Search

712 results for “hellmanmd”

das nd @[email protected] · 2022-11-29 · 14:00 UTC

Im letzten Gruppenspiel der #WMQuatar zwischen #Iran und den #USA geht es um viel mehr als das Achtelfinale. Was, hat Frank Hellmann aufgeschrieben: https://www.nd-aktuell.de/artikel/1168901.fussball-wm-in-katar-das-politischste-spiel.html

#usa #iran #wmquatar
✍️ #MorpurgoMedia.nl @[email protected] · 2025-02-06 · 08:05 UTC

Is dat allemaal wel haalbaar, anti-Amerika?
Geen gebruik meer maken van:
#schrijvers, #muziek, #films, #Nike, #Levis, #Netflix, #autos, #Heinz, #Hellmans, #Starbucks, #McDonalds, #BurgerKing, #Apple, #Google, #Microsoft, #Meta, #Bluesky, #Garmin, #Duolingo en #Nieuws.
#MakeEuropeGreatAgain is dan een term die we zeker niet meer moeten gebruiken.
https://www.bnnvara.nl/joop/artikelen/make-europe-great-again

#schrijvers #muziek #films #nike #levis #netflix
Spektrum (inoffiziell) @[email protected] · 2023-01-27 · 12:00 UTC

In den 1970er Jahren kam es zu einer revolutionären Idee in der Kryptografie: Wer sicher kommunizieren wollte, veröffentlichte seine Schlüssel – ein Albtraum für die NSA.
Die fabelhafte Welt der Mathematik: Der Algorithmus, der die NSA in den Wahnsinn trieb
#Kryptografie #FabelhafteMathematik #Diffie-Hellman #NSA #Cybersecurity #Algorithmus #Verschlüsselung #Zahlentheorie #Mathematik #ITTech

#mathematik #verschlusselung #cybersecurity #nsa #algorithmus #kryptografie
LOVE NBA @[email protected] · 2025-11-01 · 10:56 UTC

https://www.lovenba.com/1658280/ Jamison Battle CLUTCH Shooting SAVES Raptors vs Cavs #AtlanticDivision #Basketball #BrandonIngram #EasternConference #HelloAndWelcome #JamisonBattle #JamisonBattleVsCavaliers #NBA #Raptors #RaptorsDigest #RaptorsNation #RaptorsNews #RaptorsPodcast #RaptorsPostGame #RaptorsRecap #RaptorsRepublic #RaptorsVsCavs #RaptorsVsCavsHighlights #RaptorsVsCavsRecap #RjBarrett #ScottieBarnes #TorontoRaptors #TorontoRaptorsHighlights #TorontoRaptorsNews

#raptorsvscavs #raptorsvscavshighlights #raptorsvscavsrecap #rjbarrett #scottiebarnes #torontoraptors
RAWCHILI @[email protected] · 2025-06-23 · 18:21 UTC

The PERFECT NBA Draft For the Toronto Raptors https://www.rawchili.com/4346810/ #2025NbaDraft #basketball #CarterBryantRaptors #CollinMurrayBoylesScoutingReport #DerikQueenRaptors #HelloAndWelcome #NBA #NBADraft #NbaDraftRaptors #NbaTradeRumors #Raptors #RaptorsDigest #RaptorsNbaDraft #RaptorsNews #RaptorsPodcast #RaptorsRecap #RaptorsRepublic #RaptorsTradeRumors #ScottieBarnes #TorontoRaptors #TorontoRaptorsDraft #TorontoRaptorsHighlights #TorontoRaptorsNews #TorontoRaptorsTrades #TorontoRaptors

#torontoraptorstrades #torontoraptorsnews #torontoraptorshighlights #torontoraptorsdraft #torontoraptors #scottiebarnes
RAWCHILI @[email protected] · 2025-06-23 · 18:21 UTC

The PERFECT NBA Draft For the Toronto Raptors https://www.rawchili.com/4346810/ #2025NbaDraft #basketball #CarterBryantRaptors #CollinMurrayBoylesScoutingReport #DerikQueenRaptors #HelloAndWelcome #NBA #NBADraft #NbaDraftRaptors #NbaTradeRumors #Raptors #RaptorsDigest #RaptorsNbaDraft #RaptorsNews #RaptorsPodcast #RaptorsRecap #RaptorsRepublic #RaptorsTradeRumors #ScottieBarnes #TorontoRaptors #TorontoRaptorsDraft #TorontoRaptorsHighlights #TorontoRaptorsNews #TorontoRaptorsTrades #TorontoRaptors

#2025nbadraft #basketball #carterbryantraptors #collinmurrayboylesscoutingreport #derikqueenraptors #helloandwelcome
🌈Paula_Miller_1910🌈✅ @[email protected] · 2023-05-24 · 17:47 UTC

„Solidarischer als #Bayern und #Dortmund kann man nicht sein.“ - Ich hätte nicht gedacht, dass ich heute noch so herzhaft lachen kann. #DFL #Investorendeal #Watzke #Hellmann #Ausverkauf

#bayern #dortmund #dfl #investorendeal #watzke #hellmann
European Mathematical Society @[email protected] · 2026-04-27 · 15:18 UTC

MOSS Season 2 continues next week.
🎙️ Benjamin Wesolowski (CNRS & ENS Lyon, France)
Talk title: Random walks in number-theoretic cryptology
🗓️ Thursday, 7 May 2026 • 🕓 4:00 PM CEST • Online
Abstract: Cryptography met number theory in 1976, when Diffie and Hellman achieved what had long been considered impossible: a protocol for two people to exchange secret information on a public channel, even if they had never met before to establish some kind of password, a pre-shared key. Diffie and Hellman designed the protocol such that a spy attempting to find the secret would need to solve a presumably hard computational problem: the discrete logarithm problem in the multiplicative group of a finite field.
Since then, number theory has consistently met the challenges of cryptography, offering a variety of difficult algorithmic problems and powerful tools for their analysis. In this talk, we will explore this “mathematical cryptology”, with a focus on euclidean lattices (designed to resist against quantum computers), the use of random walks, and how spectral methods in number theory apply to cryptology.
----------------------------------------------
Scan the QR code in the image to join the mailing list and receive the online access link.
#Mathematics #NumberTheory #Cryptography #Lattices #PostQuantum #MOSS #EMS

#ems #moss #postquantum #lattices #cryptography #numbertheory
European Mathematical Society @[email protected] · 2026-04-27 · 15:18 UTC

MOSS Season 2 continues next week.
🎙️ Benjamin Wesolowski (CNRS & ENS Lyon, France)
Talk title: Random walks in number-theoretic cryptology
🗓️ Thursday, 7 May 2026 • 🕓 4:00 PM CEST • Online
Abstract: Cryptography met number theory in 1976, when Diffie and Hellman achieved what had long been considered impossible: a protocol for two people to exchange secret information on a public channel, even if they had never met before to establish some kind of password, a pre-shared key. Diffie and Hellman designed the protocol such that a spy attempting to find the secret would need to solve a presumably hard computational problem: the discrete logarithm problem in the multiplicative group of a finite field.
Since then, number theory has consistently met the challenges of cryptography, offering a variety of difficult algorithmic problems and powerful tools for their analysis. In this talk, we will explore this “mathematical cryptology”, with a focus on euclidean lattices (designed to resist against quantum computers), the use of random walks, and how spectral methods in number theory apply to cryptology.
----------------------------------------------
Scan the QR code in the image to join the mailing list and receive the online access link.
#Mathematics #NumberTheory #Cryptography #Lattices #PostQuantum #MOSS #EMS

#ems #moss #postquantum #lattices #cryptography #numbertheory
European Mathematical Society @[email protected] · 2026-04-27 · 15:18 UTC

MOSS Season 2 continues next week.
🎙️ Benjamin Wesolowski (CNRS & ENS Lyon, France)
Talk title: Random walks in number-theoretic cryptology
🗓️ Thursday, 7 May 2026 • 🕓 4:00 PM CEST • Online
Abstract: Cryptography met number theory in 1976, when Diffie and Hellman achieved what had long been considered impossible: a protocol for two people to exchange secret information on a public channel, even if they had never met before to establish some kind of password, a pre-shared key. Diffie and Hellman designed the protocol such that a spy attempting to find the secret would need to solve a presumably hard computational problem: the discrete logarithm problem in the multiplicative group of a finite field.
Since then, number theory has consistently met the challenges of cryptography, offering a variety of difficult algorithmic problems and powerful tools for their analysis. In this talk, we will explore this “mathematical cryptology”, with a focus on euclidean lattices (designed to resist against quantum computers), the use of random walks, and how spectral methods in number theory apply to cryptology.
----------------------------------------------
Scan the QR code in the image to join the mailing list and receive the online access link.
#Mathematics #NumberTheory #Cryptography #Lattices #PostQuantum #MOSS #EMS

#ems #moss #postquantum #lattices #cryptography #numbertheory
European Mathematical Society @[email protected] · 2026-04-27 · 15:18 UTC

