Vance is Worse [pols, US, Ω, Patreon]
Aug. 31st, 2025 11:57 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
sidereaCanonical link: https://siderea.dreamwidth.org/1882100.html
0.
With all the eager discussion of the possibility of Trump dying in office, I am in the delicate and unfortunate position of not actually being in favor of it.
Don't get me wrong. I, too, would enjoy to seeing something very bad happen to Trump. What I'd best like is him getting his just deserts – ideally being arrested, indicted, tried, found guilty, sentenced, having appealed, the appeal failing, appealing again, having that appeal fail, petitioning the POTUS for clemency and it not being granted, him being duly executed by the state as the traitor to the Republic and the Constitution he was proven to be. I'm not generally a big fan of capital punishment, but I am in fact willing to make exceptions; he seems to think he's an exception to a lot of things, and here I would agree with him.
But that's not going to happen, not in this time-line, and it's probably for the best that it doesn't.
Perhaps he will simply keel over dead, and I confess I will take at least a little bitter satisfaction in it.
And it's certainly not that I don't wish us all to be spared even another moment of this Trump presidency. Of course I do.
Alas, as much as I hate to crush the pleasant fantasy of us being redeemed by the deus ex machina of artheriosclerosis finally doing its job and carrying off our oppressor: Vance is worse. Much, much worse.
1.
( It's perhaps understandable that you would not realize this.... Read more [6,770 Words] )
This post brought to you by the 219 readers who funded my writing it – thank you all so much! You can see who they are at my Patreon page. If you're not one of them, and would be willing to chip in so I can write more things like this, please do so there.
Please leave comments on the Comment Catcher comment, instead of the main body of the post – unless you are commenting to get a copy of the post sent to you in email through the notification system, then go ahead and comment on it directly. Thanks!
0.
With all the eager discussion of the possibility of Trump dying in office, I am in the delicate and unfortunate position of not actually being in favor of it.
Don't get me wrong. I, too, would enjoy to seeing something very bad happen to Trump. What I'd best like is him getting his just deserts – ideally being arrested, indicted, tried, found guilty, sentenced, having appealed, the appeal failing, appealing again, having that appeal fail, petitioning the POTUS for clemency and it not being granted, him being duly executed by the state as the traitor to the Republic and the Constitution he was proven to be. I'm not generally a big fan of capital punishment, but I am in fact willing to make exceptions; he seems to think he's an exception to a lot of things, and here I would agree with him.
But that's not going to happen, not in this time-line, and it's probably for the best that it doesn't.
Perhaps he will simply keel over dead, and I confess I will take at least a little bitter satisfaction in it.
And it's certainly not that I don't wish us all to be spared even another moment of this Trump presidency. Of course I do.
Alas, as much as I hate to crush the pleasant fantasy of us being redeemed by the deus ex machina of artheriosclerosis finally doing its job and carrying off our oppressor: Vance is worse. Much, much worse.
1.
( It's perhaps understandable that you would not realize this.... Read more [6,770 Words] )
This post brought to you by the 219 readers who funded my writing it – thank you all so much! You can see who they are at my Patreon page. If you're not one of them, and would be willing to chip in so I can write more things like this, please do so there.
Please leave comments on the Comment Catcher comment, instead of the main body of the post – unless you are commenting to get a copy of the post sent to you in email through the notification system, then go ahead and comment on it directly. Thanks!
