SSL/TLS Extended Validation implemented in fraudulent domains

People trust green bars, because it is proven to not to be of malicious origin.

This seems to be the questions of hundreds and many are concerned about it, picture that; a team of fraudsters(or at least one), promote their website to many people with the use of Facebook and Twitter advertising who can be easily set up in no time. (1).

The fraudulent websites created a site, looking real etc.. and as already said they have an EV certificate verified implemented. In what ways could such thing be successfully be done, how do certificate distributors verify who that who is(if it can be faked)? (2).

Can a hashing function be implemented insecurely?

After working on a an imaginary security related project, it was decided that the project is going to use the imaginary hashing function X.

There are various implementations of the hashing function available as packages, all varying in terms of adoption rates and popularity.

Given that any package returns correct hashes for a small amount (n=10) of test cases, are there any serious security implications that could occur? My understanding is that a hashing function should return a irreversible value, and given that any implementation does this correctly, they should all be equally working & therefore secure.


How is Sandboxing implemented?

What I would like to know is two fold: First off, what is sandboxing? Is it the trapping of OS system calls and then secondly deciding whether to allow it to pass through or not? How is it implemented to begin with? Would it be by way of hooks in the SSDT (kernel level)?

Running a git-based program (Bup) on Ubuntu WSL gives error “[Errno 38] Function not implemented”

My Ubuntu setup is running great and things to seem to be working well for other things I’m doing but with one particular program (Bup) which is a backup solution built on top of git.

Running this command gives the errors [Errno 38] Function not implemented

bup save -n InitialCommit /mnt/c/BackupTest 

From basic Googling it seems to be Python or git related and possibly related to multithreaded processing not being supported, but I’m not sure if that is what’s happening here.

What is the rationale behind the way modern elevator dispatch systems are implemented?

There have been many elevator upgrade projects with the aim of saving energy and time for the managers and occupants of buildings. I suspect this has to do with the increase in height and volume of people moving in and out of buildings, and one of the trends I have noticed is the system put in place for people to select the floor they want to go to before entering the elevator (so no up or down buttons any more) and being allocated a specific elevator number to enter.

Theoretically the system would be able to calculate the most efficient way to dispatch the elevators if it knows all the floors that people want to exit the elevator. Practically I suspect this depends on the degree which the path of the elevator (i.e. which floors it opens at) can be disrupted with additional requests as it traverses the floors.

I am curious as to whether there have been studies of elevator dispatch algorithms combined with human behaviour to optimize such systems, as I see the factors at play include:

  • The distance between the floor selection control and the elevator door
  • The number of floors in the building
  • The number of elevators in the building
  • The distribution of the occupants in the building that have a need to go to other floors (other than the shared floors like Ground and car park)
  • The amount of disruption allowed to the path of the elevator

So to me this seems like a very complex problem to which a single solution seems to have been proposed that will apparently cater for all these different types of scenarios.

How does the system take into account that this is not the usual behaviour for people used to pressing the call button and selection the floor once they are inside the lift? Are there specific design strategies that makes it more ‘user-friendly’?

Additionally, is there also a higher cost for people who change their mind or get off at the wrong floor and have to try and get back to the correct floor?

But I guess most importantly, as with most designs, people also adjust their behaviour when they are exposed to a new system, so that they end up not necessarily using it the way it is intended.

UPDATE: I tried to do a little bit more research, and apparently I should be looking at Destination Dispatch Systems. There are some companies that explain the systems in more details available:


Is a security association (SA) implemented in ESP and AH protocols?

I’m reading about security associations. I’ve understood that a SA is a virtual connection between a client and a sever, in which all the security parameters, such as encryption algorithm, IP origin and source HMAC algorithm… are defined.

My question is: Is SA implemented when using AH and ESP protocols, or only in ESP when confidentiality is required?

And there goes another question: How does the router know whether to use IPsec or not? By using the protocol field in the IP header?

Ubuntu 19.04 grub error: relocation 0x0 is not implemented yet

I boot my laptop today as usual and this error appeared:

relocation 0x0 is not implemented yet Aborted. press any key to exit 

Then it went into windows boot manager after pressing any key. I’m using Ubuntu 19.04 on Asus FX504GD, dual boot with Windows 10. I googled and found that this is a Grub error and seems to be related to rescue mode, but I found no solution. I couldn’t think of any thing that I have done recently to cause this error. A detailed instruction will be greatly appreciated for a newbie like me. Thank you.

How should a binary tree and it’s node class be implemented in Java?

This may seem trivial, but I wanted some input. In implementing a binary tree in Java, should the node class be a separate class file independent of the BinaryTreeclass, or should it be a default class in the same class file as the BinaryTree class?

First Example: Node is in separate class file

public class BinaryTree {     ... }

public class BinaryTreeNode {     ... } 

Second Example: Node class is default class in same class file

public class BinaryTree {     .... } class BinaryTreeNode {     ... } 

I almost never see the use case for putting more than one class inside of the same class file, but this might be the first time I see it being useful. Does this make sense, or would this be considered sloppy code?

Why do most exchanges still have not implemented segwit bc1 addresses to save block space?

Segwit bech32 bc1 addresses has been out for a good 2 years. Why do most exchanges still refuse to implement such a feature for its users? Exchanges create a bulk of the bitcoin transactions and also can promote the use of segwit bc1 addresses. What are some technical pitfalls to why big exchanges have not implemented this feature?