Slashdot Mirror


User: gweihir

gweihir's activity in the archive.

Stories
0
Comments
19,136
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 19,136

  1. Pseudo-profound Bullshit on Researchers Store Computer OS, Short Movie On DNA (phys.org) · · Score: 1

    It has all the hallmarks: It is written "in the code of life", it is an "OS" and a "movie". At the same time it is completely and utterly worthless, because DNA is not a digital storage medium by nature, but a blue-print storage that is limited in what it can store by the reading mechanism to very specific things. Most binary sequences on it are just completely meaningless. May as well put a movie into the pattern of stones used to pace a sidewalk. Possible, but utterly meaningless.

  2. Indeed.

  3. Re:People without a clue commenting on crypto on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 1

    Actually, I think these would get noticed. If I remember right, the kernel has pretty strict formatting standards. But it is a good question.

  4. Indeed. As long as Cops do not get a "go to jail directly" card when their cameras are off in such a situation, this is not going to change.

  5. Re:kill the salt, kill the sugar on DNA Test Shows Subway's 'Chicken' Only Contains 50 Percent Chicken (arstechnica.com) · · Score: 1

    As salt and sugar are more expensive than other fillers, clearly it is put in because people want it (well, possibly not consciously).

  6. Re:Somebody wants to get paid. on Arizona Bill Would Make Students In Grades 4-12 Participate Once In An Hour of Code (azpbs.org) · · Score: 1

    Probably.

  7. Re:Not a huge issue for git... on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 1

    They cannot do that. This is a two-sides hash-collision, i.e. the attacker needs to create both things that then collide when hashed. Creating a second key with the same hash as yours is still infeasible today, unless you cooperate with the attacker.

  8. Re:People without a clue commenting on crypto on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 1

    Thanks for proving my point about utterly clueless people here. You are one of them.

    A high-entropy password hashed with SHA1 is perfectly secure. You could even hash it with MD5 and still be secure. A low-entropy hashed with SHA1 is not less secure than hashed with, say, SHA-512.

  9. Re:People without a clue commenting on crypto on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 1

    That very much sums it up.

  10. For "coding"? Not a chance in hell.

  11. Hmm, are you drunk or stoned.

    That seems to actually apply to you, because you missed that I was very clearly not talking about teaching it only for 1 hour. I was talking about teaching it with a real effort behind it. Still an utter fail.

  12. Re:git was written when SHA-1 attacks were publish on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 1

    Indeed. But seeing that would require some actual understand of the issue at hand, instead of a simple-minded "newer must be better".

  13. Re:SHA1 in git on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 1

    That is apparently an idea many, many people cannot understand, obvious though it is.

    My guess is that these people can only think in association-classes: For them, SHA1 equals security and any successful attack on SHA1 (no matter what its nature is) hence must break security in all applications of SHA1 (even if not used for security there or the attack is irrelevant for the scenario it is used in).

    Of course, such a simplistic model of thinking is utterly pathetic and disconnected from reality, but it seems to be what is going on in their minds. And then these morons believe that are actually qualified to tell experts what to do.

  14. Re:Not a huge issue for git... on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 1

    Using SHA1 for fingerprints is not an issue at this time. All somebody could do is create two PGP keys with the same fingerprint. As keys do not really contain any critical information, unlike X.509 certificates, this matters little. So the reason SHA1 is "still" used there is that the people doing it actually understand what they are doing.

  15. Re:Is Linus irresponsible? on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 1

    That argument does not count for most people, because most people have no clue what a hash actually does and what it can be used for. Most of these morons have no clue that crypto-hashes can well be used for non-crypto things.

  16. Re:Linux security on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 1

    So a cryptographically accurate description of the situation together with a risk analysis and announcement of a longer-term plan is "to hell with security"?
    There seems to be something wrong with your brain.

  17. Re:this is a deflection on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 1

    That is bullshit. CRC is slow and has a collision-probability high enough to be a concern. CRC is not a good idea in repositories that can be very large. Incidentally, the claim that using a crypto-hash for a hash indicates that a "secure" has is needed is completely bogus. Crypto-hashes now have speeds and set-up times that make them well suitable as replacements for normal hashes in situations where you not mainly hash very short things. A lot of semi-competent people seem to have missed that little fact though.

  18. People without a clue commenting on crypto on Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) · · Score: 4, Insightful

    That really annoys me no end. There is some gradual improvement in a specific attack, expected by everybody that has a clue and not seen as anything dramatic by the same people. And immediately a horde of people with no understanding of crypto swoop in an declare the sky to be falling and all uses of this thing are now invalid. This is really just utterly pathetic.

    Example: I have to constantly defend the use of SHA1 for password hashing. (Sure, something like pbkdf2 or Argon2 should come later if the password may be low-entropy and gets stored. That is not always the case.) The thing is that password hashing has the purpose of preventing the hash being turned into a password again. Collision attacks have no impact on that at all. For a collision attack you would need to know the password and then you could find a second one with the same hash (or rather with the two-sided, much easier, variant you can find two passwords that map to the same hash). Now, these nil-whits completely overlook that the situation when using hashes in signatures always is that you already have what gets signed, which is completely different to the password situation. Still they claim "SHA1 is broken!". No it is not. It is broken for some specific _different_ application.

    Why so many non-experts think they can voice a qualified opinion about a very hard mathematical topic is beyond me.

    What Linus says here is exactly right and it is a statement by an expert. All those criticizing him are basically people that can put on a band-aid telling a brain-surgeon how to do his work. They just do not get it at all.

  19. Re:For variable values of "practical" and "relevan on Google Has Demonstrated a Successful Practical Attack Against SHA-1 (googleblog.com) · · Score: 1

    You really have no clue about IT Security Risk Management. A broken trust model most certainly is a systematic failure and it is far, far worse than a defect implementation detail like an insecure hash function.

  20. Re:A bridge to tech is needed on Arizona Bill Would Make Students In Grades 4-12 Participate Once In An Hour of Code (azpbs.org) · · Score: 1

    You cannot get people there. This is abstract skill, and even those with talent and the will to learn struggle at them. May well ask everybody to get how surgery works, or how to do the static design for a building. Cannot be done.

  21. This is like a fetish to a group of people in politics that do not have the least clue what they are talking about. It also has the little problem that we already have far, far too many bad coders and that is all that "teaching to code" will ever produce.

  22. That language does not exist. Because, surprise!, there are real programming languages that do not have these!

    But I guess you have never heard of logical and functional programming languages.

  23. On the side of the people driving this, yes, very likely. It is doomed to fail completely though, because coding is about as far as you can get from typical industrial work. What these morons are overlooking is that there is no mass-production stage with coding and that is exactly where most cheap industrial jobs are found.

  24. I completely agree. Coding is hard, even when done badly.

  25. This is just compete bullshit. There is no way to do anything in 1 hour besides wasting everybodies time.