There's a lot more to morphology than just the shape of the shell, and indeed the shape can sometimes be misleading, in that very different species can have somewhat similar shells, and different individuals of the same species can have quite different shell shapes. You've got a gasteropod, so it would be good to pay special attention to the peristome and siphonal canal (based on the bio classes I took in the area, I'm no expert) but of course there's lots of features that could be helpful in an identification.

https://en.wikipedia.org/wiki/Gastropod_shell#Parts_of_the_s... is a good list, and maybe you've already done this but you would want to find a dichotomous key of gasteropod families native to the area to narrow it down. Good luck in figuring out your shell!

I don't know if anyone has actually done this in practice. Does it work?

Here is a 6-part article about the topic: https://blog.cr.yp.to/20251004-weakened.html

ML-KEM based on a lattice problem called "Learning With Errors", and there are similar lattice-based algorithms which have no known quantum speedup. Most traditional asymmetric encryption algorithms are based on number-theoretic assumptions like the discrete logarithm problem or the RSA assumption, which are broken by Shor's algorithm.

Symmetric cryptography (AES and SHA hash functions) are post-quantum resistant for now. Grover's algorithm technically cuts their asymptotic security in half, but that doesn't parallelize, so practically there is no known good quantum attack, and cryptographers and standards agencies tend to not worry about that. You can keep using those.

[edit: according to the sister comment posted simulataneously ML-KEM is faster than X25519. good to know!]

https://bas.westerbaan.name/notes/2026/04/02/factoring.html

It doesn't say much by itself, but it has four very good links on the subject. One of these has a picture of the smallest known factor-21 circuit, which is vastly larger than that of the factor-15 circuit, and comparable to much larger numbers. Another is Scott Aaronson's article making the analogy of asking factoring small numbers as asking for a "small nuclear explosion" - if you're in 1940 and not able to make a small nuclear explosion, that doesn't mean you're much farther away from a big nuclear explosion.

There was a comment in another post on the front page about how anyone "remotely technical" can set up a docker container, and I think this is a good example because the mechanics of it are simple (edit a couple text files, run a couple commands), but half the world couldn't tell you what a terminal is and they're focused on other things in life instead of learning how computers work. Cloud succeeded because cloud is easy (at least in the beginning), it's that simple.

If we are to solve this problem, we're going to have to make self-hosting easy enough for the average 7-8 year old to do it without struggling. One promising way forward is with local-first E2EE sync and backup. The only good implementation I know of personally is Obsidian Sync, which has a UX that I adore, and hope to see more of in the future. There's other good options too, but none that I'd feel comfortable trusting a seven-year-old to execute correctly first try.

Would you consider making available a video showing someone using the app?

I've tried it various times over the last couple years, using different browsers with various privacy settings enabled and a VPN.

I can get good partial results and am able to reset my fingerprint by changing my OS and browser at the same time, so it's not entirely there with regards to sniffing the hardware. But I can never revisit the site and have it not recognize me. Is there no one but me using (for example) Debian testing Librewolf with resistFingerprinting on Proton VPN? If there are others, then resistFingerprinting is doing a bad job hiding my hardware.

That's depressing! Despite our genuine best efforts, enough identifiers leak that it seems to me there's no practical solution. I am genuinely at a loss for what we can do.

(If you're reading this and think it doesn't matter, it's possible you're not realizing that this means that any site collecting and storing these identifiers now will be able to talk to any site in the future and link your identity. Your past actions on every website on a given piece of hardware are liable to be linked to create a detailed profile in the future, so even if Reddit and Pornhub and Discord and the government aren't talking to each other now, you can put some decent probability in the fact that if they decided to share identifiers, they could link all your historical (signed out) activity to your real-world identity without much effort. I use those sites as examples because they're sites where people tend to generate information that they may want private, but they visit using the same hardware identifiers.)

There's definitely problems but the solution isn't to make the iPhone a general purpose computer. We definitely need to defend the existence of general purpose computing at a time where regulation is likely to begin encroaching on it, but the promise of the App Store is "pay a 30% tax and any app you download here will be safe." In my mind, at least, that's the promise, and perhaps one solution to the situation would be to erect consequences to breaking that promise.

Yes, this has the side effect of making them more money and allowing a walled garden to form, but given that the vast majority of users wouldn't do anything different with their phones if a shell was present, this is in my opinion not that large of an effect.

The snide around "clicking on links is dangerous" and locking down the bootloader is unwarranted, because for most people a phone is not a toy (or at least, not just a toy) - it has their communications history, their bank information, their passwords, any many more. And it's really easy to steal people's phones on the subway. This isn't about freedom of computing, this is about the fact that an iPhone in BFU is nearly as secure as a GrapheneOS phone.

