in the most spectacular fashion. 

Still, the idea of “what if we all just continuously screwed up our passphrases” swirled around my brain. It was an easy check to perform, thanks to the included MACs. I added a single printf() debug statement into the shard reconstruction code and instead of printing out a summary error of “one or more…” the code now showed if the passphrase entered matched the authentication code stored in the shard file. 

I compiled the new code directly on cryptoserv in direct contravention of all reasonable security practices – what did I have to lose? Entering my own passphrase, I promptly got “bad passphrase” error I just added to the code. Well, that’s just great – I knew my passphrase was correct, I had it written down on a post-it note I had planned to rip up hours ago. 

Another person, same error. Finally, the last person, JK, entered his passphrase. No error. The key still did not reconstruct correctly, I got the “Goodbye”, but something worked. I turned to the engineer and said, “what did you just type in that worked?”

After a second of embarrassed mumbling, he admitted to choosing “a$$word” as his passphrase. The gall! I asked everyone entrusted with the grave task of relaunching crytposerv to pick really hard to guess passphrases, and this guy…?! Still, this was something -- it worked. But why?!

I sprinted around the half-lit office grabbing the rest of the shard-holders demanding they tell me their passphrases. Everyone else had picked much lengthier passages of text and numbers. I manually tested each and none decrypted correctly. Except for the a$$word. What was it…

A lightning bolt hit me and I sprinted back to my own cubicle in the far corner, unlocked the screen and typed in “man getpass” on the command line, while logging into cryptoserv in another window and doing exactly the same thing there. I saw exactly what I needed to see. 

Today, should you try to read up the programmer’s manual (AKA the man page) on getpass, you will find it has been long declared obsolete and replaced with a more intelligent alternative in nearly all flavors of modern Unix.  

But back then, if you wanted to collect some information from the keyboard without printing what is being typed in onto the screen and remain POSIX-compliant, getpass did the trick. Other than a few standard file manipulation system calls, getpass was the only operating system service call I used, to ensure clean portability between Linux and Solaris. 

Except it wasn’t completely clean. 

Plain as day, there it was: the manual pages were identical, except Solaris had a “special feature”: any passphrase entered that was longer than 8 characters long was automatically reduced to that length anyway. (Who needs long passwords, amiright?!)

I screamed like a wounded animal. We generated the key on my Linux desktop and entered our novel-length passphrases right here. Attempting to restore them on a Solaris machine where they were being clipped down to 8 characters long would never work. Except, of course, for a$$word. That one was fine.

The rest was an exercise in high-speed coding and some entirely off-protocol file moving. We reconstructed the master key on my machine (all of our passphrases worked fine), copied the file to the Solaris-running cryptoserv, re-split it there (with very short passphrases), reconstructed it successfully, and PayPal was up and running again like nothing ever happened. 

By the time our unsuspecting colleagues rolled back into the office I was starting to doze on the floor of my cubicle and that was that. When someone asked me later that day why we took so long to bring the site back up, I’d simply respond with “eh, shoulda RTFM.” 

RTFM indeed. 

P.S. A few hours later, John, our General Counsel, stopped by my cubicle to ask me something. The day before I apparently gave him a sealed envelope and asked him to store it in his safe for 24 hours without explaining myself. He wanted to know what to do with it now that 24 hours have passed. 

Ha. I forgot all about it, but in a bout of “what if it doesn’t work” paranoia, I printed out the base64-encoded master key when we had generated it the night before, stuffed it into an envelope, and gave it to John for safekeeping. We shredded it together without opening and laughed about what would have never actually been a company-ending event. 

P.P.S. If you are thinking of all the ways this whole SSS design is horribly insecure (it had some real flaws for sure) and plan to poke around PayPal to see if it might still be there, don’t. While it served us well for a few years, this was the very first thing eBay required us to turn off after the acquisition. Pretty sure it’s back to a single passphrase now. 

Notes:

1: a member of Chicagoland sci-fi fan community let me know that the original news of our move to the US was delivered to them via a posted letter, snail mail, not FidoNet email! 

