Things like these are absolutely idiotic. Every single computer, be it a laptop or desktop or a phone, are able to produce randomness. Why in the hell would you trust a random website?
The idea here is that it's a public, traceable generation of random numbers. So, if the two of us wanted to flip a coin to settle a disagreement, we could agree on some future value of this beacon (unknowable to us at the moment) to use as the source of entropy, then let one of us choose heads or tails, telling the other person what we chose. Then we wait until the agreed time, check the beacon, and boom, a fair coin toss, which we can be fairly certain wasn't manipulated by either of us.
Often, randomness is thought of as something you want to keep hidden, such as when generating passwords or cryptographic keys. However, there are many applications where an independent and public source of randomness is useful. For example, randomizing public audits, selecting candidates for jury duty, or fairly assigning resources through a lottery.
Sometimes you need publicly verifiable randomness, and then your own hardware (which you might or might not even trust privately, depending on how much you trust your vendors) isn’t much help.
If you still think that's idiotic, I'm happy to bet against you in an unbiased* coin flip simulated on my machine which you unfortunately can't inspect :)
Because, firstly, this is a university, not some rando self-hosting, and secondly, you can't generate randomness from any classical computer, only pseudorandomness [0]. This means that a dedicated adversary can potentially work out what the outcome will be. For something like the use cases they mention - jury selection, lottery, etc. - you want actual randomness.
I don't think anybody wrote a description of a classical computer that excludes components that generate harvestable random noise. Effectively all computers are probabilistic, it's just that the probabilities for instructions, memory fetches, bus transfers, etc, have such low error probabilities that you will likely go years without directly observing one.
A classical computer is a pure mathematical object. No real-world computer completely embodies the concept, but they vary in how much they try to hide it. Rdrand is an admission that no they're really not classical computers, and it turns out that that is useful in certain scenarios.
oh you're talking about deterministic turing machines (have not heard that referred to as "classical" computer before- typically when people say that, they mean an actual physical real-world computer, not a theoretical model.
Just a few days ago people were talking about this on the kicad discord. A chinese team made an open hardware x86_64 motherboard and published it not too long ago. Then they were essentially wiped off the face of the planet.
That was the day I learned you literally cannot develop a computer motherboard without Intel's permission. Turns out Intel is no different than the likes of Nintendo.
I absolutely want to go with RISC-V longer-term, but it seems we're still a few years away from RISC-V boards being a pragmatic choice for the average workstation, unless I've missed some recent development.
Yes. The famous echo on Linux systems does not have it and therefore it's impossible to print the string "-n o p e", because -n will be interpreted as an option.
No, the quotes are not seen by the program. The program receives a list of strings, it does not get the information about whether and how those strings were originally quoted in the shell. Programs can also be directly called with lists of strings as in execve, so often it does not even make sense to ask if the arguments were quoted or not.
> No, the quotes are not seen by the program. The program receives a list of strings, it does not get the information about whether and how those strings were originally quoted in the shell.
With quotes the program will receive a single argument -n␣o␣p␣e instead of multiple ones -n, o, p, e. At least it works on the machine here:
]$ echo "-n o p e"
-n o p e
]$ /bin/echo "-n o p e"
-n o p e
Yes, I think there was some misremembering here. The nontrivial thing is to print out -n itself with echo. For example, echo doesn't treat "--" specially, so "echo -- -n" prints "-- -n".
Note that this is true for POSIX sytems but not e.g. for Windows. There the program receives the command-line as-is and is responsible for parsing it into an array. There are two different standard functions to do this parsing for you (with slightly different quoting behavior) but you could also create your own that requires options to not be quoted.
The real tragedy is that our processors try to win a bit more speed by sacrificing simplicity and therefore increasing the chances of such exploits. The other tragedy is that our operating systems are obsolete and have worthless security. Back in the day when UNIX was relevant, a hundred people could use it at the same on a mainframe with no fear of it breaking, now one person cannot safely use a single computer.
> The real tragedy is that our processors try to win a bit more speed by sacrificing simplicity and therefore increasing the chances of such exploits.
This gets repeated on every thread about speculative execution exploits, but I think people who say this are underestimating how huge the difference would be. I suspect processors without speculative execution would be many times slower, not "a bit".
Unix systems protected against a physical person trying to read or modify another persons file. They did not stop programs run by the user reading the users own data unexpectedly which is now considered unacceptable but was previously the norm.
Mankind for some reason is blind. Doing CTRL F for the magic word in this Hacker News thread yields no results. There was a political conflict amongst Chinese people which had it's peak at the moment the virus appeared. If not for the virus, that conflict would have ruined China's image for decades and centuries to come.
Most cheap foods with chocolate already have little cocoa in it. The essence of chocolate is made up of three parts, a sweetener like sugar, an oil with a high melting point, and cocoa oil has one of the highest melting points out of plant oils, but is often mixed with cheaper oils like palm oil or coconut oil, which have a much higher melting point than most oils, but still not as high as that of cocoa oil. And the third part is the cocoa solids. As far as I know cocoa beans are both fermented and roasted. I think there are other plants suitable for making something similar to chocolate, turns out mango seed oil has a melting point similar to that of cocoa oil.
Think of how when the moon is in the sky at night the ground on Earth is lit up and not fully black. Same with the moon, it’s not totally dark on the night side of the moon if the Earth is in the sky from the moon’s perspective.
It's not profitable to make operating systems secure because that encourages use of cracked software, and such software is where most malware comes from.
