In cryptography, a nonce is an arbitrary number that can be used just once in a cryptographic communication. It is often a random or pseudo-random number issued in an authentication protocol to ensure that each communication session is unique, and therefore that old communications cannot be reused in replay attacks. Nonces can also be useful as initialization vectors and in cryptographic hash functions. == Definition == A nonce is an arbitrary number used only once in a cryptographic communication, in the spirit of a nonce word. They are often random or pseudo-random numbers. Many nonces also include a timestamp to ensure exact timeliness, though this requires clock synchronisation between organisations. The addition of a client nonce ("cnonce") helps to improve the security in some ways as implemented in digest access authentication. To ensure that a nonce is used only once, it should be time-variant (including a suitably fine-grained timestamp in its value), or generated with enough random bits to ensure an insignificantly low chance of repeating a previously generated value. Some authors define pseudo-randomness (or unpredictability) as a requirement for a nonce. Nonce is a word dating back to Middle English for something only used once or temporarily (often with the construction "for the nonce"). It descends from the construction "then anes" ("the one [purpose]"). A false etymology claiming it to stand for "number used once" or similar is incorrect. == Usage == === Authentication === Authentication protocols may use nonces to ensure that old communications cannot be reused in replay attacks. For instance, nonces are used in HTTP digest access authentication to calculate an MD5 digest of the password. The nonces are different each time the 401 authentication challenge response code is presented, thus making replay attacks virtually impossible. The scenario of ordering products over the Internet can provide an example of the usefulness of nonces in replay attacks. An attacker could take the encrypted information and—without needing to decrypt—could continue to send a particular order to the supplier, thereby ordering products over and over again under the same name and purchase information. The nonce is used to give 'originality' to a given message so that if the company receives any other orders from the same person with the same nonce, it will discard those as invalid orders. A nonce may be used to ensure security for a stream cipher. Where the same key is used for more than one message and then a different nonce is used to ensure that the keystream is different for different messages encrypted with that key; often the message number is used. Secret nonce values are used by the Lamport signature scheme as a signer-side secret which can be selectively revealed for comparison to public hashes for signature creation and verification. === Hashing === Nonces are used in proof-of-work systems to vary the input to a cryptographic hash function so as to obtain a hash for a certain input that fulfils certain arbitrary conditions. In doing so, it becomes far more difficult to create a "desirable" hash than to verify it, shifting the burden of work onto one side of a transaction or system. For example, proof of work, using hash functions, was considered as a means to combat email spam by forcing email senders to find a hash value for the email (which included a timestamp to prevent pre-computation of useful hashes for later use) that had an arbitrary number of leading zeroes, by hashing the same input with a large number of values until a "desirable" hash was obtained. Similarly, the Bitcoin blockchain hashing algorithm can be tuned to an arbitrary difficulty by changing the required minimum/maximum value of the hash so that the number of bitcoins awarded for new blocks does not increase linearly with increased network computation power as new users join. This is likewise achieved by forcing Bitcoin miners to add nonce values to the value being hashed to change the hash algorithm output. As cryptographic hash algorithms cannot easily be predicted based on their inputs, this makes the act of blockchain hashing and the possibility of being awarded bitcoins something of a lottery, where the first "miner" to find a nonce that delivers a desirable hash is awarded bitcoins.
LemonStand
LemonStand was a Canadian e-commerce company headquartered in Vancouver, British Columbia, that developed cloud-based computer software for online retailers. LemonStand was shut down on June 5, 2019. == History == LemonStand Version 1 was launched on July 28, 2001. It is written in the PHP programming language. Version 1 was released as an on-premises proprietary licensed software, and the commercial license was not free. However, there was a free trial license available. June 2012, LemonStand raised seed funding from the BDC Venture Capital, and a group of angel investors. December 20, 2013, a cloud-based SaaS version of the LemonStand eCommerce platform was released publicly. May 9, 2014, LemonStand and Payfirma, a payments processing company, partnered to provide integrated services for online retailers. May 3, 2016, LemonStand raised funding from BDC Venture Capital and Silicon Valley–based angel investors. March 5, 2019, LemonStand announced their intention to shut down on June 5, 2019. LemonStand was quietly acquired by Mailchimp at the end of February. == Pricing == LemonStand offered three levels of service plans. LemonStand did not charge any transaction fees.
