Leroy_Brown242 - Slashdot User

Comment Re:The more C++ evolves... (Score 3, Funny) 435

by grub on Wednesday April 30, 2014 @11:55AM (#46879967) Attached to: C++ and the STL 12 Years Later: What Do You Think Now?

C++ is to C as Lung Cancer is to Lung.

Comment Safety Deposit Box (Score 1) 245

by grub on Wednesday April 30, 2014 @08:09AM (#46877169) Attached to: Ask Slashdot: How To Back Up Physical Data?

Some banks, like my own (TD Canada Trust), offer one for free if you keep a minimum balance in an account. That is where all our original documents go.

Comment Re:Safety Deposit Box (Score 1) 702

by grub on Wednesday April 30, 2014 @07:56AM (#46877089) Attached to: Ask Slashdot: What Tech Products Were Built To Last?

WTF? I was replying to a story about physical data backups...

Comment Safety Deposit Box (Score 1) 702

by grub on Wednesday April 30, 2014 @07:55AM (#46877077) Attached to: Ask Slashdot: What Tech Products Were Built To Last?

Some banks, like my own (TD Canada Trust), offer one for free if you keep a minimum balance in an account. That is where all our original documents go.

Comment Re:Slashdotted phone number? (Score 2) 83

by grub on Saturday April 26, 2014 @08:10AM (#46847263) Attached to: Man Builds DIY Cellphone Using Raspberry Pi

I think he's mixing his Arabic and Roman numerals. 3500 readers is about right for 2014.

Comment Re:Ted Unangst's article (Score 1) 304

by grub on Tuesday April 15, 2014 @01:00PM (#46758295) Attached to: OpenBSD Team Cleaning Up OpenSSL

heh and I see it was linked to in TFA. Sorry.

Comment Ted Unangst's article (Score 4, Informative) 304

by grub on Tuesday April 15, 2014 @12:45PM (#46758065) Attached to: OpenBSD Team Cleaning Up OpenSSL

Ted Unangst wrote a good article called "analysis of openssl freelist reuse"

His analysis:

This bug would have been utterly trivial to detect when introduced had the OpenSSL developers bothered testing with a normal malloc (not even a security focused malloc, just one that frees memory every now and again). Instead, it lay dormant for years until I went looking for a way to disable their Heartbleed accelerating custom allocator.

it's a very good read.

Comment Re:Drop Dropbox (Score 1) 448

by grub on Sunday April 13, 2014 @11:55PM (#46744231) Attached to: Commenters To Dropbox CEO: Houston, We Have a Problem

Dedupes client side.

Comment Re:Drop Dropbox (Score 2) 448

by grub on Saturday April 12, 2014 @10:18AM (#46733241) Attached to: Commenters To Dropbox CEO: Houston, We Have a Problem

I have my own domains and do this with tunnelled rsync to a NAS4Free box, though for long term storage I like SpiderOak (and TarSnap). SpiderOak keeps historical versions and dedupes the data.

Comment Drop Dropbox (Score 1) 448

by grub on Saturday April 12, 2014 @08:56AM (#46732879) Attached to: Commenters To Dropbox CEO: Houston, We Have a Problem

Try SpiderOak. Free 2 GB, zero-knowledge, secure. Works on a load of OSs and devices.

I'm a completely satisfied customer.

Comment Fork it. (Score 4, Funny) 149

by grub on Friday April 11, 2014 @05:53PM (#46729711) Attached to: NSA Allegedly Exploited Heartbleed

Theo de Raadt should fork OpenSSL. He could call it OpenOpenSSL.

.

Submission + - NSA said to have used Heartbleed bug for years (bloomberg.com)

Submitted by grub on Friday April 11, 2014 @05:11PM

grub writes: The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

Comment So... (Score 1) 53

by grub on Friday April 11, 2014 @04:12PM (#46728883) Attached to: Chinese Man On Trial For Spreading False Rumors Online

... it's kind of like a Chinese Snopes, except you go to jail rather than being unfriended.

Comment Re:Whatever you may think ... (Score 5, Informative) 447

by grub on Thursday April 10, 2014 @10:58PM (#46721719) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

From the proof-of-concept page I mentioned above.

Conclusion It is quite obvious in light of the recent revelations from Snowden that this weakness was introduced by purpose by the NSA. It is very elegant and leaks its complete internal state in only 32 bytes of output, which is very impressive knowing it takes 32 bytes of input as a seed.

Here is the Github repo for the PoC code.

This PRNG is not the NSA making a crypto system stronger ala DES, it's a backdoor.

Comment Re:Whatever you may think ... (Score 3, Interesting) 447

by grub on Thursday April 10, 2014 @09:32PM (#46721227) Attached to: Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

[sorry, link screwed up in my reply, should have checked more closely.]

There is also a nice proof-of-concept backdoor with a link to the github repo.

Slashdot Top Deals