Stop this.

Seriously.

Just stop.

When I looked into my server, I found out:

The OpenSSL library I'm using wasn't vulnerable.
Thus, my keys are as "safe" as they were before.

Also, to enable PFS, I would have to upgrade - to one of those OpenSSL versions that is vulnerable (but obviously there are "fixed" ones now).

I would also only be able to use EC cryptography with PFS with OpenSSL. I don't trust EC personally, yet. It's just not been around long enough for me. And I find it suspicious that every time something happens, the answer is "Let's go to EC!". If anything, I suspect it might well be something that people we don't want deciding algorithms are driving us towards.

Sorry, but until I trust EC, I can't trust PFS. And I can't use either until I upgrade to a version of OpenSSL that was vulnerable to this attack for a long time without anyone noticing (whereas my current version wasn't).

Ironically I "score" more on certain SSL test sites with old OpenSSL than with the newer one... and I get artificially capped because I don't support EC.

Until someone shows me that PKE is broken, then EC is not necessary for my usage. PFS is something I'd like but, as OpenSSL only supported it when using EC algorithms last I looked, I don't see it as any more secure.

I'm sorry? Why would "decades without computers ... render computer science and related professions useless"?

I don't think you get that "science" bit on the end of it. Nor that much of computer science goes back to extreme basics. Morse Code? That's coding theory. It's only if you take a narrow-minded view that it doesn't appear as computer science.

You can build a computer from the simplest of building blocks - it just so happens we prefer semiconductors - but as has been historically proven you can build a mechanical computer capable of just about anything (and that was proven how? Turing machines? Oops, that's computer science!). Maybe not fast, but accurate and useful when it comes to larger calculations. We had a need for such things several hundred years ago and, even big projects aside, we made them and used them (Abacus for thousands of years? Calculating machines were rife for centuries from the 1600's).

The fact is that computer science is, like any other science, not only useful as a nurturer of people with a logical mind, but also directly useful in any size society once it's settled a bit. Mostly because much of it is maths. And the rest of it is directly applicable to real-world calculations.

Sure, you can live without it. But you can live without an awful lot of things. But with it, you gain an advantage. Where best to site my defence towers against the pillaging hordes? How best to send a message asking for allies to appear without the enemy knowing what is in it? How to ensure we don't waste time dividing food equally with various random weights and measures?

It's the old fallacy - but it's wrong. You do not need a computer to perform computer science. And you do not need a computer to get useful data out of your computer science. It just helps, and speeds along the process.

Fact is, in any kind of apocalyptic even like this, you'll be glad of any academic, especially one that can provably solve practical problems like this. Hell, simple ballistics is a nightmare to solve by hand.

And, if it comes to it, you can build a computer out of blocks of wood (there are several examples of this), water-filled tubes (the Russians did concrete calculations on one), or pieces of paper. We're all taught how to do at least the last one of those in computer science courses, too.

A computer scientist may not be the immediate asset who scavenges food or heals the sick or welds defences. But you'll want one on your team before long, and they'll give you an advantage over any group that doesn't have one.

I don't think you have much of an idea of what a kernel is.

Just because you have the same kernel does not mean that you can run the same applications.

More importantly, please tell me what's in the pre-flight safety check.

Chances are that you've heard it so many times that you could give it.

Your belt clips around your waist. You undo by lifting the buckle. Your oxygen mask will drop down from the overhead compartment. Your exits are here, here and here, etc. etc. etc.

The danger of the pre-flight "safety" check is that it's nonsensical to do it. Emergency measures should not be designed that people have to learn to use them. They should be clearly marked, with - at most - one simple diagrammatic instruction. If you can't make them that simple, redesign them.

Same goes for nautical safety but there's a lot more to go wrong by your own hands on a ship. In a plane, well, you're just holding onto your own backside and hoping it all goes okay no matter what.

Honestly, I think it's about time we scrapped them. They tell us nothing we'll remember in an emergency, even though we've memorised every step. They talk about extreme situations that happen in extraordinarily rare circumstances. They scare passengers who are nervous. And yet, pretty much, studies show that in an emergency it's every man for himself and we'll all forget the briefing anyway.

Take the briefing away. Take the flight safety card away, Put simplified instructions everywhere (oxygen mask is here, pull to start flow, with a little diagram). Let people relax on their flight without being FORCED to sit through a briefing they are desperate to shut the hell up so they can sleep.

If you want to have the briefing, do this - hand out a little app that lets you do it on a personal basis.

Most importantly - SHUT THE HELL UP on flights. Let people relax, sleep and journey and then - when an emergency happens - they won't be so stressed that they do quite so stupid things.

