If left to market forces, and not state planners, the markets would not build nuclear power plants. Nuclear power is Hooked on Subsidies. Notice how that is a CATO Institute reprint of a "Forbes" article first published on November 26, 2007. And in case you don't know what CATO is, from their about page "The Cato Institute is a public policy research organization — a think tank – dedicated to the principles of individual liberty, limited government, free markets and peace. Its scholars and analysts conduct independent, nonpartisan research on a wide range of policy issues."

FalconWolf

Except that the argument wasn't really "potentially vulnerable to attack" is not the same as "compromised" (though it is certainly easy to see how one could come to that conclusion by ignoring the context---and maybe I am misinterpreting the parent, as well), the argument was that all (but only) SSL sessions using the newer versions of OpenSSL were/are vulnerable (i.e. compromised), and that by virtue of not every server in the world automatically being updated to these newer versions, the statement "every SSL session is compromised" was hyperbole.

One should also note that while the dictionary definition of "compromised" is essentially identical to "vulnerable," there are nuances of meaning in the way in which the two words are used. I would suspect that most people would regard something being "compromised" as more severe than something being "vulnerable." In fact, your example of science fiction seems to make my argument for me. You aren't really disagreeing with the parent, only nitpicking semantics (unless you really do believe that "every SSL session has been compromised," in which case there is a bigger problem with SSL than Heartbleed). If you are going to argue the point (viz: "compromised" and "vulnerable" are synonyms without distinction), why don't you explain what it means to "decimate" something, and how too many people seem to use the word incorrectly.

I oppose taxpayers paying for nuclear power. Actually I advocate eliminating all subsidies. And don't think energy companies aren't subsidized. Allocation of subsidies in the United States lists some subsidies different energy producers received between 1950 and 2010. Nuclear power received $73 billion in federal subsidies. "BusinessWeek" has the article When It Comes to Government Subsidies, Dirty Energy Still Cleans Up date 21 October 2012..

I also support the NRA and their stance on gun controls. The only effective gun control is when the shooter hits what they aim at. And if they hit someone they should pay for it. I find it ironic the first "environmentalists", those who cared for the environment, were conservationists and hunters. Now how can hunters be environmentalists? They kill wildlife. Guess what, they also want the environment that that wildlife lives in to be clean and not polluted. Teddy Roosevelt was an avid hunter who as president created the National Park Service. He wanted to preserve wild lands for hunting among other reasons. Many hunters supported this too.

FalconWolf

France has not done well with nuclear power. Sure they get most of their electricity from nuclear power plants, however despite their lead in reprocessing France still has trouble with storage. While reprocessing allows spent fuel to be reused and shortens it's half-life doing so creates toxins and hotter fuel.

As far as building nuclear power plants go state planners on free market determines what gets built. CATO, that is the institute "dedicated to the principles of individual liberty, limited government, free markets and peace" printed the article "Hooked on Subsidies that was first published in the November 26, 2007 issue of "Forbes". The opening statements is "Why conservatives should join the left’s campaign against nuclear power." Further down it says:
"How do France (and India, China and Russia) build cost-effective nuclear power plants? They don’t. Governmental officials in those countries, not private investors, decide what is built. Nuclear power appeals to state planners, not market actors."

Now if private businesses want to build nuclear power plants they should get, and pay for, their own insurance. They would also have to finance the construction, not government. I might even invest in such a company that uses thorium as it's fuel. Provided the finances come out good.

FalconWolf

heh and I see it was linked to in TFA. Sorry.

Ted Unangst wrote a good article called "analysis of openssl freelist reuse"

His analysis:

This bug would have been utterly trivial to detect when introduced had the OpenSSL developers bothered testing with a normal malloc (not even a security focused malloc, just one that frees memory every now and again). Instead, it lay dormant for years until I went looking for a way to disable their Heartbleed accelerating custom allocator.

it's a very good read.

The CDC recommended vaccination schedule is easy to find, and contains a "Common Core" of vaccinations (your list, plus a couple more---this is not much, much longer than your list). Of those on the list, the only one that is not obviously part of building herd immunity is the Tetanus vaccine, though given how nasty Tetanus can be to an individual and how effective the vaccine is, it seems like an obvious choice to me.

Dedupes client side.

I have my own domains and do this with tunnelled rsync to a NAS4Free box, though for long term storage I like SpiderOak (and TarSnap). SpiderOak keeps historical versions and dedupes the data.

Try SpiderOak. Free 2 GB, zero-knowledge, secure. Works on a load of OSs and devices.

I'm a completely satisfied customer.

Theo de Raadt should fork OpenSSL. He could call it OpenOpenSSL.

.

... it's kind of like a Chinese Snopes, except you go to jail rather than being unfriended.

From the proof-of-concept page I mentioned above.

Conclusion

It is quite obvious in light of the recent revelations from Snowden that this weakness was introduced by purpose by the NSA. It is very elegant and leaks its complete internal state in only 32 bytes of output, which is very impressive knowing it takes 32 bytes of input as a seed.

Here is the Github repo for the PoC code.

This PRNG is not the NSA making a crypto system stronger ala DES, it's a backdoor.

[sorry, link screwed up in my reply, should have checked more closely.]

There is also a nice proof-of-concept backdoor with a link to the github repo.