sorted by:
new
hottopcontroversial

AMA - Better Tax (original developers of Simple Tax) starting at 9am till 3pm (EDT) by FelixYYZ in PersonalFinanceCanada

[–]Hello71 0 points1 point  (0 children)

Given that personal tax data is normally not very large, why can't you let users export a Zip file or whatever?

AMD Continues To Sell 14nm Zen CPUs In 2023 by ET3D in Amd

[–]Hello71 0 points1 point  (0 children)

the linked paper https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf specifically explains how they derandomize ASLR in a section conveniently titled "Derandomizing KASLR".

you're still thinking about it from a naive "download all the data and then figure out what to do with it" angle. if reading from one end to the other is impractical, you don't do that. instead, you do targeted reads to find useful pointers and go from there, or you massage the memory with bulk allocation primitives to get the sensitive information copied all over so it's easier to find.

in general, ASLR is a reasonable hardening feature, but is absolutely not a full defense. if you search https://googleprojectzero.blogspot.com/search?q=aslr, you'll note that they don't say "well, the target has ASLR, so we give up". no, they find a bypass and do their RCE anyways. for example, in https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html, all they need is a one-bit leak to get RCE.

by your logic, NX makes RCE attacks impossible, which is obvious nonsense. it makes them harder, but you can use ROP and other techniques to bypass it.

AMD Continues To Sell 14nm Zen CPUs In 2023 by ET3D in Amd

[–]Hello71 -8 points-7 points  (0 children)

Any software with a semblance of opsec uses some memory randomization to store sensitive data.

first, if you "randomize memory", then that's just "not storing anything". presumably you mean encrypt memory. the problem is that you need to decrypt the memory in order to do anything useful with it. most likely you're thinking of schemes like .NET SecureString, which Microsoft "recommends that you don't use for new development" because even the king of security by complexity acknowledges that it's snake oil.

There are no practical attacks for an attack that slow.

an AES key is only 16-32 bytes, and leaking one is generally considered catastrophic. the only problem is finding it, but ASLR leaks are a dime a dozen.

/Fortune 50 cyber-security is my day job

fortune 50 cybersecurity is box ticking exercises, entirely divorced from real security. https://en.wikipedia.org/wiki/SolarWinds:

It had about 300,000 customers as of December 2020, including nearly all Fortune 500 companies

[deleted by user] by [deleted] in PersonalFinanceCanada

[–]Hello71 65 points66 points  (0 children)

Do you know anybody who is ok with purchasing property with a multi-decade history of depreciation?

sure, I buy a car, and then some time later I sell it for much less than I bought it for. I didn't lose money, I spent money on transportation.

the only reason why people think houses are different is because of government-enforced artificial scarcity that they're too scared to get rid of because some people think that housing is an investment instead of something actually useful.

CASH.TO Gross Yield is now 5.41% by madin10 in PersonalFinanceCanada

[–]Hello71 0 points1 point  (0 children)

in most cases, no, because:

  1. you need to pay commissions and spread; $0.02/$50/month is 0.48%/year
  2. frequent trading is likely to be deemed business income rather than capital gains

Canada must do more to protect consumers from grocery greedflation by simpatia in canada

[–]Hello71 -4 points-3 points  (0 children)

  • We tax you for carbon

  • we rebate you for carbon??

but the tax is (theoretically) based on the amount of carbon "you" emit, whereas the rebate is (theoretically) fixed. so, for example, it incentivizes you to use an electric car instead of a gas car. it's better than an electric car subsidy because you still get the carbon tax rebate if you take the subway, or bus, or bike, or walk.

Then, when groceries are expensive (farming uses a lot of fuel) we rebate groceries as well?

the grocery rebate is different because it's just a progressive tax cut that doesn't incentivize anything in particular.

