Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Using SHA-1 in this day and age is just lazy (Score 1) 179

As far as I can tell, this is a non-cryptographic use of hashing.

Git uses sha1 hashes to identify everything.

A (possiblly signed) tag references a commit by hash
A commit references a tree by hash
A tree references a list of files and subtrees by hash

If a commit you fetch references hashes you already have the files for in your local git tree they will not be re-fetched, the existing ones will simply be used.

The whole point of git is to be distributed, so it should be safe to fetch commits from untrusted sources, inspect them and throw them away without worrying that they will change the meaning of commits you later fetch from trusted sources. It should be safe to download commits over an insecure connection and then verify the commit hash (either by a signed tag or by checking out of band) to ensure that the commit hasn't been tampered with.

The latter part of linus's mail is quite a well-reasoned argument as to why the current attack on SHA1 isn't too big a deal for source code repositories.

If a "distinct chosen prefix" collision attack shows up then the risk gets much higher. For MD5 it took about 2 years to go from a basic collision attack to a distinct chosen prefix one.

Comment Re:For the US, not for a political party (Score 1) 895

googling " const int one = 65536" turns up some C sharp graphics code as the first result, c sharp has a 32-bit int so it's not an overflow.

It looks to me like the constant is being used to implement 16.16 fixed point maths inside a 32-bit int. One of those things that makes you go wtf at first but makes perfect sense when you understand it in context.

Comment Re:zerocoin? What is that? (Score 1) 88

The absoloute value of one "coin" is not a useful comparision. It doesn't really matter whether you have lots of "coins" with a low value per coin or fewer with a higher value per coin.

More interesting as a measure of the relative importance of cryptocurrencies is the "market cap". The value per coin times the number of coins in circulation.

By that measure dogecoin's significance is about 0.1% of bitcoin's

http://coinmarketcap.com/

Comment Re:Show me the code. (Score 1) 88

A one character bug? Really?

"one character typo" can cover a wide range of things. Using = instead of == is probablly the most famous but also generally one of the easiest to spot (modern compilers usually have a warning for it). Using the wrong variable is a big one (not helped by the fact that mathematicians love one-character variable names). Using the wrong logical or comparision operator can be another.

Unfortunately TFA doesn't say what the "one character typo" was and looking at their github I don't see any one character typos being fixed recently. I do however see a "two character" typo being fixed though ("||" vs "&&"). I also see some == being change to >= but I *think* that is just a case of making a test more paranoid.

https://github.com/zcoinoffici...

What about the tests?

It takes extreme discipline to carefully create test cases that cover every failure case. All too often people only test that the normal case works as it should and fail to test the error handling.

Comment Re:Until (Score 1) 374

No, with std:: string each time you write something like "a =b" the compiler has to either mess with reference counts (most implementations of c++03 and earlier) or copy all the data (c++11 and later). You can work around that by using references but then you lose the safety advantages of automatic memory management and add an extra level of indirection to accesses .

Comment Re:Some numeric values and basic concepts (Score 1) 615

What is
signed char c=127 + 1;

Assuming we are talking about C.

127 and 1 are ints, so 127 + 1 is 128. int is gauranteed to be large enough that we won't have arithmetic overflow here.

Converting that result to signed char is where things get interesting. On most systems "signed char" cannot represent the number 128, according to the C standard the results of conversion to a signed type that cannot represent the converted value is implementation-defined.

Most implementations chose to simply take the 8 least significant bits of the number and re-interpret them as an 8 bit twos complement number, resulting in a value of -128.

Comment Re:IPv6 is working though (Score 2) 186

The cogent/HE peering spat is only an issue when both ends of the connection were stupid enough to single home with a wannabe teir 1.

Advertising a route and then blackholing traffic for destinations covered by that route is much worse than simply not providing a route because it also impacts multihomed downstreams.

Comment Re:Timeout (Score 1) 325

That page is about http 1.0

1.1 (currently the dominent version) allows connection keepalive and pipelining which were supposed to solve those issues. Unfortunately pipelining has it's own problem. One slow request (large ammount of data, slow CGI script etc) can block the whole pipeline. So afaict most clients use connection keepalive but not pipelining.

2.0 allows multiple simultanious requests on the same TCP connection but has the downside of being much more complicated to implement.

Comment Re:Courage. (Score 1) 236

But you'll have to link with some library X which is written in C and there are X_alloc / X_free functions you're supposed to call for some opaque pointer. Then you have to add library Y and that's using an older C++ because it can't break compatibility for some reason. Then you use library Z (e.g. Qt) which has its own way of doing stuff totally contradicting everything else. In the middle of all this something leaks and its a mess to find.

The problem is unless you are going to rewrite the whole stack you still have to talk to those libraries. So the new language just moves the crap out of the language core and into the glue layer that lets you talk between code in your fancy new language and C/C++ libraries.

Comment Re:This could get interesting (Score 1) 267

Kinda fascinating that a Visicalc file could be transfered from a 5.25 floppy from late '70s early 80s all the way to the latest MAC,

The file may be able to be transfered but program binaries intended for non-x86 MACs aren't going to run on the latest MACs without a third party emulator.

while Windows running on X64 can't even handle a 16-bit installer without external support...

Apple drops support for legacy applications far quicker than MS does.

Mac OS X was launched as a consumer product in 2001. Intel Macs were released in 2006 with no support for classic mac OS apps, classic support was removed from the powerpc releases of Mac OS soon afterwards.

Support for rosetta was removed in 2011.

On the MS side win32 was brought to most customers with windows 95 in 1995. The first 64-bit desktop version of windows didn't appear until 2005 and didn't become common for several years after that.

Comment Re:OR (Score 1) 262

In any game that requires precise pointing/aiming players using keyboards and mice destroy players using console pads.

But keyboard/mouse requires a very different setup from console pads. Console pads can be used to play in the lounge sitting on the sofa. Keyboard and mouse pretty much requires a desk. Generally people have their consoles set up in their lounge with their TV, not in their office with their monitor. Most console players aren't going to want to rearrange their furniture so they can play with a keyboard/mouse.

So if you put keyboard/mouse support into console gaming and let them play with everyone else a handful of hardcore players will set up their console on a desk as if it was a PC and destroy even the best pad users. Letting the minority who have thier console in a "desktop" setup dominate the game is not good for buisness. If you split the keyboard/mouse players into their own group you leave people wondering why they can't play with their friends or wondering why matchmaking never finds anything.

Slashdot Top Deals

"All my life I wanted to be someone; I guess I should have been more specific." -- Jane Wagner

Working...