The crypto weenies over on metzdowd.com seem to think HTTPS is currently a badly broken security layer that gives users a false sense of security. There are a number of suggested fixes, however.

My own pet peeve is that we don't even protect our passwords properly. My ssh id_rsa password protection is a joke: literally a single round of MD5 by default. My TrueCrypt password is protected a bit better, but with custom ASICs, a thousand rounds or so of SHA-256 runs so fast it's not even a significant part of the password guessing latency. I got so POed over this issue ,that I've submitted my own password hashing entry in the Password Hashing Competition. Fortunately, there are guys way smarter than me working on this specific problem, and in a couple of years we should have a far better password protection solution. In the meantime, someone should do friendly forks of TrueCrypt and OpenSSL and incorporate Scrypt as the default password hash for user-land encryption (as opposed to servers that may have to run thousands of hashes per second).

The advice to use more encryption seems sounds, but most of us geeks here on slashdot don't even know how weak our own password security really is.

Heck, you're right and didn't even have to go into how f-ed up JavaScript is as a language... "dynamic scoping"... really??? That idea sucked in Lisp and I thought we got past it in the 60's after that cock-up. And now we're supposed to take this bastard child serisouly?

Even if they get the batteries working great, which I hope they do, we'll still most likely charge our cars over the grid. Maintaining huge arrays of solar panels is done more efficiently at a utility level than on our rooftops. In the end, solar may revolutionize the energy sector, but I suspect we'll still buy our power from our local utilities.

The crypto email list discussed this at length. People chimed in who remember when this happened. Here's my take away: EMC had just bought RSA, and was looking for profits, and many of the best and brightest at RSA had left. The NSA offered $10M to make their RNG the default in BSAFE, and no one at RSA could offer EMC management any compelling argument as to why they should not take the money. RSA issued a press release about it. There was no secrecy. Competitors thought it was foolish to take money from the NSA, and at the same time wondered how they could get onto this gravy train.

This is a case of typical incompetence. The response RSA published is slimy lawyer crapola. The lawyer sucks as bad as the incompetent EMC management. The good news is that there was no secret deal that RSA agreed to with the NSA to compromise all our security. The NSA did their job well. RSA didn't. I'll just point out that only crypto ignoramuses would accept closed-source un-auditable stuff from anyone when it comes to encryption, IMO. Money corrupts this industry.

I vote hero. This would make in interesting Slashdot poll. I was hoping Snowden's intentions were to help us decide for ourselves how to be governed, rather than just being PO-ed at his boss. This interview convinced me. Definitely hero.

Besides violating our constitutional right to privacy, our government is now in the routine buisiness of lying to us. They're passing secret laws that force companies to help them spy on us, with gag orders preventing these companies from complaining about it. They follow us through our phones, and ignore laws restricting their powers. At what point does the government work for us rather than the other way around? At least in China everyone knows they're being spied on. There's no secrecy about that fact.

I don't want another 9/11 attack to occur, and I'm willing to give up a little privacy to help. I do believe the NSA is primarily focused on protecting Americans. However, I want a vote on just how much privacy to give up.

Speaking of numbers, did anyone else here gag when reading in the post that incandescent bulbs are 10% efficient? Try 2% efficient at creating light we can read by... all that infrared they put out just keeps you warm. The poster must have gotten incandescent efficiencies mixed up with the latest and greatest bulbs - LED bulbs from Cree, which can do 11% efficiency. Still, most of that energy becomes heat. There's still room for a lot of improvement.

For guys my age (I turned 50 last week), the first Moon walk was a pivotal event. July of 1969... I was 6 years old, and my father was a squadron commander in the 318th Fighter Squadron flying F-102s, and I lived on Cherry Hill on the Air Force base in Anchorage Alaska. We all watched the first steps taken on the Moon, and as the son of an Air Force fighter pilot, there were high expectations for me. I remember when pilots where heros. Everyone expected even greater things from my generation.

We totally let them down, at least in terms of space exploration. I blame politics, and to some extent NASA (though mostly because of politics). I also have my hopes pinned on commercial efforts like SpaceX. We were on the Moon in 1969, while people in China were still starving. I'm glad China has revived some of the dream, and I hope they do well. In the meantime, our generation gave birth to personal computers and cell phones, so it's not a total loss, but there never was another OMG moment like the Moon walk.

This is the major problem with the Tor network. I ran a node for a while, but the traffic packet sizes and timing all indicated users watching videos rather than doing something useful like advocating for freedom of speech. I've had Tor users hack my web sites and troll on-line meetings for blind people. As far as I can tell, most Tor users seem to be serious ass holes. So, I stopped running my node.

I have a less secure idea for how to do this that would encourage good behavior, but there's little interest on the Tor forum or Freedombox forum. Basically, instead of trying to hide what you do, only hide who you are. If you engage in behavior acceptable to a significant number of your peers, then they could help sponsor your anonymity. If you think on-line gambling should be allowed, you could sponsor some Americans who aren't allowed. If you think China should let their people speak freely without worrying about their Government locking them up, then you could sponsor Chinese political blogging. Normally, Tor "exit nodes" are run by people who believe strongly in freedom, but to protect themselves, they are careful not to look at any of the network traffic from their nodes. If they looked, and saw a child porn ring, they'd legally have to report it. In the modified network, node operators would be encouraged to monitor traffic, report anything illegal in their location to authorities, and report any activity outside a person's claimed need for anonymity to the network, lowering the number of exit nodes willing to carry their traffic. A web-of-trust network could be used to determine how much you should trust someone requesting an exit node.

