Is Yggdrasil still using raw truncated ed25519 keys to determine the treespace root node? [1] If so, this seems to be an obvious network availability vulnerability. [2]
Well if they can deceive certificate authorities that implement the ACME protocol like LetsEncrypt, then they could get a certificate for your site with the HTTP-01 challenge, see the paper Using BGP to Acquire Bogus TLS Certificates (2017) [1]. That paper suggested a mitigation they call Multiple Vantage Point Verification, which has already been implemented [2].
They don't need ACME to do that, ACME is just an automation standard - the same rules apply for getting a certificate via ACME such as 3.2.2.4.19 "Agreed upon change to website - ACME" as for the manual process 3.2.2.4.18 "Agreed upon change to website v2". The ACME version is just designed for machines to automate easily (and as a result wildly more common in use today)
And Multi-perspective only helps against an attacker who is merely able to influence a local route, if they can ensure all your perspectives see the same thing the attacker wins.
So there is a more general standard which the ACME protocol automates. Or perhaps another way to put it is that, the standard is written in a way that "just happens" to be nicely automatable.
Yes this is why multi-perspective is described as a "mitigation" above. Ideally, ACME issuers have a large array of perspectives with additional perspectives added frequently to foil planned attacks. But real BGP security is the actual solution to this problem.
This document is essentially an agreement between the Trust Stores (largely the browser vendors such as Microsoft, Google, Apple, and Mozilla) on behalf of their Relying Parties (everybody) and the Certificate Authorities they choose to trust. It lays out the requirements on what the CAs may do and how they may do it, the numbers I quoted were sub-section numbers for what are sometimes called the "Blessed Methods" which these days are listed in those requirements - for how a CA shall check that say a certificate for news.ycombinator.com can be issued to this web server we're both using.
This isn't a "standard" really, any more than you'd say the Geneva Conventions were standards. It specifies (that "- ACME" is from the document, it's not my addition) that you can use some ACME protocol features to achieve the name confirming requirement but it also specifies some ways to do so manually. Last month quite a few of the older methods were finally stopped for new issuance (though existing confirmations for those methods will keep working for a few years if you have them). Stuff like "Find the landline phone number for the company in a government directory and call them" which I'm not sure really still made sense when the BRs were first agreed, let alone last month when it was finally removed.
I feel that as soon as the existential threat easened with the splintering of the Soviet Union, the US started doing some self-harming libertarian flavored shit to itself.
In the 1980s, I assume getting rid of the "strategic reserve" of anything would have met more pushback, because of primal fear overriding greed.
"Current law (cira 2013) requires BLM to sell off the crude helium remaining in the Federal Helium Reserve in order to repay the U.S. Treasury the $1.3 billion debt incurred creating it. This debt will be repaid this fiscal year and that, as a consequence, the helium program will terminate at the end of the current fiscal year (October 1, 2013), absent Congressional action.
Currently, the Federal Helium Reserve supplies roughly 40% of domestic and 30% of global helium demand. Loss of access to the Federal Helium Reserve would result in significant disruptions to a large number of critical U.S. industries." https://www.energy.senate.gov/services/files/494b2f9e-c8f5-4...
Biden is an anti-abortion Catholic Zionist who wouldn't even do anything (but empty talk) to raise the minimum wage during high inflation. He enabled a genocide so his gods would reward him. I guess he would be a radical commie to the extreme far right. Nixon, JFK, LBJ and Lincoln, for example, signed into law actual left policies (whether they agreed with them or not-- none were lefties).
Words have meaning. Someone a bit left of a Nazi is not on the Left even if they are to the left of the person speaking.
The Democrats are a right-wing party. They spend more energy attacking the left than they do, the Republicans. Look at what they did to the center-left Sanders and their constant lawfare to keep left parties, like the Greens and Peace and Freedom, off the ballot and out of the debates (last election, the Greens spent half their campaign funds fighting these frivolous lawsuits from the Democratic party who seek to subvert democracy [Republicans attack anyone more left/darker than them, through voter suppression and other techniques to also subvert democracy]). There is very little daylight between the two. They serve the same masters, Oligarchs and Israel.
The United States is also a one-party state but, with typical American extravagance, they have two of them.
- Julius Nyerere
BLM was required (to sell it) by Congress in the Helium Stewardship Act of 2013, as the alternative was to not offer any H to the market due to the authorization to sell expiring. Sponsored by a Republican and passed basically unanimously with the proceeds used to pay of the debt (back when we cared about that)
The idea of selling things like our strategic helium supply for $460M to "pay off the debt" would be like me selling bricks from the foundation of my house for a penny to "pay off my mortgage".
