Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Finnish National TV Broadcaster Starts Sending Bitcoin Blockchain

tero Re:More details (73 comments)

Julian, is that you?

about two weeks ago
top

The Sudden Policy Change In Truecrypt Explained

tero Re:still speculation (475 comments)

Two guys - working working over a decade without funding etc.

Ennead was 29 in 2005 (http://www.wolfmanzbytes.com/windows/70-truecrypt-encryption.html) and they obviously developed it on their freetime.

Fast forward from that to today and you got couple of middle-aged devs, probably with more demading careers and perhaps even families and maybe with young kids.

They started it as a Windows project, when Windows was...a completely different beast than it is today.

It's no wonder TrueCrypt didn't get very many (any?) releases in the past couple of years.

It's certainly a very interesting way to exit stage.

about 2 months ago
top

The Sudden Policy Change In Truecrypt Explained

tero Re:still speculation (475 comments)

It's just his page, read the actual quote I referenced, it's nothing to do with Steve Gibson - he is just quoting two people on twitter.

Bottom line - we have no evidence of warrant canary or "dev rage quit".

Also: https://twitter.com/0xabad1dea...

Personally I'm more inclined to believe the devs calling it than any NSA scheme, but again.

No. Evidence.

about 2 months ago
top

The Sudden Policy Change In Truecrypt Explained

tero still speculation (475 comments)

According to this page - someone e-mailed a dev contact and claims they called it quits due to lack of interest

https://www.grc.com/misc/truec...

(Scroll to the bottom, the green box).

The only real "confirmation" we have is the info on the TrueCrypt page. It's over (no matter what the reason is), best to move on.

about 2 months ago
top

TrueCrypt Website Says To Switch To BitLocker

tero Re:Fishy (566 comments)

Seriously, if it's FOSS, doesn't that mean anyone can take the TrueCrypt code and do with it what they will?

Yes, but TrueCrypt has never been FOSS and by the looks of it never will be. It has always had it's own license that contained distribution and copyright-liability restrictions.

It's never been accepted as "open-source" by OSI.

about 2 months ago
top

Severe Vulnerability At eBay's Website

tero erm.. (60 comments)

So how about a write-up in English Mr. Golem?

about 2 months ago
top

Could Google's Test of Hiding Complete URLs In Chrome Become a Standard?

tero Re:All part of the plan. (327 comments)

A lot of browsers are to blame for this. Both Chrome and Firefox place a big search bar in the middle of the screen and put it in auto-focus as soon as the browser starts.

Firefox gets most of its funding that way (ironically from Google) and Google gets to harvest our searches in both cases.

It's a browser UI issue, not a user issue.

about 3 months ago
top

OpenSSL Cleanup: Hundreds of Commits In a Week

tero it's a good effort (379 comments)

Right now, I think the team is mostly focused on having "something usable" in OpenBSD and I doubt they care too much about anything else outside their scope.

Having said that - forking OpenSSL to something usable and burning the remains with fire is a great idea, however there is considerable risk that the rush will cause new bugs - even though right now those commits have been mostly pulling out old crap.

Fixing the beast is going to take a long while and several things will need to happen:
- Upstream hurry to put more crap into the RFC needs to cease for a while. We don't need more features at the moment, we need stability and security.
- Funding. The project needs to be funded somehow. I think a model similar to Linux Foundation might work - as long as they find a suitable project leads. But major players need to agree on this - and that's easier said than done (who will even pull them to the table?)
- Project team. Together with funding, we need a stable project team. Writing good crypto code in C, is bloody hard, so the team needs to be on the ball - all the time. And the modus operandi should be "refuse features, increase quality". Requires a strong Project Lead.
- Patience.. fixing it is a long process, so you can't go into it hastily. You need to start somewhere (and here I applaud the OpenBSD team), but to get it done, assuming that above is in place - expect 1-3 years of effort.

about 3 months ago
top

Commenters To Dropbox CEO: Houston, We Have a Problem

tero Re:And the attempt to duplicate their efforts resu (448 comments)

USA had absolutely no grounds to remove Saddam Hussein from the power.