MOSS Season 2 continues next week.
🎙️ Benjamin Wesolowski (CNRS & ENS Lyon, France)
Talk title: Random walks in number-theoretic cryptology
🗓️ Thursday, 7 May 2026 • 🕓 4:00 PM CEST • Online
Abstract: Cryptography met number theory in 1976, when Diffie and Hellman achieved what had long been considered impossible: a protocol for two people to exchange secret information on a public channel, even if they had never met before to establish some kind of password, a pre-shared key. Diffie and Hellman designed the protocol such that a spy attempting to find the secret would need to solve a presumably hard computational problem: the discrete logarithm problem in the multiplicative group of a finite field.
Since then, number theory has consistently met the challenges of cryptography, offering a variety of difficult algorithmic problems and powerful tools for their analysis. In this talk, we will explore this “mathematical cryptology”, with a focus on euclidean lattices (designed to resist against quantum computers), the use of random walks, and how spectral methods in number theory apply to cryptology.
----------------------------------------------
Scan the QR code in the image to join the mailing list and receive the online access link.
#Mathematics #NumberTheory #Cryptography #Lattices #PostQuantum #MOSS #EMS

#mathematics #numbertheory #cryptography #lattices #postquantum #moss
European Mathematical Society @[email protected] · 2026-04-27 · 15:18 UTC

MOSS Season 2 continues next week.
🎙️ Benjamin Wesolowski (CNRS & ENS Lyon, France)
Talk title: Random walks in number-theoretic cryptology
🗓️ Thursday, 7 May 2026 • 🕓 4:00 PM CEST • Online
Abstract: Cryptography met number theory in 1976, when Diffie and Hellman achieved what had long been considered impossible: a protocol for two people to exchange secret information on a public channel, even if they had never met before to establish some kind of password, a pre-shared key. Diffie and Hellman designed the protocol such that a spy attempting to find the secret would need to solve a presumably hard computational problem: the discrete logarithm problem in the multiplicative group of a finite field.
Since then, number theory has consistently met the challenges of cryptography, offering a variety of difficult algorithmic problems and powerful tools for their analysis. In this talk, we will explore this “mathematical cryptology”, with a focus on euclidean lattices (designed to resist against quantum computers), the use of random walks, and how spectral methods in number theory apply to cryptology.
----------------------------------------------
Scan the QR code in the image to join the mailing list and receive the online access link.
#Mathematics #NumberTheory #Cryptography #Lattices #PostQuantum #MOSS #EMS

#ems #moss #postquantum #lattices #cryptography #numbertheory
Neil Madden @[email protected] · 2024-09-18 · 19:52 UTC
Digital signatures and how to avoid them
Wikipedia’s definition of a digital signature is:
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature on a message gives a recipient confidence that the message came from a sender known to the recipient.
—Wikipedia
They also have a handy diagram of the process by which digital signatures are created and verified:
Source: https://commons.m.wikimedia.org/wiki/File:Private_key_signing.svg#mw-jump-to-license (CC-BY-SA)
Alice signs a message using her private key and Bob can then verify that the message came from Alice, and hasn’t been tampered with, using her public key. This all seems straightforward and uncomplicated and is probably most developers’ view of what signatures are for and how they should be used. This has led to the widespread use of signatures for all kinds of things: validating software updates, authenticating SSL connections, and so on.
But cryptographers have a different way of looking at digital signatures that has some surprising aspects. This more advanced way of thinking about digital signatures can tell us a lot about what are appropriate, and inappropriate, use-cases.
Identification protocols
There are several ways to build secure signature schemes. Although you might immediately think of RSA, the scheme perhaps most beloved by cryptographers is Schnorr signatures. These form the basis of modern EdDSA signatures, and also (in heavily altered form) DSA/ECDSA.
The story of Schnorr signatures starts not with a signature scheme, but instead with an interactive identification protocol. An identification protocol is a way to prove who you are (the “prover”) to some verification service (the “verifier”). Think logging into a website. But note that the protocol is only concerned with proving who you are, not in establishing a secure session or anything like that.
There are a whole load of different ways to do this, like sending a username and password or something like WebAuthn/passkeys (an ironic mention that we’ll come back to later). One particularly elegant protocol is known as Schnorr’s protocol. It’s elegant because it is simple and only relies on basic security conjectures that are widely accepted, and it also has some nice properties that we’ll mention shortly.
The basic structure of the protocol involves three phases: Commit-Challenge-Response. If you are familiar with challenge-response authentication protocols this just adds an additional commitment message at the start.
Alice (for it is she!) wants to prove to Bob who she is. Alice already has a long-term private key, a, and Bob already has the corresponding public key, A. These keys are in a Diffie-Hellman-like finite field or elliptic curve group, so we can say A = g^a mod p where g is a generator and p is the prime modulus of the group. The protocol then works like this:
1. Alice generates a random ephemeral key, r, and the corresponding public key R = g^r mod p. She sends R to Bob as the commitment.
2. Bob stores R and generates a random challenge, c and sends that to Alice.
3. Alice computes s = ac + r and sends that back to Bob as the response.
4. Finally, Bob checks if g^s = A^c * R (mod p). If it is then Alice has successfully authenticated, otherwise it’s an imposter. The reason this works is that g^s = g^(ac + r) and A^c * R = (g^a)^c * g^r = g^(ac + r) too. Why it’s secure is another topic for another day.
Don’t worry if you don’t understand all this. I’ll probably do a blog post about Schnorr identification at some point, but there are plenty of explainers online if you want to understand it. For now, just accept that this is indeed a secure identification scheme. It has some nice properties too.
One is that it is a (honest-verifier) zero knowledge proof of knowledge (of the private key). That means that an observer watching Alice authenticate, and the verifier themselves, learn nothing at all about Alice’s private key from watching those runs, but the verifier is nonetheless convinced that Alice knows it.
This is because it is easy to create valid runs of the protocol for any private key by simply working backwards rather than forwards, starting with a response and calculating the challenge and commitment that fit that response. Anyone can do this without needing to know anything about the private key. That is, for any given challenge you can find a commitment for which it is easy to compute the correct response. (What they cannot do is correctly answer a random challenge after they’ve already sent a commitment). So they learn no information from observing a genuine interaction.
Fiat-Shamir
So what does this identification protocol have to do with digital signatures? The answer is that there is a process known as the Fiat-Shamir heuristic by which you can automatically transform certain interactive identification protocols into a non-interactive signature scheme. You can’t do this for every protocol, only ones that have a certain structure, but Schnorr identification meets the criteria. The resulting signature scheme is known, amazingly, as the Schnorr signature scheme.
You may be relieved to hear that the Fiat-Shamir transformation is incredibly simple. We basically just replace the challenge part of the protocol with a cryptographic hash function, computed over the message we want to sign and the commitment public key: c = H(R, m).
That’s it. The signature is then just the pair (R, s).
Note that Bob is now not needed in the process at all and Alice can compute this all herself. To validate the signature, Bob (or anyone else) recomputes c by hashing the message and R and then performs the verification step just as in the identification protocol.
Schnorr signatures built this way are secure (so long as you add some critical security checks!) and efficient. The EdDSA signature scheme is essentially just a modern incarnation of Schnorr with a few tweaks.
What does this tell us about appropriate uses of signatures
The way I’ve just presented Schnorr signatures and Fiat-Shamir is the way they are usually presented in cryptography textbooks. We start with an identification protocol, performed a simple transformation and ended with a secure signature scheme. Happy days! These textbooks then usually move on to all the ways you can use signatures and never mention identification protocols again. But the transformation isn’t an entirely positive process: a lot was lost in translation!
There are many useful aspects of interactive identification protocols that are lost by signature schemes:
- A protocol run is only meaningful for the two parties involved in the interaction (Alice and Bob). By contrast a signature is equally valid for everyone.
- A protocol run is specific to a given point in time. Alice’s response is to a specific challenge issued by Bob just prior. A signature can be verified at any time.
These points may sound like bonuses for signature schemes, but they are actually drawbacks in many cases. Signatures are often used for authentication, where we actually want things to be tied to a specific interaction. This lack of context in signatures is why standards like JWT have to add lots of explicit statements such as audience and issuer checks to ensure the JWT came from the expected source and arrived at the intended destination, and expiry information or unique identifiers (that have to be remembered) to prevent replay attacks. A significant proportion of JWT vulnerabilities in the wild are caused by developers forgetting to perform these checks.
WebAuthn is another example of this phenomenon. On paper it is a textbook case of an identification protocol. But because it is built on top of digital signatures it requires adding a whole load of “contextual bindings” for similar reasons to JWTs. Ironically, the most widely used WebAuthn signature algorithm, ECDSA, is itself a Schnorr-ish scheme.
TLS also uses signatures for what is essentially an identification protocol, and similarly has had a range of bugs due to insufficient context binding information being included in the signed data. (SSL also uses signatures for verifying certificates, which is IMO a perfectly good use of the technology. Certificates are exactly a case of where you want to convert an interactive protocol into a non-interactive one. But then again we also do an interactive protocol (DNS) in that case anyway :shrug:).
In short, an awful lot of uses of digital signatures are actually identification schemes of one form or another and would be better off using an actual identification scheme. But that doesn’t mean using something like Schnorr’s protocol! There are actually better alternatives that I’ll come back to at the end.
Special Soundness: fragility by design
Before I look at alternatives, I want to point out that pretty much all in-use signature schemes are extremely fragile in practice. The zero-knowledge security of Schnorr identification is based on it having a property called special soundness. Special soundness essentially says that if Alice accidentally reuses the same commitment (R) for two runs of the protocol, then any observer can recover her private key.
This sounds like an incredibly fragile notion to build into your security protocol! If I accidentally reuse this random value then I leak my entire private key??! And in fact it is: such nonce-reuse bugs are extremely common in deployed signature systems, and have led to compromise of lots of private keys (eg Playstation 3, various Bitcoin wallets etc).
But despite its fragility, this notion of special soundness is crucial to the security of many signature systems. They are truly a cursed technology!
To solve this problem, some implementations and newer standards like EdDSA use deterministic commitments, which are based on a hash of the private key and the message. This ensures that the commitment will only ever be the same if the message is identical: preventing the private key from being recovered. Unfortunately, such schemes turned out to be more susceptible to fault injection attacks (a much less scalable or general attack vector), and so now there are “hedged” schemes that inject a bit of randomness back into the hash. It’s cursed turtles all the way down.
If your answer to this is to go back to good old RSA signatures, don’t be fooled. There are plenty of ways to blow your foot off using old faithful, but that’s for another post.
Did you want non-repudiation with that?
Another way that signatures cause issues is that they are too powerful for the job they are used for. You just wanted to authenticate that an email came from a legitimate server, but now you are providing irrefutable proof of the provenance of leaked private communications. Oops!
Signatures are very much the hammer of cryptographic primitives. As well as authenticating a message, they also provide third-party verifiability and (part of) non-repudiation.
You don’t need to explicitly want anonymity or deniability to understand that these strong security properties can have damaging and unforeseen side-effects. Non-repudiation should never be the default in open systems.
I could go on. From the fact that there are basically zero acceptable post-quantum signature schemes (all way too large or too risky), to issues with non-canonical signatures and cofactors and on and on. The problems of signature schemes never seem to end.
What to use instead?
Ok, so if signatures are so bad, what can I use instead?
Firstly, if you can get away with using a simple shared secret scheme like HMAC, then do so. In contrast to public key crypto, HMAC is possibly the most robust crypto primitive ever invented. You’d have to go really far out of your way to screw up HMAC. (I mean, there are timing attacks and that time that Bouncy Castle confused bits and bytes and used 16-bit HMAC keys, so still do pay attention a little bit…)
If you need public key crypto, then… still use HMAC. Use an authenticated KEM with X25519 to generate a shared secret and use that with HMAC to authenticate your message. This is essentially public key authenticated encryption without the actual encryption. (Some people mistakenly refer to such schemes as designated verifier signatures, but they are not).
Signatures are good for software/firmware updates and pretty terrible for everything else.
#authenticatedEncryption #cryptography #misuseResistance #signatures
#authenticatedencryption #cryptography #misuseresistance #signatures
Dining and Cooking @[email protected] · 2026-05-13 · 11:20 UTC

