** UnhandledExceptionEventHandler :: OFFICIAL LC / CHATTER THREAD **

[Neil S]

Quote:

Originally Posted by kyleb

obv i agree with this though it's a point of contention

Spoiler:

I'm with you. "Cuddled elses" and other K&R era style points were fine in the era of 25 line terminals, but these days we have more space, and the ability to make our braces line up for visual inspection.

[kerowo]

You can store TrueCrypt volumes on Dropbox, the volume doesn't sync until you've closed it so it can't be open on multiple computers but it does deltas so the update when you close it is only the full file the first time.

[gaming_mouse]

Quote:

Originally Posted by NoahSD

I assume you guys are doing this, but just in case, I'll mention that you should use TrueCrypt or something similar to encrypt all your hard drives.... Encrypt the entire drive

noah, can you elaborate on the specific situations where doing this would save your ass, and how it would save it?

[NoahSD]

It prevents people from getting anything off of your computer/drive if they get physical access to it. That's by far the most common way that people lose data. E.g., you leave your laptop in a cab, or you have a party at your house, or whatever. It's not as sexy as hacking, but it's what actually happens.

[Gullanian]

That seems sensible, but does TrueCrypt or any other ones affect real time performance of the computer?

Also, is a password to enter Windows not sufficient? I've no idea at all how hard it would be to enter a computer with a Windows password (probably not very hard?)

For security I basically just use KeyPass which is stored on DropBox, and run a daily backup script on the server which zips everything to dropbox. Manually once a week or so I'll do a code backup but I'm pretty slack about that and need to investigate auto back ups

[Benholio]

Windows user passwords are, unfortunately, not secure at all. Joe user can download an app to reset those passwords without much effort.

[NoahSD]

TrueCrypt does affect the performance, but the effect is pretty negligible.

The actual effect on read/write times is completely imperceptible on a decent machine. You can read a bunch of tests online and they're all in the neighborhood of 1% decrease IIRC. I've never had an application where I cared about 1% run-time effects.. so meh. There are, however, a few SSDs that use some kind of firmware-based compression or something. Since encryption makes your data effectively uncompressible, this totally ****s with those HDs. I forget what the technology is called and which SSDs use it, but the effect is ridiculous. So, you should probably google your HD before encrypting, but worst case scenario you just learn that you're one of the unlucky ones when your computer is really slow and then you decrypt.

The only noticeable hit is apparently to the CPU, since the CPU is what does the encryption/decryption. I've heard that this can be significant, but I haven't personally noticed it--even though I do very data intensive work that's usually HD or processor constrained. I know that it parallelizes decryption, so maybe that's why. Or maybe I don't actually do much computation while I'm reading/writing a lot of data to disk--because they're often separate steps in a sequential algorithm and/or most of the data is usually in memory. Or maybe I've only worked on machines that have hardware-accelerated AES.

For the same reason, the read/write speed would probably suck on a netbook or something, since it's actually mostly processor constrained.

A windows password isn't secure at all. It's not really meant to be. Not only can you get around it, IIRC you can actually find the original password, which sucks if your password is like "I'm secretly in love with Sarah" or whatever. Obv it's enough for some/most people, but it's breakable by Google, so it might not be enough for your purposes. Plus, doing things correctly is nice.

[jukofyork]

Quote:

Originally Posted by NoahSD

For the same reason, the read/write speed would probably suck on a netbook or something, since it's actually mostly processor constrained.

Yeah, I tried running with a TrueCrypted netbook and I can confirm it really bogs the underpowered CPU badly: videos stuttered that were fine before, booting took significantly longer, etc. I had to go back after a while as it was totally unusable.

Juk

[skier_5]

What is the logic for encrypting the whole hard drive as opposed to a volume containing only your documents? If I have all my important data encrypted is there still much to worry about in the cloud?

Another password manager I've been looking at is https://agilebits.com/onepassword. From there web site it sounds like they are following best practices and that it should be fine, but I don't have enough knowledge to feel totally comfortable making that conclusion for myself. It certainly looks like it would be a much better experience than KeePass and something I'd find a lot easier to recommend to my parents for example. Does anyone have any experience with it/comments?

[Gullanian]

You can get hardware solutions can't you for encryption which will have near 0 performance impact I think?

[Gullanian]

Do any of you have memorable stupid bugs that caused far much damage/trouble then they should have that you fixed?

I just fixed one that had been plaguing me for months, users being logged out of the forum but remaining logged in on the main site! Spent so long trying to reproduce it in every way possible to no avail, ended up being caused by the forum trimming a usercode cookie down to 45 chars. If your username was over 10 chars in length then it trimmed off the end causing it to be invalid. None of my test cases I created went over 10 chars in length, reproducing the problem was 99% of the problem!

Another one I had was years ago on an SMS site I had, someone from Turkey kept sending hundreds of SMS messages in a loop costing me hundreds of £! Again hard to reproduce, but finally found it and it was caused by the check:

if credits >= 0 then send message

As supposed to > not >=! Doh!

It was made worse by the fact that to prevent people going into negative credit balance, once credits were deducted and message sent if balance < 0 then balance = 0. This guy spotted the glitch and mercilessly exploited it.

One character never cost me so much!

Someone make me feel better with their stupid bugs!

[greg nice]

i too use keepass and just recently learned about the CTRL + ALT + A hotkey which will type the password for you. i was manually copying and pasting!

[Neil S]

Quote:

Originally Posted by Gullanian

Do any of you have memorable stupid bugs that caused far much damage/trouble then they should have that you fixed?

I once forgot C++ templates are the compile time abomination that they are, and tried to move the implementation from the header into its own source file.

[kerowo]

1password is nice although somehow they have it set up so the contents of the clipboard are erased after 1 paste which turns out to be more annoying then you'd think. Still a nice product though, nice to have passwords on all my mobile devices.

[Neil S]

As for the encryption, yeah. Don't encrypt your programs. Just your data and your swap.