The only reason they received U.N mandate is because they fabricated the WMD evidence and outright lied at the hearing.

On top of it they captured people - detained unlawfully without a charge or trial and tortured during their captivity.

Condi Rice and the rest of the Bush Jr. administration should be tried for their crimes.

about 3 months ago
top

Interviews: Jonathan Coulton Answers Your Questions

tero Re:Can't follow John (36 comments)

But at least he answered the questions instead of copy&pasting 2 year old article from his blog

JoCo > McAfee

about 3 months ago
top

Ultima Online Devs Building Player-Run MMORPG

tero well that was new... (75 comments)

*cough*MUD*cough*

about 4 months ago
top

New iOS Keylogging Vulnerability Discovered

tero Re:Linux and windows have vulnerabilities (72 comments)

You didn't even read the summary? That's very /. of you

" iOS (and OS X) SSL security bug comes the latest vulnerability in Apple's mobile operating system"

about 5 months ago
top

Apple Fixes Dangerous SSL Authentication Flaw In iOS

tero Re: goto fail (101 comments)

Yeah, the hash update succeeds, so err contains successful value when it jumps to the end. It never reaches the dead part where it updates.

about 5 months ago
top

Apple Fixes Dangerous SSL Authentication Flaw In iOS

tero Re:goto fail (101 comments)

Yeah, you'd think a compiler should have caught that.. but neither GCC or Xcode seems to do that..

Adam Langley has a great blog post dissecting this:
https://www.imperialviolet.org...

about 5 months ago
top

Apple Fixes Dangerous SSL Authentication Flaw In iOS

tero goto fail (101 comments)

in
http://opensource.apple.com/so...

  if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
                goto fail;
                goto fail;

about 5 months ago
top

NBC News Confuses the World About Cyber-Security

tero not even in Sotchi (144 comments)

..they were in Moscow..

about 6 months ago
top

Satya Nadella Named Microsoft CEO

tero Re:In other words ... (293 comments)

In other words, Microsoft is going to proceed with a vision which may or may not be of interest to consumers, and once again tell us what we want instead of listening to us.

To be honest, if I was the CEO I wouldn't listen to "us" either. Why should I? We (I guess the collective consumers and customers) have no idea what we actually want.

Except perhaps "cool free stuff" and at most "innovation" which doesn't really mean anything at all.

He's been heading one of the divisions that has made most money lately - fairly good choice I'd say...

about 6 months ago

Submissions

top

Remote root exploit in Kindle Touch

tero tero writes  |  about 2 years ago

tero writes "Developers at MobileRead forums have discovered a rather strange "feature" in Kindle Touch browser. It seems the browser includes a scriptable plugin which allows websites to execute code on the device. Naturally someone has found a way to execute shell commands — and by the looks of it everything is running with root privileges.
This opens potential for "drive-by" jailbreaking — or turning the devices into a global 3G botnet.
According to the thread Amazon is working on a fix."

Link to Original Source
top

Seagate may sue if Solid State Disks get popular

tero tero writes  |  more than 6 years ago

tero writes "Even though Seagate has announced it will be offering SSD disks of its own in 2008, their CEO Bill Watkins seems to be sending out mixed signals in a recent Fortune interview:

He's convinced, he confides, that SSD makers like Samsung and Intel (INTC) are violating Seagate's patents. (An Intel spokeswoman says the company doesn't comment on speculation.) Seagate and Western Digital (WDC), two of the major hard drive makers, have patents that deal with many of the ways a storage device communicates with a computer, Watkins says. It stands to reason that sooner or later, Seagate will sue — particularly if it looks like SSDs could become a real threat.
"

Link to Original Source

Journals

tero has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...