Dedupes client side.

I have my own domains and do this with tunnelled rsync to a NAS4Free box, though for long term storage I like SpiderOak (and TarSnap). SpiderOak keeps historical versions and dedupes the data.

Try SpiderOak. Free 2 GB, zero-knowledge, secure. Works on a load of OSs and devices.

I'm a completely satisfied customer.

Theo de Raadt should fork OpenSSL. He could call it OpenOpenSSL.

.

... it's kind of like a Chinese Snopes, except you go to jail rather than being unfriended.

From the proof-of-concept page I mentioned above.

Conclusion

It is quite obvious in light of the recent revelations from Snowden that this weakness was introduced by purpose by the NSA. It is very elegant and leaks its complete internal state in only 32 bytes of output, which is very impressive knowing it takes 32 bytes of input as a seed.

Here is the Github repo for the PoC code.

This PRNG is not the NSA making a crypto system stronger ala DES, it's a backdoor.

[sorry, link screwed up in my reply, should have checked more closely.]

There is also a nice proof-of-concept backdoor with a link to the github repo.

RSA has denied having knowledge of the backdoor, says NSA tricked them, and has never denied the $10M payout. Some of Snowden's leaks mention it.
Reuters has a summary

proof-of-concept backdoor with a link to the github repo.

None of that is a smoking gun, but there is enough smoke to tell me there is a fire.

Boy, if there's one thing that could ever kill Open Source it would be being held legally liable for a commit with a bug in it.

It burns me that RSA is not held liable for their $10M NSA backdoor in Dual_EC_DRBG PRNG. Customers should be flocking in droves but RSA gives enough swag at conferences that the suits don't care.

Your privacy sold off for $10M and some mouse pads.

PR: 2658

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Reviewed by: steve

Support for TLS/DTLS heartbeats.

Have a look for yourself. The reviewer "steve" is Stephen Henson.

and all running on top of TCP

Not necessarily. OpenVPN is an SSL VPN which defaults to UDP/1194.

I think if James Clapper or Keith Alexander joined the board of DropBox you'd see the same issues. But they haven't.

Being a donor to one of two political choices (or often both) is one thing. That's very, very far removed from power. Actually having started wars whilst being Secretary of State is entirely different.

She gave speeches strongly advocating war in Iraq, and was an integral part of the whole process that led to a war which killed over 100,000 people. It was later solidly established that the people at the very top of the Bush administration knew their excuses for war were BS and kept repeating them anyway, and ignoring all the evidence that they were wrong.

I keep reading about how intelligent this woman is. But given the things she's done, she sounds pretty goddamn dumb to me. It's not everyone who can say their mistakes led directly to mass death.

Much though I love NSA related conspiracy theories, especially lately, I think "the NSA writes a pile of crap and gives it away for free in the hope it becomes inexplicably popular" is perhaps not the best one available. OpenSSL has been around for a loooong time with virtually no resources put into it, which is one reason it sucks. The other reason being that the original author wrote OpenSSL in order to teach himself C (and it shows).

Recall that SSL was not very widely used up until a few years ago, and it's only in the last 18 months that suddenly every man and his dog wants a secure website. It's not surprising that core libraries that do it are subpar. Even very large companies like Google or Microsoft have typically only had one or two people who really understood and cared about SSL.