$460M was for what was left after the large majority had already been sold.
In the best case, "strategic reserves" are the government speculating on commodity prices. They use tax dollars to buy a commodity -- raising the price on everyone so they can hoard it -- and then more tax dollars to pay for a storage facility, and if they're lucky the price goes up by enough to pay for the storage and the time value of money by they time they sell it again. That frequently doesn't happen.
In the common case it's the government subsidizing corporations -- including foreign ones -- by using tax dollars (at government contractor rates) to operate a storage facility at a loss so the industry doesn't have to do it themselves. Then, when they go to unload it, they generally unload enough to lower the market price on purpose, practically guaranteeing that the taxpayer is getting a below-market return. This unloading also has a statistical correlation with the election cycle (see also "strategic petroleum reserve") which is extra stupid. And the expectation that it will happen deters others who aren't paying government contractor rates from storing the commodity, so from a "strategic" perspective you don't get anywhere near as much of a buffer as you're paying for.
If the tech industry wants a reserve of helium then they should buy some land, install some tanks and fill them with helium in years when there isn't a shortfall.
I've heard it claimed that it was a massive oversight to sell that much helium at such a low price. Helium is a non-renewable resource. When it escapes, it just floats off into space.
And it's an absolutely critical resource for MRIs, advanced science and research, and industry. And we are selling it at a price that's attractive as an amusement for children.
> That strategic helium reserve was from WWI, IIRC.
That may have been when it opened but the current war machine has little use for dirigibles.
> I've heard it claimed that it was a massive oversight to sell that much helium at such a low price. Helium is a non-renewable resource. When it escapes, it just floats off into space.
Helium is produced within the earth by radioactive decay. It then gets trapped in the same pockets as natural gas, which is why it gets extracted along with the natural gas. But most natural gas doesn't undergo helium extraction. If we wanted more, we could do helium extraction on more of the natural gas. Not doing it releases significantly more into the atmosphere than was present in the reserve. But doing it is expensive so we only do it more if there is demand for more helium.
The first mistake was the government hoarding that much of it to begin with. It doesn't make a lot of sense to pay a high cost for extraction in an earlier year and then pay a high cost for storage for an indefinite period of time if you're already discarding (i.e. not separating) most of it and could just extract more once you actually want it.
The second mistake was unloading such a massive amount over a relatively short period of time, because then you crash the short-term price and cause people to waste the thing you spent a lot of money to extract.
> In the best case, "strategic reserves" are the government speculating on commodity prices.
A horrendously misinformed take. Strategic reserves have broadly one of two primary purposes. First, providing the government with the ability to stabilize market prices in the short term when volatility strikes. Second, providing a supply of an essential resource to an essential industry in the event that external supplies are unexpectedly cut off temporarily.
Supply shocks are bad. The economy grinding to a halt at the whim of a geopolitical adversary or natural disaster is also bad. Ensuring a stable market is one of the most fundamental purposes of having a government at all.
> First, providing the government with the ability to stabilize market prices in the short term when volatility strikes.
Which is the thing they don't really even do, because their existence is not a secret, but then knowing of their existence discourages anyone else from setting up a reserve because they expect the government to unload right when they'd be trying to recover the costs of operating it. Then the market has less slack in it and the government has to tap into the reserve more frequently and in larger amounts, causing the reserve to be much more easily exhausted than you would intuitively expect because the whole world is now expecting you to bail them out when the time comes.
Worse, it encourages companies to rely on its existence instead of making contingencies, and then if it does get exhausted or you get something that looks more like unexpectedly high demand than unexpectedly low supply, you now have an inadequate reserve and a market full of people operating under the impression they would never have to deal with that.
> Second, providing a supply of an essential resource to an essential industry in the event that external supplies are unexpectedly cut off temporarily.
This isn't a different thing from the first thing. There being less supply is what causes the price to go up. But encouraging the market to take all the slack out causes there to be less supply.
The basic problem is this: If the government keeps a moderate reserve, it's going to cause other people to not do that, and then it's going to run out and Cause Problems. If the government keeps an enormous reserve, they're going to cause the price to be higher even when nothing is wrong and burn through a disproportionate amount of tax money doing it.
> Supply shocks are bad.
The correct answer to this is to diversify supply and be ready with substitutes, not government hoarding.
People aren't as stupid as you appear to think. Yes, there are second (and third, forth, ...) order effects. Typically these sorts of systems will settle into an equilibrium. A reasonably competent government agency will account for that where necessary.
