Often you don't even need seeds from neighboring land. The soil that remains often still has seeds sitting dormant waiting for conditions to return to healthy.

Reading this feels like a great metaphor to life that I am unable to explain but I will still try, in the sense that, within a degraded land with just the right conditions, it is just waiting to grow :D

Life...finds a way.

This is good, I found another one to express what I was feeling.

We are here, We are waiting.

- Optimus prime.

My interpretation is that everyone no matter how bad things look from outside has hope/seeds of hope which are just waiting for the right conditions.

https://www.youtube.com/watch?v=dJszUl1EI4A (I also feel like, the ending of this movie/transformers was one of the best movies and the ending still gives me goosebumps in hope for future)

It once struck me that it is unimaginative to assume this is their first planet.

Why would you want a content delivery network for uncachable content? Literally the point of CDN is to cache content and deliver it.

Granted cloudflare also does DDOS protection, and that makes sense for an API. For that you could do some DDOS protection without stripping TLS, but it can only protect against volumetric attacks like syn/ack floods and not against attacks that are establishing full TCP connections and overwhelming the app server. (rate limiting incoming connections can go a long way, but depending on details, it might still be enough to overwhelm the serving resources, your use case is up to you to understand).

It seems like having a feedback loop to the DDOS protector could help a lot - i.e. saying how busy you are.

At some level, it's like they become your edge router.

tbf - since we still don't know if p != np, there are still questions about if the current algorithms are secure also.

Fair, but recently several PQ algorithms have been shown to in fact not be secure, with known attacks, so I wouldn’t equate them

Which PQ algorithms would you be referring to here?

https://en.wikipedia.org/wiki/NIST_Post-Quantum_Cryptography... and search for "published attacks".

Why don't you go ahead and pick out the attacks in here that you think are relevant to this conversation? It can't be on me to do that, because obviously my subtext is that none of them are.

Interesting. I'd like to learn more about this - where can I find info about it?

they're almost assuredly talking about two things (maybe 3 if they really know what they're talking about, but the third is something that people making this argument like to pretend doesn't exist).

1. the main "eye catching" attack was the [attack on SIDH](https://eprint.iacr.org/2022/975.pdf). it was very much a "thought to be entirely secure" to "broken in 5 minutes with a Sage (python variant) implementation" within ~1 week. Degradation from "thought to be (sub-)exp time" to "poly time". very bad.

2. the other main other "big break" was the [RAINBOW attack](https://eprint.iacr.org/2022/214.pdf). this was a big attack, but it did not break all parameter sets, e.g. it didn't suddenly reduce a problem from exp-time to poly-time. instead, it was a (large) speedup for existing attacks.

anyway, someone popular among some people in tech (the cryptographer Dan Bernstein) has been trying (successfully) to slow the PQC transition for ~10 years. His strategy throughout has been complaining that a very particular class of scheme ("structured LWE-based schemes") are suspect. He has had several complaints that have shifted throughout the years (galois automorphism structure for a while, then whatever his "spherical models" stuff was lmao). There have been no appreciable better attacks (nothing like the above) on them since then. But he still complains, saying that instead people should use

1. NTRU, a separate structured lattice scheme (that he coincidentally submitted a scheme for standardization with). Incidentally, it had [a very bad attack](https://eprint.iacr.org/2016/127) ~ 2016. Didn't kill PQC, but killed a broad class of other schemes (NTRU-based fully homomorphic encryption, at least using tensor-based multiplication)

2. McCliece, a scheme from the late 70s (that has horrendously large public keys --- people avoid it for a reason). He also submitted a version of this for standardization. It also had a [greatly improved attack recently](https://eprint.iacr.org/2024/1193).

Of course, none of those are relevant to improved attacks on the math behind ML-KEM (algebraically structured variants on ring LWE). there have been some progress on these, but not really. It's really just "shaving bits", e.g. going from 2^140 to 2^135 type things. The rainbow attack (of the first two, the "mild" one) reduced things by a factor ~2^50, which is clearly unacceptable.

Unfortunately, because adherents of Dan Bernstein will pop up, and start saying a bunch of stuff confidently that is much too annoying to refute, as they have no clue what the actual conversation is. So the conversation becomes

1. people who know things, who tend to not bother saying anything (with rare exceptions), and 2. people who parrot Dan's (very wrong at this point honestly, but they've shifted over time, so it's more of 'wrong' and 'unwilling to admit it was wrong') opinions.

the dynamic is similar to how when discussions of vaccines on the internet occur, many medical professionals may not bother engaging, so you'll get a bunch of insane anti-vax conspiracies spread.

For whatever it's worth I think I cosign all of this.

In the context of: a green username offering some salacious/conspiratorial things about djb around a topic I'm only a little familiar with... Its worth a lot. Its the difference between me writing it off as (at best) a poorly informed misunderstanding of a complex topic, and me choosing to spend some time learning more. Ty

None of this is really salacious or conspiratorial. I don't know how big a deal the attacks they're citing are. But this is directionally mostly stuff I've heard from lots of cryptography engineers over the last couple years. I know the comment is off comparing attacks on classical NTRU to SNTRUP though!

