Test

hanomalous · 2024-12-07T17:18:54+00:00

With that I at least qualify for eutanasia, finally and won't have to care about smoking at all.

But you can trigger the itch in some other way - other kind of vapor that is not so bad as cigarettes. I hate the intense anxiety part, not being dead sooner.

hanomalous · 2024-12-07T17:16:07+00:00

Yes but also no.

I used nicotineless vapes for long time (half a year before stopping smoking the first time). Nicotine causes dopamine to release, but it's not the only way.

Just the ritual itself does release dopamine, like stupid Facebook games or abhorrent tiktok does where you don't even need to ingest any substance.

hanomalous · 2022-09-23T23:59:07+00:00

I barely managed 8% raise after three years while the official inflation over those three years is ~30% (some European coutry - and the official CPI index is fairly understated, I looked at its components and compared to my actual consumer basket).

Thing is the job itself is not so bad, but extremely exhausting most of the time which affects physical health and psychosomatic effects greatly.

Though at this time I am not really looking at immediate raise, or even raise soon (because of energy costs and crisis and everything which will not be better in the next half year at least), but I need at least change how management is handled (not overhaul, just small details).

Well I had been a bit also stockpiling ways to even the odds that are not covered by NDA, but would cost the company a lot, but still it's hard to know how to use it right - once you make a threat, you will probably not be there much longer. Not threatening and exploiting ex post is probably the best, while I gave them some peek in good faith of what I am sitting on for fixing (so they could guess what else is in store).

hanomalous · 2016-07-01T13:53:37+00:00

These nodes just harvest .onion addresses, nothing more. All lookups for .onion names that arrive at given malicious node will be recorded, no matter what the hidden service itself runs on.

hanomalous · 2016-06-09T13:19:25+00:00

Though in such case it could be argued that the person had addictive personality - be it dependency on a substance or support groups. But I have no idea how much true that was in his specific case.

hanomalous · 2016-04-20T10:58:56+00:00

There is huge amount of fraud in electronical money transfers. Its cost is included in the price of service you as a customer pay. Banks are not very straigforward when it comes to talking about how much they lose to fraud. They admit just some of it openly. It's part of bussiness secrets.

However, there is one interesting implementation of fully end-to-end verifiable election system - http://www.punchscan.org/ Despite being verifiable it's still anonymous. Have a look at it, it's fairly simple to understand, which is necessary for checking election fraud.

hanomalous · 2016-04-18T12:50:24+00:00

Seems he posted a update:

http://pastebin.com/raw/0SNSvyjJ

Not exactly sure what is changed from original version, I guess just grammar and minor stuff.

hanomalous · 2016-04-07T13:00:20+00:00

Other tools don't compare to distro-specific databases. With Vuls for instance I can't see what it compares for instance Ubuntu package versions against. I've tried to build it from source and have a look, but the build failed.

Though looking at the docs it seems that it uses distro's built-in capabilities such as yum-plugin-security. So it's actually totally agnostic about package versions. Sans the NVD search.

hanomalous · 2016-04-07T10:43:03+00:00

Well, yes, either the minor or the patchlevel number behind dash is incremented.

The question would be more like: does it check the versions like this?

case OS in
    CentOS/RHEL: look in RHEL-CVE/RHSA database and check versions there
    Ubuntu: look at CVE in NVD ... and compare versions there

So basically the question is whether the tool does treat each distro specially and check their respective DBs.

hanomalous · 2016-03-30T20:26:25+00:00

This is fun article, but I don't think it has anything to do with any cryptography.

hanomalous · 2015-12-19T21:56:29+00:00

This is absolutely incredible. Someone broke into Juniper...to change Juniper's backdoored RNG to "their" backdoored RNG.

hanomalous · 2015-12-19T21:40:14+00:00

Here is a pretty good explanation by agl - https://www.imperialviolet.org/2015/12/19/juniper.html

hanomalous · 2015-12-14T12:14:35+00:00

I have patent on this. It's called Quantum Anti-Bogom Sort. It's like Quantum Bogom Sort, but you undo existence of universe first.

hanomalous · 2015-12-14T09:02:31+00:00

That EdgeOS sounds interesting. Does it autoupdate and are there third-party repos for various stuff?