Been traveling a lot lately and I love how, in US TSA security lines, they always make sure that the big sign saying the facial recognition photo is optional is always turned sideways or set so the spanish-translation side is facing the line and the English-translation side is facing a wall or something.

Anyway, TSA facial recognition photos are 100% not mandatory and if you don't feel like helping a company develop its facial recognition AI software (like, say, Clearview AI), you can just politely tell the TSA agent that you don't want to participate in the photo and instead show an ID or your boarding pass. Like we've been doing for years and years.

tuesday again 11/19/2024

no silly little witticism here this week! just heartfelt thanks for helping me pay my rent this month :)

listening

absolutely wild pick from last week's spotify weekly recommenced, Things Will Fall Apart by Louis Cole feat the Metropole Orkest and conductor Jules Buckley. it's been on loop all week for me and im a little sad it won't pop up in my spotify wrapped

when you make a dance pop song with a full orchestra backing, it has a really interesting effect somewhere between Golden Age of Hollywood swashbuckling film score and marching band?

Yes, understood Things will fall apart just likе they should This little shred was good Don't think it through Things will fall apart, they always do At least, something's always true

the syllables are so choppy they don’t even register to me as English at first, i was fully willing to believe this was German for the first couple lines. like @dying-suffering-french-stalkers, i have a deep fondness for works about putting an era to bed. or works focused on the sunsets of things, or one of the last living practitioners of an art. putting the chairs up on the table, sweeping the floors, and turning the lights out and locking the door behind you. this song has that sort of quiet post-wake-party remembrance.

however once you think the song has ended but it keeps going, you can turn it off. you don’t really need that extra minute and a half of strings and light vocalizations.

Lately, Louis Cole has been doing live shows with the Netherlands’ Metropole Orkest and conductor Jules Buckley. Cole recorded nothing with the ensemble. In a press release, he says, “Sometimes, when I’m mixing my own solo stuff, I’ll feel like a song needs a little magical dust. But mixing an entire orchestra and your own rhythm section, there’s so much human energy! You don’t have to add any magic. It was there the whole time.”

i don’t hear many pop songs this millennium with a full orchestral backing. perhaps i need to look harder. unfortunately spotify took this extreme interest in this song as a newfound extreme interest in electroswing, which is really not what this song is. i hope this artist does more albums like this so they can wear grooves in my brain

-

reading

very hard to focus on anything book length this week. some depressing local news (my local paper's links do Not want to preview nicely here, which is annoying:

At a city council meeting in October, district Vice President Dan Joyce told council members that the management district was not attempting to "criminalize homelessness." The city’s civility ordinance bans people from sitting, lying down or placing personal items or bedding on sidewalks from 7 a.m. to 11 p.m.

cool piece from our pals at 404 Media. i am So fascinated by crime infrastructure

Based on interviews with malware developers, hackers who use the stolen credentials, and a review of manuals that tell new recruits how to spread the malware, 404 Media has mapped out this industry. Its end result is that a download of an innocent-looking piece of software by a single person can lead to a data breach at a multibillion-dollar company, putting Google and other tech giants in an ever-escalating cat-and-mouse game with the malware developers to keep people and companies safe.

(via longreads) my interest in how and why systems fail extends to invasive species management. plus i used to live in florida just above the everglades and these fuckers (the snakes) were everywhere

[I]magine thousands upon thousands of pythons, their slow digestion transforming each corpse into python muscle and fat. Unaided, Florida’s native wildlife doesn’t stand a chance. “That’s what I think about with every python I catch,” Kalil says. “What it ate to get this big, and the lives I’m saving by removing it.” Biologists are taking a multipronged approach to the issue. They have experimented with enlisting dogs to sniff out both pythons and nests—a technique that has proved difficult in such hot weather and inhospitable landscapes. Ongoing projects use telemetry to track pythons to find “associate snakes.” Researchers use drones, go out in airboats, or even take to helicopters to locate their subjects in the interiors of the Everglades. Always, agencies and individuals are looking for the next best methods. “But for now, the python contractor program is the most successful management effort in the history of the issue,” Kirkland says. “We’re capturing more and more—something that is indicative of the python population out there and indicative of us getting better at what we do.”

