* Posts by Tomato42

563 posts • joined 31 May 2011

Page:

Hackers uncork experimental Linux-targeting malware

Tomato42
Bronze badge
Facepalm

Default passwords

> Shishiga relies on the use of weak, default credentials in its attempts to plant itself on insecure systems through a bruteforcing attack

It's truly pathetic that this is still a problem.

2
0

US border cops must get warrants to search citizens' gadgets – draft bipartisan law emerges

Tomato42
Bronze badge
Meh

Re: 14th amendment

so, basically, they are refusing fundamental human rights on a technicality. Land of The Free™ my ass

5
0

USA can afford golf for Trump. Can't afford .com for FBI infosec service

Tomato42
Bronze badge
Facepalm

This whole administration is irony and hypocrisy personified.

12
1

SVN commit this: Subversion to fix file renaming after 15 years

Tomato42
Bronze badge
Meh

Re: Just to show some appreciation for SVN

> 1) Monotonically increasing revision numbers

instead of constant handle that remains unchanged no matter which branches it is merged into? I'll take the latter. (Like one customer never wanted one feature, but one feature only that the other customer got, or one fix in this old release, and one fix only...)

and while I do appreciate the usefulness of revision-for-version-number, revision-as-quick-and-easy-identifier doesn't work too well for 4 or 5 digit revision count...

> 2) I don't have to check out EVERYTHING that ever was, just the current state (this saves time, I've seen some big repos and small files can add up!)

git clone --depth 1

> 3) Nothing is special, trunk/tags/branches are just directories like any other <---x2

no branch is special in git either, "master" is just a convention, "HEAD" is an implementation detail

> 4) svn:merge-info makes sense, merging follows like a simple "calculus of diffs"

funny you said that, because when I had to use svn, I usually used git to merge branches, unlike with svn, it was automatic in majority of cases...

not to mention working with patchsets, something basically impossible using svn only...

> 5) properties in general (like svn:ignore) but I imagine git has these (but I have seen a lot of .gitignore and stuff)

.gitignore and svn:ignore has exactly the same usage, I don't know what you mean as it not being there....

> 6) svn praise/blame (and some third one) - this is git bisect?

git blame does exactly the same thing svn blame does, svn-bisect is an external script...

> 7) svn:externals

git submodules

> 8) svn revert

git reset --hard

> 2) There's an annoying merge-trunk-into-branch-after-reintegrating-that-branch-into-trunk (that is "record only" step to stop conflicts in the future when you try to merge the trunk in later

while in the git world, you can merge multiple branches that touch the same files at the same time so that you don't have merge conflicts caused by previous merge (git merge-octopus)

3
3
Tomato42
Bronze badge
Meh

Re: SVN will never beat GIT

> 4. one should be able to mark certain branches that never should have mutliple heads. (fixes and other stability branches)

or how about treating the developers as the adults they are and explaining to them that "it's not how we do things in here"? And in general, documenting your workflows?

2
0

Force employees to take DNA tests for bosses? We've got a new law to make that happen, beam House Republicans

Tomato42
Bronze badge
Meh

Re: Unicornpiss @GATTACA

@Matt Bryant: so that's how a sociopath thinks

your kid has a genetic defect? sorry, can't have an abortion

he's unemployable because he has a genetic defect and will be a constant drain on parent's resources? sucks to be you

seriously, look up empathy

26
0
Tomato42
Bronze badge
Paris Hilton

Re: @Someone Else

@s2bu: everybody lies. There is no person on earth that didn't lie even once. Even infants feign crying

to get attention or food.

The difference is in the amount and the motives for the lies.

Republicans lie much more and they lie just to get more corporate kickbacks *ekhm* I mean, "campaign contributions". I mean, just look at the whole Global Warming thing, the new EPA chief doesn't even accept that CO2 forces heating. And the whole party line is not far from it.

Paris Hilton as she has more appreciation for basic facts than the whole (R) party combined.

7
4
Tomato42
Bronze badge
Facepalm

Re: @GATTACA

@Trigonoceps occipitalis. I suggest you look up the following terms: "empathy", "humane" and "golden rule".

Just because somebody is sick doesn't mean that he cannot have overall positive impact on the society. Also, we're talking about helping fellow humans!

16
0

Official: America auto-scanned visitors' social media profiles. Also: It didn't work properly

Tomato42
Bronze badge
Trollface

> On the other hand, never underestimate the power of stupid.

well, DHS did spend good few million to learn that they don't...

