Switzerland is planning to run an election over the internet. Turns out their software has a backdoor that would allow the election administrators to undetectably alter votes.
The security requirements for an election are pretty straightforward. The #1 threat is the people running the elections. Anyone running an election who downplays that point should be treated as actively engaged in election fraud.
The reason to use a cryptographic hash function like MD5 over a non-cryptographic hash is so that you can write code that ignores the possibility of collisions. Once the cryptographic hash function is broken - as with MD5 and SHA1 - that's no longer true. That broken assumption almost certainly creates bugs, and they're probably security bugs that allow users to at least corrupt your data.
@xj9 CouchDB is awfully sketchy with their continued use of MD5.
Here's why the gun debate isn't just about guns. Making guns isn't that hard, and any regulation that effectively prevented it would also necessarily ban any sort of useful home workshop. This very quickly becomes an issue impacting the right to repair, and more importantly the freedom to tinker.
Great. Apparently the New England Journal of Medicine can't even meet their own commitments on handling statistical cheating in papers they've published.
@switchingsocial So... you can sign in to buy the book with Google, Facebook, or, for the privacy conscious, Walmart?
@howtommy Chromium supports embedding, which means that pretty much the entire ecosystem of alternative browsers is Chromium variants. Unless Mozilla decides to change their policy on supporting embedded, Firefox is pretty much a software dead end.
Important→ Someone hacked the official site of #PHP PEAR and replaced package manager (go-pear.phar) with a "tainted version"
Apparently the entire internet is slowly turning into an Amazon service: https://gizmodo.com/i-tried-to-block-amazon-from-my-life-it-was-impossible-1830565336
@sean The only effect of nationalizing companies that already have government-enforced oligopoly (say cell phone providers) would be better service at a lower price. Competition would probably be even better, but there's no evidence that option's even on the table.
Turns out that when cell phone companies sell location data, that means that people can buy that data.
"Big Tech's problem is Big, not Tech" by Cory Doctorow (video) https://archive.org/details/decentralizedwebsummitmedia-2018-courtyard-2?start=509
I missed this when it came out a few months ago, but this is a great talk. I'm becoming more and more convinced that the problems of technology centralization can't be solved without antitrust. Tim Wu's recent book "The Curse of Bigness" also comes to mind here.
tech bullshit Show more
the microscope my parents got me comes with a QR code to download the vendor's official android app. It has banner ads and in-app purchases and also doesn't work.
Why is everything so fucking shit?
At least it works fine on a laptop with Cheese/Kamoso
Become a Facebook-Free business
Seriously, @mozilla ?
Not only you went and implemented this DRM crap and now you're downloading non-free binaries behind our back???
@mmu_man To make things even better, Mozilla seems to have an intentional policy of breaking any repackaging of their software to fix issues like this. They killed Gecko embedding back in 2010, and even things like configuration keys aren't stable - turning off the "install blobs and backdoor my computer" option will only work for a release or two, and then they'll stop checking for the option before downloading stuff, so changing config options in something like a Debian package isn't enough.
ferrus.net is one server in the network