Forgot your password?
typodupeerror

Comment: Re:Wat? (Score 1) 328

by fluffy99 (#46763715) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

You seriously think that black hats bother with reading millions of lines of code in the hope of finding an exploit when all they have to do is play with the data sent to services/applications and see if it misbehaves. Which is why exploits are equally found among closed and open softwares.

This is true, and exactly how this was found by Codenomicon. Having access to the source code actually makes it far easier to turn the bad behavior into a working exploit, particularly for something like buffer overflows. Although in this case, there wasn't much work needed as the bad behavior was returning the contents of memory in response to a bad parameter.

Comment: Re:Open source was never safer (Score 1) 328

by fluffy99 (#46763677) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

I think this says more about the prevailing view of security. Every programmer is told "NEVER roll your own encryption". The default result is that most programmers never even look at the code and instead assume it MUST be safe since the infallible "experts" wrote it. What we are seeing here is not the fault of open source vs closed source; it is about voodoo programming being considered good security practice.

I'm not saying that everyone should be rolling their own encryption, but people should be looking over the experts implementations instead of assuming they are perfect (this bug could have been caught by any number of "normal" programmers had they simply taken the time to looked).

The irony is that the openssl authors chose to roll their own malloc implementation instead of using the default, trusted one which would have likely crashed instead of facilitating the leakage of memory. (I still blame the fundamentally flawed nature of C for even allowing this)

Comment: Some real statistics. (Score 2) 367

by fluffy99 (#46600251) Attached to: More Than 1 In 4 Car Crashes Involve Cellphone Use

http://www-nrd.nhtsa.dot.gov/P...

An NHSTA sponsored study says at any given moment during the day, 5% of Americans are driving while using a cell phone.. The study has some caveats - it relied on phone surveys, visual road-side observations, and only goes up to 2011, so may be significantly under-reporting cell phone usage. I estimate that number is closer to 10% based on casual observation while driving. So in a two -car accident that gives a 10% chance of a cell phone used in one of the cars. If the real cell-phone usage number is closer to 15%, then the 26% number is meaningless as it's typical of the overall population regardless of cell phone use.

When I see a stupid driving move, the person is invariably holding a cell phone to their face, talking and gesticulating wildly while they're the only person in the vehicle (hands-free), looking down at something (texting or dialing), or it's a woman putting on makeup while driving.

Comment: Re:When are the bank runs going to happen? (Score 1) 704

by fluffy99 (#46488891) Attached to: Bitcoin Exchange Flexcoin Wiped Out By Theft

And then, how many people are keeping the bitcoins themselves without adequate off-site backup?

In the general population maybe 5% of people have off site backups. Do they suddenly become wiser when they have bitcoins? Maybe a bit. But I'll bet it's still far less than half that have a proper backup system.

How exactly do you "backup" a bitcoin to protect it from theft? Backing up the coin info does zero good if someone already managed to effect a transfer of that coin. It's no more helpful than having a copy of your last bank statement after someone cleaned out your account (expect perhaps for FIDC insurance might payout on the loss).

Certainly, you're an idiot if you only keep the information in one place and risk losing it due to a simple HD crash. Safety of the coins from accidental loss was the allure of these exchanges. No-one really considered the theft aspect hard enough.

So has anyone tracked those coins to see where they went? The good (or bad) aspect of bitconis is their traceability. Did they eventually end up buying goods or getting cashed out somewhere?

Comment: Re:RFC 2468 -- I remember IANA (Score 4, Insightful) 279

by fluffy99 (#46488829) Attached to: U.S. Aims To Give Up Control Over Internet Administration

Sixteen years after Jon Postel attempted to bring DNS root zone control authority under IANA, finally, the dream of internationalization of the root DNS/internet infrastructure is becoming a reality. A moment of silence please, for Jon Postel, IANA.

This carries big implications in NSA's spying/QUANTUM program, which use U.S. control of the DNS system to exploit systems.

Really? Tampering with the DNS root servers is something that everyone would notice. It's not something NSA would be likely to start tampering with. Manipulating DNS at local levels perhaps, but certainly not at the root.

I'm more concerned about US Govt manipulation of DNS at the behest of corporations for copyright enforcement by killing websites. We've already seen that happen

Comment: Re:LIGO is a money pit (Score 1) 70

by fluffy99 (#46488755) Attached to: The Earth As a Gravitational Wave Detector

LIGO is enormously more sensitive (~12 orders of magnitude), than this seismic measurement but in a different frequency band (~100Hz), so both are valuable measurements sensitive to different types of GW sources .