-

watching

continuing noirvember, watched hitchcock's Notorious to see if i still dislike hitchcock. the answer is yes. there are bond girls and there are hitchcock girls, and not that bond girls are paragons of female agency in film, but hitchcock girls are mostly fluttering little pathetic things. a scrap of agency they showed in the beginning of the film becomes a running joke and something their noses are rubbed in for the rest of the film. not for me!

patrick mcgoohan is leading me into some real dad-ass movies. Ice Station Zebra (1968, dir. Sturges) is a real you're stuck at home sick with your dad and it's on TV for the whole afternoon kind of movie. they truly do not make two and a half cold war submarine espionage films in super panavision with an overture, intermission, and interact music any more. i get why howard hughes was really obsessed with this one. it is a suspense film, but full of people competently going about their business, which i find oddly comforting.

unfortunately i do not feel this really needed to be two and a half hours long. the loving closeups of sub interiors and instrumentation really did keep me amused, though. despite how cluttered every shot is with actors, there is tremendous clarity of purpose and motion with the camera movement. just a really technically brilliant film.

how similar the russian and american control rooms and instrumentation were made me chortle. ties nicely into a little diatribe mcgoohan goes on much later in the film, "The Russians put our camera made by our German scientists and your film made by your German scientists into their satellite made by their German scientists." funny and darkly true! every allied nation had some sort of Operation Paperclip going on! mcgoohan is the focus of every scene he's in, as a spy who is really hanging on by the last remaining shreds of his fingernails.

i had a good time with it, but one of many cold war suspense films im glad exist in the world but don't necessarily need to see again. it might join Escape from New York as a film i put on when im very sick though.

-

playing

this pc needs some sort of replacement something, bc it has a really persistent overheating problem. it only tolerates powerwasher simulator on the lowest possible settings and genshin impact on basically mobile settings. it does not even want to run new vegas. i popped my head out of goodsprings to look out over the desert at the Strip and it said no thank you! too many polygons! naptime!

speaking of genshin, major update this week and new character i will be pulling for. she has a sister who died in the last patch, which i do Not care for as someone with a beloved little sister, but her moveset and skills are unique so far in the game. i feel like her skills are little too complicated for me to fully take advantage of with my "hit enemy very hard until he is dead" playstyle but she has a limited flight ability that will genuinely be very useful for exploration.

if i do not get her when i hit pity on the banner i won't bother pulling another nine times or whatever, bc the next patch has a character i really desperately want and i am saving for her

-

making

the local crew is all getting art this year, bc i already have bristol board and a selection of small frames and zero budget. people who have pets are So easy to get gifts for bc u can simply get them stuff for their pet or that looks like their pet. way less gray cat than black cat merch in the world tho

aiming to send out international holiday cards by the end of the week, and canadian cards by american thanksgiving. the rest of you they'll get there when they get there ok

HEAVENLINK is a mobile app and web platform created by south korean entertainment corporation seventh heaven. the app specializes in hosting multimedia content , the sale of artist–related merchandise , content subscription , and artist–to–fan communications. the company also uses the platform to release statements. the platform is home to all seventh heaven artists , including all those signed to subsidiary labels. as of 2024 , heavenlink has over 50 million monthly users.

launched : january 1 , 2021

available in : korean , english , japanese , mandarin , hindi , russian , spanish , + more.

developers : eden , seventh heaven

license : propriety software

platform : android , ios

I found this old CD-ROM from 1997 by pure chance! It just arrived in the mail too, so I haven't had a chance to put it into my CD drive yet, but I am excited!!

This is a CD-ROM specifically for the parents, but judging by the booklet it seems to also have a few bits of extra content on it that is not found on the official software?

Important note: This was not made by the company that made FinFin, but a German company unaffiliated with them. That being said, it has an ISBN number, price tag and everything! You could've bought this easily back in the day!

I plan on fully translating the booklet & whatever is on the disk itself into English and post it all on here. Also, I'll try to get all of the files from the disk and put it up somewhere for everyone to download for free!