It's incredible to think that there are still people who think Elon Musk is really involved in any positive way in the technology his companies' employees produce.
A nice tidbit from the article, for people who think that Tesla Cybertrucks are actually selling decently well:
> SpaceX spent $131 million on Cybertrucks in 2025, according to SpaceX's IPO filing.
Per their numbers (20k cars sold in 2025) and the list price (70-100k), this means that almost 10% of all Cybertrucks sold by Tesla in 2025 were bought by another Elon Musk company.
Where I live (Orange County, California) they are selling decently well. There’s one parked in every street. I guess when you have a high Asian immigrant population, they ignore the politics and just buy what makes sense for them.
Semi is DoA, FSD has been 1 year away for 10 years now give or take, cybercab is flailing, cybertruck same, and China is eating everyone's lunch on lithium cells.
Why do you think "Semi is DoA"? The current offering for heavy haul electric trucks is tiny (very few competitors), but the addressable market is huge. I think there is a good chance we will be surprised by its success. Even if you dislike the wild hype around Elon Musk (I don't care for it), it is hard to disagree that he has built an incredible EV company. The products they produce are excellent (minus the Cybertruck, too early to say for Cybercab), both from a hardware and software perspective. I think they can do the same for heavy haul electric trucks. The economics of diesel vs electric for heavy haul trucks is a no-brainer. Diesel is much more expensive per kilometer compared to electricity. And maintenance is much cheaper for electric vehicles.
Before finishing this reply, I checked for recent news about the Tesla Semi. I learned that they have a new separate factory (1.7m sq feet!) that has started production and has capacity to produce 50,000 Semis annually. It is next door to the original Gigafactory.
They started producing and selling the Semi in 2022 (after its unveiling in 2017, when they started taking pre-orders) and from everything I've dug up with a bit of Googling it seems they have shipped fewer than 200 trucks by 2025.
We'll see if this new 50k per year factory will actually have customers to ship to, but I wouldn't hold my breath given the current track record.
> The economics of diesel vs electric for heavy haul trucks is a no-brainer. Diesel is much more expensive per kilometer compared to electricity.
The economics you need to look at are dollars/hour/kg delivered. If the battery is too heavy or the charge time too long, the economics turn out much worse. We'll see once real world experiences start being published what it actually does.
No, the early units from 2022 were essentially beta testing for both Tesla and their early customers (Pepsi, etc.). Wiki says: https://en.wikipedia.org/wiki/Tesla_Semi
> Volume production of the Semi started on April 29, 2026.
Note volume in that statement.
You wrote: "If the battery is too heavy". The 2026 version of Tesla Semi is 450kg lighter than 2022 model because they switched the internal voltage from 12W to 48W, which reduces required wire gauges.
You wrote: "The economics you need to look at are dollars/hour/kg delivered." The original idea for a heavy haul electric truck came from within Tesla. Senior execs wanted to know how they could reduce transport costs for parts manufactured in Fremont, Calif to the Gigafactory in Reno, Nevada. They were using heavy haul diesel trucks to move these parts.
> the charge time too long
PepsiCo has been driving Tesla Semis since 2022. They have multiple "megachargers" installed on both ends (factory and various warehouses). Google tells me: "allowing the trucks to recharge to roughly 70-80% capacity in about 30 to 45 minutes." That is plenty fast for a truck that needs to load/unload. Tesla recently released a video of a 1.2MW charge session. See: https://x.com/tesla_semi/status/2006431772360474841
Everything that has actually happened so far with the Semi is that it didn't work as advertised and was deeply unpopular. As ever, the future that Tesla paints is extremely rosy, and suggests we should disregard what has happened so far. There is nothing whatsoever to indicate that Semi will actually work to the extent advertised and actually be desired by anyone - especially in the current anti-green climate in the USA, with no subsidies for electrification of the kind Pepsi used to buy the tiny pilot program.
Note that they never announced that the original run of the Semi would be just tiny. When they unveiled it in 2022, they explicitly said that this was the production version, as opposed to the 2017 concept. They even had a few more (still small 100-200 count) contracts where they kept delaying because they couldn't deliver enough - again suggesting that they were having problems, not intentionally running a pilot program.
> Everything that has actually happened so far with the Semi is that it didn't work as advertised and was deeply unpopular.
I hate asking this question: "Sources?" If this was true, why does PepsiCo/Frito Lay continue to use Tesla Semi heavy haul electic trucks?