DW will be temporarily unavailable in Mississippi (and account signups restricted in Tennessee)
Aug. 31st, 2025 09:48 pmsilveradeptBecause the state of Mississippi has no idea what protecting children online actually entails, and are instead hoping that queer content will simply disappear off the Internet so they don't have to see it, but are threatening fines of $10,000 USD for each time a minor accesses something the state considers age-restricted, which goes far beyond the official and still-in-force Miller test for obscenity, Dreamwidth will be temporarily unavailable in the State of Mississippi starting September 1, 2025, and lasting until the State of Mississippi is injuncted against enforcing their overbroad and unsafe law. Because the state requires not only age verification of minors, but permission slips obtained and then all of that identifying information and documentation to be retained, along with special flags set for minor accounts that will make it obvious to a casual profile viewer that they're looking at a minor account (and therefore a possibly very juicy target), Bluesky has decided they are blocking Mississippi from using their service until Mississippi can be told that their law is overbroad, unconstitutional, and does the opposite of what they want it to do. The reason that this is happening in the first place is because despite at least one Justice saying outright that the challenge to the law was likely to succeed on the merits, the Supereme Court of the United States allowed it to go into effect because the conservative majority (or Justice I-Like-Beer-and-Boobies himself) said that the plaintiffs hadn't demonstrated sufficiently that they would be hurt by the law. Which sounds much more like an encouragement to Mississippi and others to pass these laws, even if they are eventually shut down, than someone taking into account the likelihood that the law will be judged unconstitutional and permitting preliminary injunctions to stay in effect while the case is argued, so that the state doesn't get the opportunity to try and collect its fines.
( Federation, Professional Experience, and What Can Be Done )
It also turns out that Tennessee passed a similar, if less draconian, law, and therefore Tennesseans under 18 will be temporarily barred from registering accounts on Dreamwidth until their law can be thrown out, because, in a similar way, people decided that while the law was likely to be axed, somehow there wasn't sufficient showing of injury to injunct the law immediately, so instead it gets to cause damage until rendered moot. So this particular conflict has to be fought on multiple fronts, in places passing laws and in places trying to pass them. Having seen the damage that happens when those places are allowed to pass laws, if your locality hasn't done it yet, it may be worth telling them what political ramifications await them if they do.
( Federation, Professional Experience, and What Can Be Done )
It also turns out that Tennessee passed a similar, if less draconian, law, and therefore Tennesseans under 18 will be temporarily barred from registering accounts on Dreamwidth until their law can be thrown out, because, in a similar way, people decided that while the law was likely to be axed, somehow there wasn't sufficient showing of injury to injunct the law immediately, so instead it gets to cause damage until rendered moot. So this particular conflict has to be fought on multiple fronts, in places passing laws and in places trying to pass them. Having seen the damage that happens when those places are allowed to pass laws, if your locality hasn't done it yet, it may be worth telling them what political ramifications await them if they do.
Getting It Done Before Labor Day - Late August 02025
Aug. 31st, 2025 09:39 pmsilveradeptLet us begin with a promise from the company distributing the movie The Toxic Avenger to erase at least $5 million in medical debt, with each additional million past 5 made at the box office resulting in another million dollars' worth of medical debt destroyed. (The debt itself will not cost $1 million to acquire, as much of the outstanding debt is bought from various debt collection companies for significantly lower than face value.)
If you're looking for something that takes most of the strangeness of a comic book universe and lets it be strange and odd, while also being very entertaining, The television adaptation of The Middleman is available to stream and download from the Internet Archive. There aren't enough episodes of it, and it would do well with a revival, but you can enjoy it for the moment.
If you are on a Typepad-hosted or Typepad-managed blog or service, export all necessary data and assets before September 30, 2025, otherwise all of your material will be inaccessible permanently. Typepad is shutting down, and this is their attempt to allow people to export everything before they turn it all off.
( These always feel like so much happens in such a short time )
Last out, a spiky dinosaur that new fossils suggest may have grown spikes from the neck at least a meter long, in addition to all the other spiny points.
A web application designed to tell you what kinds of animals you are picking up and putting down with authority, based on what weights you tell it you can lift and put down with authority. What Animal Do You Even Lift, Bro?
And a story of stones, and reforging the rings around them as the people who those stones were given to reforge themselves closer and closer to the people who they are. Nate and Lee have a wonderful relationship, and this shows in in so many ways.