It's strange. You object to the government here yet expect private industry to fill the same gap. Why do you believe private industry would navigate these issues better than a government agency would? Given the difference in incentives it doesn't make any sense.
It's a good thing for the regulator to be able to step in at will rather than blindly hope that things go well. Industry is notoriously bad at making short term sacrifices for long term risk management. Would you rather the government force them to maintain their own reserves via regulation?
> This isn't a different thing from the first thing. There being less supply is what causes the price to go up.
No, the two are not at all the same. Rapid price fluctuations are one issue. Essential resources are an entirely separate problem. Volatility and starving to death both involve price movement but are otherwise very different things.
> encouraging the market to take all the slack out causes there to be less supply.
So if the reserve is run by the government it's removing slack and reducing supply, but when run by private industry ... ?
No amount of regular slack is ever going to be able to compensate for a tail risk that blocks the import of an essential good. Take oil for example. No company is ever going to voluntarily warehouse enough to keep the entire US economy going for any significant amount of time. It's a crazy small tail risk and very expensive to counterbalance.
Food is similar. No grocery store or wholesaler or whoever else is going to voluntarily stockpile enough to keep people from starving in the event of widespread crop failure or similarly devastating adverse environmental event.
> If the government keeps an enormous reserve, they're going to cause the price to be higher even when nothing is wrong and burn through a disproportionate amount of tax money doing it.
Why would that be? Filling and emptying shifts demand but doesn't create additional. Anyway you seem to be arguing that private industry should do this for themselves. So whatever the effects are they will be present either way.
Why do you expect disproportionate expenditures? The cost is that of warehousing. The benefit is the entire economy running more smoothly which presumably increases taxes by quite a lot if money is all you're concerned with. It also just generally improves everyone's quality of life which I would hope is the entire purpose for the government to exist when you get down to it.
> You object to the government here yet expect private industry to fill the same gap. Why do you believe private industry would navigate these issues better than a government agency would? Given the difference in incentives it doesn't make any sense.
Profit-seeking actors have the direct incentive to balance risks and rewards. It's popular to hate on speculators, but "build a storage facility so you can buy a commodity when it's cheap and sell whenever the price is high" as a means to make money is actually pretty legitimate. And then they have the right incentives to manage costs and keep realistic inventory levels because they're spending their own money instead of someone else's. Whereas the government's incentive is to give lucrative contracts to cronies or hoard a ridiculous amount of the commodity because they're spending someone else's money and get blamed if there's not enough but not if there's too much.
There is also an advantage in diversity. Government tends to monoculture. How much does the price have to go up before the government starts unloading inventory? How much does the answer depend on politics? Things are better when instead of one essentially monopolist with a massive tank, you have a thousand independent entities with small ones, because then you get a smoother curve with less relationship to the election cycle. And you get different people trying to solve the problem in different ways. Speculators build tanks, entrepreneurs develop recycling systems, buyers make contingencies to use a substitute, but none of that happens if everyone is expecting the government to guarantee the price.
> Industry is notoriously bad at making short term sacrifices for long term risk management.
Middle managers in large bureaucracies are notoriously bad at this, because enormous conglomerates insulated from competition and subject to the principal-agent problem are not subject to a good set of incentives in many ways. It's why we're supposed to have antitrust laws.
Markets as a whole are pretty good at it, because "price goes up when supply is low" is a predictable opportunity to make money.
> Would you rather the government force them to maintain their own reserves via regulation?
The whole point is to stop having the people who don't pay the cost of doing it be the ones who choose how much there should be and what kind.
> Rapid price fluctuations are one issue. Essential resources are an entirely separate problem. Volatility and starving to death both involve price movement but are otherwise very different things.
They're the same problem because the problem in both cases is supply less than demand and then you're left with the same question of how best to contend with that.
Notice also that the government doesn't keep a multi-year supply of food and that doesn't seem to be any kind of a problem.
> So if the reserve is run by the government it's removing slack and reducing supply, but when run by private industry ... ?
When it's run by private industry it costs less, and more to the point costs the people who want the buffer instead of strangers without the bandwidth or domain knowledge to know if what's being done is cost effective or even necessary.
> No amount of regular slack is ever going to be able to compensate for a tail risk that blocks the import of an essential good. Take oil for example. No company is ever going to voluntarily warehouse enough to keep the entire US economy going for any significant amount of time. It's a crazy small tail risk and very expensive to counterbalance.