> no subsidies for electrification
This is factually incorrect. California has a massive subsidy programme for electric trucks -- as I understand, the highest/largest for any state in the United States.
They are operating 100 trucks that they bought with subsidy money - out of probably 10k trucks or more that they use in the USA. I'm not claiming the Semi is completely non-functional, it's obviously a real working vehicle. But this doesn't prove in any way that the Semi is actually as cheap and reliable as it was advertised as - if it were, why didn't Pepsi order far, far more?
We're certainly not as far along with the electrification of heavy duty trucks as we are with light duty cars, but the Semi seems fairly popular where it's suitable.
> but the Semi seems fairly popular where it's suitable.
What are you basing this on? Again, they have sold 200 trucks in 4 years. There are some hundreds of thousands of trucks being used in the USA alone. Tesla themselves are claiming they are going to produce (and presumably try to sell) 50k trucks per year. So, by any possible measure so far, Semi has basically 0 adoption. Maybe this is strictly based on production issues and there is huge un serviced demand - I admit this is a possibility, theoretically. But I don't see any reason to actually believe it, and certainly neither the current sales, nor the link you provided, in any way show that this demand will materialize. We'll see soon enough, I guess.
They might might fail, but I wouldn't bet on it. Also cybercab isn't out yet, so any discussion is premature at best.
Cybertruck has been disappointing, but I think a big part of that is cost. They started in house dry 4680 cell/pack production a couple months ago, so we'll see how that goes over the next few years.
Even with China subsidizing cell production and being dominant in the world market, Tesla is still at 150gwh/year compared to 200gwh/year from BYD.
The big question is how the dry cell 4680 packs will perform and how well they can scale production if performance is adequate.
FSD is always a year away, but that's generally OK as long as it keeps improving and there isn't a comparable product in their cost bracket. If someone leapfrogs them, they're done. If not, they might be able to roll everything up all the way through Optimus.
Note that this is highly location dependent. In most of Europe, credit cards are basically all that exists (that is, even "debit cards" are just credit cards with a balance); and regardless of the type of card, because all payments are either chip & pin, biometric based, or verified with some additional 2FA, it's extremely hard to dispute a charge, whether a charge to a credit or debit card.
There's also "contactless" credit card payments in the UK and are common for buying things in shops/pubs etc. I don't know what the situation would be if you were to dispute an incorrect contactless charge.
Those are common in all of Europe, and they are still based on either biometrics (if using your phone) or the card's chip. They do typically include a transaction value and count limit below which the biometrics or pin don't actually get checked, for ease of use. But, given that this limit is controlled by the user, I expect that the contract terms also prevent you from disputing transactions below those limits - though I haven't read carefully enough to be sure.
I don't think I can control the contactless limit on any of my cards (I'm in the UK). Occasionally, the contactless device will prompt to enter a pin, but it happens fairly rarely (probably more common if the payment is at a new location).
I also haven't examined the various contracts, but I'd be surprised if there was no option to dispute transactions below a certain limit as that could be exploited by banks or thieves (but I repeat myself) or shops. An unscrupulous shop could double up transactions or change the amount paid and customers would not be happy if the bank turned round and said "it's below the £50 limit, so we don't care". The bank is more likely to push the problem onto the retailer and simply refund the customer and charge the retailer.
Personally, I don't like contactless due to the change of responsibility between the customer and bank and prefer to use PINs. As far as I know, I can't get just a PIN card as they all have contactless enabled.
Science and math are not the same thing, though. The concern is that physics, a science, has been sliding too much into math research - specifically talking about the foundations of particle physics.
That is, the concern is that instead of studying the real world, theoretical physicists are spending more and more time studying mathematical constructs and their properties.
Color charge and the strange and charm quarks are not post-quantum theoretical physics, are they?
There's also other areas where a current of picking simple names instead of greek/latin terms was popular for a while at least - Shannon named the smallest unit of information a "bit" after all.
Why do you believe this? Do you believe cats and other animals have no consciousness, so every behavior they exhibit is just instinct? Or do you believe they have some conscious behaviors, but killing birds is not one of them, this thing in particular is just an instinct?
For the first position, I think it is quite clear to anyone who studies and spends time with animals that they have something that is at least of the same kind as our consciousness. I just don't see how you can ascribe the wide gamut of complex, situatuonally and mood appropriate but still varied behaviors of animals to being purely instinct driven.
For the second position, I would like to see some study or some rationale behind it - especially since cats don't kill every bird they encounter, so if it's an instinct, it must still have some trigger, and hunger is not a viable explanation for most of the killings referenced here.
