This series of graphs https://www.bmj.com/content/bmj/387/bmj-2024-082194/F1.large... shows that whilst those two professions are at the bottom of the distribution they are not particularly outlying and cherry picking of those professions has occurred. The statistical analysis should have adjusted for picking the best 2 occupations of the 443 in the study. That would likely show very little statistical significance.
This is good work. I wish branch predictor were better reverse engineered so CPU simulation could be improved. It would be much better to be able to accurately predict how software will work on other processors in software simulation rather than having to go out and buy hardware to test on (which is the way we still have to do things in 2026)
It's fascinating that you can get to the level of atomic material properties as a spinning top hacker. Diamond seems like it'd be the obvious winner, if you could somehow get a perfectly polished and smooth surface.
I'd love to see a small Prince Rupert's drop for a tip and a ruby/sapphire spinning surface - you'd need to make a ton of drops, probably, but having a round, nearly spherical contact geometry and super smooth surface seems like a winning combo.
Only 2 students actually used an LLM in his exam, one well and one poorly so I'm not sure there is much you can draw from this experience.
In my experience LLMs can significantly speed up the process of solving exam questions. They can surface relevant material I don't know about, they can remember how other similar problems are solved a lot better than I can and they can check for any mistakes in my answer. Yes when you get into very niche areas they start to fail (and often in a misleading way) but if you run through practise papers at all you can tell this and either avoid using the LLM or do some fine tuning on past papers.
An interesting idea but in theory just three correct pass codes and some brute force will reveal the secret key so you'd have to be very careful about only inputting the pass code to sites that you trust well.
It's definitely computable on a piece of paper and reasonably secure against replay attacks.
Thinking about it, there are only 10 billion different keys and somewhat fewer sboxes.
So given a single pass code and the login time, you can just compute all possible pass codes. Since more than one key could produce the same pass code, you would need 2 or 3 to narrow it down.
In fact, you don't even need to know the login time really, even just knowing roughly when would only increase the space to search by a bit.
Also @MattPalmer1086 the best solution for this I have now is to have several secret keys and rotate usage. Would be nice to have some additional security boosts.
Key rotation among a set of keys only partially mitigates the issue (have to obtain more samples).
It has it's own synch problems (can you be sure which key to use next and did the server update the same as you, or did the last request not get through?).
This post on security stack exchange seems relevant.
Yep, I am aware, 2 or 3 OTP's and timestamps plus some brute forcing using the source-code. Server-side brute force by input should or could be implausible.
But that is why I am signaling here that I would love a genius or a playful expert/enthusiast contributing a bit or two to it - or becoming a co-author.
I'm not an expert, but roughly know the numbers. Usually with password-based key derivation, one would increase resource needs (processor time, memory demand) to counter brute forcing. Not an option for a human brain, I guess.
So the key would have to be longer. And random or a lot longer. Over 80 random bits is generally a good idea. That's roughly 24 decimal digits (random!). I guess about 16 alphanumerical characters would do to, again random. Or a very long passphrase.
So either remember long, random strings or doing a lot more math. I think it's doable but really not convenient.
A handful of words is generally more memorizable than the same number of bits as a random alphanumeric string. You wouldn’t need a very long pass phrase for 80 bits as long as you’re using a large dictionary.
Thank you! I really appreciate the kind words regarding performance.
Yes, it is fully self-sustaining. In fact, for the last 5 years, it has been my main full-time source of income, running entirely as a bootstrapped project from Croatia.
The revenue comes primarily from ads, plus a smaller portion from Premium ad-free subscriptions. Since I focus heavily on keeping infrastructure costs low (optimized .NET code + moving storage from S3 to Wasabi), the margins are healthy enough to be a very viable, bootstrapped full-time business.
That’s really awesome to have a viable self bootstrapped project! Did you have to spend a lot of time maintaining it or deal with customer support after the initial launch? A low maintenance yet viable business would truly be the dream!
It is pretty close to that dream scenario now, yes.
Because the tech stack is stable (and fully matured), I almost never have to deal with 'emergency' technical support or bug fixes. The servers just hum along.
I do handle customer support myself, but the volume is very low relative to the traffic. 90% of the tickets are just non-technical questions about billing or ad-free subscriptions.
This low-maintenance overhead is exactly what allows me to work on new features or experiment with new projects (like my upcoming AI drawing school) without burning out.
reply