* Posts by Tomato42

588 posts • joined 31 May 2011

Page:

EU: No encryption backdoors but, eh, let's help each other crack that crypto, oui? Ja?

Tomato42
Meh

Re: Refreshing

@AndyS: well, if May will want to end up with a "deal", she will have to follow it anyway (having EU nationals on UKs land and all), but probably they'll go for the pyrrhic victory of "no deal" devastating the country and slipping it into irrelevance

so "oh well" indeed

9
3

Xperia XZ1: Sony spies with its MotionEye something beginning...

Tomato42
Boffin

Re: Built-in obsolescence

I have the same phone, none of the same problems with battery.

I'd be rather weary to extrapolate a sample size of 1 of a particular model to the whole manufacturer's portfolio.

1
0
Tomato42
Unhappy

Re: What's wrong with it?

oh, I would take my money elsewhere, if I could, but Sony is benign compared to what Apple does and nobody else makes a good small phone, so the lesser evil it is

2
2

Microsoft faces Dutch crunch over Windows 10 private data slurp

Tomato42
Joke

Re: Blaming North Korea?

"Those who would give up essential Liberty, to purchase a little temporary Convenience, deserve neither Liberty nor Convenience".

18
2

Crappy upload speeds a thing of the past in fresh broadband 'net spec

Tomato42
Trollface

Re: Going up to 1800 MHz?

Probably right, for the US market.

Romania and South Korea will keep on laughing at them though.

7
0

Dumb bug of the week: Outlook staples your encrypted emails to, er, plaintext copies when sending messages

Tomato42
Boffin

> but testing that it doesn't work improperly is far more difficult.

it's not far more difficult, but it does require a specific mindset, one that users don't have...

2
0

'We think autonomous coding is a very real thing' – GitHub CEO imagines a future without programmers

Tomato42
Joke

Re: CASE

I don't know about you, but we in the programming business have a name for a specification that has every i dotted and every t crossed - working code.

5
0
Tomato42
Unhappy

And we all know how good are the people "up the food chain" at writing precise and unequivocal specifications...

Yes, people copying solutions off of Stack Overflow *ekhm* programming will loose their jobs, just like drivers, lawyers, doctors, but programmers will not be the first people to go.

Either way, it doesn't look like the French revolution will reign much longer as the most bloody one...

11
0

How bad can the new spying legislation be? Exhibit 1: it's called the USA Liberty Act

Tomato42
Boffin

Re: Why would anyone in the U.S. be associated with terrorist?

Right-wing "Christian" terrorists in the US are far bigger threat than "Muslim radical terrorists".

https://www.adl.org/education/resources/reports/dark-constant-rage-25-years-of-right-wing-terrorism-in-united-states

0
0
Tomato42
Mushroom

Re: Unsurprised

@Bob Dole (tm) "they are both evil"

no, they both are not equally evil, this kind of bullshit thinking is why Trump is in power

0
0

UK PC prices have risen 30% in a year since the EU referendum

Tomato42

Re: Markets are mostly psychology

> (OT: My prediction is that there will be an agreement, the UK will pay back 20% of its debt and will get special treatment in exchange for it)

That sounds like something that the B.S. Johnson is hoping to happen. If only negotiators actually followed it....

Protip: it's not the 1600's any more, the UK is not an empire. UK needs EU more than EU needs UK.

57
21

Google to kill its Drive file locker in two confusing ways

Tomato42
FAIL

Re: Cloud providers are becoming like drug dealers

That's true for people using free tiers.

But they're changing how the business tier works too. Google simply is not a reliable provider. At least, not when you want to anything but buy ads.

5
0

Everyone loves programming in Python! You disagree? But it's the fastest growing, says Stack Overflow

Tomato42
Facepalm

Re: Usefulness

"Matters of formatting can be sorted by automatic tools."

right, because checking out the code, formatting it to way you're used to, hacking on it and then reformatting it to the library/application standard before preparing pull request is such a convenient way to work.... /s

"Matters of implementation style are no more subtle in python than in any other language."

so you're saying that the automatic deformatting and reformatting may not work as painlessly as you're claiming? No wonder you are so irritated by people following a consistent standard that is just different to what you like...

"The fact that the python community has coined the word pythonic when few other languages have coined anything similar is interesting from a social point of view but of no technical importance."

Yes, other communities have things like IOCCC.

when you are working on software, it inevitably will grow and thus require new libraries, it's nice when that library has the same formatting and style as the code you work on every day. Makes it easier to fix issues and submit patches to it.