I wasn't arguing for whether cats have consciousness, and I agree that they do, to some extent. (We just lost a 23 1/2 year old cat who had lots of personality.) But killing birds or mice is one of their instincts. One of the triggers is nearness. Young cats will watch a bird through the window with their tail twitching, and the closer the bird is the more excited the cat gets. If they could get through the glass I'm pretty sure they'd go after it. Older cats (my old cat in particular) watched, but either they understand what glass is, or they're too tired to do much about it.
Animals generally have no qualms at all about killing or even just mutilating other animals. It often happens almost by accident - two animals might be playing together, one gets spooked, and it instinctively attacks and perhaps even kills the other one - this is commonly seen with people who befriend large predators, such as tigers in the infamous Siegfried and Roy tragedy, but it also happens a lot wherever animals interact with each other.
Specifically in regards to your ant example, anteaters and bears often bring similar levels of destruction to ant nests. And cats and other small predators often hunt just for the fun of it, killing but not eating their prey.
On the more purely painful evil side, invertebrates often consume their prey alive, inflicting agonizing deaths with no issues on whatever they may be eating. Plenty of vertebrates kill and consume their babies, especially when frightened. They also often abandon old and weak members of their packs, leaving them to die of hunger or cold or similar deaths.
This is not meant as some indictment of the animal kingdom - people do all of this too, of course; and have since time immemorial. It's just to show that, if we apply human moral standards to the animal kingdom, it's fair to call them violent, and yes, even much more violent than the average modern human.
Humans have enough cognitive ability to stop themselves from killing for fun (so when they don't, we deal with them using human invented laws), while anteaters eat ants for nutrition.
Animals in general cannot reason at a high enough level to avoid instinctual behavior.
> if we apply human moral standards to the animal kingdom
Which we should not, since human moral standards are for humans. Animals can at best behave in a way that suits us.
Or in summary, since we can be nicer, we should. Animals can't, so making excuses for human evil saying "animals are more violent" is a non starter IMHO (no one is making excuses for humans here , AFAIK).
Of course we can define violence in a way that does not include morals, which would make my argument "defending animals" void. But my (probably not the most benign) interpretation was that the definition of violence used was one that included some sort of morality, as if animals could do better.
> The chimp warfare described by this study, and previously by famed primatologist Jane Goodall, includes all the behaviors that we as humans consider to be the very worst: killing, torture, cannibalism, rape, and perhaps even genocide. The adult males of a social group, which usually number about 30 to 50 in size, daily patrol the edge of their group's territory. They will often kill any male or young chimpanzees they find, sometimes eating or physically brutalizing their victims in a manner that some researchers liken to torture. In some instances, one group will "invade" and annex the territory of another, killing all but the adult females, who are forced to incorporate into the dominant group. The idea of chimp genocide may sound strange, but they are one of only three animals that has been observed wiping out entire social groups. The other two are wolves and humans.
Funny, I knew about the chimp wars but totally forgot until you mentioned it. Seems like I was biased in favour of all animals, lol.
I'll search for Goodall's literature to know more. It does sound to me that cognition and self awareness is a continuous function in the sense that there is no discrete threshold in which morals emerge.
Wolves are a very interesting example too, but I also remember something about the concept of "alpha" being discovered only in captivity wolf packs. Also need more reading.
Considering chimps and humans share - depending on source, 95-99% of DNA, I'd be much more willing to consider them closer to humans than animals. In fact, there are - biologist - voices who argue that they should be moved to the homo genus.
>Animals generally have no qualms at all about killing or even just mutilating other animals.
Humans generally don't either. Individuals do, but as a species humans regularly kill other humans.
>invertebrates often consume their prey alive
And humans use the oh so humane factory farms.
>cats and other small predators often hunt just for the fun of it, killing but not eating their prey.
>On the more purely painful evil side, invertebrates often consume their prey alive, inflicting agonizing deaths with no issues on whatever they may be eating.
Sharks are caught en mass, the fins cut off, and the sharks dumped back into the ocean to slowly die, for shark fin soup.
Have you heard of trophy hunting? Have you seen the pictures of mountains of bison sculls for the American West?
>Plenty of vertebrates kill and consume their babies, especially when frightened.
Even in our modern "1st world" society, scared teens still abandon newborns in dumpsters. Many societies throughout history did not consider babies "real people" until a certain age because they may need to abandon them if resources were particularly scarce.
