In that case that's second pre-image resistance though, not collision resistance. TTBOMK that's still not possible with MD5 (though it will probably be in a few years).
Only if the attacker had no part in making the "safe" ISO image in the first place. You just cannot know. Using MD5 makes no sense whatsoever, if you don't need collision resistance, there are faster options, and if you do, it's obviously completely unsuitable.
The vast majority of your weblog postings describe https downloads, so it is mostly tangential to grandparent’s complaint and to the article. A .sh script may be a messier and less idiomatic file format than .pkg/.deb/.rpm/.msi, but a pkg from an unknown server is just as dangerous as a shell script from an unknown server.
My personal beef is with curling HTTP (no -s) URLs - getting an installation shell script over HTTPS is not unreasonable (unless instructed to provide a no-SSL-confirmation flag, such as -k for curl, in which case it is more or less the same thing).
By default, `curl https://blah.blah/` will only work if the TLS certs are proper & validated. This isn't about trusting the author (you'll be running their code anyway, one way or another) but the transport medium (HTTP!s).
If I had your show-and-shame tumblr, I'd only include http:// links.
I've been similarly frustrated with DAWs too. In the last few weeks I had a go at writing a DSL that shells out to SoX for audio manipulation. This way I don't have to manipulate audio samples myself.
It's way less polished than pydub but here it is if anyone is interested:
At first it was a pretext to play with free monads, a way of building EDSLs. But right now I'm not sure it's not just a complication. Though, having an intermediate representation before executing the SoX commands makes it possible to write an optimizer (for example, collapsing two audio shifts).
That's the difficult part about documenting CTFs and reverse engineering tasks. In the past I tried to do it afterwards but it's a bit clunky. Now I try to do it at the same time, like a journal, and it's getting better (still not as good as OP :))
This is the general idea behind category theory: it describes relations and not objects themselves.
That's quite a shift from set theory, where the core idea is that objects can be described with what's inside of them (and building the whole idea of relation as a set of tuples).
My background is in security & formal methods but I'm also open to working on cool products outside of these fields, especially if it involves open source work.
Additionnally from the GC, parametric polymorphism requires a uniform representation of values. For example, List.map does not make assumptions about the values in the list like their size.
