saint

Podcast related to the book: http://www.hilaritaspress.com/portfolio-item/the-sex-magicians/

This is interesting and potentially useful for anyone, who works in the corp which does not allow Linux laptops, but you can get your hands on Macs.

A vulnerability was discovered in Infineon’s cryptographic library, which is utilized in YubiKey 5 Series, and Security Key Series with firmware prior to 5.7.0 and YubiHSM 2 with firmware prior to 2.4.0. The severity of the issue in Yubico devices is moderate.

An attacker could exploit this issue as part of a sophisticated and targeted attack to recover affected private keys. The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they want to target, and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also require additional knowledge including username, PIN, account password, or authentication key.

A reminder

Highlights

Many systems use encryption of one sort or another. However, when we talk about encryption in the context of modern private messaging services, it typically has a very specific meaning: the use of default end-to-end encryption to protect message content. When used in an industry-standard way, this feature ensures that all conversations are encrypted by default — under encryption keys that are only known to the communication participants, and not to the service provider.

Telegram clearly fails to meet this stronger definition, because it does not encrypt conversations by default. If you want to use end-to-end encryption in Telegram, you must manually activate an optional end-to-end encryption feature called “Secret Chats” for each private conversation you want to have. To reiterate, this feature is explicitly not turned on for the vast majority of conversations, and is only available for one-on-one conversations, and never for group chats with more than two people in them.

Even though end-to-end encryption is one of the best tools we’ve developed to prevent data compromise, it is hardly the end of the story. One of the biggest privacy problems in messaging is the availability of loads of meta-data — essentially data about who uses the service, who they talk to, and when they do that talking.

;)

The major story of the past couple of weeks has been Ukraine’s Kursk offensive and the seizing of over 1100 square kilometres of Russian territory in the past ten days. This has been a stunning change in the direction of the war. At least five Ukrainian brigades, or elements of those brigades, and possibly more have seized the initiative and remained on the move since surprising the Russians in their initial crossing of the border into the Russian Kursk oblast.

Highlights

So the point of the American UI system is not to make it easier to quit a job. But a few economists are now beginning to ask: Should it be?

A safety net program that would encourage more Americans to quit their jobs has generally been seen as a bad thing.

Boosting UI generosity doesn’t affect overall employment rates one way or the other. Instead of loafing around in subsidized unemployment, more generous benefits can support people to quit their jobs in search of better ones, which benefits workers through higher wages and better job satisfaction, and the economy through enhanced productivity as people find better uses for their skills.

The real losers would be lousy jobs, which would struggle to retain workers with a greater cushion to quit and go looking elsewhere.

A major barrier facing lasting reform has been that most people do not care about improving the unemployment system long enough to build the kind of political momentum that gets laws through Congress.

Without financial support, quitting in search of better work just isn’t always a viable option, especially for the more than one in 10 US households that have zero wealth to fall back on.

The unemployment insurance system was established during the Great Depression as part of the Social Security Act in 1935, when the unemployment rate was about 20 percent; helping those workers who still had jobs quit wasn’t exactly a policy priority. About half of American workers were excluded from coverage, including agricultural and domestic workers (many of whom were Black).

The surge of quits during the pandemic and the expansion of unemployment insurance created a unique dataset that caught the attention of economists Zhifeng Cai and Jonathan Heathcote.

After an extra $600 was added to weekly UI checks, along with a major expansion to who is eligible for the benefits, studies found no connection between the boosted UI and laziness or joblessness (echoing findings around unconditional cash transfers more broadly, where giving people cash doesn’t undermine their desire to work).

Economists have historically held equality and efficiency at odds with each other, with higher UI benefits seen as an equality booster that trades off against economic efficiency. But Cai explained in an interview with Vox that “if you give nothing to people who quit, it’s actually not an efficient choice, because there are too few people quitting. Our point is that even from an efficiency perspective, you still want to have some UI going to quitters.”

Federal agencies must start migrating to post-quantum cryptography (PQC) now due to the “record-now, decrypt-later” threat, which anticipates quantum computers decrypting captured data in the future.

Looks fun!

Sometimes obvious things are obvious only looking back

Highlights

European beech trees more than 1,500 kilometers apart all drop their fruit at the same time in a grand synchronization event now linked to the summer solstice.

From England to Sweden to Italy — across multiple seas, time zones and climates — somehow these trees “know” when to reproduce. But how?

Their analysis of over 60 years’ worth of seeding data suggests that European beech trees time their masting to the summer solstice and peak daylight.

The discovery of the genetic mechanism that governs this solstice-monitoring behavior could bring researchers closer to understanding many other mysteries of tree physiology.

So it’s easy to see why masting trees synchronize their seed production. Understanding how they do it, however, is more complicated. Plants usually synchronize their reproduction by timing it to the same weather signals.

Then the team stumbled across a clue by accident. One summer evening, Bogdziewicz was sitting on his balcony reading a study which found that the timing of leaf senescence — the natural aging process leaves go through each autumn — depends on when the local weather warms relative to the summer solstice. Inspired by this finding, he sent the paper to his research group and called a brainstorming session.

It’s the first time that researchers have identified day length as a cue for masting. While Koenig cautioned that the result is only correlational, he added that “there’s very little out there speculating on how the trees are doing what they’re doing.”

If the solstice is shown to activate a genetic mechanism, it would be a major breakthrough for the field. Currently, there’s little data to explain how trees behave as they do. No one even knows whether trees naturally grow old and die, Vacchiano said. Ecologists struggle just to study trees: From branches to root systems, the parts of a tree say very little about the physiology of the tree as a whole. What experts do know is that discovering how trees sense their environment will help them answer the questions that have been stumping them for decades.

Tsundoku is a Japanese term for buying books and magazines far faster than you can read them. Döstädning is a concept from Sweden that translates into death cleaning, advice for how to get rid of your stuff before making other people do it after you die.