HackerTrans
TopNewTrendsCommentsPastAskShowJobs

nickodell

no profile record

comments

nickodell
·5 lat temu·discuss
Are non-sequiturs always malicious? For example, suppose you have a news site, and it has a story about Ukraine, followed by a story about school shootings. Even if two links next to one another are unrelated, that doesn't prove that they're not genuine.
nickodell
·5 lat temu·discuss
Alex Oh worked for a law firm which represents Exxon. That law firm was accused of obstructing a deposition to avoid providing answers to the other side. [1]

>ORDERS defense counsel to show cause by May 14, 2021 why sanctions should not be imposed under Rule 11 (b)(3) for alleging that plaintiffs' counsel was agitated, disrespectful, and unhinged during the deposition despite a lack of record evidence supporting those allegations. See Mem. Op. 29-31. >ORDERS defendants to serve a copy of this order on Ms. Oh.

Was Alex Oh specifically responsible for this conduct? The order doesn't say.

What does this have to do with Clinton? Nothing, except in a six-degrees-of-kevin-bacon sense.

[1]: https://www.courtlistener.com/recap/gov.uscourts.dcd.14559/g...
nickodell
·5 lat temu·discuss
Stingrays are more useful as an investigative tool than an evidentiary tool. DNA is the other way around.
nickodell
·5 lat temu·discuss
Believe it or not, I was already aware of all of those things, having followed a number of criminal defense blogs.

If you read the article and appellate decision which is linked, it says what I just said:

>On Wednesday, the appellate court sided with the defense [PDF] and sent the case back to a lower court directing the judge to compel Cybergenetics to make the TrueAllele code available to the defense team.
nickodell
·5 lat temu·discuss
>taking the life of an innocent

The prosecutor isn't unilaterally deciding whether the DNA evidence is valid. There will be a public hearing where both the prosecution and defense show evidence about the validity of the DNA evidence, and a court will rule based on that evidence.
nickodell
·5 lat temu·discuss
>My prediction: this firm will probably try to get removed from the case, rather than open source their shitty code.

That isn't necessarily their choice. The prosecutors will make the decision about whether to withdraw the DNA evidence. They probably won't, given that they would need to give the defendant a new trial, which could lead to an accused murderer getting off. A bad look for any prosecutor.

More to the point, if the firm withdraws from any case where their credibility is questioned, what does that say to law enforcement agencies who are thinking about using their software?
nickodell
·5 lat temu·discuss
Why couldn't you attach to the screen, press Ctrl-C, then press up arrow to get the original command?
nickodell
·5 lat temu·discuss
That's a thoughtful answer; thank you.
nickodell
·5 lat temu·discuss
>First, the client makes an unauthenticated request to the server to retrieve the password salts associated with the username. If no user is found, an error is returned to the client. If a user is found, the server sends the client the user's password salt and password token salt, which the client uses to rebuild the password token. The password token is then passed to the server for authentication. To prevent brute force password guesses, clients get 25 incorrect attempts in a row before the server locks the user out of their account for 24 hours (Note we are aware this introduces a DoS vulnerability. Our first priority is to protect user data. We plan to implement a more sophisticated lockout mechanism in the future).

Hang on, so the process of retrieving the salt gives the remote client information about whether the user exists? Doesn't this mean that an attacker could take a list of possible usernames, and confirm which of them are using your service?

Seems like you could return a salt even when the user doesn't exist, and that would prevent this information disclosure.
nickodell
·6 lat temu·discuss
I was looking for a more technical response.

e.g. How are new blocks created? Proof of work, predefined functionaries, something else?

You say you have SPV proofs which allow a full node to prove a particular domain is owned by a particular party. How does that work?
nickodell
·6 lat temu·discuss
How does your service differ from NameCoin?
nickodell
·6 lat temu·discuss
The article also suggests that COVID was maybe an inside job, and that it's unpatriotic to follow health restrictions. (Not in exactly those words, but it warns about "acquiescing" to government restrictions.)
nickodell
·6 lat temu·discuss
Apple says they're going to move to an HTTPS based system, so the relevant comparison is between HTTPS and DNS, not HTTP and DNS.
nickodell
·6 lat temu·discuss
Then the question is, "how much do I trust my ISP/DNS provider?"

Those DNS lookups tell your ISP 1) that you use a mac and 2) that you have an application from a specific developer installed.

I think I trust my ISP less than I trust Apple, here. Am I wrong to do so?
nickodell
·6 lat temu·discuss
So what happens if a removed function is called? Or can you guarantee that won't happen?
nickodell
·6 lat temu·discuss
Under C11, the compiler is still allowed to assume termination of a loop if the controlling expression is non-constant and a few other conditions are met.

https://stackoverflow.com/a/16436479/530160