Forgot your password?

Comment: Re:Nice... (Score 2) 262

by jaredm1 (#45052363) Attached to: Microsoft Makes Another "Nearly Sold Out" Claim For the Surface Line
I too had felt the same way, Java & .NET both seem like more modern development tools that free the developer from having to think about memory management and instead focus on what they want to create. Having recently been using Objective-C my perspective has changed quite a bit. I have some background in C & assembly so the concept of managing memory is not entirely foreign. I am finding the Cocoa APIs to be very clean and nice to use. Managing memory is also not as painful an experience as I recall from my C days. Objective-C apps should be more efficient (which really matters on battery-powered devices where processor usage is still important) and indeed it is. I believe it is one of the reasons Android and its apps still lag even when compared to older, less powerful Nokia phones.

Comment: Re: Who cares about IPSEC? (Score 1) 362

by jaredm1 (#44793099) Attached to: John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC
One of the big selling points of OSS is that software can be scrutinised for things like back doors. OpenSSL is indeed extremely popular as is OpenVPN - surprises me that the NSA and others have outwit the smart techies that should be able to spot weaknesses. Or perhaps we take OSS for granted so everyone assumes it has been scrutinised but no one actually bothers to analyse the code.

Comment: Re: Who cares about IPSEC? (Score 2) 362

by jaredm1 (#44785553) Attached to: John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC
Hmm, so a quick browse over to and we see: "Are there any known security vulnerabilities with OpenVPN? Not to our knowledge (as of 2004.12.08)" Not to be paranoid, but is it too much to ask for them to update their knowledge by about a decade? Am a bit surprised that there doesn't seem to be much published analysis of the protocol.

Comment: International standards.. 'nutf said (Score 1) 362

by jaredm1 (#44785299) Attached to: John Gilmore Analyzes NSA Obstruction of Crypto In IPSEC
When it comes to international standards I should remind everyone that the NSA doesn't need to do much to make those complicated and unwieldily. Look at SOAP or UML. For some reason when you gather an international consortium together to make a standard it is natural for it to be a huge WTF by the time it eventually becomes finalised. People feel the need to cater for every conceivable use case even if they're unlikely to be practical or real-world and often those pushing for things have very little grasp of the implications. Crypto related standards are different though, because you actually need people who know what they're doing. So apply the same approach to security and the resulting standard is bound to contain weaknesses. I would bet money that the NSA probably saved the IPSEC standards committee from making it overly weak (much like they enhanced DES when it was first created). Is there an open source alternative to IPSEC that has been scrutinised by cryptographers?

May the bluebird of happiness twiddle your bits.