Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Fucking interns (Score 2) 169

https://aws.amazon.com/message/41926/

We have modified this tool to remove capacity more slowly and added safeguards to prevent capacity from being removed when it will take any subsystem below its minimum required capacity level

Yeah, they have apparently made this screw up much harder to repeat.

Comment Re: In other news (Score 1) 167

In SVN a commit is final. This encourages developers to leave unfinished work in their work folder without creating a commit until they are "done". So you need a separate backup process for your work folder for any changes that take time to complete. Plus you often end up with a monolithic commit with a bunch of changes. Then how do you review those changes before pushing upstream?

git rebase gives you a solution to this problem. Whenever I think I've made progress towards solving a problem I can create a commit. If I discover that one of those changes isn't right, I create a new commit with the fixup. Then when I'm "done" with the change, I can rebase in order to produce a series of patches that someone else can more easily review. At any time, if I encounter a bug that I want to push upstream. I can rebase my entire branch first to push the bug fix to the bottom, then push that commit without needing to create a new local branch.

At any time I can use git to push my incomplete work to a private server or my own work branch on a team server. Both for backup purposes and for collaboration.

Comment Re:Here's what it means (Score 5, Interesting) 167

This is why git is not vulnerable in this specific instance. In git all objects are prepended with their type, in this case "blob". Of course if you had $100k (-ish) to burn, you could repeat this attack on a file that does start with "blob" to break git.

However you don't need to do this. This attack depends on reaching an intermediate state with specific properties in order to massively reduce the search space. Any attempt to hash a file that reaches one of these states can be detected and rejected. If you swap to using https://github.com/cr-marcstevens/sha1collisiondetection for all SHA-1 calculations, every instance of this attack can be detected and rejected.

Also I mis-spoke slightly and spotted my error after checking the paper again. The first pair of blocks have half of the same bytes, but produce an internal state with only 6 bytes of differences. The second pair of blocks, again only differ in half of their bytes, and exactly cancel out those 6 bytes of differences. See Table One on page 3 for the actual byte values.

Comment Re:Here's what it means (Score 5, Informative) 167

Google produced two pdf's that differ in some binary data near the beginning of the file. The SHA-1 hash routine processes data one block at a time, updating its internal state. There are two consecutive blocks that differ between the pdf's. The first pair of blocks produce an internal state where half of the bytes are the same. The second pair of blocks then produce an identical state. The remainder of the pdf files is the same.

So you can use these two pdf prefixes and append whatever data you want to them to produce your own pair of files. Pdf includes a programming language for rendering content. Within this language you can inspect the earlier bytes of the file to detect which version of the file you are rendering, and make some visual changes. So while there are only a few bytes that are different, you can make two pdfs that display different content.

Nobody has invested the time to produce a new hash collision, but someone has already automated the production of duplicate pdf's based on this work.

Comment Re:Ad hoc (IBSS) != Wifi-Direct (technical details (Score 2, Interesting) 75

(If you run git blame on serval mesh's source code, you'll find my name on about 80% of the code)

Serval mesh uses Wifi and Bluetooth to share files and communicate securely. But it can't bypass google's removal of IBSS from Android. We've kept the code that turns on IBSS on some Android handsets version 2.3.3 or lower. If you really want a mesh network between phones, you can still get your hand on some old ones...

Android's bluetooth & Wifi-Direct stack are a buggy mess. It's far too easy to stumble over a bug that prevents you from getting any data through. Plus both API's are built around having the user confirm each and every connection. Almost completely useless for building a self organising network.

Then there's Wifi. Sure you can turn most phones into a hotspot... If you use reflection to call a hidden API. The carrier hasn't done anything to disable it. And in some cases, only if you have a functional cellular data service. But there's no easy way to tell if there are other nearby devices waiting to connect to you....

The main problem with this new weather app is that nobody will have it installed when they need it. Getting emergency weather information is not going to motivate people to use this app day to day and form the adhoc networks that are needed for it to work. Also this article and the summary is crap, IBM did not invent mesh networking.

Comment Re: wouldn't all machines come to the same conclus (Score 1) 142

MR=MC, maximum efficiency.

Bullshit. Utter, utter crap. Mathematically false. Empirically false.

A "typical marginal cost curve" is anything but typical. Nobody builds a factory that runs at peak efficiency when it's half full. No firm has a cost structure that matches your Econ 101 text book.

I highly recommend the work of Steve Keen in this area if you want to know more.

Slashdot Top Deals

"Only a brain-damaged operating system would support task switching and not make the simple next step of supporting multitasking." -- George McFry

Working...