11
0

Germany, France lobby hard for terror-busting encryption backdoors – Europe seems to agree

Tomato42
Bronze badge
Meh

Re: openpgp

"if it saves one life ..."

oh, so they will finally do something about the drunk driving that kills over 50 people a day, every day, across the EU?

3
0
Tomato42
Bronze badge

Re: "accusing a democratically elected politician of being 'the death of democracy'."

@Charles 9: exactly, or even simpler, paralyse the constitutional court (or put your lackeys in it) and everything the Great Leader does is suddenly either unknown to be unconstitutional or becomes constitutional by the fact that it was performed by the Great Leader

4
0

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time

Tomato42
Bronze badge
Boffin

Re: History repeating...

XAdES-A, PAdES-A and CAdES-A exist and are designed with exactly that issue in mind.

The solution is to timestamp the whole document (including old timestamps) using new cryptography before the old crypto is deemed obsolete.

1
0
Tomato42
Bronze badge
Boffin

Re: Stop using PDFs ?

> A cert is nothing but a ASCII text document of a very specific format.

there must have been some serious changes to the ASN.1 DER encoding, because last time I checked it was very much so a binary format, storing the RSA parameters as big-endian integers, etc.

> Also, let's not use the term "calculate" when we refer to this stunt Google pulled off. Anything that uses 6500 years of compute time sounds a lot more like trial & error to me...

if it was brute force, it wouldn't take 6500 CPU-years to compute, it would take good few orders of magnitude more - over a million times more to be exact

1
0
Tomato42
Bronze badge
Boffin

Re: double check?

or you could have migrated to SHA-256 good 10 years ago, have a hash function with smaller space requirement and faster at that.

and while those two documents most likely have different md-5 hashes, creating documents that have the same md-5 and sha-1 hash is not significantly more complex.

1
2
Tomato42
Bronze badge
Boffin

Re: HMAC-SHA1

HMAC-SHA1 is safe _only_ if it is used as a MAC - with a secret key - it's just as insecure as regular SHA-1 when it's used as a hash function.

2
0
Tomato42
Bronze badge
Facepalm

Re: Is this the same Google that has been unable to implement an automatic update for Android?

you know that google is a large company, and thus it's impossible for all of their employees to work on the same thing? You know, "too many cooks" and all that...

2
0
Tomato42
Bronze badge
Boffin

Re: This is why I use multiple hashes

Using two hashes doesn't work to increase security above the security of the stronger one: https://www.iacr.org/cryptodb/archive/2004/CRYPTO/1472/1472.pdf

Just use SHA-256, it has been in all cryptographic libraries for over a decade already!

3
0

Google Chrome 56's crypto tweak 'borked thousands of computers' using Blue Coat security

Tomato42
Bronze badge
Boffin

Re: Where is this TLS 1.3 specification?

That "GoogleTLS" is also supported by Mozilla Firefox and Cloudflare...

TLS has integrated mechanism for backwards compatibility since it was called SSL 2, over 20 years ago. If you're making errors reintroducing 20 year old bugs into your software, maybe, just maybe, programming is not a job for you. Oh, and I'd suggest against farming either, because this kind of errors makes it likely that arrival of winter every year is a surprise for you.

6
0
Tomato42
Bronze badge
Boffin

Re: A Symantec product is total shit

While the post is missing the "/s" mark, it IS sarcastic.

0
0

Bruce Schneier: The US government is coming for YOUR code, techies

Tomato42
Bronze badge
Happy

Re: Value!

yes, it's an imaginary number, the $ before it indicates it

https://en.wikipedia.org/wiki/Fiat_currency

6
8
Tomato42
Bronze badge
Boffin

Re: Well, maybe we should not put software in everything

@Orv: there is an idea of a "data diode", where data can go just one way, but not the other. So it is possible to extract the data without being able to influence the systems that provide it.

And sure, it's possible that the "diode" will be badly designed and you will be able to overload it or crack it to influence ECU from the entertainment system, at least it won't be simple. Car makers need to start designing for security, not only safety.

13
0

Totally not-crazy billionaire Elon Musk: All of us – yes, even you – must become cyborgs

Tomato42
Bronze badge
Paris Hilton

Re: Uhm, right...

Is there really enough hours in a day to overdose Ghost in The Shell? Inquiring minds need to know!