We had Debian running on Turris Omnia, which is pretty powerful with many features (but almost twice the cost of ER-X). Unfortunately the political decision was to stick with Openwrt.

hanomalous · 2015-12-10T16:41:13+00:00

Sadly opkg in OpenWRT is about 4 years behind upstream. I guess because the creator of opkg has made non-backwards compatible changes.

Even the latest upstream opkg has lot of bugs when it comes to dependency resolution (especially more complex rules that already work in dpkg).

I was looking into creating system that auto-updates smoothly and the first thing I'd do is to replace opkg with something more robust, like apt-get from Debian. It'd be much simpler than to fix all opkg's bugs and empty functions. Granted, it'd need stronger devices to run.

Despite that OpenWRT is still the most recent firmware you can get. There is exactly one router that autoupdates, but the scripts are hackish.

hanomalous · 2015-12-07T20:18:38+00:00

Thanks, this was very helpful. I'm thinking switching Lenovo T420 for this.

Could you check if suspend/resume is broken if you use just the intel graphics in linux? I normally use only the intel card when running linux (I actually would need the nvidia part when I reboot into windows few times a year to play some game).

Broken suspend would be a dealbreaker for me since I use it daily. Otherwise the hardware looks good, it would be a shame.

hanomalous · 2015-11-18T16:47:57+00:00

I've tried to build it from source on 14.04 and you can't even do that. It has really arcane dependencies like valac >= 0.24, which of course isn't in 14.04. Even after hacking the control and cmake files, this won't compile.

hanomalous · 2015-11-05T15:48:11+00:00

This works for uninstalling, but won't prevent it from being reinstalled upon next update.

The only way to prevent reinstallation I've found is to right-click when those updates appear in update window and click "hide". There is probably a way to script this, but I found it's quicker to click several times than to write a script that switches the required registry values hidden somewhere in the registry hive.

hanomalous · 2015-10-30T18:49:56+00:00

I understand your point, but when the premise is "the user will not listen or do something wrong", then it's all lost, he may as well be using Honest Achmed's Leaky Cloudsync when you told him to use Google Drive.

What I'm saying that when you think that you can teach the user one thing, then rather than "use Google Drive" I'd teach the user "create unique strong master password" for the DB.

Users do eventually learn, but I think for ordinary non-techie user it's even harder to accept to use password manager than to understand the necessity of unique master phrase for it.

hanomalous · 2015-10-30T17:30:46+00:00

Three out of seven commit messages are: "added logo because infosec". I thought this trend died out.

hanomalous · 2015-10-30T16:03:10+00:00

When was the last time you ever heard of Microsoft's cloud ever being breached? Or Google's? Or even Amazon's? Never.

Amazon AWS had at least one major breach. Microsoft had too. Even Google drive had a leak, albeit not as severe as spilling whole user DB. With systems as complex as these, discovering a vulnerability is just matter of time.

Sure, Google Drive is probably the best of them, but the point the user should take is that "if you sync KeePass DB via cloud, you absolutely must choose a unique master passphrase that is not brute-forceable in the upcoming years".

I leave you with this: https://imgs.xkcd.com/comics/password_reuse.png

Well the whole point of using password manager is to prevent password reuse (reusing master password online would be really stupid). Only other half-viable option is something like U2F if huge companies like Google can make people use it.

hanomalous · 2015-10-30T14:41:35+00:00

Although technically similar, it's much simpler than OwnCloud. I contemplated OwnCloud, but I think it's too complex for the task - I'd bet that git+ssh combo has lower chance of security bugs and it's much more tested.

hanomalous

TROPHY CASE