they are)?
FTR, we assume that someone was spoofing luciano's email address,
either randomly or as an attack on his character.
-
Joel Rees
I'm imagining I'm a novelist:
http://joel-rees-economics.blogspot.com/2016/06/econ101-novel-toc.html
On Sat, Nov 1, 2014 at 4:49 PM, Riley Baird
bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch wrote:
On 31/10/14 09:43, Joel Rees wrote:
[...]
This is a good way of doing the string comparison. However, it would
seem that upstream isn't really interested in hiding the length of the
strings
the answers to
http://stackoverflow.com/questions/237128/is-there-a-reason-python-strings-dont-have-a-string-length-method
I'm pretty sure he's right.
[...]
--
Joel Rees
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
On Sun, Nov 2, 2014 at 1:21 AM, Jack j...@jackpot.uk.net wrote:
On 01/11/2014 16:07, Joel Rees wrote:
Riley is under the impression that Python strings are counted,
rather than NUL-terminated. Given the answers to
http://stackoverflow.com/questions/237128/is-there-a-reason-python-strings
On Sat, Nov 1, 2014 at 9:56 PM, Joel Rees joel.r...@gmail.com wrote:
[...]
Probably, the best solution for a constant-time compare is to
pre-zero-fill the buffers and do binary compares (memcmp()) on the
entire buffers. That means that these routines are a bit superfluous
anyway.
I
2014/10/30 16:52 Nicolas Rachinsky deb-securit...@ml.turing-complete.org
:
* Joel Rees joel.r...@gmail.com [2014-10-30 08:38 +0900]:
-
// The core function: test two regions of memory for bytewise equality
with constant time.
// If cmplength is less than min
Here's the result of my work to this point:
---
/* Near-constant run time string/memory compare, with test frame.
** by Joel Rees,
** derived from work by Peter Scott, Riley Baird, et. al., see
** https://lists.debian.org/debian-security/2014/10/msg00060.html
** https
I gotta quit coding when I should be asleep.
On Fri, Oct 31, 2014 at 12:38 AM, Joel Rees joel.r...@gmail.com wrote:
Here's the result of my work to this point:
---
/* Near-constant run time string/memory compare, with test frame.
** by Joel Rees,
** derived from work
2014/10/29 4:59 Riley Baird
bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch:
On 29/10/14 00:20, Joel Rees wrote:
On Tue, Oct 28, 2014 at 12:08 PM, Riley Baird
bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch wrote:
Dear debian-security,
I am looking for a sponsor for my package
the difference of the first pair of bytes that differ.
--
Joel Rees
Be careful when you see conspiracy.
Look first in your own heart,
and ask yourself if you are not your own worst enemy.
Arm yourself with knowledge of yourself.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
(Closes: #764443)
Regards,
Riley Baird
I have a suggestion which I
Joel Rees
Be careful when you see conspiracy.
Look first in your own heart,
and ask yourself if you are not your own worst enemy.
Arm yourself with knowledge of yourself.
--
To UNSUBSCRIBE, email to debian-security-requ
) ? ylen : xlen;
int i, result = 0;
for (i = 0; i minlen; i++) result |= x[i] ^ y[i];
return ( xlen == ylen ) ( result == 0 );
---
I haven't tested it, but I think the corner case I'm thinking about is
fairly clear.
--
Joel Rees
--
To UNSUBSCRIBE, email to debian-security
, that
firefox, direct from mozilla.org, on stock debian, is more likely to
have vulnerabilities than firefox (iceweasel) loaded from the debian
packages archives.
--
Joel Rees
Computer memory is just fancy paper.
The CPU and IO devices are just fancy pens.
--
To UNSUBSCRIBE, email to debian-security
On Sun, Jul 13, 2014 at 1:28 PM, Noah Meyerhans no...@debian.org wrote:
On Sun, Jul 13, 2014 at 08:35:56AM +0900, Joel Rees wrote:
MD5 has been broken for a small number of applications. Its status is
questionable for the rest, but if we want to help break it completely,
let's get all
On Sun, Jul 13, 2014 at 5:04 AM, Jann Horn j...@thejh.net wrote:
On Mon, Jul 07, 2014 at 08:09:14PM +0900, Joel Rees wrote:
But again, that's only half the story. When you send a kernel image
encrypted, they have the plaintext and the crypt, and the thing is
large and hard. This is the kind
(not images) served TLS transport on at least one of the
mirrors, if and only if I remember to set the SSL_CERT_FILE before I
fire up lynx to go get the checksums. It won't help me if my
randomness in choosing the servers isn't good enough in case (2), but
it should help in case (3).