There are many problems with Apple software. It's buggy, uses proprietary formats that you can't export, and interoperable with open standards. It's bad, and is the primary reason why I won't buy another iPhone, but Macs have that same problem. On the other hand, being cryptographically locked-down is an optional feature. If you don't like it, buy a computer without that feature. It's harmful to us, to tinkerers and people who want to see how things work, but the average person does not care at all and just wants to be able to open LOVE-LETTER-FOR-YOU.TXT.vbs without having their 401k get drained.

Can you give an example of how less private solutions will benefit them and their sponsors? I could see big tech / adtech and government surveillance benefitting but I don't think they're the ones behind this push.

As another example, consider the "small web" community, say at Bear Blog, which is a group of technically sophisticated people who routinely complain about the harms of traditional social media. I doubt most of them would support this particular implementation, but they show that there is popular support for solving the ills of at least one of the targets of this legislation.

So to answer your question, yes, I do see this as an attempt to protect people. The restriction of free speech is in my opinion a side effect of this legislation opening the way to worse-designed laws in the future.

Let's try to figure out what a good policy solution looks like:

- entities with harmful or adult content must require proof of the user being over 18

- entities cannot ask for, store, or process more detailed information without explicit business needs (this should be phrased in a way that disallows Instagram from asking for your birth year, for example)

- entities cannot share this data with other sites, to avoid privacy leaks, unless there is an explicit business need (this is tricky to get right; someone might try to set up a centralized non-anonymous age-verification service, erasing many benefits)

- entities must in general not store or process information about the user that is not strictly relevant to their function

- there ought to be different treatment for anonymous users (which ideally these protocols will allow, just submit proof of work plus a ZKP that you are a human and authorized to access the resource) compared to pseudonymous and non-anonymous users, who are more at risk of being censored or tracked.

There's some loopholes here, but if the government can enact good policy on this I personally think it's feasible. Please share your thoughts, if you have a minute to do so.

There's also an interesting political split to note among the opposition here. I see a lot of people vehemently against this, and as far as I can see this is largely for concerns regarding one of 1) privacy abuses, 2) censorship, or 3) restriction of general computing. Still, there is a problem with harmful content and platforms on the web. (Not just for minors, I don't think we should pretend it doesn't harm adults too.) The privacy crowd seems to be distinctly different from the computing-freedom crowd; the most obvious example is in attitudes towards iOS. As I personally generally align more towards what I perceive as the privacy-focused side, I'm very interested in what people more focused on software freedom think about zero-knowledge proofs as a politically workable solution here.

The easiest source of this is local network attacks, and it's not that unusual. In this case you could imagine a teacher at school who knows how to use Metasploit.

It doesn't seem like it has to be local network, though, the computer just has to receive the packet somehow. So for example if the watch loads a website or connects to some service on the internet (firmware updates, cloud sync, telemetry, whatever), an attacker could try to receive/intercepts/redirect that traffic and serve the payload through that channel.

You might need the watch has no certificate pinning or weak certificate validation if it's using TLS but IoT devices often skip TLS.

Let me know if I'm misunderstanding the quote.

In the related links at the bottom, https://gdir.telae.net/links.html, the Git repo https://github.com/pafoster/gdir.telae.net is available along with some other cool things.

For example, Scott Alexander wrote in 2014 on his blog Slate Star Codex about how Omega-3 lowers crime rates and Omega-6 increases crime rates. And he links to some cool RCTs where you can check the methodology yourself.

https://slatestarcodex.com/2014/02/18/proposed-biological-ex...

Eat your fish!

I found some search results about Texas Instruments' digital signal processors using 16-bit bytes, and came across this blogpost from 2017 talking about implementing 16-bit bytes in LLVM: https://embecosm.com/2017/04/18/non-8-bit-char-support-in-cl.... Not sure if they actually implemented it, but that was surprising to me that non octet bytes still exist, albeit in a very limited manner.

Do you know of any other uses for bytes that are not 8 bits?

I'm aware of the programs Snowden revealed, Tempora / XKeyscore / Longhaul / the like, plus I've heard J. Edgar Hoover did bad things and lots of CIA meddling internationally was bad. Still, these seem qualitatively different to the explicit blackmail you're referring to.

Do you (or someone else reading this) know of historical examples that demonstrate a pattern of this sort of thing? You can interpret "this sort of thing" as you wish.

That's a lot to ask for on the spot, so if not, I would be interested in what generally makes you approach the situation from this cynical angle, especially given that it's the FBI. In my experience, which is fairly limited but is as a US citizen, most of the time the US government mostly follows the law and doesn't do this sort of thing to citizens.