RECIPE: Chicken Spectacular | Pea Ridge Times
Chicken Spectacular From the kitchen of Dorris Mounce 4 c. chicken, cooked, cubed (4 chicken breasts) 1 pkg. Uncle Ben’s rice, cooked 1 can cream of celery soup 1 medium jar sliced pimento, drained 1 mediium onion, chopped 2 cans French-style green beans, drained 1 c. Hellman’s mayonnaise 1 c. water chestnuts, sli…
#dining #cooking #diet #food #RecipeTopics #Recipes
https://www.diningandcooking.com/2640579/recipe-chicken-spectacular-pea-ridge-times/

#dining #cooking #diet #food #recipetopics #recipes
Soatok @[email protected] · 2020-08-27 · 11:57 UTC
If you’re ever tasked with implementing a cryptography feature–whether a high-level protocol or a low-level primitive–you will have to take special care to ensure you’re not leaking secret information through side-channels.
The descriptions of algorithms you learn in a classroom or textbook are not sufficient for real-world use. (Yes, that means your toy RSA implementation based on GMP from your computer science 101 class isn’t production-ready. Don’t deploy it.)
But what are these elusive side-channels exactly, and how do you prevent them? And in cases where you cannot prevent them, how can you mitigate the risk to your users?
Art by Swizz.
Contents
- Cryptographic Side-Channels
  Timing Leaks
  Power Usage
  Electromagnetic Emissions
- Side-Channel Prevention and Mitigation
  Prevention vs. Mitigation
  What is Constant-Time?
  Malicious Environments and Algorithmic Constant-Time
  Mitigation with Blinding Techniques
- Design Patterns for Algorithmic Constant-Time Code
  Constant-Time String Comparison
  Alternative: “Double HMAC” String Comparison
  Constant-Time Conditional Select
  Constant-Time String Inequality Comparison
  Constant-Time Integer Multiplication
  Constant-Time Integer Division
  Constant-Time Modular Inversion
  Constant-Time Null-Byte Trimming
- Further Reading and Online Resources
- Errata
Cryptographic Side-Channels
The concept of a side-channel isn’t inherently cryptographic, as Taylor Hornby demonstrates, but a side-channel can be a game over vulnerability in a system meant to maintain confidentiality (even if only for its cryptography keys).
Cryptographic side-channels allow an attacker to learn secret data from your cryptography system. To accomplish this, the attacker doesn’t necessarily study the system’s output (i.e. ciphertext); instead, they observe some other measurement, such as how much time or power was spent performing an operation, or what kind of electromagnetic radiation was emitted.
Important: While being resistant to side-channels is a prerequisite for implementations to be secure, it isn’t in and of itself sufficient for security. The underlying design of the primitives, constructions, and high-level protocols needs to be secure first, and that requires a clear and specific threat model for what you’re building.
Constant-time ECDSA doesn’t help you if you reuse k-values like it’s going out of style, but variable-time ECDSA still leaks your secret key to anyone who cares to probe your response times. Secure cryptography is very demanding.
Art by Riley.
Timing Leaks
Timing side-channels leak secrets through how much time it takes for an operation to complete.
There are many different flavors of timing leakage, including:
- Fast-failing comparison functions (memcmp() in C)
- Cache-timing vulnerabilities (e.g. software AES)
- Memory access patterns
- Conditional branches controlled by secrets
The bad news about timing leaks is that they’re almost always visible to an attacker over the network (including over the Internet (PDF)).
The good news is that most of them can be prevented or mitigated in software.
Art by Kyume.
Power Usage
Different algorithms or processor operations may require different amounts of power.
For example, squaring a large number may take less power than multiplying two different large numbers. This observation has led to the development of power analysis attacks against RSA.
Power analysis is especially relevant for embedded systems and smart cards, which are easier to extract a meaningful signal from than your desktop computer.
Some information leakage through power usage can be prevented through careful engineering (for example: BearSSL, which uses Montgomery multiplication instead of square-and-multiply).
But that’s not always an option, so generally these risks are mitigated.
My reaction when I first learned of power leaks: WATT (Art by Swizz)
Electromagnetic Emissions

