Some of the elements that fisher might use like gypsum, not sure if any of it is safe either though. Soil needs more research, is what most people think but growing things is getting harder not sure if the opensoil project can cover enough of the problems yet.

A more safer alternative might be using transition metals and post transition metals in plant soil. Though using transition minerals usually results in having to be treated with something that can cover coding soil too.

There is lots of problems associated with ssds as well as large monorepos. There are more complicated than people realize but if you did google code jam it teaches them somewhat but needs to be explained too. There problem is stories sort of intersect with programming too. Clockwork with ssds needs to be reworked for google code jams. The problem is elixir sort of works with stories and programming. Predicate calculus and proof theories sort of are the only way programming will really make sense in a world full of ssds. Leveldb could be a more interesting problem for google code jams if it has some newer features too. Conflict resolution is tower of hanoi and that has problems with consensus algorithms and concat too.SSDs need to do derivatives for pieceing and parting software too and that is more interesting too.

As for templates they need to be in different languages and in different formats for video games consoles, and so many other formats they port systems and games that sort of work digitally to certain things but not playable to certain things too.

The other problem is that clone is part of syscall interfaces and part of apis and part of a lot of other things too.

Can someone benchmark it for me? Because sha with higher values might be faster.

Comments URL: https://news.ycombinator.com/item?id=19376256

Points: 1

# Comments: 1

and i made another one too: https://github.com/switch33/sha29893

and a third one: https://github.com/switch33/sha5987

and an even better one: https://github.com/switch33/sha2999999

and maybe the best for quite some time: https://github.com/switch33/sha130000000-

Windows used to run on md5 till it was proven it was horribly broken. A collision could be generated for the typical md5 having two programs have the same md5 disabling the security guarantees it usually provided. Part of stuxnet was believed to be able to overcome the installed package checking mechanisms.

SHA-1 has taken over for verification for a lot of sources including many linux packages. As for it's security it is debatable to a certain extent. There are efforts to port things to sha-2 but it hasn't been officially done yet I think.

Malware persistence is a focus on the malware persisting on the computer or network after infection. It is a very big field considering most organizations use apps from many different software vendors.

When you install an app it can be in source form but it also may contain many different binary(compiled sources). This is problematic. A good example is Hadoop (famous for computing big data problems) contains lots of pre-compiled .jars(java sources compiled).

Static analysis and verification became the go-to standards for a lot of study on verifying binary integrity. But every format and packaged store is different and has different levels of security. There are also more advanced methods or protecting like capabilties(monitoring based on what the apps have access to). A very good minimal for this are some of the libraries released by google including shipshape: https://github.com/google/shipshape

Many companies can no longer get away with just installing a firewall or relying on security products because security is now an "inside problem." Where the software they download from their cloud service(openstack for example) comes from many different vendors. Another example is docker(also many different vendors used to package apps together but provide isolation from the system).

SHA-1 has not been known to be broken, however there are some strange attacks that show that it might be possible it is overcome-able through other means. A prime questionable of how it is overcome example is ssh ebury (http://www.welivesecurity.com/2014/02/21/an-in-depth-analysi... ). SSH ebury seems to be unique in that it during regular execution of the program despite there being no noticeable changes to the user alas from running specific shell commands that are not normally run by regular users it looks not infected/safe.

As for companies installing older versions of software with known remote code execution vulnerabilities or other types of vulnerabilities that are very severe, I do not know of many services or open source software that checks against this! There are however many continuous integration services. Continuous integration services if not done from your company though has problems on verification as well.

A good monitoring practice would be to use homebrew(usually available for most operating systems) to monitor and track what is installed on a regular basis and have some form of whitelist.

Network Traffic analysis for companies is major headache as well. Traffic can be compromised in many different ways. Wikipedia covert channels is a good explanation of some of the complexity involved. There are many tricks for data ex-filtration that make it basically undetectable by normal means (they require some level of active-monitoring). Almost all anti-virus now include network Man-in-the-middle traffic monitoring to do their work.

Anti-virus companies generally have two methods of classifying software as good-ware vs. bad-ware. One is whitelisting and the other is blacklisting. Whitelisting is a selective list of good software. Blacklisting is a selective list of bad-ware. Both methods are generally debatable for which is better. Despite the fact that your anti-virus itself could be compromised usually having an anti-virus provides some level of security.

People despite all this realize that running a company without using pre-made opensource code is rather ridiculous as so much runs on the app stores or third party software sources(outside your company's control).

Security in many cases can be thought of as a castle with multiple walls or layers of defense, but your firewall as being your main wall of defense is a bad decision, because a wall is just what makes your castle stand up to some attacks, it doesn't actively patrol your inner walls for insider threats. Companies need active monitoring systems for access control logs espeically since many common interactions can seem malicious but are just part of people's daily jobs now.

A lot of security is moving to "anomaly detection" where anomalies are jolts of irregularities in the normal business day. Some things that are bad can be parts of normal activity, but done over a longer basis or with extended activity may be hazardous to businesses (a good example is Denial of service attakcs). While anomaly detection is a good trend with smart systems it also suffers from the same "packaging and extending attack surface" like everything else.

This is a short overview of how security works in general, though if you have any questions feel free to ask.

