The trick is to realise that even if you could build it perfectly, your requirements will change causing even what was perfect before, to be less than perfect now. Of course it was never perfect, only an approximation. Sometimes you rip something out to rebuild, and sometimes you build something better, and leave the crappy setup behind.

At the point where you feel like everything is a massive bowl of unmaintainable spaghetti, you unlock construction bots, and can start to rebuild and redesign your factory on a massive scale, striving for perfection, but always coming up just slightly short, ripe for yet another redesign.

All of this is exactly the same when programming.

I used to be a software engineer, but moved into infrastructure instead, so I haven’t really been programming much for few years. But all the vibe coding I see around me is making me yearn for coding the old-school way. And I’ve been searching a bit for something to apply that drive to…

It’s very very clear that many politicians are rather clueless on how ChatControl would actually work. The EU Commission wrote on their mastodon that they would only be scanning messages with CSAM, and that they wouldn’t scan other messages… Which of course isn’t possible because you need to scan the message in the first place to figure out which contain CSAM and which do not.

Some of the politicians are also clearly just interested in the direct violation of people’s privacy. Peter Hummelgaard directly said “We must break with the totally erroneous perception that it is everyone’s civil liberty to communicate on encrypted messaging services”… So he clearly doesn’t care about the right to privacy…

Other politicians seems to be completely dazzled with the spiel about “it’s for the children” and doesn’t care what liberties are lost in the process of saving the children.

The short answer is basically everywhere they can find data.

But sometimes the government even wants to give them all the data they have on every citizen in their country, including medical history, financial information, and much much more. So the police can “Minority Report” terrorism before it happens

That’s not correct. Under the GDPR, the data that Facebook collects on you, makes them the Data Controller. Any partners they share data with would be considered Data Processors. When you invoke your right to be forgotten under the GDPR, then both Data Controllers and Data Processors must delete your data. So if Facebook partners isn’t deleting your data after you filed a request to Facebook, then they are violating the GDPR.

That said Facebook is certainly violating the GDPR left and right. For example with their “Pay or Consent” model…

I used to do that too, but my washing machine often has trouble draining due to the filter being blocked, and it also often stops because the soap apparently foamed too much…

The programs take anywhere from 55 minutes to 2 hours and 30 minutes depending on choice… So one times isn’t really an option. But the randomness of when the machine decides to make the program longer caused me to seek better solutions.

I live in the EU, so electricity is 230 Volt.

A regular electric dryer just plugs into a bog standard wall socket. My dryer is a one that utilises a heatpump, and only draws up to 1000 Watts

Ikea sells these, which handle up to 16 Amps, which is 3680 Watts:

https://applink.ikea.com/tY8M9r9M4w--00569836--dk--da

Aqara also makes these, which handles 2300 Watts:

https://www.aqara.com/eu/product/smart-plug-eu/

Yeah, I agree with you. I have a “dumb” washing machine and dryer. But also wanted to be notified when it finished, because it’s in my outhouse, and there’s no way I can hear when it finishes…

I already have a Zigbee smart network set up based on a Sonoff controller with zigbee2mqtt, so it was trivial to buy some smart sockets that can monitor power utilisation, and setting up an automation on Home-assistant to send a notification when the power utilisation drops.

Frostpunk is hardcore, intense, and stressful. Bleak, hostile, and oppressive are other words I would link to it.

BUT! It’s absolutely amazingly well done. I was playing on the edge of my seat. I have never been that intensely invested in any strategy game or city builder… It’s certainly in my personal top 10.

Pear Launcher has them but calls them “App Groups”. But as I said, the missing piece is to hide them from the main tab when they have been added to another tab

I feel the same. I like having my desktop with easy to reach commonly used apps, and a few widgets, such at a Google calendar widget and my keep notes. And I want all the things in the exact spot I put them, so I can build muscle memory to go where I want. The dock is not so necessary as long as I can have enough icons on the desktop. And then I want an app drawer, where I can divide it into tabs, one for regular apps and one for games.

The closest I could find are either:

Lawnchair launcher, but it’s missing the drawer tabs (it has folders though)

Pear Launcher, it has everything, but unfortunately it doesn’t remove the games from the main apps tab when I add them to a games tab…

You know when a website has an “Upload” function? There it opens up a file picker that is native to your operating system, and let’s you pick which file to upload. This does not allow the website access to your entire file system, it only allows access to the exact file you picked.