(Materials viaadrian_turtle, azurelunatic, boxofdelights, cmcmck, conuly, cosmolinguist, elf, finch, firecat, jadelennox, jenett, jjhunter, kaberett, lilysea, oursin, rydra_wong, snowynight, sonia, the_future_modernes, thewayne, umadoshi, vass, the ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png)
meta_warehouse community, little_details, and anyone else I've neglected to mention or who I suspect would rather not be on the list. If you want to know where I get the neat stuff, my reading list has most of it.)
If you're looking for something that takes most of the strangeness of a comic book universe and lets it be strange and odd, while also being very entertaining, The television adaptation of The Middleman is available to stream and download from the Internet Archive. There aren't enough episodes of it, and it would do well with a revival, but you can enjoy it for the moment.
If you are on a Typepad-hosted or Typepad-managed blog or service, export all necessary data and assets before September 30, 2025, otherwise all of your material will be inaccessible permanently. Typepad is shutting down, and this is their attempt to allow people to export everything before they turn it all off.
( These always feel like so much happens in such a short time )
Last out, a spiky dinosaur that new fossils suggest may have grown spikes from the neck at least a meter long, in addition to all the other spiny points.
A web application designed to tell you what kinds of animals you are picking up and putting down with authority, based on what weights you tell it you can lift and put down with authority. What Animal Do You Even Lift, Bro?
And a story of stones, and reforging the rings around them as the people who those stones were given to reforge themselves closer and closer to the people who they are. Nate and Lee have a wonderful relationship, and this shows in in so many ways.
(Materials via
adrian_turtle, azurelunatic, boxofdelights, cmcmck, conuly, cosmolinguist, elf, finch, firecat, jadelennox, jenett, jjhunter, kaberett, lilysea, oursin, rydra_wong, snowynight, sonia, the_future_modernes, thewayne, umadoshi, vass, the meta_warehouse community, little_details, and anyone else I've neglected to mention or who I suspect would rather not be on the list. If you want to know where I get the neat stuff, my reading list has most of it.)
The cardinals' tea party
Aug. 31st, 2025 10:46 pmasakiyumeThere is a cardinal pair in our yard, and I love them very much. I drew them having a cup of tea.
A mi me enseño a cantar la calandria y el cenzontle,
la calandría y el cenzontle y el pájaro cardenal
la calandría y el cenzontle y el pájaro cardenal
--Biomigrant & El Monte Adentro: "Voz emplumada del monte"
calandría = chalk-browed mockingbird (Mimus saturninus)
cenzontle = northern mockingbird (Mimus polyglottus)
pájaro cardenal = northern cardinal (Cardinalis cardinalis)
A mi me enseño a cantar la calandria y el cenzontle,
la calandría y el cenzontle y el pájaro cardenal
la calandría y el cenzontle y el pájaro cardenal
--Biomigrant & El Monte Adentro: "Voz emplumada del monte"
calandría = chalk-browed mockingbird (Mimus saturninus)
cenzontle = northern mockingbird (Mimus polyglottus)
pájaro cardenal = northern cardinal (Cardinalis cardinalis)
Code deploy happening shortly
Aug. 31st, 2025 07:37 pm![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
mark posting in ![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
dw_maintenancePer the dw_news post regarding the MS/TN blocks, we are doing a small code push shortly in order to get the code live. As per usual, please let us know if you see anything wonky.
There is some code cleanup we've been doing that is going out with this push but I don't think there is any new/reworked functionality, so it should be pretty invisible if all goes well.
Mississippi site block, plus a small restriction on Tennessee new accounts
Aug. 31st, 2025 12:28 pmdenise posting in dw_newsA reminder to everyone that starting tomorrow, we are being forced to block access to any IP address that geolocates to the state of Mississippi for legal reasons while we and Netchoice continue fighting the law in court. People whose IP addresses geolocate to Mississippi will only be able to access a page that explains the issue and lets them know that we'll be back to offer them service as soon as the legal risk to us is less existential.
