Posts by Sitaram Chamarty

Re: Screwed the pooch and knows it

@POTUS is still active. It's a *personal* account that has been deleted.

Re: I might be stupid but...

yes, I also thought the same (offline brute force).

However, it can *potentially* eliminate phishing -- but only with browser support I guess. It could even prevent "active MITM" -- the type of phishing that snarfs OTP codes also, from working

I'll have to refresh my memory / understanding of PAKE but if it has an internal Diffie-Hellman type component triggered by the actual password, then the man in the middle cannot learn the session key.

But all this requires browser support. Without browser support -- meaning the password entry window clearly looks different -- the user would have no way to differentiate a phishing site from the normal one.

Re: Pull request denied

unlikely; or at least I have given up hope.

Ironically, considering the title of this article, he actually once said "people who are easily offended, should be offended".

Re: "It solves a problem that people have."

Damn; best comment I've seen about this in the whole thread (and many of the others were pretty good too, so that makes this even better!)

Re: "may be" uploaded on to an NIC server

With a government agency, "monetise" is not the main worry. It's "discriminate", "victimise", "marginalise", and several other things.

And I don't mean just "Big Brother ((C) George Orwell) Modi". I mean any government anywhere in the world, really, because that's what our world is looking like more and more.

That said, I agree with Raj in what he said about the NIC. Not sure about the other part though... sounds plausible, but then the google+apple API expressly prohibits it. What do they do that we are missing?

I've upvoted your post, because I agree with you. Mostly.

In reality though, not everyone who has "Phone Pe", "Google Pay", and similar payment apps have *internally* enabled the UPI interface, so I have several times found that what I have (the BHIM app, from NPCL -- National Payments Corp Ltd I think) does not help me pay certain merchants, and I had to resort to cash.

(I've always been a "cash" guy, always wary of digital surveillance, but my "cash preferred, Big Brother Modi stop watching what I am buying" attitude has taken a hit due to Covid-19)

Re: Good grief.

when they start saying "circle back" it's time to cut something off. Not saying what or whose...

Why so many downvotes?

I don't understand why your post was downvoted so many times. I was going to write pretty much what you wrote, albeit in different words.

Whether Perens was wrong or right would depend on the actual contract. After all, since payment is involved, there has to be *some* contract above and beyond the GPL (i.e., the GPL cannot be the only contract involved). As long as that contract does not impose restrictions on the software that the client *already has*, GPL is not violated anyway.

And whether Perens was right or wrong, it was clearly an *opinion*. OSS were foolish to take it to court, and got rightfully smacked down.

Re: Really?

that's one at a time. Seeing them all, with sizes listed, sorted descending by size, and navigable, is amazing.

Pretty much what ncdu, qdirstat (GUI) or similar tools do, of course, but Windows Explorer does NOT have that natively.

Re: Meanwhile on reddit

Over on reddit and/or twitter, there appeared to be several people who said the same thing.

Re: rebase is important and useful

If you haven't pushed it to anyone yet, rebasing to fix minor issues is perfectly fine. There's no earthly reason not to clean up a commit series before pushing it to the world. In fact, a clean commit series helps the other guys understand what you did better (e.g., rather than seeing commit 9 with something that puzzles them, not realising that commit 13 has a 1-word change that resolves that puzzle with a "doh!", they see commit 9 all correct and proper, say "good", and move on to commit 10).

Rebasing something that's already pushed is, of course, very bad. But that's no reason to ban rebase completely, which -- even if this particular articles does not indicate, this "Hipp" person definitely implements in his "fossil" product.

Re: Old school vs new school

You don't even need a code review system to block history-editing pushes on the server.

Just type in, one-time (on the server repo): git config receive.denyNonFastForwards true

Add "--global" if you want it to be true for all repositories on the server.

Done

Re: One specific thing put me off Dropbox

I never used dropbox, but after they brought her on board I stopped even the occasional accepting dropbox link from people wanting to share something.

Re: FWIW

There seems to be a slight confusion here between sudo and being at the console.

The Xorg bug discussed here requires you to be logged in AT the console. On my not-yet-updated-for-this-bug Fedora system, there is a pam configuration line (specifically, `auth required pam_console.so` in /etc/pam.d/xserver) that appears to be ensuring that you cannot run an X server unless you have control of one actual console (that's one of those things you get when you hit Ctrl-Alt-F2/F3 etc).

This has absolutely nothing to do with sudo.

(You actually can run this over ssh also, but only if you are *also* logged in at the console, so it comes to the same thing)

If you're on a typical single user system that is running only the GUI and you rarely go to one of the actual ttys for any reason -- probably the only way to affect you is if someone who knows *some* userid and password to your box, *and* has physical access, were to do that Ctrl-Alt-F2 thing, login, and then run this command.

Servers, mostly running headless, likewise -- you'd have to get into the server room, attach a keyboard and mouse, and do this.

All in all, a very big bug, but not terribly scary for most people.

Re: Indentation-significant syntax

Totally. I can read python but I can never *write* it. Trauma from RPG/400 back in the 90s I guess.

Re: good lord; is this not a techie site?

> Some new crypto system outside the cryptographic mainstream is not what you want to count on for security

It's the bloody cryptographic mainstream that got us the Dual EC-DRBG backdoor and God knows how many more things like that. While I still have a lot of respect for NIST, stepping away and looking at independent cryptographers like Dan Bernstein is definitely a good idea.

In any case, Dan's stuff is no longer an outsider -- almost every crypto suite worth its salt (no pun intended) is implementing it. They're not doing it because they're fanboys either; there are solid reasons -- openness (often called "nothing up my sleeve" in crypto), implementation ease, side-channel resistance, etc.

Re: It's actually used a lot

> Last time I saw, over 130 million users are on Notes/Domino.

Not by choice.

Don't forget Notes client is the only mail client that acquired "sort by subject line" in... wait for it... 2006.

Yes, 2006.

Eudora and Pegasus had it in pretty much from day one, if I am not mistaken.

Ever tried to view all headers in an email in Notes? A *tiny* window pops up and you can't expand it. You have to look for the headers you're interested in, within what -- if I recall -- is a 20x8 text window.

I've never used Outlook, but compared to Thunderbird (speaking only of the client UI and UX), there is NO comparison.

Re: Fundamentals sound, hype is bollocks

a blockchain is a bit more than a linked list; it's a linked list with a cryptographic hash that makes it difficult to modify old blocks.

of course, version control systems like git (and even git got the idea from monotone, and maybe it's turtles all the way), have been doing this for years before "bitcoin", so I am in no way claiming that difference is new with blockchain!

Re: the survey only listed Disney as a viable acquirer. How about AOL?

"until the internet stays open and alive"?

don't you mean "while"?

Are you sure you're a developer? :-)

Re: A small increment on the Luhn formula of 1954

You're confusing blockchain with proof of work.

Bitcoin == blockchain PLUS proof of work, but you can have blockchains which don't use proof of work as a consensus mechanism.

You must be a prof in a university somewhere -- that's all they care about, permissionless blockchains and crypto currency. After all, wilful ignorance of scaling limitations (to use a phrase from one of the previous comments) gives you more opportunities to publish.