"not only weak, but broken" seems premature. The attack here involves manipulating two obtuse file formats to yield altered files with a shared hash, different to original unaltered hashes. Definitely weakened and yeah you are probably right this is the final toll for SHA-1 and from here things are likely to get worse quickly. I'll be mindful of this when I think about the various places where I use SHA-1 and start thinking about switching in other things. But I am failing to see how this right now translates into a practical vector for the various places where I encounter SHA-1. A more serious vector would be the capacity to create any desired hash with something significantly more efficient than a brute force compute. i.e. can anyone easily yield output the same as this without knowing the input?"
echo -n 'mysecretpw+somesalt'|sha1sum
Someone checked in PDFs that demonstrate the first engineered SHA-1 collision and this broke SVN. PDFs in question took 6500+ cpu years + 110 GPU years to generate. "In the wild" is a bit panicky & excessive.
What does this actually means in terms of integrity of repos and other things that rely on SHA-1? Does it merely break repos or does it facilitate injection attack vectors - how important is secure hashing in the guts of repos? What precisely is being secured? SHA-1 has been deprecated for SSL certs already so you shouldn't be using certs with SHA1 sigs anymore. Myself, keep an eye on how this develops and start thinking about using SHA-2 but won't be replaing git or existing usage of SHA1 for password hashing anytime soon.
The insinuation is that this was done in a clandestine fashion with intent to deceive and overstate the threat. The rebuttal I linked above says that intent is clearly sarcasm/exasperation. Nothing was hidden. The original argument that this was done with intent to deceive is weak as piss.
On a side note, spent 15 mins flipping through the FBI file linked to the original slashdot story. Some seriously juvenile and purille rubbish there. Allthough the death threats, the ones I read at least, where too over the top to be credible, what is definitely present is a visceral hatred and anger and a quite possibly genuine wish for harm. Apalling: I challenge anyone who thinks that can endure that sort of abuse and remain unaffected by it.
Not sure if trolling....
FTFA: "China is only the third country - after Russia and the US - to carry out its own crewed space missions. "
Also being doing it since before 2006: Chinese Astronauts
Even if you are allowed to buy from overseas, you are not, strictly speaking, operating in a free market. You are relying on 'anti free-market' government measures and protections in the target jurisdiction. Carry idea of free market to it's ultimate logical conclusion, medicine from overseas will still be expensive if certain people had their way and this loophole would definitely be closed to you. Using Australia as an example, it is actually illegal to export government priced/subsidised medicines from Australia. It is supposed to be for Australian citizens only. Citizens leaving australia need to demonstrate any medicine they are carrying is for their own personal use.
All this reveals one of the many faults and limitations of libertarian-ism / small government ideology. It assumes that in all transactions all parties have equal agency. Which is never ever the case when your life and health are part of that transaction. Sometimes people need to organise help protect themselves from the ruthless practices of greedy arseholes. At least as far as medicine is concerned, the rest of the developed world gets it...
Yet magic and hierarchy arise from the same source, and this source has a null pointer.