The vulnerability breakdown is 1 Denial of Service, 2 down-grades, and 2 side-channel attacks. Downgrade and side-channel attacks are prevalent where backward compatibility functionality exists.
"Also, this isn't a heist, because nothing was stolen. It's more of a counterfeiting operation, if I understand the commentary correctly. Someone took advantage of a recursive bug and an anti-pattern of calling recursive code before updating values and essentially created more 33% more Ether than previously existed out of thin air."
It was a heist. Ether didn't get created, it just got moved. The child DAO tokens could theoretically have been "created" out of thin air if you drained the DAO past 0 recursively, then the balances were updated on all those recursive calls (after the sending of the tokens). That didn't happen though, he was just able to stack a bunch of withdraw operations up recursively, and the withdraws executed before the balance was checked (for each method call). Even if the past zero drain had been attempted, the Ethereum network would have errored out when the contract tried to send more funds than it had, so you couldn't generate Ether out of the ether (teehee).
Yah know what, you're actually right. I was thinking of the normal "race to the goal" zero confirmation attack, but you could theoretically stretch it a bit. I apologize.
However, it's pretty easy to detect if someone is attempting this longer time period attack, and the payment processors should be able to incorporate that logic fairly simply. The ones that don't will almost certainly be out of business quickly.
"The difference between you and me is that I read these claims with a degree of skepticism, while you swallowed them whole."
No, the difference between you and me is that I don't insert strawmen into an argument. The situation you tried to claim was easier (paying with a credit card) is not the situation they were trying to address. I pointed that out, and now you're trying to back-pedal.
Steam is accepting Bitcoin, so apparently they thought it would be beneficial in addition to their current payment options. You can go claiming it's not beneficial as much as you want, but Steam apparently disagrees with you.
"And with the way Bitcoin works now, one can easily scam Steam out of a sale, play the game and beat it in a couple of days, reverse the transaction, get banned, repeat with new account and wallet, and Steam will never be able to stop them."
The reversing of transactions is only possible for zero-confirmation transactions. That's ~10 minutes you have to beat the game, not a couple days.
You're not big on reading, are you? Steam identified payment as a problem, so apparently they weren't buying the games or were having significant trouble doing so.
From TFA:
“While more users are coming online in in these countries, traditional payment options like credit cards often aren’t available.”
Great job making a completely invalid point.
The majority of the stuff in this database is boots and other gear, not guns and armored vehicles. You even get stuff like printers and fax machines from this program. If you scroll through Alaska's list almost all of it is cold weather gear.
This program is used to get a second use out of any military surplus, it is not some sort of "arm the cops" program. That's just what people are focusing on right now because it's news-worthy. This program has almost jack-squat to do with how police forces are armed (they buy most of their stuff new), it just has the combined words "military" and "police" which gets hits on websites.
That exists already for most phones. Police do not attempt to recover stolen phones. They just don't care (they say they don't have the time resources to do that, remember that next time you're getting a speeding ticket for going 8 over the limit).
Look, I don't mean to be a prick, but moral relativism by definition says wrong is subjective. Whatever you're trying to talk about, it's not moral relativism.
What do you mean by integer rounded? His graphs are of score on the x and # of that score on the y. Both his axes are integer values. Do you mean it's possible the test had fractional scores and he (or the scorers) rounded them in the analysis? Otherwise I don't understand your point.
Well, with your 31 years of experience as an independent country, I'm shocked we haven't all followed your example...of partial governance...of your own "country"...
Actually savings at that level are almost always tied up in the market somehow, which (assuming no large crashes) tracks with inflation as much, if not better than, your salary does.
I'm not twisting anything, this was my point to begin with. You have to tie the action to the belief system. You can say "Jesus said" in front of anything, but unless you can tie it to the belief system in some meaningful way (in the case of Christianity, the bible), you're just spewing smoke.
"Go back to kindergaten"
Obviously Christians don't control the market on intolerance. Hypocrisy is a human condition, not a christian one.
