jwz: 10-Apr-2014 (Thu)

Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. This means you'll need to go in and change your passwords immediately for these sites. Even that is no guarantee that your information wasn't already compromised, but there's also no indication that hackers knew about the exploit before this week. The companies that are advising customers to change their passwords are doing so as a precautionary measure.
Also, if you reused the same password on multiple sites, and one of those sites was vulnerable, you'll need to change the password everywhere. It's not a good idea to use the same password across multiple sites, anyway.

Go buy 1password already.

Heartbleed should bleed X.509 to death:

4 companies controlling 90.6% of the internet's secrets. This is fucking insane. Do you have any reason to trust this lot with anything, no less the security of 90.6% of all your 'secure' internet traffic? Do you honestly believe that the NSA/GCHQ didn't see this and say "Well that could be a lot worse"?
What we have done here is fitted our doors with some mega heavy duty locks, and given the master keys to a loyal little dog. Sure, he barks at you with a smile, but can you ever be sure he won't be distracted by an appealing steak from your worst enemy? Of course not, he's a fucking dog. We've seen two-faced dogs before - one was called RSA. They just loved that NSA steak.

Schneier:

At this point, the probability is close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.
I'm hearing that the CAs are completely clogged, trying to reissue so many new certificates. And I'm not sure we have anything close to the infrastructure necessary to revoke half a million certificates.
Possible evidence that Heartbleed was exploited last year.

Also I'd like to point out again that nearly every security bug you've experienced in your entire life was Dennis Ritchie's fault, for building the single most catastrophic design bug in the history of computing into the C language: the null-terminated string. Thanks, Dennis. Your gift keeps on giving.

Previously, previously, previously, previously.

68 Comments

Tags: big brother, computers, conspiracies, doomed, security

Exterminate All Rational Version Control

9 years ago

Git man page generator. Seems legit:

NAME
git-salute-file -- quiltimport all local changes before forward-ported non-shocking local subtrees
SYNOPSIS
git-salute-file [ --hasten-customize-index ] [ --tickle-perfect-subtree ]
DESCRIPTION
git-salute-file adds the bases outside added non-thining unstaged submodules, and to revert an automatic MOLD_BASE or reflog the working histories, use the command git-fornicate-head --undress-pick-base.
The same set of bases would sometimes be packed in an original history, but the same set of stashes would in some cases be quiltimported in a passive commit. The index to be staged can be provided in several ways. After a git-stick-head (configured by git-update-commit) applies a stash, cleanly fetched commits are fscked for you, and stashes that were failed during fetching are left in an archived state, so it is sometimes a chance that a stashed error will prevent automatic noting of any patched bases.
git-gesture-file --answer-wedge-path will apply an automatic git-stifle-object before doing anything else, because a few named histories rebased by paths in the change, but that are in <oldbase>, are requested in an automatic base. git-weigh-change takes flags relevant to the git-subdue-stash command to control what is hurtled and how, because the user may fsck any such changes and run git-construct-ref --flounder-stage instead.

Previously, previously.

7 Comments

Tags: computers, doomed, pranks

The Body Appropriate Kickstarter

9 years ago

"With your support and community, I will be able to share some of the things I consider to be most life affirming ...and gross."

Rewards include:

MYSTERY BODY PART = Jar. Ethanol. Body Part. (uniquely crafted by Stephanie) [ 2 Tickets, Donor Mention ]

2 Comments

Tags: art, parts

#ReplaceBikeWithCar

9 years ago

Best Of #ReplaceBikeWithCar

@geckobike: An overturned cargo-bike is causing traffic chaos with police diverting miles of queuing bikes through a contraflow #ReplaceBikeWithCar
@pedrogers_peter: I'm just going to completely block this driver-only lane with my cargo bike while I make this essential delivery #ReplaceBikeWithCar
@HushLegs: Earlier I saw a driver run a red, so I'm going to cycle dangerously close to a completely different car in retaliation. #ReplaceBikeWithCar
@TinyHelmets: Oh you drive a car? Let me tell you about that time someone was killed driving. #ReplaceBikeWithCar
@AvrgeJoeCyclist: I'd like to let my kids drive cars on public roads, but I love them too much to let them risk their lives #ReplaceBikeWithCar
@DrJaneChi: #ReplaceBikeWithCar "What bothers me about cars is how often you see drivers just completely disobeying all the traffic laws"
@MaryLauran: "Oh, you drive a car? You're so brave. Have you ever had an accident?" #ReplaceBikeWithCar
@MaryLauran: "You DROVE here? In the RAIN?" #ReplaceBikeWithCar
@miller_stephen: I don't oppose car lanes -- I drive a car myself, actually -- I just don't think it's safe to put one on my street. #ReplaceBikeWithCar
@BrooklynSpoke: The bike ran over the man, killing him. No criminality is suspected. #ReplaceBikeWithCar
@Carrot70: Cyclists found not guilty of causing death of a driver as the sun was in their eyes. #replacebikewithcar
@daveormsby: Cars don't belong on the street. If you want to go for a drive, use the freeway -- it was built specifically for cars. #replacebikewithcar
@mullinsms: Cars are great, but I don't think the city is a safe place to drive them. #ReplaceBikeWithCar

2 Comments

Tags: bike, doomed, sprawl