Maybe you should checksum doctor

How much sum would a checksum check if a checksum could check sum?

Around 27 hours at new customer location.

They had a server failure due to incompetence.

They had fired their own IT guy and called us 6 months later because the server stopped responding.

First diagnostic. 2 drives are dead in a raid 5 with one hot spare. Raid controller then proved to be broken once the disks was replaced.

Waiting for new raid controller and installing.

Backup non existing, no one changed dat tape during the 6 months without IT. The tape was just a transparent plastic band, no media left.

Raid config is stored in static ram on controller, no backup!

Several hours in tech support to find out how to rebuild raid config from existing disks.

Proves to be impossible to rebuild raid set due to some checksum failures.

More hours with support to enable some diagnostic read only mode to mirror low level content to external drive.

Then many more hours to copy parts of the tree until it gets an error, restart after that and go on.

In the end we got around 70% back.

During this time I manage to be in contact with the raid manufacturers all support centers, one in europe, one in the us and one in Taiwan, switching each time one if them closed for the night.

The customer later declined a steady support contract due to us being to expensive ;)

Some just don’t want to learn.

Just wrote a (PHP based) proxy which can cache resources being requested and serve them to clients.

The idea is that (I'm going to write a firefox add-on for it too, yes) you can install the add-on and any resource (js/CSS, general web resources which would be downloaded off of googleapi's etc) hosted with Google would be proxied through the server running the proxy, meaning that one wouldn't have to connect to the mass surveillance networks directly anymore as for static resources.

I think checksum verify stuff would still work as the proxy is literally a proxy, the content will be identical to the 'real' resource. (Not sure about this one, enlighten me if this isn't true)

Input appreciated!

Database with hashed content looks crazy ;D

My Sunday Morning until afternoon. FML. So I was experiencing nightly reboots of my home server for three days now. Always at 3:12am strange thing. Sunday morning (10am ca) I thought I'd investigate because the reboots affected my backups as well. All the logs and the security mails said was that some processes received signal 11. Strange. Checked the periodics tasks and executed every task manually. Nothing special. Strange. Checked smart status for all disks. Two disks where having CRC errors. Not many but a couple. Oh well. Changing sata cables again 🙄. But those CRC errors cannot be the reason for the reboots at precisely the same time each night. I noticed that all my zpools got scrubbed except my root-pool which hasn't been scrubbed since the error first occured. Well, let's do it by hand: zpool scrub zroot....Freeze. dafuq. Walked over to the server and resetted. Waited 10 minutes. System not up yet. Fuuu...that was when I first guessed that Sunday won't be that sunny after all. Connected monitor. Reset. Black screen?!?! Disconnected all disks aso. Reset. Black screen. Oh c'moooon! CMOS reset. Black screen. Sigh. CMOS reset with a 5 minute battery removal. And new sata cable just in cable. Yes, boots again. Mood lightened... Now the system segfaults when importing zroot. Good damnit. Pulled out the FreeBSD bootstick. zpool import -R /tmp zroot...segfault. reboot. Read-only zroot import. Manually triggering checksum test with the zdb command. "Invalid blckptr type". Deep breath now. Destroyed pool, recreated it. Zfs send/recv from backup. Some more config. Reboot. Boots yeah ... Doesn't find files??? Reboot. Other error? Undefined symbols???? Now I need another coffee. Maybe I did something wrong during recovery? Not very likely but let's do it again...recover-recover. different but same horrible errors. What in the name...? Pulled out a really old disk. Put it in, boots fine. So it must be the disks. Walked around the house and searched for some new disks for a new 2 disk zfs root mirror to replace the obviously broken disks. Found some new ones even. Recovery boot, minimal FreeBSD Install for bootloader aso. Deleted and recreated zroot, zfs send/recv from backup. Set bootfs attribute, reboot........
It works again. Fuckit, now it is 6pm, I still haven't showered. Put both disks through extensive tests and checked every single block. These disks aren't faulty. But for some reason they froze my system in a way so that I had to reset my BIOS and they had really low level data errors....? I Wonder if those disks have a firmware problem? So that was most of my Sunday. Nice, isn't it? But hey: calm sea won't make a good sailor, right?

The reason why I don't trust php:
var_dump(0 == "0deadbeef1");
var_dump(7 == "7deadlysins");
(both return true)

my fist job... i get to edit a c++ code written by a (mind you) programming company that they teamed with for the past(mind you again) 3 years ...
now just for starters, this code was edited by self taught coders that are really good engineers(they are really good), that didnt really know how the code worked before yet they still changed it, and it worked, how ever they wanted some changes.
i get the project files, and there is not one single comment describing what is happening... only code commented out... and no documentation what so ever were done....
so below are some of my comments that i wrote after i finished adding what i had to add, and fixing what i had to fix:

/*first rule of C anything coding, no actual functions in the header, well let me introduce you to a fully functioning thread running program all in the header, enjoy*/

//used to control the thread
// i honestly dont know why, but it worked soooooo yea...

// TG uncommented // for absolutely no reason what so ever...

//used to communicate with the port

//the message to be sent to the inverter, which has a code that will handle it
//hmmmmmm...