Honey encryption
Honey encryption is a type of data encryption that "produces a ciphertext, which, when decrypted with an incorrect key as guessed by the attacker, presents a plausible-looking yet incorrect plaintext." == Creators == Ari Juels and Thomas Ristenpart of the University of Wisconsin, the developers of the encryption system, presented a paper on honey encryption at the 2014 Eurocrypt cryptography conference. == Method of protection == A brute-force attack involves repeated decryption with random keys; this is equivalent to picking random plaintexts from the space of all possible plaintexts with a uniform distribution. This is effective because even though the attacker is equally likely to see any given plaintext, most plaintexts are extremely unlikely to be legitimate i.e. the distribution of legitimate plaintexts is non-uniform. Honey encryption defeats such attacks by first transforming the plaintext into a space such that the distribution of legitimate plaintexts is uniform. Thus an attacker guessing keys will see legitimate-looking plaintexts frequently and random-looking plaintexts infrequently. This makes it difficult to determine when the correct key has been guessed. In effect, honey encryption "[serves] up fake data in response to every incorrect guess of the password or encryption key." The security of honey encryption relies on the fact that the probability of an attacker judging a plaintext to be legitimate can be calculated (by the encrypting party) at the time of encryption. This makes honey encryption difficult to apply in certain applications e.g. where the space of plaintexts is very large or the distribution of plaintexts is unknown. It also means that honey encryption can be vulnerable to brute-force attacks if this probability is miscalculated. For example, it is vulnerable to known-plaintext attacks: if the attacker has a crib that a plaintext must match to be legitimate, they will be able to brute-force even Honey Encrypted data if the encryption did not take the crib into account. == Example == An encrypted credit card number is susceptible to brute-force attacks because not every string of digits is equally likely. The number of digits can range from 13 to 19, though 16 is the most common. Additionally, it must have a valid IIN and the last digit must match the checksum. An attacker can also take into account the popularity of various services: an IIN from MasterCard is probably more likely than an IIN from Diners Club Carte Blanche. Honey encryption can protect against these attacks by first mapping credit card numbers to a larger space where they match their likelihood of legitimacy. Numbers with invalid IINs and checksums are not mapped at all (i.e. have probability 0 of legitimacy). Numbers from large brands like MasterCard and Visa map to large regions of this space, while less popular brands map to smaller regions, etc. An attacker brute-forcing such an encryption scheme would only see legitimate-looking credit card numbers when they brute-force, and the numbers would appear with the frequency the attacker would expect from the real world. == Application == Juels and Ristenpart aim to use honey encryption to protect data stored on password manager services. Juels stated that "password managers are a tasty target for criminals," and worries that "if criminals get a hold of a large collection of encrypted password vaults they could probably unlock many of them without too much trouble." Hristo Bojinov, CEO and founder of Anfacto, noted that "Honey Encryption could help reduce their vulnerability. But he notes that not every type of data will be easy to protect this way. … Not all authentication or encryption system yield themselves to being honeyed."
Menu hack
A menu hack is a non-standard method of ordering food, usually at fast-food or fast casual restaurants, that offers a different result than what is explicitly stated on a menu. Menu hacks may range from a simple alternate flavor to "gaming the system" in order to obtain more food than normal. They are often spread on social media platforms such as TikTok, and are more popular with Generation Z, which has been known to customize their orders more than previous generations. Hacks are sometimes officially added to the menu after their popularity grows. However, in some cases, they have been criticized for overburdening fast food employees with outlandish requests, sparking debate as to whether certain menu hacks are unethical. The list of all possible menu hacks is called a secret menu. == History == The term "menu hack" stems from hacker culture and its tradition of overcoming previously imposed limitations. However, the tradition of ordering from a secret menu dates back to the early days of fast food. "Animal style" fries, a word of mouth menu item ordered from In-N-Out since the 1960s, was rumored to have been created by local surfers. In the Information Age, the rise of social media gave influencers the ability to communicate unique food combinations to their followers, which proved to go viral easily. Design mistakes in food ordering apps also proved to be easily exploitable. In some cases, these hacks boosted the profile of brands on social media, while in others, they caused financial harm when the company was unprepared to handle the sudden influx of unusual orders. One restaurant chain notable for the phenomenon is Chipotle Mexican Grill. A viral hack from Alexis Frost, suggesting a quesadilla with fajita vegetables inside, dipped in Chipotle vinaigrette mixed with sour cream, obtained 1.9 million views on TikTok, overloading the chain's workers, who had to work harder to prepare more vegetables and vinaigrette. Some restaurants began to deny the dish to customers, forcing them to only order meat and cheese on quesadillas. The company ultimately left the dish on the menu, but urged customers to stop ordering it via social media. When it later officially added the Fajita Quesadilla to the menu, digital sales nearly doubled. A method to order nachos, which are not officially on the menu, was also noted by customers. Starbucks is also famous for menu hacks, including the Pink Drink, a "Barbiecore" beverage in which coconut milk replaced the water in the strawberry açaí refresher. After it went viral, the company made it a permanent menu item and distributed it bottled in grocery stores. == Controversy == Menu hacks have been subject to a growing backlash, with employees stating that they "dread" younger customers due to the proliferation of unusual orders. Service industry workers, already overworked and underpaid, have called the rise of menu hacks and their difficulty to make an additional reason to unionize and demand higher wages.
Sharenting
"Sharenting" is a portmanteau of "sharing" and "parenting", describing the practice of parents publicizing a large amount of potentially sensitive content about their children on internet platforms, most notably on social media. While the term was coined as recently as 2010, sharenting has become an international phenomenon with widespread presence in the United States, Spain, France, and the United Kingdom. Proponents of sharenting frame the practice as a natural expression of parental pride in their children and argue that critics take sharenting-related posts out of context. Detractors find that it violates child privacy and hurts a parent–child relationship. Academic research has been conducted over the potential social motivations for sharenting and legal frameworks to balance child privacy with this parental practice. Researchers have conducted several psychological surveys, outlining social media accessibility, parental self-identification with children, and social pressure as potential causes for sharenting. Legal scholars have identified international human rights laws, labor protections, and recent online child privacy statutes as potential legal standards to check sharenting abuses. == History == The origins of the term "sharenting" have been attributed to the Wall Street Journal, where they called it "oversharenting," a portmanteau of "oversharing" and "parenting." Priya Kumar suggests that recording life moments of children rearing is not a new practice: people have been using diaries, scrapbooks and baby log books as the media of documentation for centuries. Scholars assert that sharenting has become popular as a result of social media, which has made many people more comfortable with sharing their lives and those of their children online. The trend of oversharing on social media has raised public attention in the 2010s and become the focus of a number of editorials and academic research projects. It was also added to Times Word of the Day in February 2013 and Collins English Dictionary in 2016 given its influence. == Popularity == Several studies describe sharenting as an international phenomenon with widespread prevalence across households. In the United States, researchers at the University of Michigan C.S. Mott Children's Hospital found that almost 75% of American parents were familiar with someone who over-shared information about their child on social media, and an AVG survey determined that 92% of all American two-year-olds had some presence on the internet. In Australia, Fisher-Price conducted a survey which revealed that 90% of Australian parents admitted to over-sharing. In Spain and Czech Republic, a survey of approximately 1,500 parents found that 70-80% participated in sharenting. In the United Kingdom, France, Germany, and Italy, a Research Now report revealed that almost three-quarters of surveyed parents said that they were "willing to share images of their infants". Some claim that sharenting presents a violation of child privacy, and this backlash includes anti-sharenting sites and apps that block baby pictures. One particular outlet of protest was the blog STFU Parents, founded in 2009 to criticize parental oversharing on social media. Some parents felt that these criticisms of sharenting often took posts out of context and neglected some positive aspects of the practice, including advancing a stronger sense of online community. Others, while acknowledging the potential privacy violations of sharenting, suggested a more tailored approach that would only permit posting under certain conditions, notwithstanding audience and identification restrictions for social media posts. == Motivations == Research has suggested that sharenting is associated with a mix of parent self-identification with children, mothering pressures, and the accessibility of social media. Conducting 17 interviews with mothers in the United Kingdom, a London School of Economics study found that parent bloggers often re-explained their sharing practices in terms of expressing their own personal identity, representing their own child as part of themselves. In particular, the report surveyed the use of blogs as a networking vehicle to connect parents with similar family situations and found that sharenting parents, by filtering self-presentation through their parent-child relationship, adopted a more relational identity on social media websites. This included identifying oneself in terms of parental circumstances, whether it be raising a child with a disability or being a single mother. Alternatively, some have suggested that these online expressions indicate the infiltration of individual pride into the sphere of parenting, as family photography becomes a means to "show off" one's children to the others and strengthens a parent's sense of individuated self. Addressing the prevalence of mothers engaging in sharenting, those who purport this view argue that the rise of digital communication has pressured mothers into performing the role of a "good" parent on social media platforms. They claim that these developments may reinforce a dominant vision of a "normal" family, as sharenting posts could be motivated by the need to converge to a normative interpretation of family. == Controversy == While some people assert that online platforms enable parents to establish a community and seek parenting support, others are concerned about the children's data privacy and their lack of informed consent. Sharing content may not only embarrass