I assumed MurderBot would not look male or female but look androgynous. Additionally the merging of machine and meat would result in thin limbs, likely they are going to have to do a lot of CGI work in post.
Casting a big name actor in the role, especially a male actor who tends to play tough guys, seems like a mistake. ~80% of the murderbot fans I've talked to, decided they weren't watching the series when they heard that casting decision. Generally the take was: "if that is who they cast, they don't understand why the books worked." I reserve my judgement until the series comes out, actors can act and should not be cast based on audiences expectations, but it does not auger well.
Really? My partner and I and some of our friends thought the opposite. Skarsgård can be tough but in many of his roles he exhibits a fairly unconventional form of masculinity.
My expectation is that he's going to be able to play an ungendered character quite well.
Having never heard of this series until this HN thread, I assumed from context that you meant Bill Skarsgård, who of course is a natural for an out-of-place somewhat-alien a-touch-androgynous misfit, having played that kind of role well before.
It turned out not to be the one I was sure you meant, hahaha. "Iceman" from Generation Kill is rather a twist, but of course, as mentioned, actors are supposed to be able to act....
In my view the eventual goal of security is to reduce all excess trust to zero. Excess trust is all trust which is not fundamental to thing you are trying to do. If you want a feature that let's Alice update policy, you need to trust Alice to update policy. I believe that a system without any excess trust is worth building that's why I founded BastionZero and why I joined Cloudflare to work on this.
Getting there is a long walk through the woods on a moonless night.
> With 2-trust, we’d need at least units of trust, so two machines. Equivalently, each credential-bearing machine is half trusted (think ssh bastion hosts or 2FA / mobikeys for 2 trust).
You might be interested in OpenPubkey[0, 1] which was developed at BastionZero. It has 1/2 trust for OpenIDConnect and can be used for SSH.
> As snarky as this math is, I’ve yet to see a more accurate formulation of what zero trust architectures actually provide.
I prefer the term epsilon-trust to reflect the nature of security and trust reduction as an iterative process. The trust in a system approaches but never fully reaches zero.
> you still must trust something implicitly. except now it's a company that has agency and a will of its own instead of just some files on a filesystem.
Some keys on a file system on a large number of user endhosts is a security nightmare. At big companies user endhosts are compromised hourly.
When you say forced key rotation how do you accomplish that and how often do you rotate? What if you want to disallow access to a user on a faster tempo then your rotation period? How do you ensure that you are giving out the new keys to only authorized people?
My experience has been, when you really invest in building a highly secure key rotation system, you end up building something similar to our system.
1. You want SSO integration with policy to ensure only the right people get the right keys to ensure the right keys end up on the right hosts. This is a hard problem.
2. You end up using a SSH CA with short lived certificates because "key expires after 3 minutes" is far more secure than "key rotated every 90 days".
3. Compliance requirements typically require session recording and logging, do you end up creating a MITM SSH Proxy to do this?
Building all this stuff is expensive and it needs to be kept up to date. Instead of building it in-house and hoping you build it right, buy a zero trust SSH product.
For many companies the alternative isn't key rotation it just an endless growing set of keys that never expire. To quote Tatu Ylonen the inventor of SSH:
> "In analyzing SSH keys for dozens of large enterprises, it has turned out that in many environments 90% of all authorized keys are no longer used. They represent access that was provisioned, but never terminated when the person left or the need for access ceased to exist. Some of the authorized keys are 10-20 years old, and typically about 10% of them grant root access or other privileged access. The vast majority of private user keys found in most enviroments do not have passphrases."
So far my experience with joining and working at Cloudflare has been fantastic. Coming from a background of startups and academia, the size and scope of what Cloudflare is building and currently runs is overwhelming.
In academia I've seen lots of excellent academic computer science papers that never benefit anyone because they never get turned into a tool that someone can just pick up and use. Ideas have inherent value, even useless ideas, but it feels good to see great ideas have impact. What appealed to me the most about getting acquired by Cloudflare is seeing research applied directly to products and used by people. Cloudflare does an excellent job both inventing innovative ideas and then actually making them real. There used to be a lot of companies that did this 10 years ago, but Cloudflare now seems rare in that respect.
I just wanted to offer my congratulations on the acquisition. I don't know any details about your specific one, but I have been around enough to know that it's still worth celebrating o/
I agree it isn't a bug in the RNG itself, but it a bug in randomness propagation which is part of randomness generation.
For instance consider this bug:
secretKey = Hexadecimal(Crypto.Rand())[0:16]
The person likely intended to generate a secret_key with 16 bytes of entropy. Instead they generated a secretKey which is 16 bytes long, but only contains 8 bytes of entropy. I would call this a RNG bug.
> it's clear that the Ukraine invasion was motivated, in part, by NATO expansion.
Unless you mean, the only way to have prevented the Russian invasion of Ukraine would have been to accept Ukraine into NATO, I strongly disagree with you here.
Russia invaded Ukraine not because Russia is fearful of NATO but because Russia wished to recreate the Soviet empire. It's just plain old imperialism.
Yep. The US told Ukraine it was never going to happen. Originally Ukraine had wanted neutrality but Russia kept making territorial claims on Ukraine land pushing Ukraine to seek protection from Russian imperialist ambitions.
If Ukraine eventually gets NATO membership it will be because of Russian's invasion.
Heck Crimea basically guaranteed ukraine couldn't be admitted because of the whole no territorial disputes clause, and they were (nor are they now) nowhere near ready to acquiese on that.
> Heck Crimea basically guaranteed ukraine couldn't be admitted because of the whole no territorial disputes clause
There is no such clause in the North Atlantic Treaty, and many NATO members (including founding members) were admitted with territorial disputes, including with other NATO members, either admitted earlier or simultaneously admitted.
NATO members are required to pledge to resolve disputes of any kind in accordance with the principles of the UN, endeavouring to do so by means which are both peaceful and not disruptive of international peace and security, but without prejudice to any of their rights under the UN Charter including those of individual and collective self-defense, and to declare that at the time of their accession to the treaty none of their existing "engagements" violate those principles. (See, particularly, Articles 1, 7, and 8 of the North Atlantic Treaty.)
There is no reasonable reading of the Treaty which would prohibit a new member from being admitted while while some of its territory is under hostile occupation or while engaged in a defensive war on its won territory against an aggressor; it may make it more difficult to achieve the required unanimity,
but there is no "territorial disputes clause" preventing it.
A lot of the US government would be called anarchist if it was a proposal from a radical rather than the current state of affairs:
1. Criminal trials via random lottery of jury with the charged being viewed as innocent until proven guilty.
2. Checks and balances, where governmental power is intentionally limited and weakened.
3. A system of federated governments that elect representations, with a design favoring minority members of that federation.
Anarchism is always a balancing act between legitimate power and limitations on that power. Most forms of Anarchism do not reject all forms of power as illegitimate but rather place a heavy burden of proof on the claim that legitimate of the use of power.
I disagree with a lot of what Chomsky has said but I do think his definition of anarchism was very well stated:
"Well, anarchism is, in my view, basically a kind of tendency in human thought which shows up in different forms in different circumstances, and has some leading characteristics. Primarily it is a tendency that is suspicious and skeptical of domination, authority, and hierarchy. It seeks structures of hierarchy and domination in human life over the whole range, extending from, say, patriarchal families to, say, imperial systems, and it asks whether those systems are justified. It assumes that the burden of proof for anyone in a position of power and authority lies on them. Their authority is not self-justifying. They have to give a reason for it, a justification. And if they can’t justify that authority and power and control, which is the usual case, then the authority ought to be dismantled and replaced by something more free and just." - Noam Chomsky
reply