Hacker Newsnew | comments | show | ask | jobs | submit | Xymak1y's comments login

I can't seem to find a demo anywhere?

-----


http://usablica.github.io/progress.js/

-----


I ran into some bugs when testing, such as: http://imgur.com/B0VVnmn

The test will pass but I can't submit it, because the test doesn't pass. Meh.

-----


That test doesn't pass for me in Chrome console.

I think it's because your isNaN check shortcircuits the other checks as you're checking if the array element is NaN. Is that what you meant to do?

Also when you recursively call `numbers(args)` your `[].slice` will put your array inside another array.

-----


What is it with requiring at least 6 character usernames? Why does it matter to an automated system if I use less? I get that a username with only one letter isn't optimal, but I don't see why it can't be > 3.

-----


This has to do with keeping some words reserved or just off-limits. For example, some 4-letter words would not be preferred as usernames, as well as things like login, auth, etc.

-----


Right, so make 5 the minimum then and reserve certain words. I guess I can always use usernames such as "administration", "dashboard" or "profile", right? I believe setting a minimum of 6 letters is a questionnable approach to this problem.

-----


Totally understandable - we don't want to exclude you based on the number of characters in your desired username. We just don't have a good set of all the words we need to reserve upfront - what we really want to avoid is ever forcing someone to change their username because of a conflict like this.

We'll see what we can do to allow shorter usernames without ending up in this situation. Thanks for the feedback.

-----


Relevant xkcd: http://xkcd.com/538/

-----


What does this mean for me? I have all my interal + external hard drives encrypted as well as my system drive.

-----


This article is just an analysis of one of the inherent and well-documented weaknesses in truecrypt: the fact that the encryption key must stay in RAM the entire time you are using an encrypted volume. So, as has always been the case, treat the contents of your RAM as precious when a truecrypt volume is mounted.

-----


How would you treat your RAM contents as precious? Just making sure you're on a pristine machine, and nothing else is running? Can other unrelated processes access the key from RAM?

-----


> How would you treat your RAM contents as precious?

For one, don't let anyone get physical access to the computer while it is running and the volume is mounted (even if the screen is locked). This may even apply for several minutes after the machine is turned off: https://freedom-to-tinker.com/blog/felten/new-research-resul...

> Can other unrelated processes access the key from RAM?

Processes running as the root user can.

-----


>Processes running as the root user can.

Unless you're using a trusted computing environment, right? In which case, if you trust the processor and startup environment, the kernel can be assured to run safely and prevent such attacks. Correct?

-----


Avoid using Thunderbolt/IEEE 1394/DisplayPort or any interface that has DMA to connect devices to your computer.

-----


Well, in theory, let's say you've got a laptop encrypted with Truecrypt. You put it in sleep mode instead of switching it completely off or hibernating,because you are just nipping out for a coffee. An attacker could then steal it, lower its temperature(let's say they put it in a freezer for a while), and then extract - literally take out - the RAM from that machine and plug it into a specially prepared station which would then be used to extract the contents of that memory. In low temperatures, RAM data retention is measured in minutes, so all data you had in your system would be preserved, including the encryption key.

Unlikely? Quite, unless someone like NSA or FBI want your data. Possible? Yes, with the right resources.

-----


Cold boot attacks don't work on DDR3

-----


Why? Do you have any reference?

-----


Here's a paper on the subject http://www1.cs.fau.de/filepool/projects/coldboot/fares_coldb...

-----


Note the comment at the end of the paper. The authors had not been able to do it successfully with their relatively simple methodology. Sure it is harder than DDR2 but this doesn't mean it is impossible. As pointed out by the authors, the failure can simply be due to the memory controller implementation (or DDR3 protocol itself) on their test setup. If this is the case, then all it takes is a custom memory controller that is optimized for this type of extraction.

-----


Thank you.

-----


It means if you're worried about the contents of your encrypted drives being uncovered, you need to make sure no malicious processes gain access to a dump of your system's memory while it's booted / running / encrypted drives are mounted.

-----


While there are comments that mention getting drinks to go, I think 1.80 pounds are extremely cheap for spending time at a place, drinks and snacks included. I'd go.

-----


The website's font looks bad for me on the latest Chrome, Windows x64: http://i.imgur.com/cN6tXNl.png

Gets better with zooming though, at 120 % it looks nicer: http://i.imgur.com/d0GkKcq.png

-----


What does this do? Does it map Dropbox and Google Drive to network drives on Windows (the image indicates so)? Is it a webapp? I'd love to see a more detailed explanation somewhere before signing up.

-----


Thanks for the feedback.

You're correct - it does map Dropbox, Google Drive and Box to removable drives on Windows, and it also allows you to mix multiple accounts from (say) Dropbox so you can have a work and personal account mounted at the same time. It's not currently a webapp, although we have plans to create one.

-----


The "products" page, however, does not work: http://www.rsync.net/products/index.html

-----


... just tested and works just fine ... just a static HTML page that's been in place since 2006 :)

-----


I'm on 100MB line and it's been extremely slow. Several of the images from the /images/ directory are taking 6-7 seconds to load.

http://i.imgur.com/wEmmMfc.png

-----


Yep, extremely slow loading time, and I'm in Norway. Here is my network profiler: http://cl.ly/image/1p0Q2l1e322D/o

-----


Now it seems to work for me as well. Thanks for the update!

-----


Nice idea, but I hated the workflow of setting up an account - first I have to type in a phone number manually twice, which is easily readable from Android. I also missed an explanation why I needed to set up an encryption token rightaway (I get what the point is, I'd just much rather try using the app first without having to set up all kinds of passwords and credentials first).

-----

More

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: