tal

If the end result is a more self-sufficient russia and profits going to the war effort … would it have been the right move?

Autarky costs something, given an efficient market. Normally, due to comparative advantage, a country will trade with whoever can produce something with the most comparative advantage. That will normally make the country better-off. So a restriction on trade -- like an entity refusing to do business with it -- will make the country worse-off than in a free market. Could cut off access to supply chains or money or whatever.

So you would not normally expect Russia to have more resources to go to the war effort as a result of cutting business connections. Russia of 2024 will have fewer resources available to it than Russia of 2021.

I don't disagree that this is less-disruptive to Russia than a company intentionally dismantling its infrastructure in Russia. I do not know whether that is a practical option, as the authorities might simply seize the assets. Russia does have jurisdiction over things that happen in Russia. They can make it illegal to dismantle factories; I have not been following, but I remember reading that several laws restricting things along these lines have been passed in the past, including limiting bankers from exiting Russia, some sort of controls on moving assets, and some sort of restrictions on divesting assets.

reads article

Actually, the article specifically references this, right at the end:

However, for some companies, staying longer in Russia has not always been a carefully calculated business choice because the government has put significant obstacles in place to prevent them leaving.

These included trying to take over the assets of Western companies wanting to go

Oh so both hashes and synmetric cryptography are secure entirely by doubling up the key size.

That's not my understanding, which is that it's more-secure than that and doesn't require the doubling. Assuming the pages I linked are correct and that the understanding of them from my skim is correct, both of which may not be true:

• About a decade-and-a-half ago, it was believed that AES of existing key lengths could be attacked via a known quantum algorithm -- Grover's algorithm -- using future quantum computers. However, the weakness induced was not sufficient to render AES of all key lengths practically vulnerable. it would be viable to simply increase key lengths, not redesign AES, sufficient to make it not attackable via any kind of near-future quantum computers.

• At some point subsequent to that, it was determined that this attack would not be practical, even with the advance of quantum computers. So as things stand, we should be able to continue using AES with current keylengths without any kind of near-future quantum computer posing a practical risk.

Take all that with a huge grain of salt, as I'm certainly not well-versed in the state of quantum cryptography, and I'm just summarizing a few webpages which themselves may be wrong. But if it's correct, you were right originally that there aren't going to be near-term practical attacks on AES from the advance of quantum computing, not from any presently-known algorithm, at least.

So, I haven't read up on this quantum attack stuff, and I don't know what Kairos is referring to, but setting aside quantum computing for the moment, breaking a cryptographic hash would simply require being able to find a hash collision, finding another input to a hash function that generates the same hash. It wouldn't require being able to reconstitute the original input that produced the hash. That collision-finding can be done -- given infinite conventional computational capacity, at any rate -- simply from the hash; you don't need additional information.

I'm not sure I follow. Could you expand on that?

EDIT: Wikipedia says this:

https://en.wikipedia.org/wiki/Post-quantum_cryptography

In contrast to the threat quantum computing poses to current public-key algorithms, most current symmetric cryptographic algorithms and hash functions are considered to be relatively secure against attacks by quantum computers.[2][11] While the quantum Grover's algorithm does speed up attacks against symmetric ciphers, doubling the key size can effectively block these attacks.[12] Thus post-quantum symmetric cryptography does not need to differ significantly from current symmetric cryptography.

The citation there is from a 2010 paper, which is old and is just saying that this is believed to be the case.

This page, a year old, says that it is believed that the weakening from use of Grover's algorithm is not sufficient to make AES-128 practically breakable, and that at some point in recent years it was determined that the doubling was not necessary.

https://crypto.stackexchange.com/questions/102671/is-aes-128-quantum-safe

Keeping in mind that I am about twenty years behind the current situation and am just skimming this, it sounds like the situation is that one cannot use an attack that previously had been believed to be a route to break some shorter key length AES using quantum computing, so as things stand today, we don't know of a practical route to defeat current-keylength AES using any known quantum computing algorithm, even as quantum computers grow in capability.

Because AES is NOT vulnerable to quantum computing.

I have not been following the quantum computing attacks on cryptography, so I'm not current here at all.

I can believe that current AES in general use cannot be broken by existing quantum computers.

But if what you're saying is that AES cannot be broken by quantum computing at all, that doesn't seem to be what various pages out there say.

https://crypto.stackexchange.com/questions/6712/is-aes-256-a-post-quantum-secure-cipher-or-not

Is AES-256 a post-quantum secure cipher or not?

The best known theoretical attack is Grover's quantum search algorithm. As you pointed out, this allows us to search an unsorted database of n entries in n−−√ operations. As such, AES-256 is secure for a medium-term against a quantum attack, however, AES-128 can be broken, and AES-192 isn't looking that good.

With the advances in computational power (doubling every 18 months), and the development of quantum computers, no set keysize is safe indefinitely. The use of Grover is just one of the gigantic leaps.

I would still class AES as quantum resistant, so long as the best-known attack is still some form of an exhaustive search of the keyspace.

Ah, thank you for that, then; that makes sense. And yeah, if there is a per-user key, then I'd expect it to be signing votes.

considers

Fedia.io appears to have a pretty complete history of comments and posts. Lemmyverse.net reports 78 posts, and that's about how many posts picks up. It doesn't see the votes, however.