This scheme would work very well with electronic money, using the original Ripple protocol. I doubt this would meet RMS's requirements, but I think it would be a fantastic step in the right direction. It's less secure because you're network traffic between sessions is associated with the same secret identity, allowing attackers to determine patterns of behavior far more easily. However, the people we all want to support are already doing this. There are famous political bloggers blogging from inside oppressive countries. If you want to use your right to free speech to make a difference, you have to attract a following, and that means having a public identity that people can follow. The only people this system would really hurt are those who wish to act out of the light of any public scrutiny at all.

As Thomas Jefferson said, when you do a thing, imagine the whole world is watching and act accordingly. I think all we need is a little more reality behind the whole world is watching part, and a little more anonymity. You wouldn't need everyone to support you to remain anonymous, but you couldn't PO the whole world either.

I am sure you just can't wait for the Windows 8.1 update! Just imagine how happy we'll all be! After all the outrage and frustration over Windows 8 losing it's "start" menu, Windows 8.1 is here to save the day! Now, that old start menu that used to do something useless... listing all of your applications so you could find them... has been replaced! Now it takes you directly to the Metro UI, where you can barf all over your keyboard! Happy day!

Nice story. PG&E in California used to only give you credit for the fuel they calculated they didn't burn due to your feeding power to the grid, even though that was maybe 1/3 of everyone's electric bill. Obviously, we need to change this sort of BS behavior at utilities. PG&E, IIRC, has paid a proper rate for customer's power generation for at least a couple decades now. However, there's nothing wrong with utility scale solar in many places. There are inefficiencies of scale that they can make use of while you can't. Right now, here in NC, there seem to be enough tax credits for farmers to plant solar panels instead of food, and we're getting 10 acre solar farms all over. A friend of mine is installing solar panels on the new building he's constructing. The world-wide implosion of government sponsored solar installations has enabled the free market to finally deliver solar modules in the $1/watt range, making solar cost effective in many many cases.

Still, wind and solar aren't the entire answer to our power needs. It rains a lot here in NC, and wind is highly variable. Nuclear is good for "base" load, which means they run all the time at near full power, solar is good for those hot summer days when we need air conditioning, and natural gas generators are good for making up the gaps.

I wish we were funding Thorium development. It's not going to magically appear and start producing cheap safe clean nuclear power. To get there will take a massive investment and many years, but there's real promise there. I prefer the "all of the above" approach to energy.

I completely agree. I didn't want to say anything like "I got the last laugh" in my story. I love my brother like a brother, so there's no laughing. However, I working in a job I thoroughly enjoy where I make very decent money, and my family is wonderful. I wish things had worked out as well for my awesome little brother, but everyone is who they are in the end. I'm a big geek, and better off for it.

I have to tell a story... yeah... I'm old. My little bother was hot. He couldn't help it, girls just couldn't leave him alone. Someone convinced him to do modeling as a career for a while, but after missing shoots to enter skateboard contests, his modeling career was over. Still, Hallmark's "Hunk" calendar ran him as Mr April two years running.

Anyway, while he was screwing every girl who ever wanted a hot guy, I got my engineering degree. I dated the president of the math club, and spent a night in jail for hacking phone systems. One night during summer break, my brother had something to say to me. He said, "I respect what you're doing." I knew he meant he respects what I'm doing even though any reasonable person would not. I couldn't argue with the guy living every hormone driven teenager's dream, but I thought it was funny. I was preparing to make the world a better place, but I suppose being a girl's dream date counts.

We are geeks. There's something wrong in our minds that makes us happy spending time typing on a keyboard rather than chasing women. When I change the world in concrete measurable ways, the feeling is euphoric, and programming is the way I help change the world.

I guess I'll point out the obvious flaw in dork-tard's assertion that business should do the research and the government should stay out of it. Businesses may indeed fund research into things like climate change and even do a better job, but they wont *share* their results. Businesses are not in the business of improving our country or the world. If they pay for research, they almost always keep the results as a trade secret just in case it might give them a slight competitive advantage. It's not evil, it's simply business.

Is this a good place to say, "Ha ha!... you spent $15 to illegally influence an election and lost! And now you have to pay $16M in fines!"

Honestly, it's this secret crap that scares me the most, whether it's the Koch brothers or the NSA. If they're going to screw us over, they'd better damn well do it in the light of day.

I think it's dumb every time I hear we need to lower big business taxes to foster innovation and create jobs. Tech companies produce tons of high paying jobs, make investors rich, and often don't pay a dime in taxes, instead investing in growth, creating even more jobs.

As a public company, producing profits sucks to some extent. You have to pay taxes, investors ask for dividends or stock buy-backs, and you lose control over investing in growth as investors become addicted to taking your profits instead of letting you grow. Just look at Dell, for example. There are good reasons to take a company private. Among them is to gain the ability to spend your profits on improving the company rather than having investors leech off you.