Profile

Cover photo
Sitaram Chamarty
568 followers|210,172 views
AboutPosts

Stream

Sitaram Chamarty

Shared publicly  - 
 
http://forums.theregister.co.uk/forum/1/2016/02/02/safe_harbor_replaced_with_privacy_shield/

I was going to write a summary and say "yeah right, and the moon is made of blue cheese" or something weird but this comment (http://forums.theregister.co.uk/forum/1/2016/02/02/safe_harbor_replaced_with_privacy_shield/#c_2766772 ) says it much better:

*Europe* Are you spying on us?
*USA* No way.
*Europe* Oh goody. No problem then
*Snowden* They have been spying on you. Here's the proof
*Europe* Naughty USA. You said you weren't spying on us and you were!
*USA* Yes. Sorry. We lied. But we won't do it again
*Europe* Promise?
*USA* Sure!
*Europe* That's all right then.
3
Bhaskar Chowdhury's profile photoBehan Webster's profile photoSitaram Chamarty's profile photo
3 comments
 
+Behan Webster true, but the spying we expect is on government, military, possibly industry, also, etc., not world+dog :-)
Add a comment...

Sitaram Chamarty

Shared publicly  - 
 
Too many bloody quantum crypto doomsayers these days... the acads do it because they get grants, the ones who are selling crypto do it because they can sell all kinds of stuff saying "quantum safe".

My gut feel (from what I have read of the physics of this, not that I'm any good at that!): this is not going to happen in any of our lifetimes.  Even the younger ones among us.  There's a good chance it may never happen too.  So stop getting suckered by "quantum safe crypto".

It's far more likely that traditional computing will start making inroads into RSA-2048 than quantum will manage it.

(Yes, I know NIST also raised a red flag on this.  Phhhhtttt!)
1
Caleb Cushing's profile photo
 
Phhhtttt, I have already cracked quantum crypto. https://xkcd.com/538/
Add a comment...

Sitaram Chamarty

Shared publicly  - 
9
Add a comment...

Sitaram Chamarty

Shared publicly  - 
 
https://www.youtube.com/watch?v=coFIEH3vXPw ("Run containers on bare metal already!") is the first time I have felt that the now-standard format -or- of showing the slides clearly in about 80% of the frame, with the video of the speaker a small insert on the side, is a bit lacking.

Watch it and you'll see what I mean.  This guy's energy level, his expressions, his segues into side topics, his explosive rants... well worth watching!
6
Marc-André Laverdière's profile photo
 
I made a mental note about their cloud offering. This looks very sweet in theory - remove all the need to manage anything - just dump your container in there and let 'em take care of it.
Add a comment...

Sitaram Chamarty

Shared publicly  - 
 
any gmail experts out there?

It appears that gmail is no longer allowing users to setup 2-step verification using TOTP (you know, the famous "google authenticator", or FreeOTP, etc.).  It insist on doing it the SMS way, but that doesn't always work for various reasons.

Is this really gone or is there some other way in which it can be enabled?
1
Gagan Singh's profile photoSitaram Chamarty's profile photo
2 comments
 
+Gagan Singh  oh cool thanks   I'll try it later (I was asking for someone else I was trying to help setup TOTP.  Mine was always TOTP anyway)
Add a comment...

Sitaram Chamarty

Shared publicly  - 
 
> Thus, each GNU package should encourage people to run other GNU packages rather than their competitors -- even competitors which are free software.

-- from https://lwn.net/Articles/659675/

The old man's lost it.  Here's a very similar sentence:  "Thus, each Microsoft product should encourage people to run other Microsoft products rather than their competitors -- even competitors which are proprietary".

In fact, I could say what MS did to Word Perfect many eons ago is precisely that.  We're merely quibbling about the specific meaning of "encourage", that's all.

Sure it's not anti-trust because that phrase implies profit, but in spirit -- it is no different.
2
Phil Hord's profile photoEugene E. Kashpureff Jr (EugeneKay)'s profile photo
2 comments
Add a comment...
Have him in circles
568 people
Reini Urban's profile photo
Alex Eiswirth's profile photo
Elijah Newren's profile photo
abhijeet vaidya's profile photo
Sriram Ramkrishna (sri)'s profile photo
Jillala Srinivas's profile photo
Sawan Vithlani's profile photo
Fabian Hirschmann's profile photo
tivikita channel's profile photo

Sitaram Chamarty

Shared publicly  - 
 
I tried to run the test code for CVE-2016-0728.

Machine just crashed.  Completely unresponsive with heavy disk activity.

More importantly, it got very hot -- an attacker can't run this without me noticing (modulo lunch breaks etc., when I leave the machine up).

Come to think of it, my old laptop would have been even better.  It had a thermal problem where something would wrongly report the temperature and it would basically just die if the temperature crossed some not-that-high value!
1
Eugene E. Kashpureff Jr (EugeneKay)'s profile photoJeff Mitchell's profile photoSitaram Chamarty's profile photo
4 comments
 
+Eugene E. Kashpureff Jr
EEK (nice initials by the way; can't believe I didn't notice all these months/years!): the exploit is designed to overflow a 32-bit counter so it will take time.  Despite what I said, a user who is expected to stay logged in for days can easily slow down this attack a bit more and eventually make it work :)
Add a comment...