"I concur with the OP: Who cares whether it conforms to the "right" way of doing it."

Except there have been multiple studies that readability of code _matters_ and while no specific way to format code is better than other, _consistency_ matters.

So, I can only feel sorry for people that will have to work on your code after you've been sacked.

16
1

Red Hat banishes Btrfs from RHEL

Tomato42
Boffin

Re: ZFS is the right choice for a server system

Red Hat is promoting LVM + XFS as a replacement for btrfs and ZFS

1
0

China crams spyware on phones in Muslim-majority province

Tomato42
Stop

Don't report such things! It gives May and Tories ideas!

43
8

Linus Torvalds may have damned systemd with faint praise

Tomato42
Facepalm

Re: Ah. Missed that. Ta, ElReg.

"Only I see the light! Follow me for eternal salvation!"

I thought the end of bronze age was scheduled few thousand years ago...

0
1

Kerberos bypass, login theft bug slain by Microsoft, Linux slingers

Tomato42
Boffin

Re: @John Smith,,, What an interesting set of comments.

> This is a very telling and very significant statement because the myth of superiority of FOSS has been promoted with no counter example. Now you have one.

except by the very nature of close source software we don't have the full picture, in turn leading to

https://youarenotsosmart.com/2013/05/23/survivorship-bias/

So sorry, but because that kinds of bugs are found regularly (people are actually looking for the bugs), fixed quickly (not after months and months, if not years of inactivity from the vendor), FLOSS is more secure.

3
6

HMS Windows XP: Britain's newest warship running Swiss Cheese OS

Tomato42
Facepalm

Re: @Ben1892

> So on that basis what is an appropriate OS for something like HMS QE or a nuclear power station?

one that you can upgrade from earlier than 8 years after its mainline support ends, worst case, before its extended support ends

if they couldn't predict that the OS won't be supported ("predict" as in read the effing manual) by that time, what other kind of things they are "absolutely confident" about?

0
2

Look who's joined the anti-encryption posse: Germany, come on down

Tomato42
FAIL

Re: It isn't a difficult topic

US? really? that's what you call "enlightened"?

0
2
Tomato42
Boffin

Re: Offline encryption ?

@Aladdin Sane: the whole point of it is that "rubberhose cryptography" is the only solution for law enforcement. Because it doesn't scale for law enforcement and it doesn't scale for the crime syndicate.

2
0

TRUMP SCANDAL! No, not that one. Or that one. Or that one. Or that one.

Tomato42
Boffin

Re: “We absolutely weren’t hacked,”

He's so sure because he have no clue what he's talking about.

4
0
Tomato42
Stop

Re: Looking forward to the wiki dump

@John Brown (no body) because USA is not yet a fully totalitarian regime where the "Supreme Leader" has ultimate say with everything

1
2

Republicans' net neutrality attack written by… you guessed it, the cable lobby

Tomato42
Paris Hilton

Re: Politician has no technical understanding...

Politicians are experts only at being elected, they, with few exceptions, don't have even a modicum of knowledge from other areas.

1
0

Google starts enterprise support for Chrome, including top SaaS apps

Tomato42
Unhappy

ActiveX?!

I guess, "it cannot die what wasn't alive in the first place".

4
0

EU security think tank ENISA looks for IoT security, can't find any

Tomato42
Meh

Re: Rule 3, 4, 5

> Security updated must be available for at least ten years

That's both too long and too short. On one hand, you can have chips in stuff that won't last 5 years in best case conditions of use (toothbrush with internal battery) and then you have stuff that has like 7 years of warranty.

Probably specifying that the updates must be provided for the time the device is under warranty and that the period that the updates will be provided must be specified on a label (like the energy labels or nutritional labels) would make it possible for consumers to actually make informed choices.

4
0

Hackers uncork experimental Linux-targeting malware

Tomato42
Facepalm

Default passwords

> Shishiga relies on the use of weak, default credentials in its attempts to plant itself on insecure systems through a bruteforcing attack

It's truly pathetic that this is still a problem.

2
0

US border cops must get warrants to search citizens' gadgets – draft bipartisan law emerges

Tomato42
Meh

Re: 14th amendment

so, basically, they are refusing fundamental human rights on a technicality. Land of The Free™ my ass

5
0

USA can afford golf for Trump. Can't afford .com for FBI infosec service

Tomato42
Facepalm

This whole administration is irony and hypocrisy personified.