Android and iOS could easily have implemented access in the same way in the operating system.

It’s also comical how you have to grant an android app full access to make phone calls for the app to be able to see whether you are currently in a call. This is useful for many games to pause if you get a call suddenly, but now your game has the ability to dial people as well…

Cat’s claws are for hunting, fighting and climbing. They are extremely sharp, and can rip your skin and make you bleed without even trying.

Dog’s claws are for traction and digging. Usually dogs claws are dull, they might still cause a big of damage to the top most layer of your skin, but they have to make an effort to draw blood. Dogs hunt and fight with their teeth instead of their claws.

Demineralized water is not conductive. All the dirt from the keyboard might make is slightly conductive again, but every time there has been a spill in a mechanical keyboard, I take it apart, and soak it in demineralized water, then when it has soaked for a while I rinse it in fresh demineralized water, and then let it dry. I have only lost one keyboard, and I have saved the rest of the keyboards numerous times.

Sweden and Denmark (and probably the rest of Scandinavia) has Kex which is somewhat similar

You are correct for regular hash functions, but a cryptographic hash function has stronger requirements.

MD5 was supposed be a cryptographic hash function, but it was found to be flawed all the way back in 1996, and has been discouraged ever since… Now it’s too weak to be used in a cryptographic setting, and too slow to be used in non-cryptographic settings.

This is why hashes like xxhash is considered a non-cryptographic hash function, while SHA-256 is considered a cryptographic hash function.

Oh shit! You are completely correct… I looked up my math, and apparently I put a mutiplication sign instead of a power-of sign…

That’s horrifically wrong, but as you mention, still not strong enough…

I have struck out the parts where I was wrong.

Cryptography is the practice of hiding and protecting information.

Modern cryptography is about computer algorithms.

These computer algorithms are notoriously hard to invent, and even just to implement.

Cryptography is a constant cat and mouse game. Some people will attempt to build new algorithms, and some people will be trying to break these algorithms. In some situations people are doing this benevolently, where researchers will look for weaknesses so they can be fixed. In other situations people are malicious and an looking for weaknesses to exploit them.

Inventing a new algorithm usually takes years, and then it’s researched for even more years to make sure there are no obvious weaknesses.

Then people implement these algorithms and these implementations are then again researched for long times to look for weaknesses.

Inventing a new algorithm is insanely hard, and only a rather small amount of people around the world has had decent success.

But even if you have a good algorithm that is theoretically secure, then when you try to implement it in actual code, it’s again incredibly easy to make mistakes that completely undermine the security.

What the OP did was to try to invent a new algorithm. OPs algorithm is very flawed and easily broken. Then OP wrapped it in a Web page that purported to allow you to securely encrypt something. And used words like “crazy strong encryption” which could lead others to think the service is safe and secure, and rely on it for something critical, only for their security to be utterly compromised.

The mantra in the security community is “Don’t roll your own crypt”, and OP rolled their own crypto, and failed, without giving a proper disclaimer.

So this basically runs key derivation by taking the password, SHA-256 hashing it, and feeding the result to a SecureRandom. Then XORs the output of SecureRandom with the plaintext in CBC mode with a block size of 1 byte… CBC meant this isn’t protected against tampering, since the encryption mode isn’t authenticated. And the blocksize of 1 byte, means you can attack each character of the ciphertext one at a time.

This is a woefully inadequate key derivation, and the actual encryption seems fairly flawed. I only have a basic Cryptography 101 course under my belt, and while I don’t have the skill to obviously break it, it absolutely makes the hair on my neck stand up…

Discounting any weaknesses in the actual crypto, the heaviest part of this algorithm is the actual SHA-256 hash, and with some tweaking, I’m sure someone determined could modify hashcat to attack this encryption directly. I just had a look at some Hashcat benchmark on an AWS p5en.48xlarge instance, which has 8x Nvidia H100 GPUs. These together can churn out 126.9 Giga-hashes per second on SHA-256. Which means it can try ALL alpha-numeric passwords with 12 characters in just around 0.59 nanoseconds. This instance isn’t cheap, as it costs around $64 per hour to run, but at that speed you don’t have to run it for very long anyway.

So even at the worst-case, of having to brute-force your XOR encryption algorithm, breaking it will be trivial.

Please don’t roll your own crypto… Or if you do, please make it very clear to anyone that it’s your own hobby project, and that it shouldn’t be relied upon for actual security.

EDIT: apparently I can’t operate a calculator