>They also often abandon old and weak members of their packs, leaving them to die of hunger or cold or similar deaths.
Maybe you should read stories of cities under siege, famines, wars, governmental collapse, etc. Humans now live nice comfy lives most of the time, unlike animals “in the wild”. Human societies that lived closer to the edge of survival made callous choices about life or death you are spared from.
I agree that humanity is guilty of all of these, and has done all of them at a much larger scale. I think I was pretty explicit about this in my comment as well.
My point was that we call humans who do this "violent" and even "evil". If we want to avoid considering humanity as special compared to the rest of the animal kingdom, as some in the thread were suggesting, then we have to either admit that animals are also violent and evil, or say that humans aren't. Note that I don't hold this view, personally, and think that humans are unique among currently living animals, and that these labels only make sense to be applied to humans. But not because of behavior, simply because humans have a unique level of both understanding and control over their actions - as proven by the many billions of humans who have never in their lives killed a human or even another bird or mammal.
It's because removing a monster with 20 fields from an SoA structure means resizing 20 arrays. Removing the same monster from an AoS array involves resizing a single array, which you're going to process in a very cache friendly way.
I'm not sure why anybody would at the same time be implementing SoA AND resizing 20 arrays for a single delete, those things seem to be on either ends of the "I care about performance" spectrum.
The point is that a simple SoA implementation requires this - each field in the monster struct is an item in 20 different arrays. So, removing one monster means removing that item from those 20 arrays.
Now, as others have suggested, you can have a more complex implementation, where instead of removing the monster's fields from those arrays, you just mark them as "dead" or whatever and then skip them when consuming the relevant arrays, with some relatively small extra bookkeeping overhead. Of course, this comes with its own drawbacks, especially if the number of monsters is very dynamic and you are memory constrained.
The point is not to say that SoA is never good for performance, it obviously and certainly is, probably even in most cases. It's just not always best for performance, this was all.
> So, removing one monster means removing that item from those 20 arrays.
Removing from an array is not the same as resizing, which is what I commented on. Resizing is a very deliberate, bad, choice.
If you need to support deletes, you can do this without resizing an array. Either by tracking object lifetimes and inserting tombstones, or by swapping to fill in deleted objects. Both of them retain good performance characteristics. Both of them are easy.
This is not "simple vs complex" this is "I misunderstand vs understand SoA"
Sure, but these schemes might have their own drawbacks depending on the exact use case - especially if you have a very dynamic number of monsters and constantly add and remove them (say, some kind of bullet hell style game).
Two fields should be fine, actually.
The way caches are organized you are very unlikely to thrash with the lookups (due to n-way associativity) while only keeping relevant data in the cache at the same time.
You still have roughly the following layout (in the cache), where A is the field and V is valid:
The former access pattern still yields a clean cache layout where no unnecessary data is loaded (which is the most costly operation here by far) as opposed to
| A1 V1 B1 C1 | ... | A2 V2 B2 C2 | ...
In the general case there will exist a number of fields for which SOA layout will be worse if all are accessed close to each other, but for just a validity indicator this should not be the case. I think your statement is not wrong, but also not 100% correct.
This is on par to linear search being faster than binary search for small n. As soon as caches and branch prediction chime in many rules of thumb just change. Most importantly, however, is that a distinction between small and large n basically _needs_ to happen at that point.
By this standard, there is no current encryption method (except for pre-shared one time pads when used correctly) that is known to be unbreakable. For example, it is not proven that prime factoring can't be done much more efficiently on a classical computer - for all we know, it's possible that tomorrow someone will come up with a novel algorithm that can break RSA in just a small number of operations. Same is true for elyptic curves - we don't have any mathematical proof that it's impossible for a much better algorithm than the currently known ones is possible.
However, just like for RSA we know that the problem of efficient integer factoring has been worked on for a long time with no progress, the same is true for quantum computing. We have been trying to figure out quantum algorithms for a great number of problems that are hard for classical computers for a long time now, and we haven't been able to, except for the ones that we have. Mathematicians have also developed certain intuitions for which problems have characteristics that make them potentially easier to solve on a QC and which don't.
In general, just like with P=NP?, we haven't proven yet if BQP, roughly the class of problems which have efficient QC versions, is equal or not to P, the class of problems that can be efficiently solved on a classical computer; and we also don't know if BQP=NP.