3
0

Linus Torvalds decides world doesn't need a new Linux today

Tomato42
Bronze badge
Trollface

Re: I think I know why Linux never worked for me.

at least with Linux, the testing is done during RC, unlike Windows 10, where it's tested by regular Joe Blogs on their production systems

7
1

Dieselgate: VW pleads guilty, will cough up $4.3bn, throws 6 staff under its cheatware bus

Tomato42
Bronze badge
Angel

Re: "investigation and prosecution of individuals responsible for these crimes"

I won't be holding my breath, but at least few C-levels are under the bus for this, not the CEO, at least not yet, but he definitely feels the warmth of the coals other execs will be grilled over

0
0

Weaky-leaks: Furious fans roast Assange in web interview from hell

Tomato42
Bronze badge
FAIL

Re: Questions questions questions

And the document is fabricated because Russia and Trump says so? What other truths have we missed from those paragons of virtue?

> There is no way in hell the Russians did not take into account and did not include in their

> assessment the fact that she was paid millions directly (for speeches and attendance)

oh, so only Hillary has conflict of interest, not Trump? especially not with Russia?

http://time.com/4574938/donald-trump-conflicts-of-interest/

start using the same standards for politicians from both sides, will you?

> and indirectly (via donations to her foundation) by people which stands to benefit of a more

> "robust" USA position on Ukraine(*).

says who? random commenter on Facebook or Breitbart?

speaking of donations, I'd suggest you took a look on OpenSecrets at who donates to Republicans

12
10

Uh-oh! Microsoft has another chatbot – but racism is a no-go for Zo

Tomato42
Bronze badge

that's true, *if* you know it's a chatbot, not a person

4
0

LinkedIn officially KickedOut of Russia

Tomato42
Bronze badge
Unhappy

Re: They want you onshore so they can raid your servers

@eldakka in the US the courts at least have a resemblance of impartiality, it's not their fault that the laws governing US give foreigners less laws than pets of nationals

0
0

Russian hackers got Trump elected? Yeah, let's take a close look at that, says Obama

Tomato42
Bronze badge
Boffin

Re: As far I can understand

@AC 10th Dec 2016: No, it was established to allow for translating the votes of the small ruling class of slave owners in the South to have the same say as the manufacturers and free people of the North.

it is well after its "best before" date and it should be abolished

14
9

Crims using anti-virus exclusion lists to send malware to where it can do most damage

Tomato42
Bronze badge
Boffin

Re: Massive AV fail

or if only it was possible to digitally sign executables and DLLs... but no, MS can't do it

1
1

Outlook.com is still not functioning properly for some Microsoft punters

Tomato42
Bronze badge
Thumb Up

Re: MS & Standards

looks like they follow Gmail example!

0
0

Facebook Fake News won it for Trump? That's a Zombie theory

Tomato42
Bronze badge

@AC "Fox is probably the least slanted news."

http://mediamatters.org/blog/2012/11/06/for-every-minute-of-airtime-fox-news-gave-obama/191170

https://mediamatters.org/blog/2016/10/06/study-compared-msnbc-and-cnn-fox-news-devotes-more-time-trump-events-and-less-time-clinton-events/213578

You keep using that word, I do not think it means what you think it means.

0
0

USS Zumwalt gets Panama tug job after yet another breakdown

Tomato42
Bronze badge

Re: This is payback time

@GrumpyKiwi: You do know that 1 thou is 25.4µm or 25400nm, don't you?

Reminder: water molecules are 0.27nm in size. So while the ocean definitely sneers at 1/1000th of an inch, it definitely doesn't sneer at nanometers...

3
0

NASA trying to rein in next-generation super-heavy lifter costs

Tomato42
Bronze badge
Flame

Re: James Hansen will be furious

@Big John: Sorry to confuse your made up mind with facts, but over 90% of scientists that have anything to do with climate science say that humans are responsible for global warming (97% if we talk about active researchers). Over 80% of scientists in general say that humans are responsible for global warming:

http://www.skepticalscience.com/global-warming-scientific-consensus-intermediate.htm

The only swindle that is happening is Shell, BP and Koch brothers producing false or misleading information about AGW.

29
7

Experts to Congress: You must act on IoT security. Congress: Encourage industry to develop best practices, you say?

Tomato42
Bronze badge
Flame

> to develop best practices that would "not hinder innovation."

aren't business process patents already valid in the US of A?

7
0

IBM offers Trump its ideas to Make America Great Again

Tomato42
Bronze badge
Stop

isn't that Facebook's job?

