I previously described the bcrypt pbkdf. The design is still the same, but yesterday djm noticed a fatal flaw in the implementation. The regress test which I created on amd64 was failing every test on i386. Obviously not good.
more...
The cool thing to do is encrypt all your network traffic. This used to be cool, but it’s even cooler now. I don’t really see much point to encrypting your nytimes.com visits, but I guess some people don’t like others knowing what kinds of news articles they read. (We all know you just read the gossip columns.) Anyway, the downside is minimal to non-existent, so go for it.
But wait! I was reading about The Dictionary of Numbers and got to the downside mentioned at the end. The browser extension was also modifying the text of a bank statement. Ordinarily, I’d say the easy thing is to only use amusing extensions on http, but not https, sites. How does that work in the brave new world of all https all the time?
Used to be https served a dual role as a signifier of serious business. Now it doesn’t, but we haven’t really replaced it. True enough, it was never a reliable signifier, and maybe the best thing to do if running with a dozen funny extensions is use a different browser (profile) for serious business.
I wonder how this affects phishing. When “https is secure, make sure your bank uses https” permeates into the general conscience, does it become “if everything is https, everything is secure“? Does the prevalence of https inspire false confidence in the web or will people learn that https was never a good signal for determining the legitimacy of a (possibly forged) web site?
Happy Canada Day! And almost 4th of July. Some shock and outrage to go with the fireworks. Don’t worry, I’m not entirely serious. The contrarian in me made me do it.
more...
I’m not sure what trickery LinkedIn uses to trick my connections into endorsing me, since they don’t seem like the kinds of people who would do so voluntarily, but LinkedIn never fails to notify me of my ever growing reputation. (I wonder if and how many people I’ve endorsed.) Today’s email was pretty sweet:
I've just endorsed you for new skills & expertise!
Amp expertise is definitely going on the resume.
Quoting from Celiac Power, “They tested the blood for gluten antibodies, expecting to see the current 1 percent rate of disease. Instead, only 0.002 percent of the airmen tested positive. Further tests showed today’s young men were 41/2 times more likely to have the illness.”
Puzzle: Arrange the numbers 0.01, 0.00002, and 20.5 in a sensible equation.
Google Glass facial recognition. “I think that makes conversation far more efficient.” For all those times I’ve had an inefficient conversation with somebody because I couldn’t read their Wikipedia article out of the corner of my eye.
There’s an article Change the World in the May 27th New Yorker. (Two kids with weird looking lollipops or something on the cover.) Covers the intersection and interaction between Silicon Valley and the world of politics. It’s an awesome article because it confirms all my opinions of the Web 2.0 tech scene. Worth reading the whole thing online, but here’s some highlights and scattered thoughts of my own.
more...
Everything that is wrong with the rest of this country, succinctly represented on one map. This one is also pretty good. I can absolutely confirm this one as well. Some people just don’t know how to talk.
Nothing too surprising for anyone who’s talked to people from different parts of the country, but this is the best visual representation I’ve seen.
A long time ago, OpenBSD added bcrypt, a function to securely (slowly) hash a password. Sometime later, a similar but more general standardized password -> hash function was developed, PKCS #5 PBKDF2. How that winner of a name caught on but bcrypt didn’t is a mystery to me.
more...
While working on boehm-gc, kurt ran into a threaded test case that sometimes got stuck, spinning on the sched_yield system call. In theory, yielding allows other processes to run, but on an otherwise idle machine, it just ends up using all the CPU itself, in a futile effort to not run. This initially looked like a case of trying to recursively acquire a spinlock (not supported) somewhere in the guts of librthread. Peering at the test case, this seemed a reasonable explanation (it was doing some twisty stuff, creating a new thread in a dying thread’s thread specific data destructor), but further inspection revealed that librthread is careful to release its internal locks before calling the destructor. The bug remains a mystery.
more...