--
Joel Rees
On Tue, Jul 8, 2014 at 5:13 AM, Andrea Zwirner and...@linkspirit.org wrote:
On 07/07/2014 13:09, Joel Rees wrote:
Sorry Joel, I almost totally disagree with your vision on privacy and
security, but I really i don't want to go into the merit of it, because
I think Lou is representing my vision
2014/07/07 11:32 Lou RUPPERT hims...@louruppert.com:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Joel Rees:
On Sat, Jul 5, 2014 at 12:43 AM, Lou RUPPERT
hims...@louruppert.com wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512
Joel Rees:
On Fri, Jul 4, 2014 at 11:44 AM
, but why do
their work for them and free their resources up for other jobs?
Especially when the only real advantage of using TLS download
transport is (the illusion of) being able to download what you want
without them knowing exactly what you downloaded.
--
Joel Rees
Be careful where you see
On Sat, Jul 5, 2014 at 12:43 AM, Lou RUPPERT hims...@louruppert.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Joel Rees:
On Fri, Jul 4, 2014 at 11:44 AM, Hans-Christoph Steiner
h...@at.or.at wrote:
[rhetoric encouraging the use of TLS transport for mirrors] [list
of current
they would probably notice that the sites are mirrors and ignore
the traffic.
???
.hc
[1] http://freehaven.net/~arma/tuf-ccs2010.pdf or
https://isis.poly.edu/~jcappos/papers/samuel_tuf_ccs_2010.pdf
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart
, maybe, but nothing particularly new.
Managers manage by charisma more than by technical skill, even in the
best cases.
[...]
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject
On Sat, May 17, 2014 at 8:44 PM, Patrick Schleizer adrela...@riseup.net wrote:
Joel Rees:
He told me to use Ubuntu instead. He explained that with the fact,
that Ubuntu has more security features enabled than Debian (also
more compiler flags for security) in a fresh install. He gave me a
link
in.
[...]
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/CAAr43iPSpZ_avA7d4-BWfLokjr22ioRN5tn
Heh. I took the bait on this one.
On Sat, May 17, 2014 at 8:44 PM, Patrick Schleizer adrela...@riseup.net wrote:
Joel Rees:
He told me to use Ubuntu instead. He explained that with the fact,
that Ubuntu has more security features enabled than Debian (also
more compiler flags for security
of debian.org, and such.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org
On Sun, May 18, 2014 at 12:34 AM, Richard van den Berg
rich...@vdberg.org wrote:
Joel Rees wrote On 17-05-14 03:19:
He gave me a link to the following site:
https://wiki.ubuntu.com/Security/Features
None of the meaningful items in that list are unavailable on Debian, and
the defaults
that at first, too. Sorry.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org
On Sun, May 18, 2014 at 1:24 AM, Sven Bartscher
sven.bartsc...@weltraumschlangen.de wrote:
On Sun, 18 May 2014 01:09:06 +0900
Joel Rees joel.r...@gmail.com wrote:
On Sat, May 17, 2014 at 10:39 PM, Sven Bartscher
sven.bartsc...@weltraumschlangen.de wrote:
On Sat, 17 May 2014 11:44:56 +
On Sun, May 18, 2014 at 1:50 AM, Sven Bartscher
sven.bartsc...@weltraumschlangen.de wrote:
On Sun, 18 May 2014 01:36:44 +0900
Joel Rees joel.r...@gmail.com wrote:
There are more reasons than the X11 hole to refrain from using your
admin user to surf the web.