3
0

How many Internet of S**t devices knocked out Dyn? Fewer than you may expect

Tomato42
Bronze badge
Boffin

Re: Solution?

@Charles 9: that's exactly what I'm talking about. The queries return different IPs with every query, and they have time to live measured in minutes because they use DNS for load balancing. While in ye olde times results would have time to live measured in hours or days.

they've abused DNS system and now they suffered the consequences

0
0
Tomato42
Bronze badge
Facepalm

Solution?

If only the DNS system was distributed and used local caching for the queries...

Alas, we all know that it was introduced for load leveling purposes, so they couldn't have predicted it. /s

8
0

Linux in 2016 catches up to Solaris from 2004

Tomato42
Bronze badge
Boffin

Re: BPF is not the only way to get a timed dump

bpf stopped to be a stream matcher good few releases ago, it's a generic system that just happens to be the same thing you use for packet capture

2
0

Mozilla plots TLS 1.3 future for Firefox

Tomato42
Bronze badge
Boffin

it is vulnerable to replay attacks, but the standard will include information about mitigation and kinds of data client can send in the 0-RTT.

So yes, it's correct that your spider senses are tingling, and unless you're a real Time To First Byte junkie, you're better off not using it. Especially as browsers will need to figure out what is 0-RTT viable or not.

3
0
Tomato42
Bronze badge
Boffin

Re: PCI Requirements

Except it hasn't been. Only after 30 June 2018 will they require TLSv1.1 (not even TLSv1.2!):

https://www.pcicomplianceguide.org/ssl-and-early-tls-new-migration-dates-announced/

Not that you shouldn't have been on TLSv1.2 for few years already!

5
0

Today the web was broken by countless hacked devices – your 60-second summary

Tomato42
Bronze badge
Unhappy

Re: Maybe..

> Nice thought, but I think most manufacturers will just shut down the product line rather than do fixes.

and nothing of value will be lost

4
0

Google peddles Linux based load balancer to open sourcers

Tomato42
Bronze badge
Thumb Down

"said the requirement on Seesaw were that it was built using Google's Go language"

aah, the Not Invented Here syndrome! Google really has been suffering from it lately.

0
0

Google IMAP losing old security protocols this month

Tomato42
Bronze badge
Facepalm

Re: Outlook Express?

I can't even begin to imagine to how many known exploits it is vulnerable now.

Please, drag them into the 2000's, even if they kick and scream.

0
0

Blighty's Home Office database blunders will deprive hundreds of GB driving licences

Tomato42
Bronze badge
Meh

Criminal proceedings

"meaning the Home Office can seize wages as proceeds of crime for the first time."

I'm assuming that this will be the wages of the employers of the illegal immigrants? Doesn't it take two to tango?

2
0

How a chunk of the web disappeared this week: GlobalSign's global HTTPS snafu explained

Tomato42
Bronze badge
Boffin

Re: Let's Encrypt is not an alternative.

OV certificates are useless, they don't provide any additional functionality over Domain Validated certificates.

1
1

IBM: Yes, it's true. We leaned on researchers to censor exploit info

Tomato42
Bronze badge
Facepalm

Re: Some people just want to stick it to em

then they should have asked the researchers to publish the exploit, say, 4 weeks after the patch is available

they already were in contact with them before!

1
0

Like it or not, here are ALL your October Microsoft patches

Tomato42
Bronze badge
Boffin

Goodwill

Yes Microsoft, after the whole Windows 10 forced update fiasco you sure have a lot of goodwill still to burn, sure you do.

Protip: the rest of world didn't interpret that variable as a signed, you're in the negative

22
0

Crypto needs more transparency, researchers warn

Tomato42
Bronze badge
Boffin

I guess that means that any published and widely used prime should have https://en.wikipedia.org/wiki/Elliptic_curve_primality proof attached...

1
0

Mozilla wants woeful WoSign certs off the list

Tomato42
Bronze badge
Mushroom

Re: x.509 broken by design

> No real interest except amongst the consumers,

ou contrair! the people that buy them are interested in them being as cheap as possible and if that means few bad apples, so be it

0
0

Source code unleashed for junk-blasting Internet of Things botnet

Tomato42
Bronze badge
Boffin

Re: common login creds are a design *pattern*

we call those antipatterns

0
1

Page:

Forums

Biting the hand that feeds IT © 1998–2017