I have a question then. If I say "there is no God, no higher purpose, it does not matter if I burn this village". Does this mean atheism is at fault if I burn the village? Because that's what you're saying about Christianity.
Like many other tyrannical governments, the Nazis twisted the religion of the country to their own means. The III Reich did not grow out of the church, it took over the church in 1933, after the rise to political power.
The problem with statements like yours is that they make it seem as if anyone who says they are a christian automatically gets whatever actions they take attributed to the religion. If you want to say that Christianity is responsible for the crimes in Nazi Germany, then what you are really saying is that the Nazi argument for the holocaust, world wars, etc is a valid argument within the precepts of Christianity. If you'd like to argue that, then go ahead, but otherwise the crimes can't be attributed to Christianity any more than I can attribute every crime committed by an atheist to atheism.
I'm getting my CS degree from them right now, while working full-time. It's not great for learning, but if you already know how to program, you can definitely check the box there (and probably get a 4.0 to boot).
My guess is one of the floats had confetti or someone in an apartment wanted to take part in the parade. Why was it police documents? There are lots of ways that could have happened. Explanations start with an apartment owner who works at the station taking home a bag of "confetti" to throw out their window, and go all the way to a conspiracy. Also the possibility of a recycling company that shreds stuff and sells it as cheap confetti (I personally think this is highly unlikely).
You don't need to force people to "show their papers" to avoid the problem of voting multiple times. One man one vote is easy enough to enforce even without Gestapo tactics.
Your tone conveys an attitude that your employees shouldn't be interested in how the company is run, that's a huge red flag from my experience.
It's not prima donna to inquire about the history of the position. You should want employees who think they can succeed where someone else has failed.
I don't understand employers who think company operations are of no business to their employees. I may work for you, but I'm putting my livelihood and that of my family in your hands. You don't have to justify all your decisions, but some explanation of the direction and plan goes a long way.
Slashdot Mirror
The vulnerability breakdown is 1 Denial of Service, 2 down-grades, and 2 side-channel attacks. Downgrade and side-channel attacks are prevalent where backward compatibility functionality exists.
"Also, this isn't a heist, because nothing was stolen. It's more of a counterfeiting operation, if I understand the commentary correctly. Someone took advantage of a recursive bug and an anti-pattern of calling recursive code before updating values and essentially created more 33% more Ether than previously existed out of thin air."
It was a heist. Ether didn't get created, it just got moved. The child DAO tokens could theoretically have been "created" out of thin air if you drained the DAO past 0 recursively, then the balances were updated on all those recursive calls (after the sending of the tokens). That didn't happen though, he was just able to stack a bunch of withdraw operations up recursively, and the withdraws executed before the balance was checked (for each method call). Even if the past zero drain had been attempted, the Ethereum network would have errored out when the contract tried to send more funds than it had, so you couldn't generate Ether out of the ether (teehee).
Here's a great write-up: http://hackingdistributed.com/...
Yah know what, you're actually right. I was thinking of the normal "race to the goal" zero confirmation attack, but you could theoretically stretch it a bit. I apologize. However, it's pretty easy to detect if someone is attempting this longer time period attack, and the payment processors should be able to incorporate that logic fairly simply. The ones that don't will almost certainly be out of business quickly.
No, the difference between you and me is that I don't insert strawmen into an argument. The situation you tried to claim was easier (paying with a credit card) is not the situation they were trying to address. I pointed that out, and now you're trying to back-pedal.
Steam is accepting Bitcoin, so apparently they thought it would be beneficial in addition to their current payment options. You can go claiming it's not beneficial as much as you want, but Steam apparently disagrees with you.
"And with the way Bitcoin works now, one can easily scam Steam out of a sale, play the game and beat it in a couple of days, reverse the transaction, get banned, repeat with new account and wallet, and Steam will never be able to stop them." The reversing of transactions is only possible for zero-confirmation transactions. That's ~10 minutes you have to beat the game, not a couple days.