Just out of curiosity, what
place to start from.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/caar43io0ufd3hrp
administration, it is highly
questionable whether certain of the added security features actually
increase security.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe
are the same, whether you use Debian,
Ubuntu, Fedora, openBSD, whatever.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
On Sun, Mar 2, 2014 at 10:00 AM, y...@marupa.net wrote:
On Sunday, March 02, 2014 09:20:44 AM Joel Rees wrote:
On Sun, Mar 2, 2014 at 8:43 AM, y...@marupa.net wrote:
On Sunday, March 02, 2014 12:00:41 AM Volker Birk wrote:
On Sat, Mar 01, 2014 at 02:17:05PM -0800, Leslie S Satenstein wrote
,
everyone will be dependent on their APIs there in near future.
Oh please, grow up.
You grow up. Technically inferior stuff always seems to get the money,
but you get to live in the results of your choices.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart
On Sun, Dec 1, 2013 at 9:26 AM, Bernhard R. Link brl...@debian.org wrote:
* Joel Rees joel.r...@gmail.com [131129 00:36]:
The standard needs to be re-written to encourage sane behavior in
undefined situations, and if you don't like that opinion, I'll take
some time later, when I have some
warnings about system dependent behavior at a
higher priority than arbitrary optimizations.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
, and if you don't like that opinion, I'll take
some time later, when I have some, to rip your arguments that I've
clipped above to shreds. I don't mind if you don't.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ
it's a new generation of
sophomoric programmers, or maybe we have moles in our ranks.
The sky is not falling, but it sounds like I don't want to waste my
time with Clang yet. And I probably need to go make myself persona
non-grata again in some C language forums
--
Joel Rees
Be careful where
before B or even Algol.
The guys responsible for optimization sometimes forget that falsifying
an argument is not falsifying the conclusion, among other things.
On Sat, Nov 23, 2013 at 8:17 AM, Joel Rees joel.r...@gmail.com wrote:
Deja gnu?
On Sat, Nov 23, 2013 at 10:34 AM, Andrew McGlashan
, mass
copying, and going back and overwriting the members that are subject
to issues like deep copy. Remember that memcpy() is able to copy an
odd number of bytes, so the size calculation contains a bit more than
is obvious to the programmer.)
--
Joel Rees
Be careful where you see conspiracy
On Thu, Sep 12, 2013 at 9:39 AM, E Frank Ball III fra...@efball.com wrote:
On Thu, Sep 12, 2013 at 09:13:46AM +0900, Joel Rees wrote:
On Thu, Sep 12, 2013 at 7:48 AM, E Frank Ball III fra...@efball.com
wrote:
Last fall there was a debian 64-bit / nginx rootkit going around,
now I've
. And the
big boys are all about intellectual property right now, and as long as
they are playing those games, we aren't going to get any further on
what you need to be able to answer that question, essentially a
database of function vs. package vs. target use, and the interplay
thereof.
--
Joel Rees
, and one of the
reasons I hate Intel is that they have pushed the complexity so hard
to maintain their market advantage, and it just makes a mess of the
industry.
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ
, for
specialized target applications, and so that we can avoid the
monoculture issues.)
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas
?
E Frank Ball fra...@efball.com
Just out of curiosity, did you back up nginx and check it as well?
--
Joel Rees
Be careful where you see conspiracy.
Look first in your own heart.
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe
(Thanks for obliging, Henrik. ;-)
On Sun, Sep 8, 2013 at 5:34 PM, Henrik Ahlgren pa...@seestieto.com wrote:
On Sun, Sep 08, 2013 at 08:00:12AM +0900, Joel Rees wrote:
(1) This requires enabling two repositories that I have been avoiding
enabling, contrib and non-free. That means I have
On Mon, Sep 9, 2013 at 12:55 AM, Henrique de Moraes Holschuh
h...@debian.org wrote:
On Sun, 08 Sep 2013, Joel Rees wrote:
I was hoping that AMD was not going to have the license and
non-visibility issue that plagues the Intel processor microcode
updates. But I find this original announcement
(I kind of hope this starts a flame war large enough to embarrass the
corporate culprits into behaving themselves about this. Apologies in
advance when I step on toes.)
I was hoping that AMD was not going to have the license and
non-visibility issue that plagues the Intel processor microcode
49 matches
Mail list logo