Your computer is a reliable source of electromagnetic emissions (such as radio waves). Some of these emissions may reveal information about your cryptographic secrets, especially to an attacker with physical proximity to your device.
The good news is that research into EM emission side-channels isn’t as mature as side-channels through timing leaks or power usage. The bad news is that mitigations for breakthroughs will generally require hardware (e.g. electromagnetic shielding).
Aren’t computers terrifying? (Art by Swizz)
Side-Channel Prevention and Mitigation
Now that we’ve established a rough sense of some of the types of side-channels that are possible, we can begin to identify what causes them and aspire to prevent the leaks from happening–and where we can’t, to mitigate the risk to a reasonable level.
Note: To be clear, I didn’t cover all of the types of side-channels.
Prevention vs. Mitigation
Preventing a side-channel means eliminating the conditions that allow the information leak to occur in the first place. For timing leaks, this means making all algorithms constant-time.
There are entire classes of side-channel leaks that aren’t possible or practical to mitigate in software. When you encounter one, the best you can hope to do is mitigate the risk.
Ideally, you want to make the attack more expensive to pull off than the reward an attacker will gain from it.
What is Constant-Time?
Toto, I don’t think we’re in Tanelorn Kansas anymore.
When an implementation is said to be constant-time, what we mean is that the execution time of the code is not a function of its secret inputs.
Vulnerable AES uses table look-ups to implement the S-Box. Constant-time AES is either implemented in hardware, or is bitsliced.
Malicious Environments and Algorithmic Constant-Time
One of the greatest challenges with writing constant-time code is distinguishing between algorithmic constant-time and provably constant-time. The main difference between the two is that you cannot trust your compiler (especially a JIT compiler), which may attempt to optimize your code in a way that reintroduces the side-channel you aspired to remove.
A sufficiently advanced compiler optimization is indistinguishable from an adversary.
John Regehr, possibly with apologies to Arthur C. Clarke
For compiled languages, this is a tractable but expensive problem to solve: You simply have to formally verify everything from the source code to the compiler to the silicon chips that the code will be deployed on, and then audit your supply chain to prevent malicious tampering from going undetected.
For interpreted languages (e.g. PHP and JavaScript), this formal verification strategy isn’t really an option, unless you want to formally verify the runtime that interprets scripts and prove that the operations remain constant-time on top of all the other layers of distrust.
Is this level of paranoia really worth the effort?
For our cases, anyway! (Art by Khia.)
For that reason, we’re going to assume that algorithmic constant-time is adequate for the duration of this blog post.
If your threat model prevents you from accepting this assumption, feel free to put in the extra effort yourself and tell me how it goes. After all, as a furry who writes blog posts in my spare time for fun, I don’t exactly have the budget for massive research projects in formal verification.
Mitigation with Blinding Techniques
The best mitigation for some side-channels is called blinding: Obfuscating the inputs with some random data, then deobfuscating the outputs with the same random data, such that your keys are not revealed.
Two well-known examples include RSA decryption and Elliptic Curve Diffie-Hellman. I’ll focus on the latter, since it’s not as widely covered in the literature (although several cryptographers I’ve talked with were somehow knowledgeable about it; I suspect gatekeeping is involved).
Blinded ECDH Key Exchange
In typical ECDH implementations, you will convert a point on a Weierstrass curve to a Jacobian coordinate system .
The exact conversion formula is (, ). The conversion almost makes intuitive sense.
Where does come from though?
Art by circuitslime
It turns out, the choice for is totally arbitrary. Libraries typically set it equal to 1 (for best performance), but you can also set it to a random number. (You cannot set it to 0, however, for obvious reasons.)
Choosing a random number means the calculations performed over Jacobian coordinates will be obscured by a randomly chosen factor (and thus, if is only used once per scalar multiplication, the bitwise signal the attackers rely on will be lost).
Blinding techniques are cool. (Art by Khia.)
I think it’s really cool how one small tweak to the runtime of an algorithm can make it significantly harder to attack.
Design Patterns for Algorithmic Constant-Time Code
Mitigation techniques are cool, but preventing side-channels is a better value-add for most software.
To that end, let’s look at some design patterns for constant-time software. Some of these are relatively common; others, not so much.
Art by Scout Pawfoot.
If you prefer TypeScript / JavaScirpt, check out Soatok’s constant-time-js library on Github / NPM.
Constant-Time String Comparison
Rather than using string comparison (== in most programming languages, memcmp() in C), you want to compare cryptographic secrets and/or calculated integrity checks with a secure compare algorithm, which looks like this:
1. Initialize a variable (let’s call it D) to zero.
2. For each byte of the two strings:
  Calculate (lefti XOR righti)
  Bitwise OR the current value of D with the result of the XOR, store the output in D
3. When the loop has concluded, D will be equal to 0 if and only if the two strings are equal.
In code form, it looks like this:
```
<?phpfunction ct_compare(string $left, string $right): bool{    $d = 0;    $length = mb_strlen($left, '8bit');    if (mb_strlen($right, '8bit') !== $length) {        return false; // Lengths differ    }    for ($i = 0; $i < $length; ++$i) {        $leftCharCode = unpack('C', $left[$i])[1];        $rightCharCode = unpack('C', $right[$i])[1];        $d |= ($leftCharCode ^ $rightCharCode);    }    return $d === 0;}
```
In this example, I’m using PHP’s unpack() function to avoid cache-timing leaks with ord() and chr(). Of course, you can simply use hash_equals() instead of writing it yourself (PHP 5.6.0+).
Alternative: “Double HMAC” String Comparison
If the previous algorithm won’t work (i.e. because you’re concerned your JIT compiler will optimize it away), there is a popular alternative to consider. It’s called “Double HMAC” because it was traditionally used with Encrypt-Then-HMAC schemes.
The algorithm looks like this:
1. Generate a random 256-bit key, K. (This can be cached between invocations, but it should be unpredictable.)
2. Calculate HMAC-SHA256(K, left).
3. Calculate HMAC-SHA256(K, right).
4. Return true if the outputs of step 2 and 3 are equal.
This is provably secure, so long as HMAC-SHA256 is a secure pseudo-random function and the key K is unknown to the attacker.
In code form, the Double HMAC compare function looks like this:
```
<?phpfunction hmac_compare(string $left, string $right): bool{    static $k = null;    if (!$k) $k = random_bytes(32);    return (        hash_hmac('sha256', $left, $k)            ===        hash_hmac('sha256', $right, $k)    );}
```
Constant-Time Conditional Select
I like to imagine a conversation between a cryptography engineer and a Zen Buddhist, that unfolds like so:
- CE: “I want to eliminate branching side-channels from my code.”
- ZB: “Then do not have branches in your code.”
And that is precisely what we intend to do with a constant-time conditional select: Eliminate branches by conditionally returning between one of two strings, without an IF statement.
Mind. Blown. (Art by Khia.)
This isn’t as tricky as it sounds. We’re going to use XOR and two’s complement to achieve this.
The algorithm looks like this:
1. Convert the selection bit (TRUE/FALSE) into a mask value (-1 for TRUE, 0 for FALSE). Bitwise, -1 looks like 111111111…1111111111, while 0 looks like 00000000…00000000.
2. Copy the right string into a buffer, call it tmp.
3. Calculate left XOR right, call it x.
4. Return (tmp XOR (x AND mask)).
Once again, in code this algorithm looks like this:
```
<?phpfunction ct_select(    bool $returnLeft,    string $left,    string $right): string {    $length = mb_strlen($left, '8bit');    if (mb_strlen($right, '8bit') !== $length) {        throw new Exception('ct_select() expects two strings of equal length');    }        // Mask byte    $mask = (-$returnLeft) & 0xff;    // X    $x = (string) ($left ^ $right);        // Output = Right XOR (X AND Mask)    $output = '';    for ($i = 0; $i < $length; $i++) {        $rightCharCode = unpack('C', $right[$i])[1];        $xCharCode = unpack('C', $x[$i])[1];        $output .= pack(            'C',            $rightCharCode ^ ($xCharCode & $mask)        );    }    return $output;}
```
You can test this code for yourself here. The function was designed to read intuitively like a ternary operator.
A Word of Caution on Cleverness
In some languages, it may seem tempting to use the bitwise trickery to swap out pointers instead of returning a new buffer. But do not fall for this Siren song.
If, instead of returning a new buffer, you just swap pointers, what you’ll end up doing is creating a timing leak through your memory access patterns. This can culminate in a timing vulnerability, but even if your data is too big to fit in a processor’s cache line (I dunno, Post-Quantum RSA keys?), there’s another risk to consider.
Virtual memory addresses are just beautiful lies. Where your data lives on the actual hardware memory is entirely up to the kernel. You can have two blobs with contiguous virtual memory addresses that live on separate memory pages, or even separate RAM chips (if you have multiple).
If you’re swapping pointers around, and they point to two different pieces of hardware, and one is slightly faster to read from than the other, you can introduce yet another timing attack through which pointer is being referenced by the processor.
It’s timing leaks all the ways down! (Art by Swizz)
If you’re swapping between X and Y before performing a calculation, where:
- X lives on RAM chip 1, which takes 3 ns to read
- Y lives on RAM chip 2, which takes 4 ns to read
…then the subsequent use of the swapped pointers reveals whether you’re operating on X or Y in the timing: It will take slightly longer to read from Y than from X.
The best way to mitigate this problem is to never design your software to have it in the first place. Don’t be clever on this one.
Constant-Time String Inequality Comparison
Sometimes you don’t just need to know if two strings are equal, you also need to know which one is larger than the other.
To accomplish this in constant-time, we need to maintain two state variables:
1. gt (initialized to 0, will be set to 1 at some point if left > right)
2. eq (initialized to 1, will be set to 0 at some point if left != right)
Endian-ness will dictate the direction our algorithm goes, but we’re going to perform two operations in each cycle:
1. gt should be bitwise ORed with (eq AND ((right – left) right shifted 8 times)
2. eq should be bitwise ANDed with ((right XOR left) – 1) right shifted 8 times
If right and left are ever different, eq will be set to 0.
If the first time they’re different the value for lefti is greater than the value for righti, then the subtraction will produce a negative number. Right shifting a negative number 8 places then bitwise ANDing the result with eq (which is only 1 until two bytes differ, and then 0 henceforth if they do) will result in a value for 1 with gt. Thus, if (righti – lefti) is negative, gt will be set to 1. Otherwise, it remains 0.
At the end of this loop, return (gt + gt + eq) – 1. This will result in the following possible values:
- left < right: -1
- left == right: 0
- left > right: 1
The arithmetic based on the possible values of gt and eq should be straightforward.
- Different (eq == 0) but not greater (gt == 0) means left < right, -1.
- Different (eq == 0) and greater (gt == 1) means left > right, 1.
- If eq == 1, no bytes ever differed, so left == right, 0.
A little endian implementation is as follows:
```
<?phpfunction str_compare(string $left, string $right): int{    $length = mb_strlen($left, '8bit');    if (mb_strlen($right, '8bit') !== $length) {        throw new Exception('ct_select() expects two strings of equal length');    }    $gt = 0;    $eq = 1;    $i = $length;    while ($i > 0) {        --$i;        $leftCharCode = unpack('C', $left[$i])[1];        $rightCharCode = unpack('C', $right[$i])[1];        $gt |= (($rightCharCode - $leftCharCode) >> 8) & $eq;        $eq &= (($rightCharCode ^ $leftCharCode) -1) >> 8;    }    return ($gt + $gt + $eq) - 1;}
```
Demo for this function is available here.
Constant-Time Integer Multiplication
Multiplying two integers is one of those arithmetic operations that should be constant-time. But on many older processors, it isn’t.
Of course there’s a microarchitecture timing leak! (Art by Khia.)
Fortunately, there is a workaround. It involves an algorithm called Ancient Egyptian Multiplication in some places or Peasant Multiplication in others.
Multiplying two numbers and this way looks like this:
1. Determine the number of operations you need to perform. Generally, this is either known ahead of time or .
2. Set to 0.
3. Until the operation count reaches zero:
  If the lowest bit of is set, add to .
  Left shift by 1.
  Right shfit by 1.
4. Return .
The main caveat here is that you want to use bitwise operators in step 3.1 to remove the conditional branch.
Rather than bundle example code in our blog post, please refer to the implementation in sodium_compat (a pure PHP polyfill for libsodium).
For big number libraries, implementing Karatsuba on top of this integer multiplying function should be faster than attempting to multiply bignums this way.
Constant-Time Integer Division
Although some cryptography algorithms call for integer division, division isn’t usually expected to be constant-time.
However, if you look up a division algorithm for unsigned integers with a remainder, you’ll likely encounter this algorithm, which is almost constant-time:
```
if D = 0 then error(DivisionByZeroException) endQ := 0                  -- Initialize quotient and remainder to zeroR := 0                     for i := n − 1 .. 0 do  -- Where n is number of bits in N  R := R << 1           -- Left-shift R by 1 bit  R(0) := N(i)          -- Set the least-significant bit of R equal to bit i of the numerator  if R ≥ D then    R := R − D    Q(i) := 1  endend
```
If we use the tricks we learned from implementing constant-time string inequality with constant-time conditional selection, we can implement this algorithm without timing leaks.
Our constant-time version of this algorithm looks like this:
```
if D = 0 then error(DivisionByZeroException) endQ := 0                  -- Initialize quotient and remainder to zeroR := 0                     for i := n − 1 .. 0 do  -- Where n is number of bits in N  R := R << 1           -- Left-shift R by 1 bit  R(0) := N(i)          -- Set the least-significant bit of R equal to bit i of the numerator  compared := ct_compare(R, D) -- Use constant-time inequality    -- if R > D  then compared ==  1, swap = 1  -- if R == D then compared ==  0, swap = 1  -- if R < D  then compared == -1, swap = 0  swap := (1 - ((compared >> 31) & 1))  -- R' = R - D  -- Q' = Q, Q[i] = 1  Rprime := R - D  Qprime := Q  Qprime(i) := 1 -- The i'th bit is set to 1  -- Replace (R with R', Q with Q') if swap == 1  R = ct_select(swap, Rprime, R)  Q = ct_select(swap, Qprime, Q)end
```
It’s approximately twice as slow as the original, but it’s constant-time.
(Art by Khia.)
Constant-Time Modular Inversion
Modular inversion is the calculation of for some prime . This is used in a lot of places, but especially in elliptic curve cryptography and RSA.
Daniel J. Bernstein and Bo-Yin Yang published a paper on fast constant-time GCD and Modular Inversion in 2019. The algorithm in question is somewhat straightforward to implement (although determining whether or not that implementation is safe is left as an exercise to the rest of us).
A simpler technique is to use Fermat’s Little Theorem: for some prime . This only works with prime fields, and is slower than a Binary GCD (which isn’t necessarily constant-time, as OpenSSL discovered).
BearSSL provides an implementation (and accompanying documentation) for a constant-time modular inversion algorithm based on Binary GCD.
(In the future, I may update this section of this blog post with an implementation in PHP, using the GMP extension.)
Constant-Time Null-Byte Trimming
Shortly after this guide first went online, security researchers published the Raccoon Attack, which used a timing leak in the number of leading 0 bytes in the pre-master secret–combined with a lattice attack to solve the hidden number problem–to break TLS-DH(E).
To solve this, you need two components:
1. A function that returns a slice of an array without timing leaks.
2. A function that counts the number of significant bytes (i.e. ignores leading zero bytes, counts from the first non-zero byte).
A timing-safe array resize function needs to do two things:
1. Touch every byte of the input array once.
2. Touch every byte of the output array at least once, linearly. The constant-time division algorithm is useful here (to calculate x mod n for the output array index).
3. Conditionally select between input[x] and the existing output[x_mod_n], based on whether x >= target size.
I’ve implemented this in my constant-time-js library:
- resize.ts
- trim.ts
Further Reading and Online Resources
If you’re at all interested in cryptographic side-channels, your hunger for knowledge probably won’t be sated by a single blog post. Here’s a collection of articles, papers, books, etc. worth reading.
- BearSSL’s Documentation on Constant-Time Code — A must-read for anyone interested in this topic
- Cryptographically Secure PHP Development — How to write secure cryptography in languages that cryptographers largely neglect
- CryptoCoding — A style guide for writing secure cryptography code in C (with example code!)
- CryptoGotchas — An overview of the common mistakes one can make when writing cryptography code (which is a much wider scope than side-channels)
- Meltdown and Spectre — Two vulnerabilities that placed side-channels in the scope of most of infosec that isn’t interested in cryptography
- Serious Cryptography — For anyone who lacks the background knowledge to fully understand what I’m talking about on this page
Errata
- 2020-08-27: The original version of this blog post incorrectly attributed Jacobian coordinate blinding to ECDSA hardening, rather than ECDH hardening. This error was brought to my attention by Thai Duong. Thanks Thai!
- 2020-08-27: Erin correctly pointed out that omitting memory access timing was a disservice to developers, who might not be aware of the risks involved. I’ve updated the post to call this risk out specifically (especially in the conditional select code, which some developers might try to implement with pointer swapping without knowing the risks involved). Thanks Erin!
I hope you find this guide to side-channels helpful.
Thanks for reading!
Follow my blog for more Defense Against the Bark Arts posts in the future.
https://soatok.blog/2020/08/27/soatoks-guide-to-side-channel-attacks/
#asymmetricCryptography #constantTime #cryptography #ECDH #ECDSA #ellipticCurveCryptography #RSA #SecurityGuidance #sideChannels #symmetricCryptography
#asymmetriccryptography #constanttime #cryptography #ecdh #ecdsa #ellipticcurvecryptography
Angry Metal Guy @[email protected] · 2025-08-10 · 13:18 UTC