The US is a net exporter of oil and oil is widely traded global commodity with significant price elasticity of demand, so you don't get actual shortages unless you try something foolish like price controls. Instead people pay $4/gallon instead of $3 which causes the people who drive the most to switch to electric cars or hybrids, other suppliers to increase production, etc.
> Why would that be? Filling and emptying shifts demand but doesn't create additional.
Filling creates additional demand but if you're using a large enough reserve to be at low risk of ever running out then by design the emptying never fully happens.
> Anyway you seem to be arguing that private industry should do this for themselves. So whatever the effects are they will be present either way.
Private industry would size the reserve according to the risk instead of having the incentive to be excessively risk averse because they're spending someone else's money.
> Why do you expect disproportionate expenditures? The cost is that of warehousing.
Suppose you have a reserve which holds X amount and there is an average annual withdrawal and refilling of 0.5X, once every ten years you would use the full X amount, and once every 50 years you would use 5X if you had it.
The 5X reserve requires five times as many tanks and requires you to eat the time value of money on five times as much of the commodity, but only gets used once every 50 years instead of being mostly used every year. It's not worth having; it's better to eat the higher prices that year than to pay even more to prevent them. There are some risks it costs less to buy insurance against than to mitigate. But risk-averse people spending someone else's money will be more inclined to do it anyway, or to build a 10X reserve "just to be sure".
The government also uses government contractors which do not have a good record for cost efficiency.
What if it's not actually your house, but some unspecified "somebody else's", and you only stand to profit from it? Starts to make sense why some unscrupulous people would go that way, shitty as it is.
So frustrating when every conversation leads to R vs D. Doubly so in this situation since both bills that got us to where we are today had overwhelming BIPARTISAN support and were signed into law by presidents Clinton and Obama…
If individual party members voted against the party line more often there would be less of this kind of discourse. But the reality is that we have a deeply entrenched deeply divided two-party system. There are very few politicians who don't toe one line or the other and endure. But in this case it's a core tenet of the republican party platform to eliminate the administrative state, including strategic investment and reserves.
Encoders do some interframe analysis (motion, etc) as part of encoding P/B-frames; I wonder if this work could be done once and reused for all the encodings.
This post is how meta engineers just recently submitted a patch with the ability to avoid starting a new process for every output encoding and so they can share the decoding step. Maybe that also includes sharing the motion estimation step, but I would be careful making such assumptions, FFMPEG has a lot of low hanging optimization work that hasn't been done just because someone hasn't done it yet.
The US Military's demand that the product they purchase is able to be used for all lawful purposes seems pretty reasonable, and is really the only valid line to draw. Forcing one's own ethics onto the military's use of your product is nonsensical on its face.
If I produce and sell widgets in my widget shop, then nobody but me gets to decide how I make those widgets.
The government can come into my shop and order sixty thousand widgets built exactly the way they say they want them built, and it may be something that doesn't run afoul of any laws at all.
But that doesn't mean that I am required or compelled to build widgets their way -- or at all.
I'm free to tell them to fuck off.
The government can then find go someone else to build widgets to their specifications (or not; that's very distinctly not my problem).
Yes but then the government can decide that the widget, which can suddenly and arbitrarily break and cause havoc because it doesn't work according to the government's desired spec, is risky to use and advise their other vendors to avoid it. And now we've caught up to today's story.
So we agree that everything is fine here, and that the only unreasonable position is that the military should pay for or endorse a supplier that tells the military to "fuck off". Yes?
If I agree to sell widgets to the government that meet certain agreed-upon specifications, and then I elect to forego those earlier agreements and tell them to fuck off, then that's different.
I reject the premise that the military can't request a change to the spec of military equipment they purchase. Obviously it was foolish to sign a contract that added any more restrictions than "all lawful purposes".
Huh? I'm trying to learn here. I don't have a dog in this race. :)
Suppose a buyer and myself agree on a contract for the production and purchase of 60,000 widgets of design C. Sometime later, they decide that they don't want design C widgets and insist upon design G instead. The buyer is in breach of contract -- not me.
Now, changes do happen. Buyers (people, businesses, and governments alike) can and often do decide to go in a different direction. It's the kind of thing that happens every day.
A new contract (or quite often, an amendment such as a change order) can be drawn up and -- if we can agree on the terms -- maybe I'll be producing design G widgets and everyone is happy. That also happens every day.
But one party (even the military) can't just unilaterally alter the terms of the deal, and I'm not obligated to agree to the new change at all.
At any given time, I can't be compelled to produce design G widgets unless I've previously agreed to produce design G widgets. That's illegal.