The block page will include the apology but I'll repeat it here: we don't do geolocation ourselves, so we're limited to the geolocation ability of our network provider. Our anti-spam geolocation blocks have shown us that their geolocation database has a number of mistakes in it. If one of your friends who doesn't live in Mississippi gets the block message, there is nothing we can do on our end to adjust the block, because we don't control it. The only way to fix a mistaken block is to change your IP address to one that doesn't register as being in Mississippi, either by disconnecting your internet connection and reconnecting it (if you don't have a static IP address) or using a VPN.
In related news, the judge in our challenge to Tennessee's social media age verification, parental consent, and parental surveillance law (which we are also part of the fight against!) ruled last month that we had not met the threshold for a temporary injunction preventing the state from enforcing the law while the court case proceeds.
The Tennesee law is less onerous than the Mississippi law and the fines for violating it are slightly less ruinous (slightly), but it's still a risk to us. While the fight goes on, we've decided to prevent any new account signups from anyone under 18 in Tennessee to protect ourselves against risk. We do not need to block access from the whole state: this only applies to new account creation.
Because we don't do any geolocation on our users and our network provider's geolocation services only apply to blocking access to the site entirely, the way we're implementing this is a new mandatory question on the account creation form asking if you live in Tennessee. If you do, you'll be unable to register an account if you're under 18, not just the under 13 restriction mandated by COPPA. Like the restrictions on the state of Mississippi, we absolutely hate having to do this, we're sorry, and we hope we'll be able to undo it as soon as possible.
Finally, I'd like to thank every one of you who's commented with a message of support for this fight or who's bought paid time to help keep us running. The fact we're entirely user-supported and you all genuinely understand why this fight is so important for everyone is a huge part of why we can continue to do this work. I've also sent a lot of your comments to the lawyers who are fighting the actual battles in court, and they find your wholehearted support just as encouraging and motivating as I do. Thank you all once again for being the best users any social media site could ever hope for. You make me proud and even more determined to yell at state attorneys general on your behalf.
Immigration and wealth
Aug. 30th, 2025 03:07 pmmtbcLiving in Aberdeen, seeing the grand things around the city centre, it was notable that many of them dated from the Victorian era. I suspected it to be no coincidence that the Victorians saw the height of the British Empire's exploitation of its colonies. With the wealth of others, we built our shiny things. The bridge I walk on to work is nineteenth-century.
In the meantime, Britain declines. Local councils now struggle to provide even basic services. The health system is becoming several kinds of joke, despite the dedication of those working within it. Even those graduating with good undergraduate degrees typically can't get a job that pays well enough for them to be soon on the road to buying a house within reach of the job.
Furthermore, our population is aging. As we end up with fewer working people, and more people needing assistance, the situation can only worsen. Given that our history puts us somewhat in others' debt, I would like to imagine that we could kill two birds with one stone: welcome young families from the British Commonwealth so they can live and work here, providing services and paying tax, ideally building new towns and cities too, while probably also sending some money back home to their families.
Of course, what I describe is not far off the immigration policy we had between, er, around WWII and Margaret Thatcher. We've seen how the Windrush generation has been treated since. Further, populist anti-immigrant rhetoric abounds so we're not about to be saved by welcoming workers from overseas. So, what's the plan? We could make domestic families have lots of babies (not that they can afford anywhere to put them) or we can erode the health service far enough to stop the old people from living for too long.
Looking at the high prices, poor services, and xenophobia, I'd be happy to self-deport. However, for the meantime there are kids in education that I don't want to disrupt. Once everybody graduates, I wouldn't fault any of us for moving elsewhere. In the meantime, I can continue to hope and vote for change, both in the UK and the US.
In the meantime, Britain declines. Local councils now struggle to provide even basic services. The health system is becoming several kinds of joke, despite the dedication of those working within it. Even those graduating with good undergraduate degrees typically can't get a job that pays well enough for them to be soon on the road to buying a house within reach of the job.