Viogression – Thaumaturgic Veil Review
By Angry Metal Guy
By: Nameless_n00b_602
For every well-known, successful band, countless similar acts haven’t caught the same break or enjoyed the same recognition.1 For every Thou, there’s an Indian; every Abigail Williams, a Crepuscle; and every Obituary, a Viogression. One of the original but unsung stalwarts of death metal’s earliest days, Viogression formed in 1988 and released a well-received debut, Expound & Exhort, in 1991. The 1992 follow-up, Passage, failed to meet expectations, leading the band to take a three-decade hiatus. Their third full-length, 2022’s 3rd Stage of Decay, was praised for its old-school core and modern flair. Three years and a major lineup shuffle later, they return with their fourth full-length and first self-release, Thaumaturgic Veil. Promising a transcendent discourse on the interconnectivity of infinity and individuality, can this new version of Viogression maintain its momentum and deliver?
Like the good doctor, Vickie Franks, Viogression stitches together the genre’s most recognizable touchstones, but parts of themselves peek through, distinct from their influences. Sole remaining founder and vocalist, Brian DeNeffe, exhumes Obituary and Pestilence for his unintelligible rasps and howls, but employs impressive gutturals and layered screams of his own on “Vulnus Sclopetarium” and “Summon.” Guitarists Lief Larson and Johnathon Ibarra evoke the doomy vibe and disorienting, whip-crack tempo shifts of Autopsy and Asphyx (“Jinx,” “Light Extinguisher”), but the western dust on “Superposition” belongs to Viogression alone. An uncharacteristically twangy chorus and heavy distortion build an atmosphere for a clean, soulful guitar to cut through. Larson, Ibarra, and drummer Erik Schultek halve and double their tempos on “Renumeration” to create a pace both consistent and in flux. Punky album high point, “Pummeled,” sees DeNeffe acting as a rare counterpoint for a jazz-infused solo.2 These moments showcase the band’s excellent synthesis of influence and individuality when the stitches hold and the heart pumps strongly.
But the stitches don’t always hold; Thaumaturgic Veil suffers from indiscretionary inclusion, or poor compositional choices. Bassist Jason Hellman provides Cannibal Corpse-esque hooks (“Jinx,” “Travesty öv Darkness”) and a palpable heft to the album, but his performance often feels like parody. The opening basslines of “Superposition” and “As the Light Fades” plod and meander in ways that recall the tongue-in-cheek parts of Green Day’s catalogue. A recurring nasally guitar tone tries to instill unease but is instead repetitive and annoying (“Jinx,” “As the Light Fades”). “Eaten by Flies” invokes Polka and, like “Superposition” and “Summon,” is paratactical in its lyrical delivery, imitating amateur slam poetry. This disharmonious construction hamstrings Viogression’s ability to cultivate the philosophical and contemplative tone their subject matter requires.
Even with more consistent songwriting, Thaumaturgic Veil would still feel stitched together and disjointed. The album presents less as a coherent work and more as a series of vignettes. Each proper track (save closer, “Light Extinguisher”) is paired with an intro, giving the sensation of moving from painting to painting in a gallery rather than viewing one grand tapestry. It’s an interesting idea, but it fails for three reasons. First, these intros don’t bleed into their songs. I struggled to find a correlation in these pairings, whether musically, thematically, or lyrically. Second, without stronger connective tissue, these intros only add bloat to a relatively lean record.3 Third, and most damning, they prohibit the listener from building any momentum throughout Thaumaturgic Veil. This start-stop-start-stop structure makes the album feel twice as long as it is and turns every spin into a test of endurance.
While I can applaud the ambition of Thaumaturgic Veil, the execution ultimately falls short. “Pummeled,” “Renumeration,” and “Vulnus Sclopetarium” show that Viogression has the chops to write and perform a great, concise album, but uneven songwriting quality and an interrupted flow mar what could have been a prime offering from the old guard. Either of these flaws in isolation would have been manageable, but taken together, their impact compounds. There’s potential here, and with tighter threading and a more cohesive structure, I have no doubt Viogression could achieve the recognition they deserve.