Can't say I'm surprised. OpenSSL is a pile of dung. It's nothing to do with being written in any language, it's just horrible.

There's not even any documentation. I mean, literally, none. Nothing vaguely useful. How do I programmatically load a certificate into the store, along with a chain of related trusted certificates, and then set my requirements (must be in-date, must be validly signed, etc.) and get out a "It's fine" / "Something's not right" response? The only answers I could ever find were to follow published examples and tweak.

And when it comes to working out where in the published examples structure X comes from, or how to convert it to structure Y, you're on your own unless you happen to have picked a comprehensive (and almost certainly not OpenSSL-supplied) example.

It's just that bad. I was writing a pseudo-DRM for a game / Steam-like distribution platform as a hobbyist project. It was literally horrible to even try to self-sign some certificate and then see if it all panned out later from another computer to guarantee integrity. In the end, I had to "imagine" every possible case and find a way to counter it (i.e. client cert expired, client cert invalid, server cert not signed client cert, server cert has bad chain of trust, client cert not signable for that purpose, etc.) - and almost always there was NOTHING to indicate what the recommended way to do it was.

There is no decent OpenSSL documentation at all. Not even a decent overview of the process of checking certificates. It scared me at the time, knowing how important the library is, and it can only lead to bad code.

In the end, I'm quite glad I don't have to program against it for a living. If I did, I'd be seriously looking for something else.

Welcome to English.

The language you copied, fucked with, and then claimed to have the definitive version of.

Pretty much if we end a word with -our (colour, flavour, honour) or -ise (optimise, etc.) then we're right.

Premature Optimisation.

1) Why only bind (it's not the only nameserver)?
2) Why is there not a "install and go" version of it?

Every tutorial I see starts with some huge parenthesised section of a bind zone and several scripts to manually update other bind files (like the comment a few below this one).

Surely, if you're not caring about anything else on the domain you give it, there must be a zero-config version of it that saves someone having to cock up a bind installation.

Easier:

Combine with Kinect-like scanning to make a 3D photocopier.

Then Games Workshop would go bust in a year...

I'm a Dyn.com customer of old so I got an email to tell me that the promise to be "always free" back then holds for me, even if not for newer customers.

But when I was looking for a more modern replacement, I was expecting to be able to set up a Dyn-compatible service for my old domains using an external Linux server. There doesn't seem to be anything easy for that.

What I'd like is a Linux package which you can install on a server, and have it provide Dyn-like updating, without me having to play with BIND and all sorts (I don't do nameserving, so it's no particular fuss to install a nameserver JUST for this purpose). I thought DNSMasq might do it, as it's so powerful it tends to do everything, but that doesn't seem to offer it.

And if it's Dyn.com compatible in the protocol it uses to accept reports from clients, it's just a matter of hacking in your IP instead of Dyn.com's. But I couldn't find anything that wasn't a case of "install this series of Perl scripts in such a way that they play with the internals of your existing, perfectly working BIND setup, and basically get called from web-requests with permissions enough to do just that".

Anyone know of some software that works like the server-side of Dyn.com so I could host my own DynDNS service for my home accounts using a static, external server?

Your friends tells you about this thing which he believes in and tries to convince you. But you're not sure.

Do you:

a) Go along with them, get absorbed, spend hours listening to their arguments, ask around a circle of friends that you share with him about their opinion? (i.e. imagine pre-Internet generations where if you didn't know someone personally, or were a part of a group, you didn't even get to meet them, let alone communicate extensively)

b) Go to your social network online, look up vast resources, have the arguments for and against in front of you, find out all the dirty secrets, cliques, etc. hear tell from friends-of-friends-of-friends about things they do and believe in?

It's just a product of information availability. And it works both for and against us now. It's now harder to quash rumours started by a random person with no basis from spreading but it's much easier for such rumours to reach the ears of the interested - even if subject to court order in some cases!

And it's not just religion. It's products, services, celebrities, charities, you name it. Before, you didn't have a source of information likely to know both sides and the in and outs of everything that you could consult confidentially and extensively and get THOUSANDS of peoples opinions in a matter of minutes. Now it's a click away and you're taught to use it for school research before you're able to write.

On a personal note, I'm agnostic, so it's no great surprise to me that the more facts people have available to consult, the less seriously religion is taken. "Faith" is something I see as laziness - "I don't want to check this fact, I'll just trust it's true" isn't the best principle to live by. In fact, it's that exact principle that is being eroded by the simplicity of fact-checking nowadays (even if not perfect, there are still good sources of actual fact rather than common belief out there).

