I had the misfortune of working with the Xilinx Vivado environment, it's a fucking garbage, the software is straight out of the 90s, everything is glued together with shell scripts and the TCL scripting language, the IDE throws thousands of warnings and errors while building a sample project, the documentation is missing or spread over 150 PDFs, if the manufacturer of your evaluation board prepared an example for the previous version of Vivado, you must have two installations, which is probably about 2 * 100GB, if you want to keep anything under version control, you have to use some external tools, it's all absurd.
I was working in space industry and ECSS security guidelines are missleading grant seeking startups to try to reinvent TLS on orbit. There are to mamy bureaucracy. ECSS guidelines for software teams were created by people who never written a Hello World in their life, just look at specs of ECSS Packet Utilisation Service, it's a joke, that's why I prefer to work for VC funded companies than grant funded.
What is waveform? How it is supposed to impact the debugging process. More info is needed to atract general audience, not everyone is desiging own CPU even here.
Not necessarily, no. I've dabbled in VHDL, but not remotely close to being proficient. Is it useful for that kind of thing? I don't recognize the term.
Maybe this project unlocks be getting into it? But as is, I have no idea if this makes it easier, or is even related.
If you don't know, then you aren't the target audience.
But there are two applications: the first is breaking in to a system under some very obscure set of circumstances that you are very unlikely to encounter in the real world. The second is to bump up your karma on HN.
> If you don't know, then you aren't the target audience.
If you do know, then you also know md5 being broken is really really old news.
Seriously. Cryptographers have been warning that md5 seems weak since 1996. There are probably people reading this thread who weren't even alive yet. (It got totally broken in 2004 but the warning signs were way earlier).
> system under some very obscure set of circumstances that you are very unlikely to encounter in the real world.
Is there any way to use HN karma? Like, can I sell my account on some shady exchange like people sell big twitter accounts? And if I can, what's the going rate for internet points these days? Asking for an unscrupulous friend.
It's actually a bit of a scam because karma accumulates and never expires. I've been on the leaderboard for a long time, not because I'm making particularly valuable contributions (I only post a few times a week) but just because I've been on HN since it launched.
After, sometimes, the initial scanning, the security and AV industry deals with file hashes, not actual files. This means that if you wrote a legitimate, harmful program, and a malicious version with the same hash, you would be able to troll the security rolls in many cases. Basically, those two files would look the same to the security program.
The thing that makes this blog post not realistic is:
* Such tricks would make much more sense with normal programs, where you're trying to trick an user to download and execute it. Webshells are downloaded by the attacker knowingly.
* Md5 is not used anymore (although I know security vendors who used it for embarrassingly long time). If this was SHA256, that attack would be devastating for many more severe reasons.
> The answer is likely wordpress, because its default wp_hash algorithm is still MD5.
That's only true if you ignore all the details.
As usual, you cannot make a coherent understanding on just about any subject by reading headlines alone. Life would have taught you by now that the devil is in the details.
WP uses salt and multiple rounds of hashing, fully mitigating the md5 collisions being topic of discussion here.
So no, wp doesn't "use md5" in the sense that they would be vulnerable to this type of attack.
And as I cannot resist quoting you for trying to smartass while literally not having read the source code the PoC was about:
> As usual, you cannot make a coherent understanding on just about any subject by reading headlines alone. Life would have taught you by now that the devil is in the details.
What is "development process" ??? What is "business use case" of this tool? Such a big readme and no introduction to why I should be interested in this tool.
Which is perfectly fine and a fun thing to do. I personally use the terminal but such a little monitoring tool can be quite fun and we should embrace the fun in doing things more. People over here are so soaked up by the Open Source as a business model VC-Pitch that they can't believe it when someone builds a little hobby tool with no business plan for a multi billion dollar exit. You're doing it right buddy. Don't let these Crypto-SaaS-AI-Bros ruin the fun for you.
> Such a big readme and no introduction to why I should be interested in this tool.
This.
Why in the hell would anyone want to kill random processes that open a port in the tange 2000-6000? And why is this need so pressing as to require a full blown monitor integrated in a task bar?
Without context, this sounds like a complete random silly project that makes no sense and serves no purpose at all.
Without context, it sounds like something someone vibe-coded and git push-ed up to the internet. Which is fine, but it's just unusually precise and verbose for something that would end up being a shell alias for most developers.
In Poland I have 1000/300 fiber in my family house village with ~500 people population and same 1000/300 fiber in city I currently live both for 30 USD / month.
It just seems like the later a country got on the internet, the better their infrastructure is, Poland, Bulgaria, etc. all have way better internet than Austria or Germany
Seems like if they built it out after fiber was cheaper and more common, they have it good. Meanwhile, to this day, my parents get, at best, 6mbps down from the ancient, shitty copper infra the telco put up ages ago. Thankfully, other options like various 5G home internet products are a common in rural towns now, at least in the Midwest. But wouldn’t beat fiber!
Germany is a special case actually because they just refused to go on the fiber train and instead kept doubling down on DSL. Goes all the way back to the administration from the 80s and onwards, it's finally changing tho.
Nah, don't buy it. That's a poor excuse for America's bad internet infrastructure and another one of those "it's because we're the first/best/bigger actually".
I live in France, growing up most homes were equipped with ADSL. Optical fiber was rolled slowly but surely over the entire territory, systematically replacing older infrastructure. It's now to the point that everyone I know enjoys fast internet, from the center of Paris to the middle of nowhere.
Here in Ireland I have 1000/100 asymmetric in a medium-ish town, no data caps that I've been able to discover. I pay €40/month. There does not seem to be any options available for a faster upload, which is unfortunate.
I think the slowest speed on offer at the moment is 500 for rural connections. I think everyone except the most rural households (and probably our surrounding islands) have 500meg fibre to the home now.
It keeps that speed at peak times without any issues, low pings, fast download speeds. With such internet connection the server is bottleneck, so if I download Linux distro I often choose torrent download option. There is no official data caps too.
The government is subsidizing kpop companies somewhat via funding for arts and entertainment (as essentially all governments in a position to invest in soft power do, of course).
I'm not aware of any military backing, though. Kpop stars occasionally perform at army concerts - South Korea is a country with mandatory service for all young men, so as you can imagine these are popular -, and while I assume these are paying gigs it's also infrequent enough that I doubt you can call it backing.
reply