Rating: 2.0/5.0
DR: 5 | Format Reviewed: 320 kb/s mp3
Label: Self-Released
Websites: viogression.info | Bandcamp | Instagram | Facebook
Releases Worldwide: July 11th, 2025
#20 #2025 #AbigailWilliams #Asphyx #Autopsy #Autospy #CannibalCoprse #CannibalCorpse #Crepuscle #DeathMetal #GreenDay #Independent #Indian #Jul25 #Obituary #Pestilence #Review #Reviews #SelfRelease #ThaumaturgicVeil #Viogression

#abigailwilliams #asphyx #autopsy #autospy #cannibalcoprse #cannibalcorpse
Aral Balkan @[email protected] · 2023-02-11 · 14:56 UTC

Implementing Curve25519/X25519: A Tutorial on Elliptic Curve Cryptography by @martin
A very accessible text; highly recommended if you want to understand the concepts underpinning the encryption used in TLS, Signal, etc.
Starts at modular arithmetic and covers Diffie-Hellman key exchange with clear explanations of cyclic groups and finite field and elliptic curve arithmetic within the context of the Montgomery curve used in Curve25519.
PDF: https://martin.kleppmann.com/papers/curve25519.pdf
#cryptography #x25519

#x25519 #cryptography
ERROR 404 ▼ @[email protected] · 2025-10-11 · 19:45 UTC

⭕Dans un contexte de tension après les frappes #Pakistanaise a #Kaboul et les tentatives de rapprochement diplomatique avec #l'Inde, les #Talibans #Afghans attaquent plusieurs postes frontières #Pakistanais le long de la ligne #Durand dans les provinces de #Kunar, #Khost, #Paktia, et #Helmand.

RE: https://bsky.app/profile/did:plc:2cte4wipyk47qjujtxrskqcx/post/3m2wwcpqvx42k

#pakistanaise #kaboul #linde #talibans #afghans #pakistanais
Dr. Dani Sanchez @[email protected] · 2026-01-01 · 00:18 UTC

Rob Reiner, Meg Ryan and Billy Crystal on the set of “When Harry Met Sally” and at the films 30th anniversary in 2018. Rob and Billy had been close friends since they met making “All in the Family”. + Meg Ryan and Billy Crystal in a send up of the infamous deli scene in a Super Bowl commercial for Hellman’s Mayonnaise from earlier this year ( https://youtu.be/UX9qfSEKyuc?si=ox6X2IMhdBxpAvwz)
#Catitstu #RIPRobReiner #RIPManWithPez #WhenHarryMetSally #WHMS #RobReiner #MegRyan #BillyCrystal #80smovies

#catitstu #riprobreiner #ripmanwithpez #whenharrymetsally #whms #robreiner
Dr. Dani Sanchez @[email protected] · 2026-01-01 · 00:18 UTC

Rob Reiner, Meg Ryan and Billy Crystal on the set of “When Harry Met Sally” and at the films 30th anniversary in 2018. Rob and Billy had been close friends since they met making “All in the Family”. + Meg Ryan and Billy Crystal in a send up of the infamous deli scene in a Super Bowl commercial for Hellman’s Mayonnaise from earlier this year ( https://youtu.be/UX9qfSEKyuc?si=ox6X2IMhdBxpAvwz)
#Catitstu #RIPRobReiner #RIPManWithPez #WhenHarryMetSally #WHMS #RobReiner #MegRyan #BillyCrystal #80smovies

#catitstu #riprobreiner #ripmanwithpez #whenharrymetsally #whms #robreiner
Dr. Dani Sanchez @[email protected] · 2026-01-01 · 00:18 UTC

Rob Reiner, Meg Ryan and Billy Crystal on the set of “When Harry Met Sally” and at the films 30th anniversary in 2018. Rob and Billy had been close friends since they met making “All in the Family”. + Meg Ryan and Billy Crystal in a send up of the infamous deli scene in a Super Bowl commercial for Hellman’s Mayonnaise from earlier this year ( https://youtu.be/UX9qfSEKyuc?si=ox6X2IMhdBxpAvwz)
#Catitstu #RIPRobReiner #RIPManWithPez #WhenHarryMetSally #WHMS #RobReiner #MegRyan #BillyCrystal #80smovies

#catitstu #riprobreiner #ripmanwithpez #whenharrymetsally #whms #robreiner
Dr. Dani Sanchez @[email protected] · 2026-01-01 · 00:18 UTC

Rob Reiner, Meg Ryan and Billy Crystal on the set of “When Harry Met Sally” and at the films 30th anniversary in 2018. Rob and Billy had been close friends since they met making “All in the Family”. + Meg Ryan and Billy Crystal in a send up of the infamous deli scene in a Super Bowl commercial for Hellman’s Mayonnaise from earlier this year ( https://youtu.be/UX9qfSEKyuc?si=ox6X2IMhdBxpAvwz)
#Catitstu #RIPRobReiner #RIPManWithPez #WhenHarryMetSally #WHMS #RobReiner #MegRyan #BillyCrystal #80smovies

#catitstu #riprobreiner #ripmanwithpez #whenharrymetsally #whms #robreiner
Nonilex @[email protected] · 2025-09-30 · 04:54 UTC

On Monday, internet-access advocacy group #Netblocks said that live metrics showed connectivity in #Afghanistan had “collapsed” to 14% of ordinary levels, with a near-total nationwide telecoms disruption in effect.
“The incident is likely to severely limit the public’s ability to contact the outside world,” the group added.
The AP was unable to contact its #Kabul bureau, as well as #journalists in the eastern & southern provinces of Nangarhar & Helmand.
#totalitarianism #theocracy

#netblocks #afghanistan #kabul #journalists #totalitarianism #theocracy
G-Nitro @[email protected] · 2025-10-22 · 14:45 UTC

Steam Next Fest (October 2025) - Game Demo Quick Thoughts Part One
Finally got around to putting some quick thoughts out about some Steam Next Fest game demos I checked out. Part two later this week or weekend as I play catchup.
https://g-nitro.com/steam-next-fest-game-demo-quick-thoughts-part-one
#Gaming #SteamNextFest #videogames #Bubsy4D #KiokuLastSummer #AlabasterDawn #Constance #DontStopGirlypop #GodBreakers #HellMaiden

#gaming #steamnextfest #videogames #bubsy4d #kiokulastsummer #alabasterdawn
MKSinSA @[email protected] · 2022-12-05 · 15:00 UTC

Good morning, #herd! Just heard on the radio of a beverage making the rounds -- Mayo-nog (#Mayonog). I'm calling on the most #adventurous, most #intrepid among #TeamMastodon to please give this libation a shot and, if you survive, report back to us with your findings.
#GoForthAndProsper #SoIDontHaveTo
https://thetakeout.com/hellmanns-mayo-nog-egg-nog-with-mayonnaise-recipe-1849848758

#herd #mayonog #adventurous #intrepid #teammastodon #goforthandprosper
Katharina König-Preuss @[email protected] · 2024-07-22 · 06:31 UTC

Auf #Utøya wurden ermordet:
Karar Mustafa Qasim, geb. 22.02.92,
Andreas Edvardsen, geb. 30.11.92,
Ronja Søttar Johansen, geb. 03.02.94,
Emil Okkenhaug, geb. 02.11.95,
Åsta Sofie Helland Dahl, geb. 19.11.94,
Monica Iselin Didriksen, geb. 18.02.93,
Rune Havdal, geb. 16.12.67,
Tore Eikeland, geb. 18.05.90,
Espen Jørgensen, geb. 06.06.94,
Karin Elena Holst, geb. 18.08.95,
Aleksander Aas Eriksen, geb. 29.08.94,
Victoria Stenberg, geb. 23.10.93,
Ruth Benedicte Vatndal Nilsen, geb. 01.10.95,