Furthermore, our population is aging. As we end up with fewer working people, and more people needing assistance, the situation can only worsen. Given that our history puts us somewhat in others' debt, I would like to imagine that we could kill two birds with one stone: welcome young families from the British Commonwealth so they can live and work here, providing services and paying tax, ideally building new towns and cities too, while probably also sending some money back home to their families.
Of course, what I describe is not far off the immigration policy we had between, er, around WWII and Margaret Thatcher. We've seen how the Windrush generation has been treated since. Further, populist anti-immigrant rhetoric abounds so we're not about to be saved by welcoming workers from overseas. So, what's the plan? We could make domestic families have lots of babies (not that they can afford anywhere to put them) or we can erode the health service far enough to stop the old people from living for too long.
Looking at the high prices, poor services, and xenophobia, I'd be happy to self-deport. However, for the meantime there are kids in education that I don't want to disrupt. Once everybody graduates, I wouldn't fault any of us for moving elsewhere. In the meantime, I can continue to hope and vote for change, both in the UK and the US.
Keyboard shortcuts and modifiers on the Mac
Aug. 30th, 2025 10:12 ammtbcGiven that I am so used to Linux, having a Mac for work always slows me a little. Especially, aspects of the window management and focus ongoingly impede my usual workflows. Another aspect is the keyboard shortcuts. To take a simple example, for cut, copy and paste, where I might be used to control X, C, V on other systems, of course I'm using this command key on the Mac. Except, within Emacs on the Mac, which seems to behave more as I'm used to. Of course, the Mac has a control key too, and it's a common modifier for some other purposes, so I'm often left guessing. For instance, if I recall correctly, in IntelliJ I do use control in pulling up a type hierarchy.
This switching of shortcuts between Linux, Mac, and Emacs-on-Mac is awkward partly because, as above, some of these are quite similar, and I don't yet see a system that helps me remember. Far easier for me was back when I used to use a Programmer Dvorak keyboard layout at work, and regular Qwerty at home, partly because those are just so clearly different. Also, probably it helped that I wasn't switching frequently, just a few times per day.
This switching of shortcuts between Linux, Mac, and Emacs-on-Mac is awkward partly because, as above, some of these are quite similar, and I don't yet see a system that helps me remember. Far easier for me was back when I used to use a Programmer Dvorak keyboard layout at work, and regular Qwerty at home, partly because those are just so clearly different. Also, probably it helped that I wasn't switching frequently, just a few times per day.
This one will be [curr ev]
Aug. 30th, 2025 04:20 amsidereaCurrent rumors engulfing Bluesky have me recalling an old Communist-era Russian joke:
Every day, a man walks to a news stand and pays for a copy of Pravda, unfolds it, looks at the front page, and throws it in the trash. Every day he does this, for months, until finally the news seller asks the man, "So what is it you are looking for on the front page every day?"
"I'm checking for an obituary."
"Comrade, the obituaries aren't on the front page."
"Oh, this one will be."
Every day, a man walks to a news stand and pays for a copy of Pravda, unfolds it, looks at the front page, and throws it in the trash. Every day he does this, for months, until finally the news seller asks the man, "So what is it you are looking for on the front page every day?"
"I'm checking for an obituary."
"Comrade, the obituaries aren't on the front page."
"Oh, this one will be."
snuffle / salsa / chacha
Aug. 29th, 2025 12:02 pmgraydon2This is a small note about a delightful function. Not cryptography advice or serious commentary. Just amusement.
A couple years back I had occasion to read in slightly more detail than I had before about the state of the art in cryptographically secure PRNGs (CSPRNGs). These are PRNGs we trust to have additional properties beyond the speed and randomness requirements of normal ones -- inability for an attacker to reveal internal state, mainly, so you can use them to generate secrets.
If you look, you'll find a lot of people recommending something based on one of Dan Bernstein's algorithms: Salsa20 or ChaCha (or even more obscurely "Snuffle"). All the algorithms we're discussing here are very similar in design, and vary only in minor details of interest only to cryptographers.
If you follow that link though, you'll notice it's a description of a (symmetric) stream cipher. Not a CSPRNG at all!
But that's ok! Because it turns out that people have long known an interesting trick -- actually more of a construction device? -- which is that a CSPRNG "is" a stream cipher. Or rather, if you hold it the other way, you might even say a stream cipher "is" just a CSPRNG. Many stream ciphers are built by deriving an unpredictable "key stream" off the key material and then just XOR'ing it with the plaintext. So long as the "key stream" is unpredictable / has unrecoverable state, this is sufficient; but it's the same condition we want out of the stream of numbers coming out of a CSPRNG, just with "seed" standing in for "key". They're fundamentally the same object.
I knew all this before, so people naming a CSPRNG and a stream cipher the same did not come as any surprise to me. But I went and looked a little further into ChaCha in particular (and its ancestor Salsa and, earlier still, Snuffle) because they have one additional cool and weird property.
They are seekable.
This means that you can, with O(1) effort, "reposition" the Snuffle/Salsa/ChaCha "key stream" / CSPRNG number stream to anywhere in its future. You want the pseudorandom bytes for block 20,000,000? No problem, just "set the position" to 20,000,000 and it will output those bytes. This is not how all CSPRNGs or stream ciphers work. But some do. ChaCha does! Which is very nice. It makes it useful for all sorts of stuff, especially things like partially decrypting randomly-read single blocks in the middle of large files.
I got to wondering about this, so I went back and read through design docs on it, and I discovered something surprising (to me): it's not just afloor wax and dessert topping CSPRNG and stream cipher. ChaCha is also a cryptographic hash function (CHF)! Because a CHF is also something you can build a CSPRNG out of, and therefore also build a stream cipher out of. They're all the same object.
How does the construction work? Embarassingly easily. You put the key material and a counter (and enough fixed nonzero bits to make the CHF happy) in an array and hash it. That's it. The hash output is your block of data. For the next block, you increment the counter and hash again. Want block 20,000,000? Set the counter to 20,000,000. The CHF's one-way-function-ness implies the non-recoverability of the key material and its mixing properties ensure that bumping the counter is enough to flip lots of bits. The end.
Amazing!
But then I got curious and dug a bit into the origins of ChaCha and .. stumbled on something hilarious. In the earliest design doc I could find (Salsa20 Design which still refers to it as "Snuffle 2005") the introduction starts with this:
In other words: the cool seekability wasn't a design goal. Shuffle/Salsa/ChaCha was intended as a tangible demonstration of a political argument that it's stupid to regulate one of the 3 objects (CHF, CSPRNG and stream cipher) since you can build them all out of the CHF. (And, I guess, "obviously you should be allowed to export CHFs" though I wouldn't bet on anything being obvious to the people who make such decisions).
And then I googled more and realized that when I was a teenager I had completely missed all the drama / failed to connect the dots. Snuffle was the subject of Bernstein v. United States, the case that overturned US export restrictions on cryptography altogether! And as this page points out "the subject of the case, Snuffle, was itself an attempt to bypass the regulations".
Anyway, I thought this was both wonderful and funny: both the CHF-to-CSPRNG construction (which I'd never understood/seen before), but also the fact that Snuffle/Salsa/ChaCha is like the ultimate case of winning big in cryptography. Not only does ChaCha now transportlike 99%[EDIT "double-digit percentages"] of the world's internet traffic (it's become the standard we all use because it's fast and secure) but that it was pivotal in the evolution of the legal landscape and all arises from a sort of neener-neener assessment that the law at the time was internally inconsistent / contained a loophole for CHFs that made the whole thing "asinine".
A couple years back I had occasion to read in slightly more detail than I had before about the state of the art in cryptographically secure PRNGs (CSPRNGs). These are PRNGs we trust to have additional properties beyond the speed and randomness requirements of normal ones -- inability for an attacker to reveal internal state, mainly, so you can use them to generate secrets.