LIGO itself is a phenomenally difficult project, but with big payoffs. There is the basic physics of understanding how gravity works, but there are also technology spinoffs. The extremely low loss mirror technology developed for LIGO is not being used for other applications, including telecom. The high Q optical cavities are used in commercial measurement devices for measuring tiny concentrations of materials in gasses . There are likely many other spin-offs from the project.

Near as I can tell, most of the technology flow (at least recently) is in the other direction, i.e. now that extremely low loss mirrors, etc are available they are upgrading LIGO to use them. Obviously they have a special use case and deserve kudos for developing their own fabrication techniques and applications of the technology.

The "big payoff" hasn't happened yet and isn't clearly defined. What exactly would the payoff be? I can see how correlating an observed perturbance as measured by this large scale interferometer with xray telescope data from an observed cosmic event could lend credence to therories about gravity waves.

Comment: LIGO is a money pit (Score 3, Insightful) 70

by fluffy99 (#46486547) Attached to: The Earth As a Gravitational Wave Detector

They've sunk over a billion into the Hanford and Livingston observatories. The LIGO observatories from 2002 to 2010 were only operational for a very small fraction of the time, plagued by equipment problems, never acheived the design sensitivity, and NEVER detected anything useful. Most of their data was contaminated by local noise, including the highway a few miles away. They blindly collected terabytes of raw data that has never been fully analyzed and they have minimal local data analysis capability.

Now NSF is pouring even more money into it in the hopes they can improve the sensitivity and actually detect something? At best they might record a perturbance that is correlated between multiple sites (they also partner with an Australian site I believe), of which the value of that data is still debatable.

I wish the NSF would pull the plug on this waste of resources and invest in something more useful like cleaner nuclear power.

Comment: Re:Yes they did. (Score 1) 572

You do realize that performing https proxying and packet inspection to protect against malware is not the same thing as actively recording the sessions right? Regardless of whether they are proxying via MITM, they can still record the urls visited.

Also, the exact situation that the OP was attempting (a VPN that could expose the internal network) is one reason for using https proxying and filtering.

Comment: Re:AHAHAHAHAH (Score 1) 231

by fluffy99 (#46405353) Attached to: Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

"Open Source Software is more secure because the code can be reviewed."

That's why this bug has existed since 2005. gg, guys. Thumbs up.

What do you mean? The many eyes found said bug that is why we are reading about it if thay had not it would still be sitting there undiscovered. Ever wonder how many bug go completely unnoticed in proprietary software because no one actually reads said code? Like for example a Windows bug affecting all 32 bit Windows OS's for 17 years: http://www.computerworld.com/s....

Um no, code review didn't find this - at least not the people that are supposed to. The bad guys apparently found and have been using this bug for quite some time. So obviously the black hats are more motivated to review the code than the white hats.

Comment: Re:A little late (Score 1) 180

by fluffy99 (#46373569) Attached to: Your Next Car's Electronics Will Likely Be Connected By Ethernet

It wont' happen if you use a couple of switches and some relays for the wipers instead, and mechanics for the wheel/accel/brake etc....a lot cheaper too.

But then you can't have a smart car with a moisture sensor and rain detector to automagically turn the wipers on for you. Although, I have gotten spoiled by not having to remember to turn on/off the headlights. Same deal for interior lights, - you could go with the old school mechanical switches but it is nice to have them turn on at the appropriate times and turn them selves off if your toddler left the light on and you didn't notice.

Brakes and steering are still mechanical, btw.

Comment: Re:Shared networking with user services? (Score 2) 180

by fluffy99 (#46373519) Attached to: Your Next Car's Electronics Will Likely Be Connected By Ethernet

There are multiple busses in vehicles already, separated by function. Engine controls are usually on a higher speed can bus, stuff like the speedo and body (lights, doors, etc) on a low speed can bus. I can see adding a third bus for entertainment type stuff such as the radio sat nav, wireless hotspot etc.

Comment: Re:Can see how own network, messaging is being use (Score 3, Informative) 207

by fluffy99 (#46314161) Attached to: Microsoft Lync Server Gathers Employee Data Just Like NSA

We had an email go out saying that people were using Bittorrent from home over the VPN and to please stop since it's illegal and taking up bandwidth.

You guys need better network admins. Proper firewalling and proxying should block traffic like that.

Also, I shudder to think of the potential mess caused by allowing personal laptops to VPN in the first place.

A slow pup is a lazy dog. -- Willard Espy, "An Almanac of Words at Play"

Working...