#utoya
Angry Metal Guy @[email protected] · 2025-08-10 · 13:18 UTC

Viogression – Thaumaturgic Veil Review
By Angry Metal Guy
By: Nameless_n00b_602
For every well-known, successful band, countless similar acts haven’t caught the same break or enjoyed the same recognition.1 For every Thou, there’s an Indian; every Abigail Williams, a Crepuscle; and every Obituary, a Viogression. One of the original but unsung stalwarts of death metal’s earliest days, Viogression formed in 1988 and released a well-received debut, Expound & Exhort, in 1991. The 1992 follow-up, Passage, failed to meet expectations, leading the band to take a three-decade hiatus. Their third full-length, 2022’s 3rd Stage of Decay, was praised for its old-school core and modern flair. Three years and a major lineup shuffle later, they return with their fourth full-length and first self-release, Thaumaturgic Veil. Promising a transcendent discourse on the interconnectivity of infinity and individuality, can this new version of Viogression maintain its momentum and deliver?
Like the good doctor, Vickie Franks, Viogression stitches together the genre’s most recognizable touchstones, but parts of themselves peek through, distinct from their influences. Sole remaining founder and vocalist, Brian DeNeffe, exhumes Obituary and Pestilence for his unintelligible rasps and howls, but employs impressive gutturals and layered screams of his own on “Vulnus Sclopetarium” and “Summon.” Guitarists Lief Larson and Johnathon Ibarra evoke the doomy vibe and disorienting, whip-crack tempo shifts of Autopsy and Asphyx (“Jinx,” “Light Extinguisher”), but the western dust on “Superposition” belongs to Viogression alone. An uncharacteristically twangy chorus and heavy distortion build an atmosphere for a clean, soulful guitar to cut through. Larson, Ibarra, and drummer Erik Schultek halve and double their tempos on “Renumeration” to create a pace both consistent and in flux. Punky album high point, “Pummeled,” sees DeNeffe acting as a rare counterpoint for a jazz-infused solo.2 These moments showcase the band’s excellent synthesis of influence and individuality when the stitches hold and the heart pumps strongly.
But the stitches don’t always hold; Thaumaturgic Veil suffers from indiscretionary inclusion, or poor compositional choices. Bassist Jason Hellman provides Cannibal Corpse-esque hooks (“Jinx,” “Travesty öv Darkness”) and a palpable heft to the album, but his performance often feels like parody. The opening basslines of “Superposition” and “As the Light Fades” plod and meander in ways that recall the tongue-in-cheek parts of Green Day’s catalogue. A recurring nasally guitar tone tries to instill unease but is instead repetitive and annoying (“Jinx,” “As the Light Fades”). “Eaten by Flies” invokes Polka and, like “Superposition” and “Summon,” is paratactical in its lyrical delivery, imitating amateur slam poetry. This disharmonious construction hamstrings Viogression’s ability to cultivate the philosophical and contemplative tone their subject matter requires.
Even with more consistent songwriting, Thaumaturgic Veil would still feel stitched together and disjointed. The album presents less as a coherent work and more as a series of vignettes. Each proper track (save closer, “Light Extinguisher”) is paired with an intro, giving the sensation of moving from painting to painting in a gallery rather than viewing one grand tapestry. It’s an interesting idea, but it fails for three reasons. First, these intros don’t bleed into their songs. I struggled to find a correlation in these pairings, whether musically, thematically, or lyrically. Second, without stronger connective tissue, these intros only add bloat to a relatively lean record.3 Third, and most damning, they prohibit the listener from building any momentum throughout Thaumaturgic Veil. This start-stop-start-stop structure makes the album feel twice as long as it is and turns every spin into a test of endurance.
While I can applaud the ambition of Thaumaturgic Veil, the execution ultimately falls short. “Pummeled,” “Renumeration,” and “Vulnus Sclopetarium” show that Viogression has the chops to write and perform a great, concise album, but uneven songwriting quality and an interrupted flow mar what could have been a prime offering from the old guard. Either of these flaws in isolation would have been manageable, but taken together, their impact compounds. There’s potential here, and with tighter threading and a more cohesive structure, I have no doubt Viogression could achieve the recognition they deserve.

Rating: 2.0/5.0
DR: 5 | Format Reviewed: 320 kb/s mp3
Label: Self-Released
Websites: viogression.info | Bandcamp | Instagram | Facebook
Releases Worldwide: July 11th, 2025
#20 #2025 #AbigailWilliams #Asphyx #Autopsy #Autospy #CannibalCoprse #CannibalCorpse #Crepuscle #DeathMetal #GreenDay #Independent #Indian #Jul25 #Obituary #Pestilence #Review #Reviews #SelfRelease #ThaumaturgicVeil #Viogression

#abigailwilliams #asphyx #autopsy #autospy #cannibalcoprse #cannibalcorpse
Angry Metal Guy @[email protected] · 2025-08-10 · 13:18 UTC

Viogression – Thaumaturgic Veil Review
By Angry Metal Guy
By: Nameless_n00b_602
For every well-known, successful band, countless similar acts haven’t caught the same break or enjoyed the same recognition.1 For every Thou, there’s an Indian; every Abigail Williams, a Crepuscle; and every Obituary, a Viogression. One of the original but unsung stalwarts of death metal’s earliest days, Viogression formed in 1988 and released a well-received debut, Expound & Exhort, in 1991. The 1992 follow-up, Passage, failed to meet expectations, leading the band to take a three-decade hiatus. Their third full-length, 2022’s 3rd Stage of Decay, was praised for its old-school core and modern flair. Three years and a major lineup shuffle later, they return with their fourth full-length and first self-release, Thaumaturgic Veil. Promising a transcendent discourse on the interconnectivity of infinity and individuality, can this new version of Viogression maintain its momentum and deliver?
Like the good doctor, Vickie Franks, Viogression stitches together the genre’s most recognizable touchstones, but parts of themselves peek through, distinct from their influences. Sole remaining founder and vocalist, Brian DeNeffe, exhumes Obituary and Pestilence for his unintelligible rasps and howls, but employs impressive gutturals and layered screams of his own on “Vulnus Sclopetarium” and “Summon.” Guitarists Lief Larson and Johnathon Ibarra evoke the doomy vibe and disorienting, whip-crack tempo shifts of Autopsy and Asphyx (“Jinx,” “Light Extinguisher”), but the western dust on “Superposition” belongs to Viogression alone. An uncharacteristically twangy chorus and heavy distortion build an atmosphere for a clean, soulful guitar to cut through. Larson, Ibarra, and drummer Erik Schultek halve and double their tempos on “Renumeration” to create a pace both consistent and in flux. Punky album high point, “Pummeled,” sees DeNeffe acting as a rare counterpoint for a jazz-infused solo.2 These moments showcase the band’s excellent synthesis of influence and individuality when the stitches hold and the heart pumps strongly.
But the stitches don’t always hold; Thaumaturgic Veil suffers from indiscretionary inclusion, or poor compositional choices. Bassist Jason Hellman provides Cannibal Corpse-esque hooks (“Jinx,” “Travesty öv Darkness”) and a palpable heft to the album, but his performance often feels like parody. The opening basslines of “Superposition” and “As the Light Fades” plod and meander in ways that recall the tongue-in-cheek parts of Green Day’s catalogue. A recurring nasally guitar tone tries to instill unease but is instead repetitive and annoying (“Jinx,” “As the Light Fades”). “Eaten by Flies” invokes Polka and, like “Superposition” and “Summon,” is paratactical in its lyrical delivery, imitating amateur slam poetry. This disharmonious construction hamstrings Viogression’s ability to cultivate the philosophical and contemplative tone their subject matter requires.
Even with more consistent songwriting, Thaumaturgic Veil would still feel stitched together and disjointed. The album presents less as a coherent work and more as a series of vignettes. Each proper track (save closer, “Light Extinguisher”) is paired with an intro, giving the sensation of moving from painting to painting in a gallery rather than viewing one grand tapestry. It’s an interesting idea, but it fails for three reasons. First, these intros don’t bleed into their songs. I struggled to find a correlation in these pairings, whether musically, thematically, or lyrically. Second, without stronger connective tissue, these intros only add bloat to a relatively lean record.3 Third, and most damning, they prohibit the listener from building any momentum throughout Thaumaturgic Veil. This start-stop-start-stop structure makes the album feel twice as long as it is and turns every spin into a test of endurance.
While I can applaud the ambition of Thaumaturgic Veil, the execution ultimately falls short. “Pummeled,” “Renumeration,” and “Vulnus Sclopetarium” show that Viogression has the chops to write and perform a great, concise album, but uneven songwriting quality and an interrupted flow mar what could have been a prime offering from the old guard. Either of these flaws in isolation would have been manageable, but taken together, their impact compounds. There’s potential here, and with tighter threading and a more cohesive structure, I have no doubt Viogression could achieve the recognition they deserve.

