RFC7457[1] and Wikipedia[2] offer an overview of many of the attacks on older versions of TLS. Some of those attacks have been mitigated to varying extents in implementations of the affected versions. TLSv1.3 is meant…
func foo() (*SomeType, error) { ... return someErr } ... result, err := foo() if err != nil { // handle err } // handle result vs type Result struct { Err error Data SomeType } func (r *Result) HasError() bool { return…
Not GP, but I've sometimes found libraries implementing similar concepts differently causing issues. E.g. libraryA.Result struct { Err error Data SomeDataType } libraryB.Result struct { err string Data SomeDataType }…
I concede that there are probably scenarios where this design makes sense within that context. I typically find that either I care about a single error and terminating the computation, or I don't care about errors at…
I'm not sure why you'd use a class like this in Go when you have multiple returns and an error interface that already handles this exact use case.
Forgive me, as I haven't used signal, but I don't see how whether they are sitting next to you or not changes the problem. If I can generate a key that hashes to the same value as your key, I can convince anyone I am…
If we're talking about the actual hash signal uses for this value, then sure, but talking about the number of digits displayed isn't even the right thing to care about, since they're using SHA1 for the hash AFAICT:…
It is a similar problem, however: https://en.wikipedia.org/wiki/Birthday_problem#Same_birthday...
>reducing it to 98 bits? Did you mean 198? 198 bits is entirely reasonable assuming a brute force attack is the only option. Were it not we'd be in a panic over AES-128 and AES-192. :)
A simple-ish way of subsidizing some of that effort is to just make a subreddit for arxiv submissions and link to the comments section from arxiv-sanity for a given paper. You still don't tie into other communities, but…
Yeah, I read that comment. I'm hoping they can give us at least some form of tooling around this, though. The inability to do even basic things as a mod seriously sucks.
> opt-in home pages that are tailored at specific audiences. The standard one is pretty low quality. How is that distinct from multireddits? > more detection/policing of voting rings and vote fraud in general One thing…
It's referring to a kind of display driver in which frames are rendered as bitmaps into memory then that bitmap will be rendered to a screen. Fonts for such drivers are, AFAIK, always bitmap fonts.…
>What problem is this trying to solve? Having a single webpage with full control of the device, but limiting how many resources the ads on it can take? Restricting ad resource usage is the only non-niche answer I've…
>Banning a single service such as WhatsApp is not a solution to this problem. Generalizing this argument a bit, banning encryption is also not a solution to this problem. The cat is, as they say, out of the bag, and…
It would depend on the website's resources and services. For example, a layer 7 DoS which just queries an expensive endpoint on the website over and over may not need high traffic volume to overload the website's…
> automatic JSON but no other serializations Maybe I'm missing something, but? https://golang.org/src/encoding/xml/example_test.go https://github.com/golang/protobuf uses this as well.
There are platform specific APIs for that functionality. You can't necessarily do everything on each platform that you can on a given platform, but if you want some iOS or Android specific behavior you can implement it.…
For anyone else wondering, they're using AES-CBC with no MAC: https://github.com/meshbird/meshbird/blob/master/secure/cryp... Should at least use a decent HMAC construction, but would be better to switch to AES-GCM.…
>they lay an exclusive claim on the word ethics when applied to software. I'm not sure that's a fair characterization. They've defined an ethical framework for software and then they discuss things being ethical or not…
It's not strictly about targeted attacks. There are people who modify unencrypted content that passes through their system regardless of what content it is. There have been several presentations on this topic, but I'll…
That's not actually true. There have been several documented examples now of people injecting stuff into HTTP requests when they pass by (ISPs injecting notifications, ads, people running proxies injecting malicious…
The key(s) used for the cipher would need to be randomly seeded in some way that an attacker could not easily guess (e.g. with a different CSPRNG). Edit: And for hash functions, you can generate some random bytes that…
I don't have access to an environment like this, but wasn't GNU Parallel designed for job scheduling across clusters? I'm not sure how tolerant it is of having the processes on the remote nodes killed, since I've never…
> So much layout and presentation is done with JavaScript anyway that it would make just as much sense to get rid of CSS and extend and standardise on something like jQuery-but-better to create an evolving cacheable…
RFC7457[1] and Wikipedia[2] offer an overview of many of the attacks on older versions of TLS. Some of those attacks have been mitigated to varying extents in implementations of the affected versions. TLSv1.3 is meant…
func foo() (*SomeType, error) { ... return someErr } ... result, err := foo() if err != nil { // handle err } // handle result vs type Result struct { Err error Data SomeType } func (r *Result) HasError() bool { return…
Not GP, but I've sometimes found libraries implementing similar concepts differently causing issues. E.g. libraryA.Result struct { Err error Data SomeDataType } libraryB.Result struct { err string Data SomeDataType }…
I concede that there are probably scenarios where this design makes sense within that context. I typically find that either I care about a single error and terminating the computation, or I don't care about errors at…
I'm not sure why you'd use a class like this in Go when you have multiple returns and an error interface that already handles this exact use case.