(Unless it has been made legal. We've definitely legislated that before, such as with the Defense Production Act in WWII that forced manufacturers to produce things like military trucks instead of other things like civilian cars.
But that definitely doesn't happen every day, and we aren't operating under those kinds of laws today as I write this in 2026. It can change -- and it can indeed change very rapidly -- but it has not yet changed.)
Actually, that is not what is happening here. What is happening here is that the govt is saying "Okay, we will not buy your widgets. Also, anyone who _does_ buy your widgets, regardless of what they are doing with them, we the government will not do any business with them." Which is waayyyy beyond just not buying widgets. That is outright retaliation and using your power to attempt to destroy a company.
The government signed a contract with Anthropic, then changed their minds and decided they don't like the terms of the agreement that they had already voluntarily signed, and then they designated Anthropic a supply chain risk.
It's like ordering a pizza to the Pentagon, and then saying "actually we made a mistake with our order; we want that pizza delivered to Venezuela, please do that". And then when Dominos politely says that's outside of their service area, you call them a threat to national security, say they're trying to dictate terms, and ban them from ever doing business with any of your vendors ever again.
It is completely normal to have ethics based conditions like that. It already eciats - drugs that can not be used in execution or elements that cant be used in arms
Goverment is being super unreasonable here. And tyrannical too, companies dont have duty to provide unreliable arms for illegal war.
The right response is to not use the said product and use something else. If i want your widget to do something I want and you refuse, I don't get to smash your shop.
The FUTO keyboard is pretty good. All offline, customizable design, good speech recognition, tolerable swipe typing. It's published under a distinct opensource-ish license if you care about that. It's technically a paid app but with an indefinite trial period and and a license checking scheme based on human trust (click the 'yes I bought it' button and it accepts). Worth $5 imo, I bought additional copies for friends and family too.
That's an interesting stress test for I2P. They should try to fix that, the protocol should be resilient to such an event. Even if there are 10x more bad nodes than good nodes (assuming they were noncompliant I2P actors based on that thread) the good nodes should still be able to find each other and continue working. To be fair spam will always be a thorny problem in completely decentralized protocols.
> Even if there are 10x more bad nodes than good nodes [...] the good nodes should still be able to find each other
What network, distributed or decentralized, can survive such an event? Most of the protocols break down once you hit some N% threshold of the network being bad nodes, asking it to survive 1000%+ bad nodes when others usually is something like "When at least half the nodes are good". Are there existing decentralized/distributed protocols that would survive a 1000% attack of bad nodes?
No. They should not try to survive such attacks. The best defense to a temporary attack is often to pull the plug. Better than than potentially expose users. When there are 10x as many bad nodes as good, the base protection of any anonymity network is likely compromised. Shut down, survive, and return once the attacker has moved on.
This is why Tor is centralized, so that they can take action like cutting out malicious nodes if needed. It’s decentralized in the sense that anyone can participate by default.
While anyone can run a Tor node and register it as available, the tags that Tor relays get assigned and the list of relays is controlled by 9 consensus servers[1] that are run by different members the Tor project (in different countries). They can thus easily block nodes.
It's 10, not 9. And there are severe problems with having a total of 10 DA be the essential source of truth for whole network. It would be trivial to DDoS the DAs and bring down the Tor network or at the very least, disrupt it: https://arxiv.org/abs/2509.10755.
It's the only complaint I have of the current state of Tor. Anyone should be able to run directory authority, regardless if you trust the operator or not (same as normal relays).
Anyone can. The DA code is open source and is used whenever you run a testnet. You can also run a DA on the mainnet - how do you think the 10 primary DAs exist? They're not 10 computers owned by a single organization - they're 10 mutually trusting individuals. However, most of the network won't trust you.
That's why the Web of Trust, or classic GNUPG key signing parties are a forgotten/ignored must have. Anyone can change and go rouge of course, but it's statistically less likely.
It doesn't work for I2P due to its design, but for things like Nostr, it works well. Essentially, the goal is to build up a list of "known" reliable relays over time, while simultaneously blacklisting anyone who joins and proves to be unreliable relying on the statistic that collaborative individuals outnumber hostile ones in any sufficiently large cohort.
Of course, it's far from being 100% effective, but it mitigates the issue significantly.
Once again I would like to ask CA/B to permit name constrained, short lifespan, automatically issued intermediate CAs. Last year's request: https://news.ycombinator.com/item?id=43563676
[1]: https://yggdrasil-network.github.io/2021/06/19/preparing-for...
[2]: https://news.ycombinator.com/item?id=27577201#27580938
reply