search for: weaken

Has anyone done any experiments with regards to type strengthening or weakening in the context of LLVM? For example, the GWT compiler does type strengthening - that is, if you are calling a method on an interface or abstract type, and the compiler determines through live variable analysis what the concrete type is, then it goes ahead and re-writes the type information t...

...oes ahead and re-writes the type information to be the stronger > type. The advantage is that it may then be able to do additional > optimizations, such as inlining the method or avoiding indirect dispatch. > > Conversely, Java's "type erasure" is an extreme case of type weakening - > that is, if you have a bunch of functions which operate on similar types > (which might be produced through something like C++ template > instantiation), you can throw away all of the information about those > types that aren't relevant to those functions, and you may fin...

Hello, On Sat, Dec 30, 2017 at 12:16 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net > wrote: > On Thu 2017-12-28 21:31:28 -0800, Dan Mahoney (Gushi) wrote: > > > > Perhaps if you're dead-set on this being so dangerous, > > It's not the developers who are dead-set on weak-keyed RSA being > insecure, it's the cryptanalysts who have shown that to be the

...t and environment= options in ~/.ssh/authorized_keys are processed by sshd(8). The default is ?no?. Enabling environment pro?cessing may enable users to bypass access restrictions in some configurations using mechanisms such as LD_PRELOAD. What that sounds to me like is that enabling that option weakens the security in general. But after some googling I came across this discussion: http://serverfault.com/questions/527638/security-risks-of-permituserenvironment-in-ssh According to the answer, PermitUserEnvironment only weakens security for restricted accounts, such as scp-only, etc., but has no...

> On 5 Aug 2016, at 18:09, James Murphy <james.murphy.debian at gmail.com> wrote: > > The more mainstream thing to do is just use gpg, which has this > functionality already built in. Is this not suitable for your use case? The advantage of Colin's approach is that gpg requires out of band exchange of gpg keys separately from ssh keys. If you already have ssh keys

...ient on the command line on the SME.CentOS server, queries work fine, but not remotely. I am using Windows Vista as a client workstation, Programmer Studio (Whisper Technology) that requires a generic telnet server, and the freeware version of Toad to connect to the MySQL server. Any help to weaken the security on SME to allow remote telnet and MySQL connections will be very much appreciated! -- Michael Anderson, J3k Solutions Sr.Systems Programmer/Analyst 832.515.3868

...ld really assume that snans always trap. > > If they think it is fine to assume trapping, then you can fold any floating point operation with an "undef" operand to "undef". > > If they think it is no good, then the existing folds that use this need to be removed or weakened, though maybe another argument can be found to justify them. LLVM is used to target many platforms for which sNaNs do not trap, and indeed many platforms that do not have floating point exceptions at all. —Owen -------------- next part -------------- An HTML attachment was scrubbed... URL: <...

.... > > Currently TLI is only available in LLC. I suggest that we merge LLC and OPT > into a single tool that will drive both IR-level passes and the codegen. > *shrug* I really don't think this is necessary either. There's really no need for merging the two tools (and IMO would weaken the separation here). Why not just have TargetData/TargetLoweringInfo in opt? > I agree that it is not necessary for many optimizations. However, this is > absolutely needed for lower-level transformations such as strength > reduction. So, I plan to keep the current behavior that OPT ha...

...of security is making the user conscious of weaknesses and motivating them to make change. Experience: I have some hardware, on an internal network - that only supports 40-bit ssl. I am forced to continue to use FF v17 because that was the last browser to provide SSL40-bit support. My security is weakened because I cannot update that browser, and I continue to lose plugins because they do not support FF17 anymore. All other browsers stopped support earlier as well. So, complete removal, with no alternative means I cannot update to newer - safer - technology. But security is three pronged: Confide...

...t sub-struct to use for > interpreting the next index in the event of heterogeneity. Without > this, we can't do anything, and so we definitionally preclude the > transform. > > > While clearly we can make this transform safely for homogenous > structs, doing so seriously weakens the IR's guarantees. I'd not > like to see us go that direction. To what guarantees are you referring? Thanks again, Hal > > > Instead, if this transformation is indeed important (and it sounds > like it is), I have a somewhat crazier idea: fold homogeneous struct >...