So yes, there is at least a theoretical possibility that the problems used for creating post-quantum encryption will turn out to be in BQP, will turn out to have an efficient quantum algorithm that solves them. But that would come from mathematical research, it is entirely unrelated to creating and tinkering with actual quantum computers. The math of quantum algorithms is currently far ahead of the engineering and physics on building the actual computers.
Has there been "no progress" on classical prime factorization? What about the AKS primality test, a polynomial-time algorithm to test the primality of a number, published in 2002? (This is not my field of expertise; I'm genuinely curious if there's a good reason to discount this as progress towards efficient prime factorization)
Primality testing was essentially solved in the 70s with Miller-Rabin. AKS made that (randomized) algorithm deterministic, albeit at much higher (polynomial) running-time.
For your overall question, the current record-holders for integer factorization wrote a paper on this a few years ago that is probably a good reference
1. theoretically there's been no progress on factoring in ~30 years
2. practically, there have been both improved hardware + efficient implementations driving the progress. They estimate that current nation-states can (classically) break RSA-1024. The cost would be approximately 500,000 core-years of computation. At current cloud prices this is doable on aws for < $1B.
3. attacks against factoring use a technique ("index calculus") that can also be used to attack finite-field discrete logarithm. There were significant advances on that problem in the 2010s (at least for certain parameters, namely the "small characteristic" setting). An easy way to communicate this is that the RSA factoring record is ~830 bits, while the binary-field discrete logarithm record is > 30,000 bits. These significant advances have not been able to be ported over to factoring, nor have they been ported over to medium/large-characteristic discrete logarithm. It is a (very upsettingly) large open question of whether similar-magnitude improvements are possible more generally for index calculus algorithms.
> Has there been "no progress" on classical prime factorization?
Not recently. The primality tests don't really help all that much. We already had polynomial tests that are really fast since the 70-s.
Think about this idea: the output of the counting function for the number of primes ("Euler's totient function") lies almost on the logarithmic curve, and we can compute logarithms quickly to any precision. So we can easily find the general area of the curve that should contain the current prime. And then we can quickly test if the given number is in fact the prime number within it.
This is probabilistic because the prime distribution is not _strictly_ logarithmic. We can imagine that by computing a logarithm we might end up in the next "bucket" and check for the wrong prime.
The fascinating part is that zeroes of the Riemann zeta function encode these corrections on top of the logarithmic curve. If the Riemann hypothesis is correct, then these corrections are _bounded_ and we simply can not end up in a different "bucket" by accident.
It's not particularly related. We have efficient quantum algorithms for RSA and discrete logarithms. Both are solved by viewing them as instances of the "hidden subgroup problem" over an abelian group.
Some well-known other problems are also HSP instances over non-abelian groups, for example
1. the learning with errors assumption (the main PQ thing people like) is a HSP instance over the dihedral group, and
2. graph-isomorphism is a HSP instance over the symmetric group.
LWE appears to be quite hard classically (SOTA attacks are 2^{~0.3n} time and exponential memory). Graph isomorphism is a famously easy problem outside of P, namely it is in quasi-polynomial time. So the fact that both are not in BQP doesn't say much about their relative classical difficulty.
This is precisely the uncertainty that the commenter above was referring to when they mentioned complexity classes like BQP. We don't necessarily know the precise relationship between quantum complexity classes and their classical counterparts.
There is more certainty about the resilience of lattice cryptography to classical attack than there was about Curve25519's resilience when it was introduced. Lattice schemes weren't invented as PQC schemes; they were invented as faster classical schemes. In the 1990s, there was a live debate about whether lattices might be the successor to RSA, not curves.
With the caveat (for other commenters) that "lattices" means several things that were not viewed with a unified lens in the 90s and 2000s, the main lattice scheme of interest now (LWE) actually was introduced in a quite literal sense as a PQC scheme.
In the early 2000s, Oded Regev was looking into quantum computing algorithms for various worst-case lattice problems. He was able to create an efficient quantum algorithm for a particular one (SIVP_\gamma), if he could only obtain an efficient quantum algorithm for a certain novel/simple problem (the learning with errors problem). He was unable to do this, so instead framed his result as a reduction from SIVP_\gamma to LWE, and additionally showed how one can build cryptography from LWE. This is essentially the contents of his 2005 LWE paper, for which he later got the Godel prize.
So in a quite literal sense, LWE is the byproduct of a failed search for a quantum algorithm for SIVP_\gamma, and was therefore "post-quantum from the start". Regev mentions this as his initial motivation for looking into LWE on page 4 of his LWE survey
I didn't say Kyber/MLKEM or even LWE was a contender vs. curves in the 1990s; that wouldn't have made sense. I said lattice cryptography. As I understand it, our formal understanding of LWE is actually better than that of the original NTRU problem.