If you look, you'll find a lot of people recommending something based on one of Dan Bernstein's algorithms: Salsa20 or ChaCha (or even more obscurely "Snuffle"). All the algorithms we're discussing here are very similar in design, and vary only in minor details of interest only to cryptographers.
If you follow that link though, you'll notice it's a description of a (symmetric) stream cipher. Not a CSPRNG at all!
But that's ok! Because it turns out that people have long known an interesting trick -- actually more of a construction device? -- which is that a CSPRNG "is" a stream cipher. Or rather, if you hold it the other way, you might even say a stream cipher "is" just a CSPRNG. Many stream ciphers are built by deriving an unpredictable "key stream" off the key material and then just XOR'ing it with the plaintext. So long as the "key stream" is unpredictable / has unrecoverable state, this is sufficient; but it's the same condition we want out of the stream of numbers coming out of a CSPRNG, just with "seed" standing in for "key". They're fundamentally the same object.
I knew all this before, so people naming a CSPRNG and a stream cipher the same did not come as any surprise to me. But I went and looked a little further into ChaCha in particular (and its ancestor Salsa and, earlier still, Snuffle) because they have one additional cool and weird property.
They are seekable.
This means that you can, with O(1) effort, "reposition" the Snuffle/Salsa/ChaCha "key stream" / CSPRNG number stream to anywhere in its future. You want the pseudorandom bytes for block 20,000,000? No problem, just "set the position" to 20,000,000 and it will output those bytes. This is not how all CSPRNGs or stream ciphers work. But some do. ChaCha does! Which is very nice. It makes it useful for all sorts of stuff, especially things like partially decrypting randomly-read single blocks in the middle of large files.
I got to wondering about this, so I went back and read through design docs on it, and I discovered something surprising (to me): it's not just a
How does the construction work? Embarassingly easily. You put the key material and a counter (and enough fixed nonzero bits to make the CHF happy) in an array and hash it. That's it. The hash output is your block of data. For the next block, you increment the counter and hash again. Want block 20,000,000? Set the counter to 20,000,000. The CHF's one-way-function-ness implies the non-recoverability of the key material and its mixing properties ensure that bumping the counter is enough to flip lots of bits. The end.
Amazing!
But then I got curious and dug a bit into the origins of ChaCha and .. stumbled on something hilarious. In the earliest design doc I could find (Salsa20 Design which still refers to it as "Snuffle 2005") the introduction starts with this:
Fifteen years ago, the United States government was trying to stop publication
of new cryptographic ideas—but it had made an exception for cryptographic
hash functions, such as Ralph Merkle’s new Snefru.
This struck me as silly. I introduced Snuffle to point out that one can easily
use a strong cryptographic hash function to efficiently encrypt data.
Snuffle 2005, formally designated the “Salsa20 encryption function,” is the
latest expression of my thoughts along these lines. It uses a strong cryptographic
hash function, namely the “Salsa20 hash function,” to efficiently encrypt data.
This approach raises two obvious questions. First, why did I choose this
particular hash function? Second, now that the United States government seems
to have abandoned its asinine policies, why am I continuing to use a hash function
to encrypt data?
In other words: the cool seekability wasn't a design goal. Shuffle/Salsa/ChaCha was intended as a tangible demonstration of a political argument that it's stupid to regulate one of the 3 objects (CHF, CSPRNG and stream cipher) since you can build them all out of the CHF. (And, I guess, "obviously you should be allowed to export CHFs" though I wouldn't bet on anything being obvious to the people who make such decisions).
And then I googled more and realized that when I was a teenager I had completely missed all the drama / failed to connect the dots. Snuffle was the subject of Bernstein v. United States, the case that overturned US export restrictions on cryptography altogether! And as this page points out "the subject of the case, Snuffle, was itself an attempt to bypass the regulations".