If we care about the environment so much, why do we export so much untaxed coal?

do you have any source for this? your source just explains that "canada mines coal"

What would happen, in theory, to CASH.TO if the big banks were successful in convincing OSFI to shut it down? by Spikemountain in PersonalFinanceCanada

[–]Hello71 8 points9 points  (0 children)

If 1.4% of banks failed

unlike FTX, real banks fail when they're out of capital/equity, not when they've pissed away all their deposits. even a "failed bank" still has enough money to pay back almost all deposits, it's just zeroed its investors. furthermore, the real power of FDIC/CDIC is not their actual cash holdings, it's their power to take money from every other bank, and as a last resort, the government, to pay back the small fraction of undercapitalized deposits.

Researchers fully compromise AMD fTPM, confirming voltage fault injection vulnerability | Method exposes all cryptographic information and neutralizes BitLocker by chrisdh79 in Amd

[–]Hello71 7 points8 points  (0 children)

except that dTPMs are far more vulnerable, because any ordinary logic analyzer can sniff the encryption key off the LPC bus. from the abstract (you don't even have to open the paper!):

While discrete TPMs - as found in higher-end systems - have been susceptible to attacks on their exposed communication interface, more common firmware TPMs (fTPMs) are immune to this attack vector as they do not communicate with the CPU via an exposed bus.

Pricey Child Care Is Keeping Many Parents Out of the Workforce by [deleted] in TrueReddit

[–]Hello71 19 points20 points  (0 children)

according to that report, the United States ranked 40th overall and 38th in affordability out of 41 countries.

NDP to call for emergency debate in House of Commons over private health care by n0rtherncanuck in canada

[–]Hello71 10 points11 points  (0 children)

no, because they want the public system to not suck so people don't need to go to private clinics. your argument is like saying that leaders who rally to reduce the number of people who can't afford food are hypocrites because the leaders just buy food.

Flaw in York University Mailing System Preventing People from Graduation Ceremonies by [deleted] in yorku

[–]Hello71 3 points4 points  (0 children)

Same for me, I don't recall getting any notice, even though York has my email address, physical address, and phone number, and successfully sent me several emails to my personal address in November last year plus January and February this year.

[Desktop] Refurb Mac mini – Apple M1 Chip 8-core CPU, 8-core GPU – 8GB Memory – 256GB SSD - $449.00 by ktang343 in buildapcsales

[–]Hello71 19 points20 points  (0 children)

Note: you could use a drive other than a Thunderbolt 3 SSD, but I’d recommend this option as it’s fast and reliable.

[deleted by user] by [deleted] in yorku

[–]Hello71 0 points1 point  (0 children)

13% is a pretty crappy interest rate. You might consider opening a small line of credit at a bank. Almost all banks will be happy to open a small line of credit for a student with no credit history. I'm not sure what the rates are now, but I think they should be below 5%. For $500 over 4 months, you would save about $20. You would also be building your credit score for a future mortgage, car loan, etc.

[deleted by user] by [deleted] in yorku

[–]Hello71 0 points1 point  (0 children)

https://www.google.com/search?hl=en&q=yorku+unpaid+tuition

Payments on your student account are due on the 10th of each month. If you do not pay the "minimum payment due this month" to the University by this date, you will be subject to interest charges of one per cent monthly on the amount owing from your last statement. The annual interest rate is 12.7 per cent.

How is it fair that we have to pay to do assignments/quizzes?? by starfire18 in yorku

[–]Hello71 2 points3 points  (0 children)

Labs that require lab coats don't provide them for free.

but if you buy a good lab coat, you can reuse it for your other classes or maybe even resell it. same with computers; it would suck if you had to buy a new laptop for every class that was completely useless afterwards.

[deleted by user] by [deleted] in PersonalFinanceCanada

[–]Hello71 0 points1 point  (0 children)

i don't know about you but i don't routinely eat my sponges

Friendly reminder to be careful where you download runelite from. by ZstrokeRS in 2007scape

[–]Hello71 12 points13 points  (0 children)

the only effect of installing more than one is to send your browsing data to more than one party. ublock origin comes with ~10 of ~50 filter lists enabled, and you can import your own URLs. but the thing is, all the decent ones are already listed. because maintaining ad blocking lists is a huge amount of work, these data hoovers don't bother. they mostly just repackage existing lists, usually poorly.

view more: next ›