children but also creates an initial digital footprint, a history of online activity, that the children themselves have no control over. This might bring some negative consequences, such as being ridiculed at school or leaving a negative impression on future employers. === Parental benefits === Many parents use social media to seek parenting advice and share information about their children. With the convenience of online platforms, parent bloggers can easily connect with other people in similar situations as well as those who are willing to contribute meaningful advice. By forming a community, parents can receive encouragement from empathetic peers and assistance from experts in children rearing. Parents whose children need special educational accommodations or have disabilities often found themselves detached from the mainstream parenting style. Therefore, they regard online blogs as a means to gain support from others and support back. Online blogging enables parents of children with disabilities and special needs to connect with other parents. The advice from similarly situated families can open up new possibilities that help the parents "negotiate the complexities of social services, health care, and schools". However, in some cases, posting online about a parent's struggles can cause a backlash, as advocates may accuse the parent of presenting people with that condition in a bad light, or wonder how the child will feel, if they later read these posts and see how much their parents struggled to care for them. Such advantages of social media are not limited to particular groups of parents. In general, most parents benefit from exchanging parenting experience. Statistically speaking, 72% of parents rate social media useful for emotional connection and affirmations, and 74% of them receive support about parenting from friends on social media. Sharenting also plays a role in fostering interpersonal relationships. As the images and words about children's lives initiate conversations, parents use sharenting to stay connected with distant friends and relatives. In particular, mothers, as a research study reveals, are willing to engage in sharenting since they believe that the positive contents can help avoid digital conflicts and maintain close relations with those in their social circles. Researchers also found that female participants in this study carefully chose photos and phrases to express love and present laudable behaviors of children in their updates, which indicates their intention to convey positive messages. These messages also promote a close social network for a child as the parents invites supportive family members and friends into daily life. === Children's privacy === Given the potential misuse of digital data, people are critical about sharenting, and the majority of parents are cautious about the wrongdoing with online posts. The disclosure of minors' personal information, such as geographic location, name, date of birth, pictures, and the schools they attend, might expose them to illegal practices by recipients with malicious intentions. Sharented information is often abused for "identity theft", when imposters manage to track, stalk, commit fraud against children, or even blackmail the family. According to Barclays, online fraud targeting the young generation will contribute to a loss of £670 million (approximately $790 million) by 2030, and two-thirds of identity fraud will be related to s
Double descent
Double descent in statistics and machine learning is the phenomenon where a model's error rate on the test set initially decreases with the number of parameters, then peaks, then decreases again. This phenomenon has been considered surprising, as it contradicts assumptions about overfitting in classical machine learning. The increase usually occurs near the interpolation threshold, where the number of parameters is the same as the number of training data points (the model is just large enough to fit the training data). Or, more precisely, it is the maximum number of samples on which the model/training procedure achieves approximately on average 0 training error. == History == Early observations of what would later be called double descent in specific models date back to 1989. The term "double descent" was coined by Belkin et. al. in 2019, when the phenomenon gained popularity as a broader concept exhibited by many models. The latter development was prompted by a perceived contradiction between the conventional wisdom that too many parameters in the model result in a significant overfitting error (an extrapolation of the bias–variance tradeoff), and the empirical observations in the 2010s that some modern machine learning techniques tend to perform better with larger models. == Theoretical models == Double descent occurs in linear regression with isotropic Gaussian covariates and isotropic Gaussian noise. A model of double descent at the thermodynamic limit has been analyzed using the replica trick, and the result has been confirmed numerically. A number of works have suggested that double descent can be explained using the concept of effective dimension: While a network may have a large number of parameters, in practice only a subset of those parameters are relevant for generalization performance, as measured by the local Hessian curvature. This explanation is formalized through PAC-Bayes compression-based generalization bounds, which show that less complex models are expected to generalize better under a Solomonoff prior.
