Or more relevantly, I think this is what the original poster was referring to:
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.whitehatsec.com%2Fbl...

Here are some examples of PHP doing mind boggling things with md5 and sha1 hashes.

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2F3v4l.org%2FtT4l8

>Do you believe rehabilitation is impossible or do you want revenge?

I don't believe that someone who commits mass murder can be rehabilitated, no. It isn't about revenge; it's about public safety.

Someone once pointed out that hoping a rapist gets raped in prison isn't a victory for his victim(s), because it somehow gives him what he had coming to him, but it's actually a victory for rape and violence. I wish I could remember who said that, because they are right. The score doesn't go Rapist: 1 World: 1. It goes Rape: 2.

What this man did is unspeakable, and he absolutely deserves to spend the rest of his life in prison. If he needs to be kept away from other prisoners as a safety issue, there are ways to do that without keeping him in solitary confinement, which has been shown conclusively to be profoundly cruel and harmful.

Putting him in solitary confinement, as a punitive measure, is not a victory for the good people in the world. It's a victory for inhumane treatment of human beings. This ruling is, in my opinion, very good and very strong for human rights, *precisely* because it was brought by such a despicable and horrible person. It affirms that all of us have basic human rights, even the absolute worst of us on this planet.

This is precisely why I lost all interest in Oculus the instant I heard that it had been acquired by Facebook.

It's built into the Steam client, and is primarily a private client-to-client "broadcast". You request to watch a friend, the friend accepts, now you're watching his or her game.

Web viewership for public streams is just a bonus because they built it around h.264 video segments and Chrome and IE11 can play those back with a bit of javascript work.

Are you high? He was trained and employed as a spy *by the US CIA*. He is not admitting to espionage, he's saying that whenever the NSA paints him as a hacker and a low-level IT guy, the NSA is lying. And the CIA has now confirmed that the government has known all along that it's telling lies about who Snowden really is.

Apple specifically addressed this during their conference call. Sales are not down; if you look at two quarters combined, sales are flat or slightly up. Sales only appear to be down year-over-year because they had supply issues five quarters ago, which pushed sales from that quarter (which was low) into the start of the next quarter (which was high).

That hasn't been true pretty much ever. Back before Windows did privilege separation, anti-cheats scanned everything they could find; after the rise of UAC, PunkBuster and other anti-cheat systems added a prompt to permanently authorize their system-level service on the first run.

When you play "Valve Anti-Cheat" (VAC) enabled games, you agree to allow Valve to scan your computer for evidence of cheat/hack programs. This is what VAC does. It's like Punkbuster, Warden, etc - depending on your point of view, it tries to level the playing field for multiplayer games, or it is an invasion of privacy because you have the right to cheat all you want.

Valve's VAC, Blizzard's Warden, etc are all "spyware" by definition. Their job is to find and collect evidence of suspected game-tampering cheats, both known and unknown, and report them. They already sniff your running processes, window titles, loaded drivers, USB devices, filesystem, etc. Scanning your local DNS cache is probably one of the least invasive things that VAC does, *and it only happens when you play games which advertise the VAC feature*.

If you don't like this, don't play VAC-enabled multiplayer games. It's that simple.

No. Failing to deliver a quality product isn't the problem. The problem is if you promise to deliver a quality product, and then you fail.

It seems to me like Apple wouldn't have made the switch right away on iOS 6 if they weren't confident that the software was ready. Someone had to stand up and say, "This is ready" or "This is not ready". If Mr. Williamson was in charge of it, and he told his bosses with confidence that it was ready, he should be fired. That's pretty straightforward.

That seems like an oversimplification since the DEFLATE algorithm includes a huffman encoding step, and it is within the specs for the compressor to simply never emit back-references. It would be a horrible bug in the implementation of zlib to have worse compression performance than a basic huffman encoding.

Although it has not been fully disclosed yet, it's my understanding that the attack is only practical because of a sort of implicit "trust chain" in the implementation of TLS 1.0 where knowledge of one block gives you all the information you need to decode the next block... but also that proper decryption of one block means that you know that you decrypted the previous block successfully. That's the kicker - if you are just making guesses at one block but know the contents of the next block, the encrypted results of the second block are a kind of oracle to see if you got the first block right or not.

Now, if you use javascript to prime the channel with a (block size minus one) byte message, you're going to be able to guess the first byte of the next message and then check to see if you were right using the oracle trick. Once you know that, use a (block size minus two) prefix and guess the second byte. Rinse, repeat until you've grabbed it all, one byte at a time, thanks to the ability to check your guess using the next packet as an oracle.

My layman's understanding of the fix is that it neutralizes the oracle by adding additional variation. This means that you'd have to guess the random variation in order to craft an "oracle" packet that tells you that you guessed the previous packet correctly. Multiply the guessing search space (2^8 possibilities) by the variation and you're up in "computationally infeasible" territory. The attack is thus neutralized.

The point isn't to provide critical or useful feedback. The point is to provide positive reinforcement and emotion. Most human beings, believe it or not, enjoy feelings of acceptance and appreciation and despise criticism. You're welcome to tell them to go home until they grow a thicker skin, but then all you've got left is a bunch of nerds and engineers trying to maintain articles about 15th century art.