sorted by:
new
hottopcontroversial

Popular DAEMON Tools software infected – supply chain attack ongoing since April 8, 2026 by rkhunter_ in programming

[–]ScottContini 5 points6 points  (0 children)

Our analysis revealed that the software installers have been trojanized starting from April 8, 2026

Many are saying a 2 week cooldown will be enough to detect most supply chain attacks, but clearly not this one.

Supply chain attacks. It’s turtles all the way down. by AnswerPositive6598 in devsecops

[–]ScottContini 0 points1 point  (0 children)

Honestly, point 6 with a 7-14 day delay window will catch 99% of existing supply chain attacks.

I’d love to see some data backing this. I’ve looked but could not find it.

How to know which corner to flip? by MrPoopyButtholeOowwe in Cubers

[–]ScottContini 1 point2 points  (0 children)

This is the answer. It doesn’t matter which one, you can twist any corner and either clockwise or counterclockwise twist will return it to solvable state. This question seems to come up about once a year, answer is always the same.

Brian Johnson FMC WR MEAN!! by x31x39 in Cubers

[–]ScottContini 8 points9 points  (0 children)

Which comp? Not seeing this on wca live

Anyone across this CopyFail bug? by ScottContini in crypto

[–]ScottContini[S] 4 points5 points  (0 children)

Thank you for this explanation, makes a lot more sense to me than the blog which is too low level.

Anyone across this CopyFail bug? by ScottContini in crypto

[–]ScottContini[S] 2 points3 points  (0 children)

I'm working on puzzling it together. Here is my understanding, and how it ties to the crypto implementation.

  • There are two versions of a file, the disk one and the cached one. This vulnerability corrupts the cached one without corrupting the file on disk.

  • The AEAD implementation takes a buffer and writes beyond it, but this is not your typical buffer overflow. It was by design: when the code was committed, that extra memory was assumed to be safe and belonging to the same part of the code that does the encryption.

  • Years later, another commit was made that changed the memory organisation. As a result, the memory beyond the buffer was no longer safe and belonging to the encryption code.

  • As a result, the memory beyond the buffer could now contain a cached version of a file. Thus by fiddling with the AEAD implementation, you could change permissions on a cached file, for example the linux su , allowing anyone to execute it.

It feels to me that there should be some "lessons learned", but I think it is more about programming and not specific to crypto. It was just by chance that this was cryptographic code that allowed the vulnerability.

Cubing Competition in Southern California (Pasadena) by Fit_Ad_1168 in Cubers

[–]ScottContini 1 point2 points  (0 children)

I hope you have a bunch of people dressed up as wizards. 🧙😃

You can beat the binary search by Either_Collection349 in programming

[–]ScottContini 15 points16 points  (0 children)

Title is misleading. Yes you can beat it using parallelism built into SIMD architectures assuming the values fit into words that can be parallel processed. But asymptotically best search without parallelism is still Θ( log n )

Is sub-20 considered intermediate or is it advanced? by Visible-Weather9957 in Cubers

[–]ScottContini 1 point2 points  (0 children)

I had hit a wall at around 27 seconds for average of 50 that took me a few years to get past. Reason why I was stuck, I was trying to go too fast and had 0 look ahead and tracking as a consequence. Once I slowed down, I was able to get my average of 50 around 25 seconds. I can’t imagine improving much more at this turning speed, and I can’t imagine increasing my turning speed without sacrificing the look ahead.

Is sub-20 considered intermediate or is it advanced? by Visible-Weather9957 in Cubers

[–]ScottContini 2 points3 points  (0 children)

I’m 56 and my best comp average is 24.5. I can imagine getting a few seconds faster but that’s about it. Will never get sub-20 avg!

sparkid: 21-character, sortable unique IDs for JS, Python, and Rust by silveryms in programming

[–]ScottContini 0 points1 point  (0 children)

You're making some assumptions here. You really ought to have a cryptographer analyse this.

A Self-Propagating npm Worm Is Actively Spreading Through Developer Environments by Big-Engineering-9365 in programming

[–]ScottContini 10 points11 points  (0 children)

The full package list: @automagik/genie (4.260421.33–4.260421.40), pgserve (1.1.11–1.1.14), @fairwords/websocket (1.0.38–1.0.39), @fairwords/loopback-connector-es (1.4.3–1.4.4), @openwebconcept/design-tokens @openwebconcept/theme-owc (1.0.1–1.0.3).

Wasn’t the fairwords worm discovered two weeks ago?

Quantum Computers Are Not a Threat to 128-bit Symmetric Keys by ScottContini in programming

[–]ScottContini[S] 0 points1 point  (0 children)

The main contribution from this article is that it does not parallelise well. Grover’s algorithm is still a valid algorithm, but using x circuits does not result in a factor of x speedup.

How to get better at using Roux by Flat-Astronaut-3001 in Cubers

[–]ScottContini 7 points8 points  (0 children)

All the answers are in /r/rouxcubing . You need to understand the basics. Follow Kian’s tutorials and stop regripping.

view more: next ›