It's definitely not accidental but I'm not completely sure whether or not it is simply a "tell" or watermark or an attempt to foster brand association.
"I am willing to risk the giving up of my Rights and Privileges as a Citizen for our Great Military and Country! Our Military Patriots desperately need FISA 702, and it is one of the reasons we have had such tremendous SUCCESS on the battlefield."
Th amount of conservatives/republicans that love Starship Troopers (the film) because they take it at face value is pretty scary. The ones that call it poor satire are especially…interesting.
They continue to prove Verhoeven’s point many times over even decades later.
How many times do we have to tell you this old man?
The book and author of the book was serious/not satire and meant everything earnestly at least the time of writing.
It’s objectively not meant to be looked at as satire. Most of the “citizenship requires service” stuff would be amazing from the perspective of smashing this countries geriocracy.
Verhoeven is the filmmaker, that adapted the book to the screen. He is very much an anti-fascist, and absolutely did turn the book into a satire of itself and the ideology it tries to convey.
> Director Paul Verhoeven admits to have never finished the novel, claiming he read through the first two chapters and became both bored and depressed, calling it "a very right-wing book" in Empire magazine. He then told screenwriter Edward Neumeier to tell him the rest. They then decided that while both the novel and its author Robert A. Heinlein strongly supported a regime led by a military elite, they would make the film a satirical hyperbole of contemporary American politics and culture: "Ed and I [..] felt that we needed to counter with our own narrative. Basically, the political undercurrent of the film is that these heroes and heroines are living in a fascist utopia - but they are not even aware of it! They think this is normal. And somehow you are seduced to follow them, and at the same time, made aware that they might be fascists." Verhoeven later claimed that many viewers had not caught on to the satirical part. Ironically, diehard Heinlein fans later declared that the filmmakers themselves also completely misinterpreted Heinlein's nature and intentions. They say he was a libertarian who opposed conscription and militarism, and depicted the oligarchy-by-ex-military-citizenry government in the book because it was an example of something that has never been done in real life. He was not advocating it, but was merely speculating that such a system could exist without collapsing.
The book does contain fascist themes and Heinlein was not advocating for traditional libertarianism in it. I read it more as exploring the boundaries of liberty and what would constitute a “free” society. The society was, for most, effectively free, just that a normal person didn’t have the right to full citizenship without serving. It was a utopia for the average person - only those that served really saw the absolute horrors of war and were the only ones able to vote and hold office. Would you rather live in a society where your quality of life was genuinely excellent but you weren’t entitled to vote or one where your quality of life is markedly worse but you are allowed to steer the direction of your own governance? It’s a theme explored in many utopian stories, usually with the conclusion that freedom trumps ignorant bliss.
In a vacuum I think the interpretation Verhoeven had is mostly fine. It only becomes apparently ignorant if you’ve read more of Heinlein’s work, where libertarian themes are pervasive.
Why is that surprising? He’s been that way on the public stage for 40 years. What’s surprising is his base popularity hasn’t moved at all. He’s giving a fair chunk of the population what they want.
>He’s giving a fair chunk of the population what they want.
That would be upsetting if so. I feel the far more frightening thing is he is telling a large swath of people who don't know what they want, what they want. And then delivering that. So it could be literally anything.
Because the only thing they really want is validation of their unserious world view, and their frustration that results from it. Trump's thrashing around without a coherent plan and [inevitably] making our position worse mirrors their own existence.
It was his selling point. The people who voted for him don't care that he has no ideological conviction. They like that he is instinctively against "liberals". It just so happens that those are the people giving him less money and groveling.
The low-brow term for this is "owning the libs", but I believe it's really what's happening. It doesn't matter his personal moral failures or inconsistency, as long as he sets back social progress.
it apparently scans for something like "PQC Checker", an extension for checking if TLS connection is PQC-enabled? how is that a spam extension (and thats just a random one i saw)
Probably compromised extensions or misleading extensions.
It’s common for malware extensions to disguise themselves as something simple and useful to try to trick a large audience into installing them.
That’s why the list includes things like an “Islamic content filter” and “anti-Zionist tagger” as well as “neurodivergent” tools. They look for trending topics and repackage the scraper with a new name. Most people only install extensions but never remove them if they don’t work.
well if they have evidence why they dont report it? why are these extensions on the store? im sure linkedin has enough motion to report it directly to google
also, having a PQC enabled extension doesnt seem like a good "large user base capture" tactic.
the source code is as usual obfuscated react but that doesnt mean its malicious...
EDIT: i debuged the extension quickly and it doesnt seem to do anything malicious. it only sends https://pqc-extension.vercel.app/?hostname=[domain] request to this backend to which it has permissions. it doesnt seem to exfiltrate anything else. it might get triggered later but it has very limited permissions anyway so it doesnt seem to be a malicious extension. (but im no expert)
> well if they have evidence why they dont report it? why are these extensions on the store?
We had a browser extension for our product. A couple times a month someone would clone it, add some data scraping or other malware to it, and re-upload it with the same or similar name.
We set up automated searches to find them. After reporting it could take weeks to get them removed, some times longer. That’s for extensions with clear copyright problems!
The extensions may not be breaking any rules of the extension stores if they’re just scraping a website. Many of the extensions on the list are literally designed to do that as their headline feature.