You're not big on reading, are you? Steam identified payment as a problem, so apparently they weren't buying the games or were having significant trouble doing so.
From TFA: “While more users are coming online in in these countries, traditional payment options like credit cards often aren’t available.” Great job making a completely invalid point.
Simple international payments for a product that doesn't require instant confirmation. Exactly what the technology was designed for! Well done, Steam.
They do rotate their offerings. Generally the content is always available, but what is free vs paid will rotate over time.
The majority of the stuff in this database is boots and other gear, not guns and armored vehicles. You even get stuff like printers and fax machines from this program. If you scroll through Alaska's list almost all of it is cold weather gear.
This program is used to get a second use out of any military surplus, it is not some sort of "arm the cops" program. That's just what people are focusing on right now because it's news-worthy. This program has almost jack-squat to do with how police forces are armed (they buy most of their stuff new), it just has the combined words "military" and "police" which gets hits on websites.
False. They're primarily focused on traffic violations.
That exists already for most phones. Police do not attempt to recover stolen phones. They just don't care (they say they don't have the time resources to do that, remember that next time you're getting a speeding ticket for going 8 over the limit).
Look, I don't mean to be a prick, but moral relativism by definition says wrong is subjective. Whatever you're trying to talk about, it's not moral relativism.
What do you mean by integer rounded? His graphs are of score on the x and # of that score on the y. Both his axes are integer values. Do you mean it's possible the test had fractional scores and he (or the scorers) rounded them in the analysis? Otherwise I don't understand your point.
Well, with your 31 years of experience as an independent country, I'm shocked we haven't all followed your example...of partial governance...of your own "country"...
Actually savings at that level are almost always tied up in the market somehow, which (assuming no large crashes) tracks with inflation as much, if not better than, your salary does.
"Go back to kindergaten"
Obviously Christians don't control the market on intolerance. Hypocrisy is a human condition, not a christian one.
I have a question then. If I say "there is no God, no higher purpose, it does not matter if I burn this village". Does this mean atheism is at fault if I burn the village? Because that's what you're saying about Christianity.
Like many other tyrannical governments, the Nazis twisted the religion of the country to their own means. The III Reich did not grow out of the church, it took over the church in 1933, after the rise to political power. The problem with statements like yours is that they make it seem as if anyone who says they are a christian automatically gets whatever actions they take attributed to the religion. If you want to say that Christianity is responsible for the crimes in Nazi Germany, then what you are really saying is that the Nazi argument for the holocaust, world wars, etc is a valid argument within the precepts of Christianity. If you'd like to argue that, then go ahead, but otherwise the crimes can't be attributed to Christianity any more than I can attribute every crime committed by an atheist to atheism.
I'm getting my CS degree from them right now, while working full-time. It's not great for learning, but if you already know how to program, you can definitely check the box there (and probably get a 4.0 to boot).
My guess is one of the floats had confetti or someone in an apartment wanted to take part in the parade. Why was it police documents? There are lots of ways that could have happened. Explanations start with an apartment owner who works at the station taking home a bag of "confetti" to throw out their window, and go all the way to a conspiracy. Also the possibility of a recycling company that shreds stuff and sells it as cheap confetti (I personally think this is highly unlikely).
That's a fair point, but the driver's license is to show you're the registered voter you say you are. In the U.S.A., registered voter = citizen.
You don't need to force people to "show their papers" to avoid the problem of voting multiple times. One man one vote is easy enough to enforce even without Gestapo tactics.
How?
Except when you need to do something like, I don't know, prove you're a citizen of said country...
Your tone conveys an attitude that your employees shouldn't be interested in how the company is run, that's a huge red flag from my experience.
It's not prima donna to inquire about the history of the position. You should want employees who think they can succeed where someone else has failed.
I don't understand employers who think company operations are of no business to their employees. I may work for you, but I'm putting my livelihood and that of my family in your hands. You don't have to justify all your decisions, but some explanation of the direction and plan goes a long way.