Switzerland is planning to run an election over the internet. Turns out their software has a backdoor that would allow the election administrators to undetectably alter votes.


The security requirements for an election are pretty straightforward. The #1 threat is the people running the elections. Anyone running an election who downplays that point should be treated as actively engaged in election fraud.

Nat Tuck boosted

@maxlath @xj9 I commented in that thread and my concerns were (incorrectly) dismissed.

The reason to use a cryptographic hash function like MD5 over a non-cryptographic hash is so that you can write code that ignores the possibility of collisions. Once the cryptographic hash function is broken - as with MD5 and SHA1 - that's no longer true. That broken assumption almost certainly creates bugs, and they're probably security bugs that allow users to at least corrupt your data.

@xj9 CouchDB is awfully sketchy with their continued use of MD5.

Here's why the gun debate isn't just about guns. Making guns isn't that hard, and any regulation that effectively prevented it would also necessarily ban any sort of useful home workshop. This very quickly becomes an issue impacting the right to repair, and more importantly the freedom to tinker.


Great. Apparently the New England Journal of Medicine can't even meet their own commitments on handling statistical cheating in papers they've published.


@switchingsocial So... you can sign in to buy the book with Google, Facebook, or, for the privacy conscious, Walmart?

Nat Tuck boosted

tech + parenting; birdsite screenshot Show more

@howtommy Chromium supports embedding, which means that pretty much the entire ecosystem of alternative browsers is Chromium variants. Unless Mozilla decides to change their policy on supporting embedded, Firefox is pretty much a software dead end.

Nat Tuck boosted

Important→ Someone hacked the official site of #PHP PEAR and replaced package manager (go-pear.phar) with a "tainted version"


If you have downloaded/updated #pearPHP package manager from its official site in past 6 months, consider yourself compromised. t.co/PUm7o9CP8S

Nat Tuck boosted

Annotated version of my #35c3 presentation "Modchips of the State" about hypothetical SPI bus hardware implants in Supermicro servers' BMC: trmm.net/Modchips

@sean The only effect of nationalizing companies that already have government-enforced oligopoly (say cell phone providers) would be better service at a lower price. Competition would probably be even better, but there's no evidence that option's even on the table.

Nat Tuck boosted

"Big Tech's problem is Big, not Tech" by Cory Doctorow (video) archive.org/details/decentrali

I missed this when it came out a few months ago, but this is a great talk. I'm becoming more and more convinced that the problems of technology centralization can't be solved without antitrust. Tim Wu's recent book "The Curse of Bigness" also comes to mind here.

Nat Tuck boosted
Nat Tuck boosted

tech bullshit Show more

Nat Tuck boosted
Nat Tuck boosted

Seriously, @mozilla ?
Not only you went and implemented this DRM crap and now you're downloading non-free binaries behind our back???


@mmu_man To make things even better, Mozilla seems to have an intentional policy of breaking any repackaging of their software to fix issues like this. They killed Gecko embedding back in 2010, and even things like configuration keys aren't stable - turning off the "install blobs and backdoor my computer" option will only work for a release or two, and then they'll stop checking for the option before downloading stuff, so changing config options in something like a Debian package isn't enough.

Show more

ferrus.net is one server in the network