If you think sending data from a page to a server would disqualify an extension from an extension store then think again. Many of the plugins listed even have semi-plausible reasons for uploading the scraped data, like the “anti-Zionist tagger” extension on the list or the ones that claim to blur things that are anti-Islam. Manufacturing a reason to send data to their servers gives them cover.
I am aware that google will take looong time to act. that is why I mentioned that it is LinkedIn (Microsoft) or its contracted fingerprinting/"monitoring" partner who may have more direct ways to report this if they actually investigate malicious extensions.
but that doesn't really matter. for the sake of the argument assume the extensions are not malicious (as evidenced e.g. by the PQC one with ?16 users?) does that change the situation?
They're doing a lot more than scanning for "compromised or misleading extensions"; there are a lot of scummy/spammy extensions on the list, but among the extensions included in the list of those they probe are also extensions such as:
- "Highlight multiple keywords in a web page", an extension that re-implements the equivalent Firefox's "Highlight All" findbar button in Chrome—and happens to mention LinkedIn in the description when describing one use case <https://chromewebstore.google.com/detail/ngkkfkfmnclhjlaofbh...>
- "Delayed gratification Research", a study/focus extension created "for OS semester at CODE University of Applied Sciences" to "Temporarily Block distracting websites"—with all of 4 active users <https://chromewebstore.google.com/detail/mmibdgeegkhehbbadeb...>
It's pretty clear that LinkedIn, like many website operators, don't think of themselves as a source of information that it will send to your UA upon request. It's not even just that they want total visibility into your habits like the worst of the advertising/tracking companies. What they want is as control as they can manage to wrangle over the experience of what it's like when you're "on" their site (i.e. looking at something on your computer that came from their site)—not least of all so they can upsell their userbase on premium features. LinkedIn doesn't care so much that people are inundating other users/orgs that might not appreciate that they're being treated as a "lead", so much as LinkedIn cares that the people doing the inundating are doing it with tools where LinkedIn wasn't able to get a cut.
1) yes, everything is affected, but everything else is being migrated to PQC as we speak
2) "256-bit encryption" has different meanings in different contexts. "256-bit security" generally refers to cryptosystem for which an attack takes roughly 2^256 operations. this is true for AES-256 (symmetric encryption) assuming classical adversaries. this is not true for elliptic curve-based algorithms even though the standard curves are "256-bit curves", but that refers to the size of the group and consequently to the size of the private key. the best general attacks use Pollard's rho algorithm which takes roughly 2^128 operations, i.e., 256-bit curves have 128-bit security.
in the context of quantum attackers, AES-256 is still fine although theoretically QCs halve the security; however its not that big of a deal in practice and ultimately AES-128 is still fine, because doing 2^64 "quantum operations" is presumed to be difficult to do in practice due to parallelization issues etc.
the elliptic curve signatures (used in Bitcoin) are attacked using Shor's algorithm where the big deal is that it is asymptotically polynomial (about O(n^3)) meaning that factoring a 256-bit number is only 256^3/4^3 = 262144x more difficult compared to factoring 15. this is a big difference from "standard" exponential complexity where the difficulty increases exponentially by factors of 2^n. (+ lets ignore that elliptic curve signatures dont rely on factoring but the problem is essentially the same because Shor does both because those are hidden subgroup problems)
the analysis is more complex but most of it is essentially in that paper and explains it nicely.
this comment feels so eerie as I am currently reading Zuboff's "The Age of Surveillance Capitalism," which itself is interesting to read now since its written before the huge AI leap.
Also, it reminded me of the following quote, mentioned in the book, from Langdon Winner
The changes and disruptions that an evolving technology repeatedly caused in modern life were accepted as given or inevitable simply because no one bothered to ask whether there were other possibilities.
afaik the "right kind of code" does a lot of heavy lifting for practical implementations, such as Classical McEliece.
correct me if I am wrong as I havent spent much time looking into it, but the security analysis essentially says "we assume the Goppa code is indistinguishable from a random code so the best attack is to do generic decoding for a random code (NP-hard problem)". but there is no reduction to some NP-hard problem that Goppa code (the specific code used in Classical McEliece) is indistinguishable.
the assumption is reasonable as nobody has been able to find a distinguisher for decades. also, if a distinguisher exists, it also doesn't translate into a direct attack against the system, it just means you cannot rule out "structural attacks" and jump to NP-hard problem.
Yeah that's right, there are no known cryptosystems whose security is based on the difficulty of solving an NP-hard problem. It's not known even in theory whether P != NP implies that one-way functions exist: for example, it might be that all NP problems are easy on average, or that there are problems that are hard on average but that you can't sample the problems and their solution at the same time.
(And this is even with the simplification that polytime = practical and not-polytime = infeasible.)
> It's not known even in theory whether P != NP implies that one-way functions exist: for example, it might be that all NP problems are easy on average, or that there are problems that are hard on average but that you can't sample the problems and their solution at the same time.
Relevant paper:
Impagliazzo, R. A personal view of average-case complexity theory. In Proceedings of the 10th Annual Conference on Structure in Complexity Theory. IEEE Computer Society Press (1995), 134–147.
OK, hoarding discovered zero-days might not be the best strategy, BUT if we actually create a backdoor and don't tell anyone about it, then this should be safer right? right? /s
1) length is never updated so while is infinite loop (if length is not 0)
2) the first character is never output since at address 0 (assuming X=0 at the start) is the value length but then the pointer is incremented twice so the first print *address prints the character at address 2?
if I am mistaken I'd be happy if someone explained why it makes sense
reply