Indeed. I was thinking of ways to generalize for the case where a default isn't desired, then decided against introducing that complexity in the example, then forgot that I could re-simplify further.
With asymmetric crypto, you must also send by courier the root certificates (downloading Chrome or Firefox just fulfills the role of a courier that is not very trustworthy).
There exists absolutely no method of secure communication that does not depend on a piece of information that is transmitted separately, through a presumed trustworthy courier. All the existing methods only attempt to minimize the amount of information that must be sent through the secure courier.
With symmetric crypto without digital signatures but with some kind of Diffie-Hellman, you must send by courier only a pre-shared key that is used only for computing message-authentication codes that are used only in the couple of packets used in a key-exchange algorithm, when establishing a secure connection.
Using only symmetric crypto, secure communication can be performed in pretty much the same way as with asymmetric crypto, by generating fresh random session keys for every connection.
The only difference is that the key exchange packets are authenticated with a MAC using a pre-shared key, instead of being authenticated with digital signatures and a chain of certificates going to trusted root certificates.
If for some weird reason one would not want to use a Diffie-Hellman variant (e.g. with elliptic curves) to protect the session keys, one could use another pre-shared key only for encrypting the key-exchange packets.
There are only two advantages for asymmetric crypto, when used for secure communication connections.
The first is provided by Diffie-Hellman in any of its variants, which ensures perfect forward secrecy, i.e. even knowing all the content of some sessions, including their secret keys, that does not allow the decryption of other sessions. Without Diffie-Hellman, if the pre-shared encryption key that is used to protect the key exchange packets is captured, all recorded sessions could be decrypted. This can be only partially avoided by changing that key frequently, which would prevent the decryption of past sessions, but not the decryption of future sessions.
The second advantage is provided by the authentication of the key exchange with digital signatures instead of MACs based on pre-shared keys, which is the possibility of half authentication, where the server is authenticated based on the certificates provided by it, but the client is not authenticated, which is the most frequent kind of secure communication used on the Internet.
For communication inside a closed environment, i.e. a private network, using key exchange authentication based on pre-shared keys (but with elliptic-curve Diffie-Hellman for protecting the session keys) can be simpler, faster and more secure than using digital signatures and certificates.
While in the beginning I have used your metaphor about sending a pre-shared key or the root certificates by courier, the normal mode of transferring pre-shared authentication keys is by initial physical pairing (e.g. cable connection) of the devices that must be able of communicating securely between themselves.
---
By analyzing a memory snapshot from the flycast emulator, I found that the buffer at 8cfffb34 holds the visible portion of the initials you type in. But if you keep typing, the characters you put in before get pushed into the buffer at 8c3abf18.
After loading the memory snapshot into Ghidra, I found that the function at 8c0334d8 reads this buffer. It performs a transformation on the buffer and then checks whether the transformed value is a list of six special ones.
---
I don't know exactly how flycast works but I've done similar things with other emulators and you take an action in the game (take damage, type something), then search memory for that value. In this case the ascii code for the letter typed. Keep doing this until you've narrowed down a single block of memory that holds everything you've done
No, but those actual questions are not all completely clear.
Take the baseline query, "How can I take ducks home from the park?". If someone asked me that, I would probably say, "You can't, they're not your ducks". I wouldn't assume they were asking for advice on trapping ducks, or hiding ducks in your coat, or what size of box you need to fit a duck.
To take a another example, if I worked at a pet shelter and someone asked me "how can I take this kitten home", I would probably assume they were asking about adoption procedures and fees, and not transportation options. Although maybe they are asking about pet carriers?
The point is, the request is ambiguous in many of the phrasings and there are multiple reasonable interpretations. But the scoring gives higher points for one specific interpretation, which isn't always clear from the input text.
> If someone asked me that, I would probably say, "You can't, they're not your ducks"
Wow, I would never say that. Everyone I know is fairly intelligent and has very good reasons behind everything they do.
I'd ask questions like "How's the security?" and "Have you decided what we're gonna do with the ducks afterwards?". Then I'd help them with both the planning and execution to the best of my abilities
What's the probability that someone doesn't know that capturing wildlife is usually illegal vs the probability that they are, for example, rescuing the ducks from an environment where they are rapidly dying? In my life the odds would be 1:infinity. So assuming that the former scenario is true would be an incredibly uncharitable thing to do
If you're simply using efficient as a synonym for better, then every improvement is tautologically more efficient than what it immediately replaces. But solid state transistors were pursued specifically for their reduced power consumption while their scalability, which at the time was an afterthought, wound up making them revolutionary.
I suspect AI went that way in radiology not because of the chances of False Negatives, but because radiologist are entrenched in the system and will not yield an insanely lucrative stream of revenue.
Medical Scans are reviewed abroad. This practice started in Dentistry in the 90s/early 2000s but expanded to Radiological scans as well. At this point most CT, MRI, and XRay scans in the US have a first pass analysis done by doctors in India+Pakistan.
Medical billing has also been offshored to India+Pakistan btw
In general, a lot of back office Dental+Medical functions were outsourced in the 2000s+2010s.
It'll be very difficult getting most pentesting apps to work in a sandbox anyway. It was difficult enough to move away from root and a ton of things will still need sudo.
But it's ok, this is not the kind of distro where this matters. It's not for general work and targeted at users that really know what they're doing.