Anyway, I thought this was both wonderful and funny: both the CHF-to-CSPRNG construction (which I'd never understood/seen before), but also the fact that Snuffle/Salsa/ChaCha is like the ultimate case of winning big in cryptography. Not only does ChaCha now transport
Infectious commuting
Aug. 29th, 2025 07:24 pmmtbcAfter I got over my cold, I seemed to get another, for the following weekend, which would fit with my contracting them on my commuting on-site days. For my latest day on-site, I realized that, for Reasons, I used my ScotRail card to ride the Glasgow subway, and my Glasgow subway (really, Strathclyde Partnership for Transport) card for riding the ScotRail trains. I'll be going back in on Monday via a less inverted arrangement. I use smartcards rather than cellphone apps because I dislike being reliant on my telephone and its apps all working.
(no subject)
Aug. 28th, 2025 04:55 pmsorcyressIt's my birthday! gosh wow!
Long time viewers may be familiar with Kat's birthday lore, which is this: Please join me in celebrating my birthday! The way you do so is by eating ice cream and ideally snapping a photo of it, or you, or both and sending it to me. This can happen literally anywhere in the world, and it can happen literally anytime (I've been getting photos for about two weeks now!)
The "ice cream" part is not literal --anything that feels to you like a treat, ideally frozen, counts!
If you are local, there are two bonus celebratory options:
1) COME DANCE WITH ME TONIGHT! I am running a "no-planning-just-vibes" Scottish Country Dance tonight, Thursday, 8/28, 7-9pm in the NESFA clubhouse (504 Medford St, Somerville). We're gonna do mostly Scottish by people requesting dances or figures, but I might throw in some ceilidh, a few waltzes, heck, maybe a bit of blues...we'll make it work!
2) COME EAT ICE CREAM WITH ME TOMORROW! I am gonna do my usual Davis Square Ice Cream Adventure tomorrow, Friday, 8/29. I plan to be in Davis from about 7:30pm-11pm, and get ice cream for myself at 8pm and 10pm. Join in for as little or as much of that as you fancy! Bring a friend I've never met if that friend wants to eat ice cream! Wave at me as you ride through the square on your way to something else! Come at the last possible minute and encourage a bad decision staying-up-to-late party! The possibilities are endless, it's Friday night woot woot!
(there may or may not wind up being a "well dang I also really like Gracie's, y'all wanna hang in Union instead" at some point this weekend. Watch this space. Planning is easier when it's not also the beginning of the school year)
~Sor
MOOP!
Long time viewers may be familiar with Kat's birthday lore, which is this: Please join me in celebrating my birthday! The way you do so is by eating ice cream and ideally snapping a photo of it, or you, or both and sending it to me. This can happen literally anywhere in the world, and it can happen literally anytime (I've been getting photos for about two weeks now!)
The "ice cream" part is not literal --anything that feels to you like a treat, ideally frozen, counts!
If you are local, there are two bonus celebratory options:
1) COME DANCE WITH ME TONIGHT! I am running a "no-planning-just-vibes" Scottish Country Dance tonight, Thursday, 8/28, 7-9pm in the NESFA clubhouse (504 Medford St, Somerville). We're gonna do mostly Scottish by people requesting dances or figures, but I might throw in some ceilidh, a few waltzes, heck, maybe a bit of blues...we'll make it work!
2) COME EAT ICE CREAM WITH ME TOMORROW! I am gonna do my usual Davis Square Ice Cream Adventure tomorrow, Friday, 8/29. I plan to be in Davis from about 7:30pm-11pm, and get ice cream for myself at 8pm and 10pm. Join in for as little or as much of that as you fancy! Bring a friend I've never met if that friend wants to eat ice cream! Wave at me as you ride through the square on your way to something else! Come at the last possible minute and encourage a bad decision staying-up-to-late party! The possibilities are endless, it's Friday night woot woot!
(there may or may not wind up being a "well dang I also really like Gracie's, y'all wanna hang in Union instead" at some point this weekend. Watch this space. Planning is easier when it's not also the beginning of the school year)
~Sor
MOOP!