Sitaram Chamarty

Shared publicly  - 
 
https://theintercept.com/2014/07/23/blacklisted/

I have not looked at the actual PDF yet but what I see here is absolutely crazy stuff!  Some quotes:

> The new guidelines allow individuals to be designated as representatives of terror organizations without any evidence they are actually connected to such organizations, and it gives a single White House official the unilateral authority to place entire “categories” of people the government is tracking onto the no fly and selectee lists.

> It reveals a confounding and convoluted system filled with exceptions to its own rules, and it relies on the elastic concept of “reasonable suspicion” as a standard for determining whether someone is a possible threat.

----

Being more interested in computer security, I've been much more focused on the police-state implications of the Snowden side of the story, never really paying attention to this aspect, but this is far worse!

(But then, we've seen recently somewhere that apparently drinking tea could get you busted for drug trafficking.  Maybe coffee can be labelled terrorist action, and you can get 90% of the US population on the no-fly list!!)
The watchlist system now requires neither “concrete facts” nor “irrefutable evidence” to designate you a terrorist. <!--more-->
3
Eugene E. Kashpureff Jr (EugeneKay)'s profile photo
 
That'd really speed up the lines at the airport for us tea-drinkers.
Add a comment...

Sitaram Chamarty

Shared publicly  - 
 
Hah!  Mozilla finally admits the Pocket integration had a financial motive.

https://soylentnews.org/article.pl?sid=15/12/07/2053231

(Note: I did not read the linked article, just the summary)

So now... you can't even believe what they say next time.  Just wait a while and they'll say something else!

Is this really a FOSS project?

I am just glad all the people (friends and family network) I evangelised FF to and installed FF for over the last few years are not tech-savvy enough to even know all this and ask me embarrassing questions!
Mozilla Admits Financial Benefits of Pocket Integration -- article related to News and The Main Page.
6
Bhaskar Chowdhury's profile photoEugene E. Kashpureff Jr (EugeneKay)'s profile photoSitaram Chamarty's profile photo
3 comments
 
+Eugene E. Kashpureff Jr
Reminds me of something similar I have been saying for the last year or two: I would rather risk getting hacked by a cyber-criminal than allow the government (any government) to get my data.  The cyber criminal's motives are clear!
Add a comment...

Sitaram Chamarty

Shared publicly  - 
 
oh good lord; I didn't read past the first para but this is terrible.  (And thank God I refuse to use Chrome or even Chromium, the latter because it is too closely tied to a proprietary product).

http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy
TL;DR, Popular Google Chrome extensions are constantly tracking you per default, making it very difficult or impossible for you to opt-out. These extensions will receive your complete browsing...
1
Cris Fuhrman's profile photoMarc-André Laverdière's profile photoSitaram Chamarty's profile photo
7 comments
 
+Marc-André Laverdière
Yes but it can only point to one extension that caused a problem.  Despite my antipathy to Firefox now, you can't deny that historically FF has a much better record on privacy.

Google certainly does care about security but if they started caring about privacy they'd be out of business.
Add a comment...

Sitaram Chamarty

Shared publicly  - 
 
and so the Elixir affair... well not necessarily "ends", but definitely takes a back seat to life.

Fedora 22 still only has [Erlang] R17, and after yet another machine on which I would need to install [Erlang] R18 to get something to work, I gave up.

(For anyone curious about replicating this, you don't need my setup.  All you have to do is follow along with https://github.com/jazzyb/sqlite_ecto/wiki/Basic-Sqlite.Ecto-Tutorial on an Erlang R17/Elixir 1.0.3 setup.  You'll hit an error saying "ERROR: Cannot parse OTP Release version string: 17", which basically means one of the dependencies being pulled in has code that has already forgotten how to deal with Erlang 17.)

And in case you think Erlang 17 is old or something, note that Erlang 18 has been released on June 24; just under 5 months ago.

Now, I am sure there is a way to do this, and I guess I could have been a bit more tenacious about making it work.  And I probably will -- at some point.  But as Aragorn said, "it is not this day" !
1
Add a comment...

Sitaram Chamarty

Shared publicly  - 
 
I thought this was funny.  Someone posted somewhere that, after many previous failed attempts, he finally got Arch installed.  He's not sure what clicked with me this time, but attributes it to using nano instead of vi.

Then he goes on to gush: "I'm very excited to start breaking my system, and to spending many late, late nights getting it working again! I'm a tinkerer at heart, and Arch just screams my name."

Wait... "tinkerer at heart" playing with breaking his system and rebuilding it... needs nano?
1
Phil Hord's profile photoEric Hanchrow's profile photo
2 comments
 
"tinkerer at heart" playing with breaking his system and rebuilding it... clearly needs Emacs.
Add a comment...
People
Have him in circles
568 people
Reini Urban's profile photo
Alex Eiswirth's profile photo
Elijah Newren's profile photo
abhijeet vaidya's profile photo
Sriram Ramkrishna (sri)'s profile photo
Jillala Srinivas's profile photo
Sawan Vithlani's profile photo
Fabian Hirschmann's profile photo
tivikita channel's profile photo
Work
Occupation
aging geek, gitolite author (dayjob: TCS)
Contact Information
Home
Email
Story
Tagline
...one more monkey
Introduction
Sitaram Chamarty (keywords to determine if I'm the Sitaram you're looking for: CVS, GTS/MBR, ECK, ISICAL, TCS, Git, Gitolite.  The first 3 are not google-able -- you have to know me to know what they are; the rest are public)
Bragging rights
author of gitolite -- my only contribution to the open source world, which I've been leeching off of since 1995
Basic Information
Gender
Male