//again not usefull since we are using radioButtons
// same ...
// same ...
// same ...
// they said they dont even use this mode, but none the less, same ...
// calculate the checksum for the message
// ....
// one of the things that work, and god forbids i touch
// used for the status displayed on screen
// used for the (censored :P) status in the message
// used for the (censored :P) status in the message
// not used at all, but the message structure contains it and i refuse to edit that abomination
// used for the (censored :P) status in the message
// used for the (censored :P) status in the message
// just dont ask and roll with it, i didnt want to touch this
// saaaaame ...
// if before true this saaaaaame ...
// value of the (censored :P)
// it pains me to say it again, but this is no use
// (censored :P) input
// (censored :P) input
// only place seen , like for real it was just defined,sooooo yea :D
// well you know how it is
// message string
// check sum string
/****below from feed back****/
// (censored :P) coming in
// (censored :P) coming in
// (censored :P) coming in
// (censored :P)
/****below is the output to the receiver ****/
//(censored :P)
// (censored :P)
// (censored :P)
// (censored :P)
//you thought we were done.... nope, no idea. it comes in the feedback
// not used, literally commented out the one time it was used
// same ...
// XD, man this is a blast, same ...
// nope ...
// used to store the port chosen for the communication
// is a static for the number of data we have recorded so far, and as a row indicator for the recording method
// used to indicate the page we are on in the excel file, as well as the point in physical point in the test
// same ... oh look at this a positive same :D
// same ...
// same ...

Trainee accidentally said md5 is an encryption... Gave him the "functional specification of OpenPGP on ISO Smartcards". He learns OpenPGP now, before he reads that I hope.

Avoided IoT(IoS - InternetOfShit) for a long time now, due to the security concerns with retail products.
Now I looked into 433 Transceiver + Arduino solutions.. to build something myself, just for the lolz.

Theory:
Smallest Arduino I found has 32 KByte of programmable memory, a tiny tiny crypto library could take around 4 KBytes...

Set a symetric crypto key for each homebrewn device / sensor / etc, send the info and commands (with time of day as salt for example) encrypted between Server <-> IoT gadget, ciphertext would have checksum appended, magic and ciphertext length prepended.

Result:
Be safe from possible drive-by attacks, still have a somewhat reliable communication?!
Ofc passionate hackers would be still able to crack it, no doubt.

Question: Am I thinking too simple? Am I describing just the standard here?

So after 5 days of trying to figure out why the fuck nemID (danish online id) is a piece of shit and doesn't want to show the pdfs I'm sending, so that they can be fucking signed, I've finally found a way to produce pdfs that it doesn't choke the fuck out on.
Just fucking open the fucking pdf in fucking Acrobat and fucking print it to a fucking pdf using fucking Microdick print to pdf... TWICE! WTAF?
So guess what I'll be creating an API for today...

Also fucking give me a proper error code when your shit doesn't work! Why the fuck are you sending me an error code stating that the checksum doesn't match, when 1) I didn't fucking send you one in the first place and 2) it doesn't work because you fucks didn't implement the entire fucking pdf spec! So when my fucking pdf contains some fucking pdf-element that you decided was to hard to implement a web view for, tell me that!

I programmed a "crypographic" tool in python as my first application. It calculated the checksum of the entered password and preformed this cesa-shift-crappy-crypto thing. It was named crypto_mario and as I wasn't able to implement the decryption in the same application, I wrote a second one for that task, called crypto_wario

I am thinking of how I can make data upload reliable. I am sure that I am making it more complex as it could be and I need some pointer.

My goal is to have a pause/resume feature in file uploading.

Here is how it would work.

In order to start uploading , you give the server

1) File Name
2) Folder path you want to upload it to
3) Checksum of the file

Here the server will check whether you can upload it to a folder, whether the file have been previously uploaded (by file name and checksum)

If you could actually upload to the folder , server will return "unique file token" , "folder path" , "unique byte token". Let call it init_upload().

The client will use "unique file token" (to identify the file) , folder path (to know where to upload it to) , "unique byte token" and byte[] (data which to actually upload). Let call this operation data_upload().

If the operation is actually complete , server will return new "unique byte token"

Internally it will actually work like this.Let say we want to upload "file.mp3", when the client call init_upload() it will create

file.mp3 and unique_byte_token.file.mp3.

When the client upload data first time , it will append data to unique_byte_token.file.mp3.

When the client upload data second time , it will check whether the "byte token" that client put is the same as previous "unique_byte_token". If it is same ,
1) we move the data from unique_byte_token.file.mp3 to file.mp3
2) Delete unique_byte_token.file.mp3
3) Create new unique_byte_token.file.mp3
4) Append data to unique_byte_token.file.mp3

The reason I am using "byte token" is because I want to check whether previous upload is actually success.

Let say we need to call 50 part of data_upload() will put 49 part to file.mp3 and 1 part to byte_token.file.mp3.

Finally the client need to call data_upload_complete() which will

1) Put reminding 1 part to file.mp3
2) Remove byte_token.file.mp3 as cleanup

Trying to decipher why a checksum fails and messing around at bit level on control systems.

Is there a standard around checking the checksum of a bundled weapp to make sure it's the same as what the open source codebase would compile to?

I'm working on some opensource blockchain interface software and obviously blockchain passwords are pretty important, so we do all transaction signing client side and password storage client side, but there's no point doing that if the user can't verify that the password isn't being sent off to some server in secret, but the only way to ensure that is with open source software + a checksum check upon loading, because opensource software doesn't mean the deployed version is the exact opensource branch version.

Any ideas?