Rating: 2.0/5.0
DR: 5 | Format Reviewed: 320 kb/s mp3
Label: Self-Released
Websites: viogression.info | Bandcamp | Instagram | Facebook
Releases Worldwide: July 11th, 2025
#20 #2025 #AbigailWilliams #Asphyx #Autopsy #Autospy #CannibalCoprse #CannibalCorpse #Crepuscle #DeathMetal #GreenDay #Independent #Indian #Jul25 #Obituary #Pestilence #Review #Reviews #SelfRelease #ThaumaturgicVeil #Viogression

#abigailwilliams #asphyx #autopsy #autospy #cannibalcoprse #cannibalcorpse
Angry Metal Guy @[email protected] · 2025-08-10 · 13:18 UTC

Viogression – Thaumaturgic Veil Review
By Angry Metal Guy
By: Nameless_n00b_602
For every well-known, successful band, countless similar acts haven’t caught the same break or enjoyed the same recognition.1 For every Thou, there’s an Indian; every Abigail Williams, a Crepuscle; and every Obituary, a Viogression. One of the original but unsung stalwarts of death metal’s earliest days, Viogression formed in 1988 and released a well-received debut, Expound & Exhort, in 1991. The 1992 follow-up, Passage, failed to meet expectations, leading the band to take a three-decade hiatus. Their third full-length, 2022’s 3rd Stage of Decay, was praised for its old-school core and modern flair. Three years and a major lineup shuffle later, they return with their fourth full-length and first self-release, Thaumaturgic Veil. Promising a transcendent discourse on the interconnectivity of infinity and individuality, can this new version of Viogression maintain its momentum and deliver?
Like the good doctor, Vickie Franks, Viogression stitches together the genre’s most recognizable touchstones, but parts of themselves peek through, distinct from their influences. Sole remaining founder and vocalist, Brian DeNeffe, exhumes Obituary and Pestilence for his unintelligible rasps and howls, but employs impressive gutturals and layered screams of his own on “Vulnus Sclopetarium” and “Summon.” Guitarists Lief Larson and Johnathon Ibarra evoke the doomy vibe and disorienting, whip-crack tempo shifts of Autopsy and Asphyx (“Jinx,” “Light Extinguisher”), but the western dust on “Superposition” belongs to Viogression alone. An uncharacteristically twangy chorus and heavy distortion build an atmosphere for a clean, soulful guitar to cut through. Larson, Ibarra, and drummer Erik Schultek halve and double their tempos on “Renumeration” to create a pace both consistent and in flux. Punky album high point, “Pummeled,” sees DeNeffe acting as a rare counterpoint for a jazz-infused solo.2 These moments showcase the band’s excellent synthesis of influence and individuality when the stitches hold and the heart pumps strongly.
But the stitches don’t always hold; Thaumaturgic Veil suffers from indiscretionary inclusion, or poor compositional choices. Bassist Jason Hellman provides Cannibal Corpse-esque hooks (“Jinx,” “Travesty öv Darkness”) and a palpable heft to the album, but his performance often feels like parody. The opening basslines of “Superposition” and “As the Light Fades” plod and meander in ways that recall the tongue-in-cheek parts of Green Day’s catalogue. A recurring nasally guitar tone tries to instill unease but is instead repetitive and annoying (“Jinx,” “As the Light Fades”). “Eaten by Flies” invokes Polka and, like “Superposition” and “Summon,” is paratactical in its lyrical delivery, imitating amateur slam poetry. This disharmonious construction hamstrings Viogression’s ability to cultivate the philosophical and contemplative tone their subject matter requires.
Even with more consistent songwriting, Thaumaturgic Veil would still feel stitched together and disjointed. The album presents less as a coherent work and more as a series of vignettes. Each proper track (save closer, “Light Extinguisher”) is paired with an intro, giving the sensation of moving from painting to painting in a gallery rather than viewing one grand tapestry. It’s an interesting idea, but it fails for three reasons. First, these intros don’t bleed into their songs. I struggled to find a correlation in these pairings, whether musically, thematically, or lyrically. Second, without stronger connective tissue, these intros only add bloat to a relatively lean record.3 Third, and most damning, they prohibit the listener from building any momentum throughout Thaumaturgic Veil. This start-stop-start-stop structure makes the album feel twice as long as it is and turns every spin into a test of endurance.
While I can applaud the ambition of Thaumaturgic Veil, the execution ultimately falls short. “Pummeled,” “Renumeration,” and “Vulnus Sclopetarium” show that Viogression has the chops to write and perform a great, concise album, but uneven songwriting quality and an interrupted flow mar what could have been a prime offering from the old guard. Either of these flaws in isolation would have been manageable, but taken together, their impact compounds. There’s potential here, and with tighter threading and a more cohesive structure, I have no doubt Viogression could achieve the recognition they deserve.

Rating: 2.0/5.0
DR: 5 | Format Reviewed: 320 kb/s mp3
Label: Self-Released
Websites: viogression.info | Bandcamp | Instagram | Facebook
Releases Worldwide: July 11th, 2025
#20 #2025 #AbigailWilliams #Asphyx #Autopsy #Autospy #CannibalCoprse #CannibalCorpse #Crepuscle #DeathMetal #GreenDay #Independent #Indian #Jul25 #Obituary #Pestilence #Review #Reviews #SelfRelease #ThaumaturgicVeil #Viogression

#viogression #thaumaturgicveil #selfrelease #reviews #review #pestilence
Angry Metal Guy @[email protected] · 2025-08-10 · 13:18 UTC

Viogression – Thaumaturgic Veil Review
By Angry Metal Guy
By: Nameless_n00b_602
For every well-known, successful band, countless similar acts haven’t caught the same break or enjoyed the same recognition.1 For every Thou, there’s an Indian; every Abigail Williams, a Crepuscle; and every Obituary, a Viogression. One of the original but unsung stalwarts of death metal’s earliest days, Viogression formed in 1988 and released a well-received debut, Expound & Exhort, in 1991. The 1992 follow-up, Passage, failed to meet expectations, leading the band to take a three-decade hiatus. Their third full-length, 2022’s 3rd Stage of Decay, was praised for its old-school core and modern flair. Three years and a major lineup shuffle later, they return with their fourth full-length and first self-release, Thaumaturgic Veil. Promising a transcendent discourse on the interconnectivity of infinity and individuality, can this new version of Viogression maintain its momentum and deliver?
Like the good doctor, Vickie Franks, Viogression stitches together the genre’s most recognizable touchstones, but parts of themselves peek through, distinct from their influences. Sole remaining founder and vocalist, Brian DeNeffe, exhumes Obituary and Pestilence for his unintelligible rasps and howls, but employs impressive gutturals and layered screams of his own on “Vulnus Sclopetarium” and “Summon.” Guitarists Lief Larson and Johnathon Ibarra evoke the doomy vibe and disorienting, whip-crack tempo shifts of Autopsy and Asphyx (“Jinx,” “Light Extinguisher”), but the western dust on “Superposition” belongs to Viogression alone. An uncharacteristically twangy chorus and heavy distortion build an atmosphere for a clean, soulful guitar to cut through. Larson, Ibarra, and drummer Erik Schultek halve and double their tempos on “Renumeration” to create a pace both consistent and in flux. Punky album high point, “Pummeled,” sees DeNeffe acting as a rare counterpoint for a jazz-infused solo.2 These moments showcase the band’s excellent synthesis of influence and individuality when the stitches hold and the heart pumps strongly.
But the stitches don’t always hold; Thaumaturgic Veil suffers from indiscretionary inclusion, or poor compositional choices. Bassist Jason Hellman provides Cannibal Corpse-esque hooks (“Jinx,” “Travesty öv Darkness”) and a palpable heft to the album, but his performance often feels like parody. The opening basslines of “Superposition” and “As the Light Fades” plod and meander in ways that recall the tongue-in-cheek parts of Green Day’s catalogue. A recurring nasally guitar tone tries to instill unease but is instead repetitive and annoying (“Jinx,” “As the Light Fades”). “Eaten by Flies” invokes Polka and, like “Superposition” and “Summon,” is paratactical in its lyrical delivery, imitating amateur slam poetry. This disharmonious construction hamstrings Viogression’s ability to cultivate the philosophical and contemplative tone their subject matter requires.
Even with more consistent songwriting, Thaumaturgic Veil would still feel stitched together and disjointed. The album presents less as a coherent work and more as a series of vignettes. Each proper track (save closer, “Light Extinguisher”) is paired with an intro, giving the sensation of moving from painting to painting in a gallery rather than viewing one grand tapestry. It’s an interesting idea, but it fails for three reasons. First, these intros don’t bleed into their songs. I struggled to find a correlation in these pairings, whether musically, thematically, or lyrically. Second, without stronger connective tissue, these intros only add bloat to a relatively lean record.3 Third, and most damning, they prohibit the listener from building any momentum throughout Thaumaturgic Veil. This start-stop-start-stop structure makes the album feel twice as long as it is and turns every spin into a test of endurance.
While I can applaud the ambition of Thaumaturgic Veil, the execution ultimately falls short. “Pummeled,” “Renumeration,” and “Vulnus Sclopetarium” show that Viogression has the chops to write and perform a great, concise album, but uneven songwriting quality and an interrupted flow mar what could have been a prime offering from the old guard. Either of these flaws in isolation would have been manageable, but taken together, their impact compounds. There’s potential here, and with tighter threading and a more cohesive structure, I have no doubt Viogression could achieve the recognition they deserve.

Rating: 2.0/5.0
DR: 5 | Format Reviewed: 320 kb/s mp3
Label: Self-Released
Websites: viogression.info | Bandcamp | Instagram | Facebook
Releases Worldwide: July 11th, 2025
#20 #2025 #AbigailWilliams #Asphyx #Autopsy #Autospy #CannibalCoprse #CannibalCorpse #Crepuscle #DeathMetal #GreenDay #Independent #Indian #Jul25 #Obituary #Pestilence #Review #Reviews #SelfRelease #ThaumaturgicVeil #Viogression

#abigailwilliams #asphyx #autopsy #autospy #cannibalcoprse #cannibalcorpse