12
1

SVN commit this: Subversion to fix file renaming after 15 years

Tomato42
Meh

Re: Just to show some appreciation for SVN

> 1) Monotonically increasing revision numbers

instead of constant handle that remains unchanged no matter which branches it is merged into? I'll take the latter. (Like one customer never wanted one feature, but one feature only that the other customer got, or one fix in this old release, and one fix only...)

and while I do appreciate the usefulness of revision-for-version-number, revision-as-quick-and-easy-identifier doesn't work too well for 4 or 5 digit revision count...

> 2) I don't have to check out EVERYTHING that ever was, just the current state (this saves time, I've seen some big repos and small files can add up!)

git clone --depth 1

> 3) Nothing is special, trunk/tags/branches are just directories like any other <---x2

no branch is special in git either, "master" is just a convention, "HEAD" is an implementation detail

> 4) svn:merge-info makes sense, merging follows like a simple "calculus of diffs"

funny you said that, because when I had to use svn, I usually used git to merge branches, unlike with svn, it was automatic in majority of cases...

not to mention working with patchsets, something basically impossible using svn only...

> 5) properties in general (like svn:ignore) but I imagine git has these (but I have seen a lot of .gitignore and stuff)

.gitignore and svn:ignore has exactly the same usage, I don't know what you mean as it not being there....

> 6) svn praise/blame (and some third one) - this is git bisect?

git blame does exactly the same thing svn blame does, svn-bisect is an external script...

> 7) svn:externals

git submodules

> 8) svn revert

git reset --hard

> 2) There's an annoying merge-trunk-into-branch-after-reintegrating-that-branch-into-trunk (that is "record only" step to stop conflicts in the future when you try to merge the trunk in later

while in the git world, you can merge multiple branches that touch the same files at the same time so that you don't have merge conflicts caused by previous merge (git merge-octopus)

3
3
Tomato42
Meh

Re: SVN will never beat GIT

> 4. one should be able to mark certain branches that never should have mutliple heads. (fixes and other stability branches)

or how about treating the developers as the adults they are and explaining to them that "it's not how we do things in here"? And in general, documenting your workflows?

2
0

Force employees to take DNA tests for bosses? We've got a new law to make that happen, beam House Republicans

Tomato42
Meh

Re: Unicornpiss @GATTACA

@Matt Bryant: so that's how a sociopath thinks

your kid has a genetic defect? sorry, can't have an abortion

he's unemployable because he has a genetic defect and will be a constant drain on parent's resources? sucks to be you

seriously, look up empathy

26
0
Tomato42
Paris Hilton

Re: @Someone Else

@s2bu: everybody lies. There is no person on earth that didn't lie even once. Even infants feign crying

to get attention or food.

The difference is in the amount and the motives for the lies.

Republicans lie much more and they lie just to get more corporate kickbacks *ekhm* I mean, "campaign contributions". I mean, just look at the whole Global Warming thing, the new EPA chief doesn't even accept that CO2 forces heating. And the whole party line is not far from it.

Paris Hilton as she has more appreciation for basic facts than the whole (R) party combined.

7
4
Tomato42
Facepalm

Re: @GATTACA

@Trigonoceps occipitalis. I suggest you look up the following terms: "empathy", "humane" and "golden rule".

Just because somebody is sick doesn't mean that he cannot have overall positive impact on the society. Also, we're talking about helping fellow humans!

16
0

Official: America auto-scanned visitors' social media profiles. Also: It didn't work properly

Tomato42
Trollface

> On the other hand, never underestimate the power of stupid.

well, DHS did spend good few million to learn that they don't...

11
0

Germany, France lobby hard for terror-busting encryption backdoors – Europe seems to agree

Tomato42
Meh

Re: openpgp

"if it saves one life ..."

oh, so they will finally do something about the drunk driving that kills over 50 people a day, every day, across the EU?

3
0
Tomato42

Re: "accusing a democratically elected politician of being 'the death of democracy'."

@Charles 9: exactly, or even simpler, paralyse the constitutional court (or put your lackeys in it) and everything the Great Leader does is suddenly either unknown to be unconstitutional or becomes constitutional by the fact that it was performed by the Great Leader

4
0

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time

Tomato42
Boffin

Re: History repeating...

XAdES-A, PAdES-A and CAdES-A exist and are designed with exactly that issue in mind.

The solution is to timestamp the whole document (including old timestamps) using new cryptography before the old crypto is deemed obsolete.

1
0
Tomato42
Boffin

Re: Stop using PDFs ?

> A cert is nothing but a ASCII text document of a very specific format.

there must have been some serious changes to the ASN.1 DER encoding, because last time I checked it was very much so a binary format, storing the RSA parameters as big-endian integers, etc.

