Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:Yo dawg, I heard you like keychains... (Score 2) 278

by WaywardGeek (#49702339) Attached to: Ask Slashdot: What's On Your Keychain?

No keys in my pocket, but I do carry a gold-plated stainless-steel Klarus MiX6 AAA LED flashlight. The company is not reputable, IMO, but this is one great light. Too bad they don't make them anymore...

I also carry a Moto-X cell-phone with Republic Wireless, and an Infinite Noise Multiplier. Never know when you might need some true randomness :-)

Comment: Re:The barrier has been there all along ! (Score 1) 63

by WaywardGeek (#48666743) Attached to: De-escalating the Android Patent War

One more point... this patent pool thing is all bad, in that it keeps out new players, reducing innovation. Also, it does nothing to stop trolls, who have no product to protect. You can't counter-sue a troll, since they don't do anything, making it impossible for them to violate patents. Billions of dollars are being flushed down the toilet in this anti-innovation patent-lawyer shake-down.

Comment: Re:The barrier has been there all along ! (Score 3, Interesting) 63

by WaywardGeek (#48666725) Attached to: De-escalating the Android Patent War

Patents back in the 1970s were only slightly broken compared to today. I've met several inventors or their relatives who invented things like milk cartons and every-day items we now take for granted. Up through the 1970s, "inventor" was a potential career path.

That all changed rapidly starting in 1982, when Congress voted to give all patent appeal cases to a single appeals court in Washington DC. This court basically created the patent troll industry. Before 1982, trolls would have been thrown out of court. Since then, this court has become a puppet to the patent troll industry through something called regulatory capture.

I wont go into the evils of software patents here. It is a regular flame topic on slashdot. However, we can blame this appeals court for them. Most recently, I was shocked when they changed long standing precident and declared that APIs are copyrightable, which if upheld, has potential to end software development as we know it.

I have several software patents. We are required to get them for defensive purposes. This is essentially a lawyer's tax on the software industry, with zero benefit to non-lawyers, so far as I can tell.

Comment: Re:Many DDR3 modules? (Score 1) 138

by WaywardGeek (#48666609) Attached to: Many DDR3 Modules Vulnerable To Bit Rot By a Simple Program

It sounds like you know a bit about modern DRAM architecture. Data sheets now days are not avalable to the public, so it's hard to figure out basic things, like how much power is burned in the DRAM in a simple loop. Do you have a simple rule of thumb for modern DRAM power loss? If I understand correctly, static power is minimal, but dynamic power can generate several watts of power.

+ - OneRNG open source hardware entropy genrator->

Submitted by taniwha
taniwha writes: Moonbase Otago is pleased to announce its Kickstarter campaign for OneRNG — an open source hardware entropy generator, is already 3/4 funded after 3 days.

OneRNG is a USB key in the same form factor as a USB flash drive, it's an entropy generator, it makes random bitstreams suitable for feeding to your computer's encryption systems to make better and faster keys to make interception of your communications more difficult. It has two entropy sources, an avalanche diode and an RF noise source, either or both can be used

OneRNG is also open hardware, that means all of the design, both hardware and software, is Open Source — you can inspect the hardware and software to make sure there is nothing hidden that stops it from functioning as promised. It also means that you can inspect a unit after shipping to make sure it has not been tampered with, both by lifting its lid to look at the components, and by inspecting the embedded firmware both to make sure that it contains what you think it does and also that it is cryptographically signed with a valid key.

Because you don't truly own your own hardware unless you can reprogram it we're also offering device programmers for those who want to take the existing software and make it better or their own.

https://www.kickstarter.com/pr...
http://www.onerng.info/

Link to Original Source

Comment: Re:Expect a FISA or PRISM notice in... (Score 3, Informative) 270

by WaywardGeek (#47950583) Attached to: TrueCrypt Gets a New Life, New Name

Some people post warrat canaries, but I stopped. Our current defense strategy is having developers around the world. Also, we have weekly voice meetings that are hard to fake, and enable us to know we're dealing with the same person each week.

Personally, I've boning up on skills for finding weaknesses in crypto code. I just did a 2-week marathon of being a huge a-hole over at the Password Hashing Competition. Telling people why you think their algorithms are not secure does not make you popular, but I have to admit it was fun. Applying the same sort of analysis to TrueCrypt makes me want to set my hair on fire.

TrueCrypt's saving grace is that it is not an on-line app. Even in the first "rebranding" release, we're removing it's tendency to ping the Internet whenever you click on a help button. If an attacker could hack the volume data, for example, he'd totally pwn TrueCrypt. But... in that case, he already owns you most likely.

Comment: Re:GIMP, Ubuntu, Xfce (Score 1) 270

by WaywardGeek (#47950471) Attached to: TrueCrypt Gets a New Life, New Name

I totally agree with your list, which means you are better than most of us geeks at picking, or at least evaluating names. I would love an alternative to CipherShed. I bet you could help here. Can you think of better names.

I like the name password-hashing entry in the PHC called OmegaCrypt. I was considering contacting the author, Brandon, to see if he'd let us use it. Some people on the CipherShed project don't want either True or Crypt in the name, partly for fear of trade-mark dispute, and partly to show that we're doing an honest clean fork, with an intent to rewrite it all under a popular FOSS license (the latest BSD license is currently the leading condender).

Comment: Re:Like LAME (Score 2) 270

by WaywardGeek (#47950443) Attached to: TrueCrypt Gets a New Life, New Name

Infringement has a lot to do with who you're pissing off. I this case, I am not so worried about the original TrueCrypt team. These guys did a ton of work for years, almost for free, because they thought the world needed it. Well, the world still needs it, and we have some new volunteers (but need more!). The E4M owner has some gripes about use of E4M licensed code in the tool. I think we need to focus on the E4M code and get it out of there ASAP. We can then take some more time to redo the whole GUI and everything else.

Comment: Re:"CipherShed" (Score 4, Informative) 270

by WaywardGeek (#47950405) Attached to: TrueCrypt Gets a New Life, New Name

So, I'm invovled in the CipherShed project. In fact, I bought the domain originally when Niklas suggested it. I also bought FalseCrypt :-)

This thread is actually very helpful. I've been very concerned that we need to pick a better name. The unfortunate truth is that we geeks totally suck at picking name!

RealCrypt is excellent, IMO. That's why the RealCrypt fork of TrueCrypt exists :-) It's a Fedora-packaged fork that drops all the Windows stuff. There's also a VeraCrypt fork. OpenCrypt.net was offered to us by the owner, which is very generous, but there is an OpenCrypt already, which oddly enough has to do with encryption rather than vampires.

Please keep picking on the name, and suggesting alternatives! If someone here provides one, I'll try to have it adopted. We *barely* still have time to make a name change.

I am not now, nor have I ever been, a member of the demigodic party. -- Dennis Ritchie

Working...