As someone way out of the loop on pqc, this bit:

> anyway, someone popular among some people in tech (the cryptographer Dan Bernstein) has been trying (successfully) to slow the PQC transition for ~10 years

Sounds enough like throwing shade to make me doubt it's value, in absence of other signals.

My point was your history of posting knowledgeably about security and cryptography provides the credibility for me to go do more reading about the stuff in mswphd's post.

Oh, Bernstein is a vocal and relentless opponent of MLKEM. Both the industry and research cryptography have settled on MLKEM. That's the subtext. You could word it differently and more charitably, but I wouldn't.

Ty for the info. This is interesting and provides a lot of things I can go down rabbit holes looking into.

I buy lots of things from people who make a pile of money from low margin goods/services sheerly on scale. There are many things i could not reproduce more cheaply from constituent parts, even if i value my time at $0.

This includes things I have expertise in.

AWS is clearly not in a low-margin business, though.

> a US client state since MacArthur liberated them from Japan a US client state since MacArthur liberated them from Japan

And a US colony/territory for the 43 years before Japan invaded. They were ruled by a US puppet state in a supposed "transition to independence" at the time Japan invaded, however it's unclear how much actual independence they would have had in practice.

I mention this because:

1. The way you state it makes it sound like they were somehow independent before the war.

2. It explains why MacArthur was there with the US army to resist the Japanese invasion from the first day it happened (Dec 7, 1941)

3. Its history worth looking into to contextualize just how bad the US has always been at taking over places. Acting as if this is post WW2 (as the media does) is counter-productive to truly understanding the number of really botched invasions the US has done.

It’s done some pretty decent ones as well. Western Europe including West Germany, Japan, arguably South Korea although they went through a period of dictatorship, but all are staunch US allies. There have been failures too for sure. Over all of I was going to be invaded by somebody, with America at least there’s a chance it might be a least worst option.

Interestingly, you can also choose not to say it on your own blog.

Why the heck would you use the phrase "Why the heck" in any circumstance other than to avoid censorship/algorithmic penality on a social media platform?

Well, one good reason is that a person who generally doesn't "swear" can then choose to use them very effectively when the situation warrants. If you always go to strongest words when mild ones will do, you're out of things to say when you need to make a stronger/more forceful point.

And there is nothing better to use for the headline than a minced oath if you explicitly don't want to swear? Make it make sense.

Perhaps instead of worrying about someone else's free choice to use certain words iver others, it would be wise of you to ask: why would you complain about forced speech patterns in the context of censorship but then be angry when someone uses their free speech differently then you would use it?

I say "heck" instead of "hell" all the time. I'm not religious, so the invented "heck" is more of a swearword.

Because being consistent helps prevent mistakes in circumstances where use of regular curse words is contraindicated. And why the fork should you care?

These things tend to get ingrained in you so you continue to use them even if you could technically use the words they replace.

In that case you can't write markdown without Obsidian.

> And it's probably not breaking RSA or ECC.

Evidence for this is in the number of articles that talk about simulated annealing/quantum annealing (or other optimization problems) w/r/t QC rather than crypto. Sure attention seeking headlines always focus on prime factoring, and the security aspect has a lot more enthusiast interest, but when you look past that into deeper stuff, a lot of the focus is on the optimization.

And many industries can dramatically benefit from better optimization - think about how many companies are at their core bin-packers or traveling salesmen.... off the top of my head anything in logistics, airlines, many aspects of the energy sector, and on and on.

The flash is in reading secrets, the money is in quantum annealing.

Maybe they want to add quantum to CPLEX!

There were some years in the 90s and early 2ks that had good april fool's jokes, and that was what bubbled up. Not everyone did, so the novelty also made the "meh" ones seem better. By 2008ish everyone was doing one, and most of them weren't very good. By 2012ish marketing got involved and almost all of them were terrible and unfunny.

It was a nice tradition but, like many things, the scene got too big and corporate. It was a zombie tradition for a while then slowly faded away.

In fact when cloudflare started releasing serious things on 4/1, I found it to be a refreshing subversion of the trope.

I can drive 2+ Gbps vrfs, nats, ipsec, complex firewall rules and several routing tables through an Atom C3558. This is just using stock linux kernel networking. There are other services running on that box too.

Depending on details, it can go higher (e.g. without the ipsec being handled on the atom box, and using the 10G ports built into the chip, offload becomes helpful for TCP and UDP flows).

This is traffic in one 10G port and out the other, in this case. Multiport flows were not tested since they were out of spec for the use case.

This is not a one off - this is a product I built and has been tested in many deployment scenarios. (I can't provide more details due to employment reasons, and I won't name the employer)