...a little, and I found some good info here. > They, too, kind of recommend openvpn. > http://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/ > This is not good information. In brief: "There are some concerns that the NSA could have weakened the standard, but no one knows for sure." Pure FUD. There is no reason to believe this as related to IPSec that does not apply to other protocols as well. There is, therefore, no reason to write that other than bias. "Either way, this is a slower solution than OpenVPN. ... It?s a...

...ly to check times since each URL takes around a second to check. There are around 70,000 URLs on CRAN that are checked currently, of which around 12,000 have a github.com domain (by far the most common domain, the next most common being doi.org with < 3000). I propose the QC process be slightly weakened to skip checks of URLs that point to a pull request or issue of a repository, provided the repository URL itself has been checked. This patch would skip around 5000 URLs. I claim that this would not actually weaken the quality control process in practice. While this patch would skip invalid URLs...

...ons enabled at any given time. These operations are enabled and disabled depending on the task at hand. What I am wondering is why it was chosen to implement privilege separation in this fashion, particularly the security implications of this design. Also, I would like to know if security would be weakened by allowing a slightly larger subset of operations (namely, PWNAM) to be executed at any time. Thank you in advance for your help, and please respond to my email address (eanderle at umich.edu) and CC all addresses CC'd here. Eric

Hi there, As I'm sure you are aware, there are suspicions (as usual) against the NSA potentially weakening crypto around the globe. This time it is about a cipher that is/will be used in the new tinc protocol: ECDSA According to https://github.com/gsliepen/tinc/blob/1.1/src/openssl/ecdsagen.c you use the secp521r1 curve, which is derived (according to http://www.secg.org/collateral/sec2_final.pdf -...

...function pass As a consequence of this, we will actually fix the long-standing issue of LoopSimplify vs. ScalarEvolution, and cut the number of runs of LoopSimplify and LCSSA by half (!!!) so I think this is worth doing. I have a patch that does #1 already, but wanted to check that you're OK weakening the verification. Otherwise, I have to do 1, 2, 3, and 5 in a single commit, or teach the LoopVectorizer and LSR to preserve LoopSimplify... Yuck. -Chandler -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/2...

Hi everyone! In my new CentOS 4.0 (final ;-) I installed apache and activates SELinux, When I tried to enter a page of some user (localhost/~user) said to me that she did not have permissions to see it, and this was incorrect, because the permissions was 755 (/home/user/html). After awhile it was happened to me to deactivate selinux and I reinitiated the machine and I work! Somebody knows why

On 2017-05-24, Duncan Murdoch wrote: [...] > Okay, how about if we weaken the test? [...] > try > > stopifnot(path.expand(paste0("~/", filename)) == > paste0(path.expand("~/"), filename)) > Nope: > ## path.expand shouldn't translate to local encoding PR#17120 > filename <- "\U9b3c.R" &...

Hello, I've just installed dovecot to replace courier-imap and I've found out it didn't support some of the typical LDAP userPassword schemes, so I've written some based on OpenSSL API. Furthermore I noticed that the MD5 one seems broken. If it isn't a requirement to ship its own implementation of a crypto algorithm, I would send in a patch to replace schema checks with

...les it will create. > grep ssh /var/log/audit/audit.log| audit2allow -M ssh > # Creates the modules > > semodule -I ssh.pp > > sshd is the server; ssh is the client. > > <cleveland>No no no no nooooo </Cleveland> Blindly running audit2allow and creating modules weakens your security not enhances it. If you have not messed up your labeling then SSH will have no problem reading keys - SSH keys are fully supported under the policy shipped with CentOS. If you are mounting your home elsewhere do: semanage fcontext -a -e /home /mynewspecialhome restorecon -Rv /my...

...I vaguely remember that config is read only in some arch or transport > and that's why we introduce another vq cmd to confirm the announcement. > Probably we should do same for this? If so, we need to add one more feature bit to confirm the ability of the driver to report MTU, or we can weaken the requirement in conformance statement and write "the driver may report the MTU". What do you say? -- Victor