Forgive me, as I haven't used signal, but I don't see how whether they are sitting next to you or not changes the problem. If I can generate a key that hashes to the same value as your key, I can convince anyone I am…
If we're talking about the actual hash signal uses for this value, then sure, but talking about the number of digits displayed isn't even the right thing to care about, since they're using SHA1 for the hash AFAICT:…
It is a similar problem, however: https://en.wikipedia.org/wiki/Birthday_problem#Same_birthday...
>reducing it to 98 bits? Did you mean 198? 198 bits is entirely reasonable assuming a brute force attack is the only option. Were it not we'd be in a panic over AES-128 and AES-192. :)
A simple-ish way of subsidizing some of that effort is to just make a subreddit for arxiv submissions and link to the comments section from arxiv-sanity for a given paper. You still don't tie into other communities, but…
Yeah, I read that comment. I'm hoping they can give us at least some form of tooling around this, though. The inability to do even basic things as a mod seriously sucks.
> opt-in home pages that are tailored at specific audiences. The standard one is pretty low quality. How is that distinct from multireddits? > more detection/policing of voting rings and vote fraud in general One thing…
It's referring to a kind of display driver in which frames are rendered as bitmaps into memory then that bitmap will be rendered to a screen. Fonts for such drivers are, AFAIK, always bitmap fonts.…
>What problem is this trying to solve? Having a single webpage with full control of the device, but limiting how many resources the ads on it can take? Restricting ad resource usage is the only non-niche answer I've…
>Banning a single service such as WhatsApp is not a solution to this problem. Generalizing this argument a bit, banning encryption is also not a solution to this problem. The cat is, as they say, out of the bag, and…
It would depend on the website's resources and services. For example, a layer 7 DoS which just queries an expensive endpoint on the website over and over may not need high traffic volume to overload the website's…
> automatic JSON but no other serializations Maybe I'm missing something, but? https://golang.org/src/encoding/xml/example_test.go https://github.com/golang/protobuf uses this as well.
There are platform specific APIs for that functionality. You can't necessarily do everything on each platform that you can on a given platform, but if you want some iOS or Android specific behavior you can implement it.…
For anyone else wondering, they're using AES-CBC with no MAC: https://github.com/meshbird/meshbird/blob/master/secure/cryp... Should at least use a decent HMAC construction, but would be better to switch to AES-GCM.…
>they lay an exclusive claim on the word ethics when applied to software. I'm not sure that's a fair characterization. They've defined an ethical framework for software and then they discuss things being ethical or not…
It's not strictly about targeted attacks. There are people who modify unencrypted content that passes through their system regardless of what content it is. There have been several presentations on this topic, but I'll…
That's not actually true. There have been several documented examples now of people injecting stuff into HTTP requests when they pass by (ISPs injecting notifications, ads, people running proxies injecting malicious…
The key(s) used for the cipher would need to be randomly seeded in some way that an attacker could not easily guess (e.g. with a different CSPRNG). Edit: And for hash functions, you can generate some random bytes that…
I don't have access to an environment like this, but wasn't GNU Parallel designed for job scheduling across clusters? I'm not sure how tolerant it is of having the processes on the remote nodes killed, since I've never…
> So much layout and presentation is done with JavaScript anyway that it would make just as much sense to get rid of CSS and extend and standardise on something like jQuery-but-better to create an evolving cacheable…