Is Heartbleed really untraceable?
I was sent a PM about this and a really good point was raised there. If EFF claims that networking logs showed enough detail to confirm Heartbleed exploit attempts going on, then why did Codenomicon's heartbleed.com website claim that the bug doesn't show up in logs?
Recognizing that this is outside my specialty, I did not venture into this topic but I have been wondering about this myself. To say that Heartbleed leaves no traces in the logs is a pretty big commitment. This is because there are a lot of different software...
That's been fixed. I was pretty surprised about this mistake. I remember finding that Canadian website link via a news article discussing the impact of Heartbleed. Maybe I copied the number from the news article, but somehow got mixed up while switching between the two pages and ended up grabbing a number that was relevant to some other topic on the news page. Thanks for catching that.
I added a note about this to the post.
Should this learning experience / Heartbleed instructions post be in main or discussions?
[pollid:677]
I wasn't sure that this was on topic enough for main, but Gunnar_Zarncke argued that this post should be in main "because it is totally applicable to practical rationality and real risks".
If a significant number of people vote and the majority wants this to become an article, I'll put it there after fixing whatever errors I'm notified about in the comments, and after requesting or making a polished version of the poll for it that Gunnar_Zarncke s...
I have had not a single email from any of them about Heartbleed
This delayed my finding out about it. I discovered later that most of them had posted their notice someplace a little out of the way - on some blog that's not even under their main domain name (Google did this and I think Microsoft may have done it), or in a little "news" box that you only see after signing in to the website. I don't know what immunized me against the instinct to write it off as a hoax. Perhaps it was all of the security literature I've read and my daily experiences that have informed me that security is difficult and that flawed code can easily be written by accident.
Thanks. That's fixed. I also checked all the other links in the post for 404 errors and fixed two others.
I have read around 25% of The Sequences, most of HPMOR, a lot of LessWrong posts, some Daniel Khaneman, have familiarized myself with logical fallacies, and have begun learning about research methodology. I've been checking my own reasoning and beliefs for flaws and doing self-improvement for years. I have also attended LessWrong and Effective Altruist meetups, and a CFAR workshop after party.
Like many of you, I am an IT person and an atheist. I have a large amount of interest in effective altruism, research, self-improvement and technology in general, ...
Does anyone know where the most recent version of the welcome thread is? I searched and searched for keywords like "welcome" and "introduction" / "introduce". Do you not use welcome threads anymore?
I want to test my ideas, mostly ideas for technology projects and/or startup ideas. Doing scientific research is best but can be quite costly and time-consuming, so I assume it would be optimal to filter the ideas first in order to select the best ones for testing. I already do things like looking for problems and unintended consequences, looking for relevant studies, and showing them to people hoping to find flaws, but I would bet that somebody has created an idea review process that can be applied for even better preliminary filtering. It would be ide... (read more)