Check out marginalia[1]. Whenever you press M-x, it will pop up a buffer showing all the commands (with most recent ones on top) along with their keybindings and a brief description of what they do.
Embark[2] is also cool. It will show all the possible commands relevant to where the cursor is at that moment. I bind it to C-c a.
The video adds a lot of extra stuff beyond what is in the NY Times video: There is an interview with one of the test takers; a description of three possible correct answers (1, 3, or 4, depending on the perspective); a video demonstration of several ways to compute it; and an interesting discussion about sidereal time.
Not that you were implying otherwise, but in this case I feel the video adds quite a bit more material and a more complete story beyond the NY Times piece. In reading the NY Times piece, I would leave with the conclusion that the correct answer was not one of the options. After watching the video, I would leave with the conclusion that the question was ambiguously written leading to multiple possible answers, one of which was there, but two other valid answers were not there.
The guy interviewed in the video said he answered "3", but then later when asked, said he got an 800 (perfect score). So he must have answered every other question correctly!
WPA2 uses AES-CCMP-128 which is not efficient (or even feasible) for high data rates as it cannot be parallelized. WPA3 uses GCMP-128 or GCMP-256, which (in the case of 256-bit) is stronger security and also can achieve gigabit level speeds or higher due to being able to parallelize the encryption.
WPA2 is susceptible to offline-dictionary attack and the cost is quite low (less than $10), especially with cloud computing. WPA3 is resistant to offline dictionary attack.
If an adversary knows the WPA2 passphrase, the adversary can eavesdrop on connections between the AP device and the station device. In comparison, in WPA3, even if an adversary knows the passphrase, the adversary will not be able to decrypt communications between the AP and the station device. The adversary is still able to gain access to the network, but the attack surface area has been reduced.
WPA3 uses HMAC-SHA256 for key derivation, whereas WPA2 uses HMAC-SHA1. NIST and other cryptography agencies have recommended against the use of SHA1 in cryptographic systems due to known weaknesses.
WPA3 has many advantages over WPA2. In addition, most of the implementation for WPA3 is in software and also available as open source.
> WPA2 is susceptible to offline-dictionary attack and the cost is quite low (less than $10), especially with cloud computing.
I agree that offline attacks are a threat to WPA2, but do you have a cost breakdown/source/? for that cost figure? The attack to me is still in the realm of unlikely if not using a common, rainbow-tabled SSID and/or very simple password.
I am not involved in the GPU cloud compute area, so I only did a very quick check on EC2 GPU instance pricing. At about 10$ that translates to about 2 hours of g5.12xlarge with 4 high end GPUs. I am not familiar with these models, but I am assuming they are comparable to high end, current gen GPUs. To me 8 GPU hours sounds a bit on the low side, even for relatively weak passwords. For reference, it seems an RTX 3090 does about 1 MH/s [1]. 8 GPU hours on that card translates roughly to 230 billion (230x10^9) password variants, a lot, but not overwhelmingly a lot. An 8 character lower+upper+digit is estimated at about 47 bits, so roughly 140x10^12. A wordlist+mutation is likely far more efficient than a naive attack. I am on the fence whether this makes for a reasonable 10$ real world attack.
>WPA3 uses HMAC-SHA256 for key derivation, whereas WPA2 uses HMAC-SHA1. NIST and other cryptography agencies have recommended against the use of SHA1 in cryptographic systems due to known weaknesses.
AFAIK SHA1 is only broken with respect to preimage/collision attacks. For generating random bits it's still perfectly fine. In other words, sha1 is broken, but not in ways that matter for its use in WPA2.
> susceptible to offline-dictionary attack and the cost is quite low (less than $10)
Only if it's a common password... you're saying this like it's a given, like you can break into anyone's WiFi for less than $10 after capturing a correct authentication challenge+response from a legitimate user.
If you have a stupid ISP in the area that uses crackable passwords, or tech-savvy users that change the password to something stupid, perhaps you'll have a decent recovery rate, but otherwise I'd estimate it's far below even odds whether this gets you into any given network.
Putting a dollar price on cracking a hash is like putting a dollar price on fresh air: if you have a laptop standing around, it's practically free to try a few million passwords; if you need a GPU farm, it may cost ten thousand euros; and it may be impossible if it's just not crackable (27 chars alphanumeric is just not possible, also not with a quantum computer in a thousand years, but you don't know that when all you've got is the challenge-response hash).
I do something similar, but I use a bash script with rofi to display a menu of available profiles. I then bind a hotkey (Super-Shift-P for Profiles) that launches the script.
I use Firefox for my daily driver, but for profiles I use librewolf. This makes it easier to keep things separated when using the window manager to switch between windows of the same class (which I bind to Super-`).
#!/usr/bin/env bash
BROWSER="librewolf"
typeset -A menu
# empty value means value is the same as the key
menu["personal"]=""
menu["banking"]=""
rofi_args=(
-p "$BROWSER profile"
-dmenu
-i # case-insensitive
-font "Hack 20"
)
if selection=$(printf "%s\n" "${!menu[@]}" | sort -u | rofi "${rofi_args[@]}"); then
profile=${menu[$selection]}
profile=${profile:-$selection}
nohup "$BROWSER" -P "$profile" &>/dev/null &
fi
Mercedes is taking legal liability for all actions of the car while it is in L3 autonomous mode, which Mercedes calls "Drive Pilot." That feels like more than a marketing gimmick, especially since no other automakers have assumed liability like this (that I know of). I am in stop-and-go traffic on the highway all the time during rush hour, it would still be beneficial to just read a book or work on my laptop while the car drives, even in that limited circumstance.
And taking legal liability in very narrow (essentially useless) circumstances is exactly why it’s a marketing thing. It’s to make it seem like they have an advanced system when there is no evidence of them having it or having any realistic path forward.
It may be a point worthy of discussion: Probably in the "old days", government agencies would pay for ads in print newspapers or magazines or for radio ads. Similarly, if the government (except for members of Congress) send mail via US Postal Service, the government has to pay the postage.
So it's not a totally crazy question to ask if a government agency should have to pay a fee to use a private service like Twitter.
Presumably the government agency would have to do a cost/benefit analysis on running their own service versus paying to outsource it.
