Rustls still outsources cryptographic primitives. I believe the currently supported providers of those are… drumroll… AWS-LC and Ring. The latter is a fork of BoringSSL. The article describes AWS-LC and BoringSSL as "Googled and Amazoned to death; they don't care about anyone but their own use cases".
The primitives aren't a problem. You can't write them in any vaguely modern high level language. And when I say "High level" I mean that the way K&R does when they describe their new C programming language as high level. The reason you can't write cryptographic primitives in a high level language is that optimising compilers love clever tricks which offer data dependent performance, across every layer of their design - but in cryptography we want constant execution time regardless of either the plaintext or keys used.
The problem with OpenSSL isn't these cryptographic primitives, that's why you will see basically the same primitives re-used in lots of different places. It's like finding out that the guy who was just arrested for murder also eats pizza. Yeah, people do that. The problem wasn't the pizza, it was the murder. OpenSSL's implementation of the AES cipher isn't broken, the problem is elsewhere.
Also, even if rustls is using aws-lc-rs, you still get the TLS parts from the rustls project, and aws-lc-rs is just lower-level crypto. That means there's less places for Amazon to say no; they either implement an algorithm or don't.
There's even a project for a deliberately OpenSSL drop-in compatible Rustls backed library. It is intended for specific projects because OpenSSL is sprawling and they don't implement most if it, but in principle if you use the same parts of OpenSSL your C likely works with this safer + faster alternative today, why not recommend it to your users.
There is a rustls side project called Graviola that's building a fast crypto provider in Rust+ASM. It's taken an interesting approach: starting with an assembly library that's been formally proven correct, and then programmatically translating that into Rust with inline assembly that's easy to build with Rust tooling.
The only way I see this actually working given the resource requirement is delta-v style with in orbit resource extraction using robots. By transferring heat to asteroids in the shade of the solar panels at L1 or something.
"That's the crazy thing most of the security that active directory uses was built in the 90s or early 00s with windows nt. The have only really been patching it since, security is a great place to see really retro stuff
As a pentester kerberosting used to reveal a service password on about 50% of networks on the 2010s when admins were making the passwords. Today our advice to clients on kerberosting is the same as it was back then, use a password manager to generate a 21 character password for all service accounts and disabled RC4 where possible. 52^21 is quite a large key space and even at 10^10 guesses per second over a year your chances are less than 1 in a billion of a successful crack.
In my experience it's always been legacy hardware or industrial automation where it would cost millions to update the equipment / software. Simply limiting the blast radius of those systems and isolating them on the network into their own security zone is always less expensive and thus the perfectly reasonable solution.
I think they are trying to communicate that their benchmarks will go down as they try to tackle hallucinations. Honestly I am surprised they didn't just say we think all benchmarks need a incorrect vs abstinence ratio so our cautious honest model can do well on that. Although they did seem to hint that's what they want.
No, the potential harm comes from follow-up tests. That's why screening strategies are designed by professionals. It's a pretty complex field, and all the people here fielding their opinions on how we should proceed about tests don't have a single idea about the implications of their theories.
What a ridiculous statement to make. No wonder the US is in the state it is in. Lets let the ignorant and uninformed decide on policy rather than the scientific community and experts. What could possibly go wrong?
Honestly, you don't have access to the necessary data to make rational decisions. That's not gatekeeping, it's logic. I don't have access to it either, although I'm indeed a healthcare pro. Screening strategies are a hyperspecialized domain and only experts somewhat understand what they're doing. It's just like making theories about what the CERN guys should be doing while not having passed physics 101 with no access to experimental data. That's why I'm just saying: you're certainly allowed to question, but you certainly can't make up assertions either.
Its more like we build computers that way to protect people from running code they shouldn't and limiting the blast radius if they do. A lot of the protections that pushed iOS zero click jailbreak exploit chains to the $10 million plus range impact capability and performance heavily. However you do have a good user experience that "just works" and keeps people safe. Run as sudo no pass if want man just for many that's to much risk.