Religion has been on a bit of a death-spiral for years. My country is pretty much turning churches into nothing more than pretty historical buildings that you visit and feel obliged to drop a coin in the box to pay for your nice photos of the stained-glass. My father-in-law is religious and bemoans the complete lack of religion in his local area - he visited dozens of churches before he found one with any kind of active services, and they didn't suit his preference.

By contrast, he says that the US is a much more faithful country and you can still draw crowds of tens of thousands at certain churches.

But I think that's more about celebrity, and the older generation, than anything to do with religion itself.

Religion is dying a little, but to be honest we were in a kind of renaissance of religion the last couple of hundred years anyway.

Just over a kilobyte, I think.

But that can be compressed as it doesn't NEED to be human-readable any more. So you can easily fit in a few Kb of useful data, I should think.

And as data density rises, so does the error correction but if the QR code reads (you have a device that reads them directly, why bother to snap a shot then process the image separately?) then it was a success. Hover and hold until you get the beep, on almost any smartphone made this decade.

But, no, you won't get CORRUPT data. The QR code either works or doesn't, like barcodes either scan or don't. You don't scan a book and get sold a DVD. Same principle.

What you might have is trouble getting a decent QR read on a crappy low-res camera but that's - again - no worse than the prior situation where I've seen kernel-panic screenshots you can't even read, let alone decode.

You lose nothing.

Anything that could have been logged to disk will have been.

Anything that couldn't is probably FAR TOO LONG to even start taking down any other way and almost certainly will cut through the screen buffer limit anyway (every kernel panic I've had - which is about a dozen I think - was like that).

Let's compare and contrast to, say, Windows. Bluescreen with minidump and error code that has 7 million potential causes.

At least with a QR code, for those totally undumpable errors, you stand half a chance of snapping it and providing several kiloybytes of useful information for someone to work from - that they know hasn't been transcribed wrongly. And can be taken from even a completely hung machine.

It's a good idea. Someone needs to make a patch for it. The biggest problem - as always - will be making sure you can get to the point that you can write to the video memory and do so with enough processing / storage to be able to write something useful into the QR code.

It's not.

The problem is the overlap between basic consumer rights ("statutory rights"? Heard the phrase anywhere? Like every contract ever "not affecting them"? Actually, they can't be affected by contracts whether the contract says or not!) and contract law.

Yes, you can sign away an awful lot. But you cannot be expected to be held to a contract held as "unfair" (which this one almost certainly would be). The problem is proving that can be expensive.

Never forget that what you sign is only one part of what you've got on your side. You can sign, for example, that you would become a slave that your employer can whip. Your employer CANNOT enforce that though. Some rights, including your consumer rights, cannot be signed away and automatically make such things null and void.

If you took this to even small claims court, it would be found to be unfair, it would be made void, and you would not pay anything.

If, however, they took reasonable steps to inform you of the change, and got consent (even implied, but that's tricky), and gave you time to disagree (usually by termination of said contract), then it would be binding on you. Then it would be considered "fair" as it's not asking you to do anything illegal or drastic.

For future reference, this applies to ALL KINDS of contracts. The law is in place to override your ability to do this to your customers in an unfair way and take priority over ANYTHING they've signed. It just might take a customer taking it through small claims (or larger) courts in order to prove that. And, chances are, unless a lot of them do, they will not retract the policy in the company unless the court orders them to. So you might win, but no other customer (who probably won't bother to take it to court) would, and things like that.

I've used 123-Reg in the past. They were atrocious. But you can be sure that if I were a customer, there'd be a letter winging it's way to head office to state the above. Given the track record I have (and I'm no lawyer), they might tie up any domain I had for a few weeks but in the end they've been transferring my domains for free. I don't care enough to make them do it for other customers, that's those customers problem.

And the problem is that 99% of consumers think, like you, that this is "legal" just because it's on paper. And when you get the first letter in reply saying that they don't agree with your interpretation, etc. etc. etc. and basically saying "Fuck off" in legalese, you'll accept it grudgingly and just pay the £12. It's only the pedantic fuckers like me who actually enjoy being proven right that will go through the system and bug the shit out of them until they admit it.

It's not legal.
Your consumer rights ride straight over it.
But that doesn't mean it'll be easy to "convince" them (they know, their lawyers know, but they'll fight you all the way until you cause them more hassle than you're worth).

But take it to court and it'll be laughed out, if you even get that far. But it will cost you money (which you *can* get back from them) but most importantly an awful lot of time to sort out. And that's exactly what they rely on.