I liken this to the original Certicom proposals from the 1990s versus Curve25519. There's a diversity of curve approaches (binary field Koblitz vs prime-field curves, etc; things were wackier in the early aughts too) just as there is a diversity of implementation strategies for lattice KEMs.
The notion I'm hostile to is the one that poses lattices as moon math.
Yes I know. That was what my initial paragraph was about.
And yes, our formal understanding of LWE is much better than the original NTRU problem. NTRU itself
1. admits non-trivial attacks if the ciphertext modulus is too large, as well as
2. had a signature algorithm (NTRU-sign) that was completely broken.
Lattice-based signatures were actually a relatively thorny thing to develop. The first non-broken lattice-based signature was proposed in 2009 iirc. I think this was after Gentry developed fully homomorphic encryption (though his initial scheme is now broken as well). Even in modern treatments, it's a fair statement to say that constructing a secure lattice-based signature is of similar complexity to constructing a secure fully homomorphic encryption scheme (although there are some relatively-simple ones these days).
You can make stronger statements about our understanding of LWE though. I would say that it is relatively uncontentious to state that LWE and elliptic-curve DLOG are the two problems we understand the best theoretically in public-key cryptography, and it is not particularly close. The only remote contenders would be
1. finite-field DH, though arguably our understanding of this is still not great (are CDH and DDH equivalent? well sort of, but the details become quite messy).
2. RSA. There are still many basic questions about it that are wide-open, namely is it equivalent to factoring? There are other questions that are unknown as well, for example how hard it is to attack. "Everyone knows" that you just use GNFS, with L[1/3, c] complexity. But other index calculus attacks were improved to L[1/4, c] complexity in the 2010s. Can those attacks extend to factoring? Things get even worse when you consider the veritable zoo of attacks on RSA when you get a small detail wrong (Coppersmith-style attacks in the presence of some leaked key bits, improved attacks depending on what particular RSA exponents you've chosen, etc).
I think you could even go farther and say that we understand LWE better than elliptic curve DLOG. This would of course be contentious, but is meant to communicate just how good of a (theoretical) understanding we have of the LWE problem.
Of course, the main point in EC DLOG's favor is that, when correctly parameterized (which is a thorny point itself, but mostly fine these days), there are the generic group lower bounds (2^n time, poly space), and attacks have never beaten them. While for LWE attacks have always been of the form (exp time, exp space) (or 2^{n\log n} time, poly space), but the exponent in the "exp"'s doesn't have as clean of a conjectured lower bound, and has been reduced some over time.
(1) Cards on the table I don't pay attention to PQ signatures.
(2) I'm mostly just saying that LWE schemes and 90s NTRU are pretty closely related, more closely related than RSA and FFDH were (but less closely related than a binary Koblitz curve is to 25519).
They are, my point is that this only became obvious later. The initial NTRU preprint frames it as a scheme based on modular polynomial arithmetic, rather than anything related to lattices. At the end of section 4 they even explicitly describe it as a “ring based cryptosystem” (contrasted with “group based cryptosystems”). As you say, now we would call it a lattice-based cryptosystem (over an algebraically structured lattice).
> except for pre-shared one time pads when used correctly
The relevant property here is known as "information-theoretic security", and I'm not sure if one-time pads are the only way to achieve it, e.g. Shamir's secret sharing also has this property (although the use case is slightly different): https://en.wikipedia.org/wiki/Information-theoretic_security
I would say that SSS is a generalization of OTP, but OTP in practice is so dramatically and unbelievably simpler than SSS that it's not practically useful to consider it as "just" a special-case of SSS. Which is to say, if you were implementing OTP, you would not just implement SSS and then set the right parameters; you would use an entirely distinct implementation.
you can sort-of view it that way, but it's not particularly useful. There are settings where you can view (steps of) a cryptographic algorithm as applying a one-time pad with a pseudorandom pad (say counter-mode encryption for the most obvious example, though it appears elsewhere as well).
Alternatively, shamir's secret sharing can be extended to threshold settings pretty easily. So you can write a generalized scheme where you only recover things when "enough people" (but perhaps not everyone) tries to reconstruct. This generalized scheme doesn't look particularly like the one-time pad.
So they end up coinciding in the 2-party case over F2 but it seems to be mostly a coincidence.
reply