Instapoetry
Instapoetry is a style of poetry that emerged after the advent of social media, especially on Instagram. The term has been used to describe poems written specifically for being shared online, most commonly on Instagram, but also other platforms including Twitter, Tumblr, and TikTok. The style usually consists of short, direct lines in aesthetically pleasing fonts that are sometimes accompanied by an image or drawing, often without rhyme schemes or meter, and dealing with commonplace themes. Literary critics, poets, and writers have contended with Instapoetry's focus on brevity and plainness compared to traditional poetry, criticizing it for reproducing rather than subverting normative ideas on social media platforms that favor popularity and accessibility over craft and depth. == History == Instapoetry developed as a result of young, predominantly women, amateur poets sharing their output to expand their readership, who began using social media as their preferred method of distribution rather than traditional publishing methods. The term "Instapoetry" is a portmanteau of the words "Instagram" and "poetry," and was created by other writers trying to define and understand the new extension of "instant poetry" shared via social media, most prominently Instagram. In its most basic form, Instapoetry usually consists of bite-sized verses that consider political and social subjects such as immigration, domestic violence, sexual assault, love, culture, feminism, gun violence, war, racism, LGBTQ rights, and other social justice topics. All of these elements are usually made to fit social media feeds that are easily accessible through applications on smartphones. == Scholarship == Despite the diversity of poetry on Instagram, the Brazilian linguist Bruna Osaki Fazano found that shared "aspects of the compositional form, theme and style" mean that it can be understood as a specific genre. Camilla Holm Soelseth argues that taking on the platform-specific tasks of a social media creator is a prerequisite for being an Instapoet. Writing in Poetics Today, JuEunhae Knox combined quantitative and qualitative analysis to show that Instapoetry is a cohesive genre, in part because "the sheer volume and rapidity of content production in turn encourages posts that are not only visually appealing but also immediately recognizable as Instapoems". Instapoetry has been seen as a practice that serves as a form of self-staging for poets and "[crafts] authenticity". Eirik Vassenden describes the work of Norwegian poet Trygve Skaug as appearing to offer a "simple, almost direct access to the inner self". Vassenden writes that poems such as Rupi Kaur's "if you are not enough for yourself / you will never be enough / for someone else" are "authentic" to such an extent that they are not literary. Kiera Obbard describes how Rupi Kaur uses humour as a rhetorical device in her poetry performances to tell personal stories of trauma and challenge social inequalities. Scholars have also studied the work of specific Instapoets, such as Rupi Kaur, R.M. Drake, Aja Monet, Yrsa Daley-Ward, Nayyirah Waheed, Atticus, Nikita Gill and Trygve Skaug. == Overview == Academics have shown appreciation for the way in which Instapoetry has stimulated interest in poetry in general. Meanwhile, it has been argued that since Instapoets avoid critical evaluations, academics, and the publishing industry, Instapoets qualify more as online celebrities than literary figures. Additionally, although Instapoetry has been characterized as anti-establishment, Alyson Miller noted traditional or even conservative views in the online posts of Instapoets in contrast with the activist views the style is associated with, and that there is a contradiction between "the extra-textual commentary surrounding Instapoetry, particularly by way of interviews and artistic statements, and the content of works which repeatedly reinscribe conservative, patriarchal, and heteronormative worldviews". Thom Young, a poet and high school English teacher, created a parody Instagram page as a way to mock Instapoets and their work, describing it as "fidget-spinner poetry. Like they're just scrolling on their devices, to read something instantly, while the libraries are empty. I think people today don't want to read anything that causes a whole lot of critical thinking." According to Johnathan Ford's piece in the Financial Times, as Instagram's algorithms have limited prospective Instapoets' reach-per-post, it has pushed them to pay to promote their material. Popular Instagram accounts will be promoted to the front of users' feeds, with the app's algorithm, in the view of critics, favoring the spread of bland, inauthentic, or clichéd content while preventing disciplined poetry from reaching new audiences. == Writers described as Instapoets == Rupi Kaur Atticus Amanda Lovelace Tyler Knott Gregson Najwa Zebian Lang Leav Nikita Gill Upile Chisala Tendai M. Shaba Donna Ashworth Trista Mateer