Snowfox - Slashdot User

Comment Re:This happened to my wife (Score 1) 632

by rtaylor on Monday April 14, 2014 @11:51PM (#46753367) Attached to: IRS Can Now Seize Your Tax Refund To Pay a Relative's Debt

I assume the dues are tied to the estate of the person.

They're reclaiming it from the inheritance which should not have been passed down.

Comment Re:Drop Dropbox (Score 1) 448

by grub on Sunday April 13, 2014 @11:55PM (#46744231) Attached to: Commenters To Dropbox CEO: Houston, We Have a Problem

Dedupes client side.

Comment Re:Your phone should belong to the collective (Score 1) 184

by Drishmung on Sunday April 13, 2014 @01:52AM (#46738303) Attached to: The Case For a Safer Smartphone

You're with the NSA, right?

Comment Re:The Perfect Phone Feature For Safety (Score 1) 184

by Drishmung on Sunday April 13, 2014 @01:49AM (#46738293) Attached to: The Case For a Safer Smartphone

Have a small amount of C-4 explosive in the phone. If the phone is switched on when the velocity is greater than 30 mph *BOOM*.

The TSA will just love that.

And instead of airbags, we should also have daggers sticking out of our steering wheels, poised directly at our hearts. That way people will only be able to drive like assholes once.

Shame about that child stepping out in front of you.

Comment Re:Drop Dropbox (Score 2) 448

by grub on Saturday April 12, 2014 @10:18AM (#46733241) Attached to: Commenters To Dropbox CEO: Houston, We Have a Problem

I have my own domains and do this with tunnelled rsync to a NAS4Free box, though for long term storage I like SpiderOak (and TarSnap). SpiderOak keeps historical versions and dedupes the data.

Comment Drop Dropbox (Score 1) 448

by grub on Saturday April 12, 2014 @08:56AM (#46732879) Attached to: Commenters To Dropbox CEO: Houston, We Have a Problem

Try SpiderOak. Free 2 GB, zero-knowledge, secure. Works on a load of OSs and devices.

I'm a completely satisfied customer.

Comment Failure of risk analysis by more than OpenSSL devs (Score 4, Informative) 149

by Goonie on Saturday April 12, 2014 @04:15AM (#46732315) Attached to: NSA Allegedly Exploited Heartbleed

Just a minor correction - my piece does indeed suggest that the OpenSSL developers have some strange priorities. However, it lays the larger blame at the companies that used OpenSSL, when all the information necessary to suggest that this kind of thing could happen was already available, and the potential consequences for larger companies of a breach are easily enough to justify throwing a little money at the problem (which could have been used any number of ways to help prevent this).

Comment Re:It's time we own up to this one (Score 1) 149

by Bruce Perens on Friday April 11, 2014 @07:39PM (#46730395) Attached to: NSA Allegedly Exploited Heartbleed

I think we need to take a serious look at the "many eyes" theory because of this. Apparently, there were no eyes on the part of parties that did not wish to exploit the bug for close to two years. And wasn't there just a professional audit by Red Hat that caught another bug, but not this one?

Comment Re:It's time we own up to this one (Score 4, Interesting) 149

by Bruce Perens on Friday April 11, 2014 @06:07PM (#46729811) Attached to: NSA Allegedly Exploited Heartbleed

I have to say I'm even less confident in the plan to couple it to DNSSEC.

Comment Re:It's time we own up to this one (Score 2) 149

by Bruce Perens on Friday April 11, 2014 @06:03PM (#46729781) Attached to: NSA Allegedly Exploited Heartbleed

Sure. We're better. But we need to be even better than that.

Comment Re:It's time we own up to this one (Score 3, Informative) 149

by Bruce Perens on Friday April 11, 2014 @06:02PM (#46729769) Attached to: NSA Allegedly Exploited Heartbleed

I'd say more than just the "community". We have a great many companies that incorporate this software and generate billions from the sales of applications or services incorporating it, without returning anything to its maintenance.I think it's a sensible thing to ask Intuit, for example: "What did you pay to help maintain OpenSSL?". And then go down the list of companies.

Comment Fork it. (Score 4, Funny) 149

by grub on Friday April 11, 2014 @05:53PM (#46729711) Attached to: NSA Allegedly Exploited Heartbleed

Theo de Raadt should fork OpenSSL. He could call it OpenOpenSSL.

.

Comment It's time we own up to this one (Score 4, Insightful) 149

by Bruce Perens on Friday April 11, 2014 @05:46PM (#46729661) Attached to: NSA Allegedly Exploited Heartbleed

OK guys. We've promoted Open Source for decades. We have to own up to our own problems.

This was a failure in the Open Source process. It is just as likely to happen to closed source software, and more likely to go unrevealed if it does, which is why we aren't already having our heads handed to us.

But we need to look at whether Open Source projects should be providing the world's security without any significant funding to do so.

Submission + - NSA said to have used Heartbleed bug for years (bloomberg.com)

Submitted by grub on Friday April 11, 2014 @05:11PM

grub writes: The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.

The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts.

Comment So... (Score 1) 53

by grub on Friday April 11, 2014 @04:12PM (#46728883) Attached to: Chinese Man On Trial For Spreading False Rumors Online

... it's kind of like a Chinese Snopes, except you go to jail rather than being unfriended.

Slashdot Top Deals