Also google has some famous operation research tools: https://github.com/google/or-tools .

I think operations research is a very broad topic. There is probably heavy overlap in managing large graphs of information as well.

On a side note, if your idea is a tech based startup idea you can save a whole lot of time/work/effort and money if you read up a bit on microservices, docker, coreos, devops, and selling Software as a Service(SaaS).

Wouldn't this require un-obfuscating the exploit page because the malware can be basically innoculous looking like an image file? I ask because I am just curious how the tool manages to do this so automated.

Also, props on starting this company. I have been thinking about starting some kind of cybersecurity startup or newer tech startup for a while but haven't produced much yet.

2)good

3)good

4)Somewhat make it up as you go, but basically you need to make sure some metrics work. Some people are more hype oriented for trading on hype like they will buy stocks that are being talked about more like when the CEO is on the tv talking etc. But every investor should check metrics to see if they make sense. A company has to have some really good prospects for it to be sporting a large future earnings number. Understanding and researching a bit about the company and other companies in that market segment which you can usually garner at the morningstar site.

5. Then invest in top 1 or 2 companies that are in a specific sector on a down day on the market. Make trades that you know will have some returns but will not risk you too much. Tech and biotech are very much growing, but the have risks associated with them. Buy brand names that you know are good. Look at monthly activity and price floors. There are price floors where some stocks will stay at a single price like facebook stood at 75 for a lot of this year or like good stood at 430 for a while before shooting up to 540 on some good news/earnings reports or qualcom which stalled at 70 because of it's china deal being stuck in process.

6.If you buy mutual funds use vanguard. All other ones cannot compete with their low expense ratios. For starting out buying stocks n etfs use fidelity or schwab (i'd recommend either of the two for starting out as an investor, because mutual funds can also fail as well it is good to know how to do regular investing).

7. You should consider the easier route by looking at past few months and past year. There doesn't need to be a particular event for a stock to be a good time to buy. You can also buy a stock based on it's just a time where it got beat up on some random news but is still a good stock. Another thing you should know is growth numbers are fidgety animals. Growth numbers don't make sense for many tech businesses or other types of fast growing businesses. One reason is if you have say 10 enterprise customers paying like a million dollars per year and then you get another 10 customers you suddenly are growing at 50% rate.

8. Diversification is a good start, but since you are starting out i'd choose at most 5-6 stocks, then as you grow change your holdings number for how much you want to risk. You can definitely put more into etfs or mutual funds when you have more money to play with. Mutual funds often have a required minimum to put in.

9. When you are starting out it may be helpful to cut your losses when you are losing a good 30%+ on a stock, unless you think that it will make a real turnaround. This is because generally a good break from the price target can be disasterous and you can always reinvest whatever you have left into something else.

Investopedia is great. You should also look at www.finviz.com . They outline good metrics for stocks in green and bad ones in red so you can learn a bit more to look at. There are other things you can realize from finviz like insiders buying the stock or not. If insiders are buying a stock they think it will go up. If insiders sell the stock they may (or may not) think the stock will fall.

People often "fall in love" with certain stocks but that is usually not too good of a thing. When too many people hold a stock that stock can fall from too high expectations.

Apple for instance everyone loves it because they make earnings all the time and beat them. The company has great returns, but it is very bid up. The stocks future earnings as a result are very highly projected, which makes the goal of reaching them harder every quarter. (same goes for some other companies like Tesla)

Most people should hold about 5-6 stocks that they can keep track of, but those 5-6 stocks should be well thought out bought on good opportunity timing with good metrics.

Calls and shorts are just for quick bucks. They can make you a lot of money with the right timing, or you could lose it all. It's important to read up and know what your doing before you decide to play with options.

I could have made a lot of money off of amazon when it went from 300 to like 360 or so in a day from the last quarter's earnings based on a call if I made it, but some bad news could have equally made the stock not reach as high as it did.

Instead what I did do was buy and sell the stock like 3 times or so before the earnings report making money each time, because amazon was hitting relatively noticeable support levels at around 300. I was also under the impression that they might make the earnings report but it may be on bad management or something which can result in stocks being devalued.

Amazon is a stock that has good potential revenue in many developing sectors, but it has not made net income greater than it's growing debt in 20 years that it has been on the market. It is a growing anomaly in the world of modern day trading but is an amazingly futuristic company.

Hedging is also something you only really do if you are heavily invested. Like buying a put on the S&P 500 if you have a large portfolio(large as in good % of your money) but you are worried about a stock market crash.

For real returns it may not always be best to play it by all the metrics. It is important to note that the market itself fluctuates a lot on sentiment and sometimes a good valued holding can turn sour fast even with good metrics but bad timing.

Some companies will over invest in dividends which in turn means they are not investing in growth as much as they could be for instance.

Some companies will try to grow revenues but by focusing too much on the quick buck of short term and will not be as good for longer term with steep competition.

It is also important to note that the market reports of portfolio manager purchases like berkshire hathways tend to report just the stock name and not the amount they hold of that stock. As well as the fact that you do not see how long that portfolio manager generally holds the stock without constantly crawling that site daily. The portfolios holdings are only updated at the end of the day. So you can see recent purchases but you cannot see when they sell them until the day after.