> Also, let's not use the term "calculate" when we refer to this stunt Google pulled off. Anything that uses 6500 years of compute time sounds a lot more like trial & error to me...

if it was brute force, it wouldn't take 6500 CPU-years to compute, it would take good few orders of magnitude more - over a million times more to be exact

1
0
Tomato42
Boffin

Re: double check?

or you could have migrated to SHA-256 good 10 years ago, have a hash function with smaller space requirement and faster at that.

and while those two documents most likely have different md-5 hashes, creating documents that have the same md-5 and sha-1 hash is not significantly more complex.

1
2
Tomato42
Boffin

Re: HMAC-SHA1

HMAC-SHA1 is safe _only_ if it is used as a MAC - with a secret key - it's just as insecure as regular SHA-1 when it's used as a hash function.

2
0
Tomato42
Facepalm

Re: Is this the same Google that has been unable to implement an automatic update for Android?

you know that google is a large company, and thus it's impossible for all of their employees to work on the same thing? You know, "too many cooks" and all that...

2
0
Tomato42
Boffin

Re: This is why I use multiple hashes

Using two hashes doesn't work to increase security above the security of the stronger one: https://www.iacr.org/cryptodb/archive/2004/CRYPTO/1472/1472.pdf

Just use SHA-256, it has been in all cryptographic libraries for over a decade already!

3
0

Google Chrome 56's crypto tweak 'borked thousands of computers' using Blue Coat security

Tomato42
Boffin

Re: Where is this TLS 1.3 specification?

That "GoogleTLS" is also supported by Mozilla Firefox and Cloudflare...

TLS has integrated mechanism for backwards compatibility since it was called SSL 2, over 20 years ago. If you're making errors reintroducing 20 year old bugs into your software, maybe, just maybe, programming is not a job for you. Oh, and I'd suggest against farming either, because this kind of errors makes it likely that arrival of winter every year is a surprise for you.

6
0
Tomato42
Boffin

Re: A Symantec product is total shit

While the post is missing the "/s" mark, it IS sarcastic.

0
0

Bruce Schneier: The US government is coming for YOUR code, techies

Tomato42
Happy

Re: Value!

yes, it's an imaginary number, the $ before it indicates it

https://en.wikipedia.org/wiki/Fiat_currency

6
9
Tomato42
Boffin

Re: Well, maybe we should not put software in everything

@Orv: there is an idea of a "data diode", where data can go just one way, but not the other. So it is possible to extract the data without being able to influence the systems that provide it.

And sure, it's possible that the "diode" will be badly designed and you will be able to overload it or crack it to influence ECU from the entertainment system, at least it won't be simple. Car makers need to start designing for security, not only safety.

14
0

Totally not-crazy billionaire Elon Musk: All of us – yes, even you – must become cyborgs

Tomato42
Paris Hilton

Re: Uhm, right...

Is there really enough hours in a day to overdose Ghost in The Shell? Inquiring minds need to know!

3
0

Linus Torvalds decides world doesn't need a new Linux today

Tomato42
Trollface

Re: I think I know why Linux never worked for me.

at least with Linux, the testing is done during RC, unlike Windows 10, where it's tested by regular Joe Blogs on their production systems

7
1

Dieselgate: VW pleads guilty, will cough up $4.3bn, throws 6 staff under its cheatware bus

Tomato42
Angel

Re: "investigation and prosecution of individuals responsible for these crimes"

I won't be holding my breath, but at least few C-levels are under the bus for this, not the CEO, at least not yet, but he definitely feels the warmth of the coals other execs will be grilled over

0
0

Weaky-leaks: Furious fans roast Assange in web interview from hell

Tomato42
FAIL

Re: Questions questions questions

And the document is fabricated because Russia and Trump says so? What other truths have we missed from those paragons of virtue?

> There is no way in hell the Russians did not take into account and did not include in their

> assessment the fact that she was paid millions directly (for speeches and attendance)

oh, so only Hillary has conflict of interest, not Trump? especially not with Russia?

http://time.com/4574938/donald-trump-conflicts-of-interest/

start using the same standards for politicians from both sides, will you?

> and indirectly (via donations to her foundation) by people which stands to benefit of a more

> "robust" USA position on Ukraine(*).

says who? random commenter on Facebook or Breitbart?

speaking of donations, I'd suggest you took a look on OpenSecrets at who donates to Republicans

12
10

Page:

Forums

Biting the hand that feeds IT © 1998–2017