Granted, I haven't tested the order in which votes are fetched. Maybe comments and posts get priority over votes, and if a user unsubscribes, that terminates fetching votes.

looks further

On lemmyverse.net, the community statistics read:

90 subscribed users. 1.9k active users.

That ratio is pretty dramatically out-of-whack with all other communities on lemmyverse. That's sufficient to place it in the top 100 communities on the Threadiverse by active users, which I believe includes vote activity.

But it has only 90 subscribers, which is way down the list.

The subscriber count I can believe, for a new community. But for the active user count to be that high, there'd need to be a very high proportion of user account activity, with few subscriptions.

EDIT: Additionally, if one sorts by active weekly users, every other community shown on the same visible page in the lemmyverse community list -- the communities with a roughly comparable active user rate -- has between an order of magnitude and two orders of magnitude more comments. So basically, very few of these users could be commenting, but a high proportion would need to be voting.

EDIT2: Okay, moist.catsweat.com is another mbin instance that has indexed the community. Unlike fedia.io, that instance does have votes for the past few posts, and while there are a lot of upvotes relative to comments, one can see the users users doing so, and they appear to be real users, not bots. It's a lot of upvotes for a new community, but that could be just unusual, and I'd believe that the propagation of votes is due to lemmy quirks.

Sorry, @Deceptichum@quokk.au. Just didn't want to have spammers abusing the system. This is probably legit; I'll withdraw my concerns.

An instance needs to have a subscribed user to get the posts and comments, which have shown up. The votes, however, are absent.

I believe that the basic metric of trust is instance-level. That is, it's the TLS certificates and whether-or-not an instance is federated that is the basis of trust. I don't think that users have individual keys -- I mean, it'd be meaningless to generate one rather than just trusting a home instance without client-side storage, and that definitely doesn't exist.

Having client-side keys would potentially, with other work, buy some neat things, like account portability across instances.

But the problem is that, as you point out, any solution on vote trust can't just be user-level keys, unless every admin is gonna police who they federate with and maintain only a network of instances that they consider legit. Once I federate with an instance, I grant it the right to create as many accounts as it wants and vote how it wants. And keep in mind that ownership of an instance could change. Like, an admin retires, a new one shows up, stuff like that.

I suppose that there's also a broader technical issue here. Like, Deceptichum's a real user, a regular on various communities I use. He comments, contributes. I don't much agree with him on, say, Palestine, but on the other hand, we both happily post images to !imageai@sh.itjust.works. I figure that he probably got in a spat with the !world@lemmy.world mods, was pissed, wanted to help get a little more suction to draw users. That's relatively harmless as the Threadiverse goes. This is some community drama.

But you gotta figure that if it's possible to have an instance reporting bogus vote totals, that it's possible for someone to have bogus vote totals at greater scale. So you start adding instances to the mix. Maybe generating users. Like, there are probably a lot of ways to manipulate the view of the thing.

And that's an attack that will probably come, if the Threadiverse continues to grow. Like, think of all the stuff that happens on Reddit. People selling and buying accounts to buy reputability, whole websites dedicated to that, stuff like that. There's money in eyeball time. There are a lot more routes to attack on the Threadiverse.

I don't know if that's a fundamental vulnerability in ActivityPub. Maybe it could be addressed with cryptographically-signed votes and some kind of web of trust or...I don't know. Reddit dealt with it by (a) not being a federated system and (b) mechanisms to try to detect bot accounts. But those aren't options for the Threadiverse. It's gotta be distributed, and it's gonna be hard to detect bots. So, I figure this is just the start. Maybe there has to be some sort of "reputability" metric associated with users that is an input to how their voting is reported to other users, though that's got its own set of issues.

The disparity in vote totals is between mbin and lemmy instances.

looks

So, I don't know what the beef between the !world@lemmy.world mods and you was, but...

That's a lot of activity for a new community. On Lemmy.today, I see 82 upvotes for the first article, which was apparently a week ago...and I assume that this is the first announcement.

https://lemmy.today/post/17163696?scrollToComments=true

lemmy.world shows the same thing for it.

Normally, Lemmy doesn't show users who have upvoted a post. Only admins can see that.

But Kbin and Mbin do, including on federated servers.

So, I can look at the upvotes for that post; mbin shows them on the "favorites" tab.

Fedia.io is an mbin instance.

When I go to the most recent !world@quokk.au post on Fedia.io, however, all of those votes that your community is reporting disappear. It shows virtually no upvote activity.

https://fedia.io/m/world@quokk.au

In fact, no post in that community has more than four upvotes. Most of them, you've upvoted. But I don't see a lot of other users there. One or two.

Now, that might just be some kind of mbin bug. But the posts on !world@lemmy.world look pretty much the same on lemmy.today and fedia.io. It shows real users generating those upvotes.

Now, okay. Maybe it's just me being cynical and skeptical. But this is your home instance, yeah? You wouldn't have anything to do with that instance possibly reporting incorrect vote totals on posts on your new community, right?

And keep in mind, I'm not saying that more competition for communities is a bad thing. More options, let users choose what they want. But I'd also think that having an instance report accurate numbers to help them make that choice is important. And if they aren't accurate, that ain't a great start for the community, in my book.

EDIT: Looking further, it looks like it's just a very high upvote count for a new community relative to age and comments, but I was able to look at the users doing the voting on another instance, and the users doing so don't appear to be bots; that's coupled with some oddity of vote propagation; I detailed this in a follow-up comment. Sorry, Deceptichum! I don't believe that there's any funny business going on.