Good for you. Not everyone can afford an hardware PRNG, though, so software it is for most of us.

Precisely - which is why PIDs are randomized on OpenBSD since... well, a long long time.

Try "ps -auxwww" on, say, Mac OS X and OpenBSD and the difference is truly evident.

Citation needed. Seriously, this is /. where everyone is a world-class programmer (except me, of course).

I will grant you that one.

Bzzzzt! Sorry, you lose. As I have already said, this is not a LibreSSL problem - it's a Linux PRNG problem. Unless I am mistaken, the same issue is non-existent under OpenBSD, because it's PRNG is different from Linux, better seeded and because PIDs are randomized under that OS.

You contradict yourself: if programming PRNGs is, let's say, a medium difficulty task (neither trivial nor too hard), how come you have spent years designing and programnming PRNGs (your words, not mine) and how come the world is full of bad bad bad PRNGs? Surely, by now, everyone would have agreed on a reasonable implementation?

The truth is, PRNGs are HARD to program, because computers are not good at generating truly random numbers. Period. The best implementations all rely on some form of hardware generator. But don't take my word for it, go ahead and read this instead.

As opposed to the magnificent job OpenSSL has done all these years, with information leakage, bug reports that went uncorrected for years and accumulated cruft for such modern OS as VMS, DOS and Windows 3.1?

I think you need to tone down the hysteria a notch right here.

For different values of "tactful", of course... ;-)

That is absolutely right, but I will note right away that this is a problem specific to the Linux PRNG - OpenBSD does not have this vulnerability (also, because PIDs are randomized under OpenBSD)...

Oh boy, there is so much wrong here... Where to start?

First of all, OpenSSL problems are not ''getting fixed''. Part of the problem is that funding for OpenSSL was primarily based on company XYZ sponsoring function ABC. This gave incentives to the OpenSSL devs to add more functionalities on top of the cruft, the horrible mess that was the code base. More funding equals more developpers equals more eyeballs, but we haven't seen the progress so far.

Second of all, OpenBSD has given a HUGE amount of (BSD licensed) code to the rest of the world, Linux included. Try typing "ssh -V" on any Linux machine and I can guarantee you will get OpenSSH. And if you are like me, this is something you use EVERY. FREAKING. DAY. So please stop the trolling about OpenBSD, mmmmkay?

Third, the amount of code that has been cleaned up, improved, deleted and just plain scrubbed is simply amazing. You can say whatever you want about OpenBSD cranky devs, they know their stuff and they know their way around C code.

Fourth, OpenSSL is BSD/Apache licensed, and not GPL, so stop spouting off about supporting GPL software - not everything has to be blessed by Stallmann to be acceptable. And, yes, the Linux Foundation recognizes this - while you don't.

There is not just ''cruft'' in the code base: if I remember correctly, they removed thousands upon thousands of lines of code from OpenSSL - think VMS, Borland C, Windows 3.x, MS Visual C++ (etc) support.

And they tested the whole thing on the OpenBSD ports - so far, nothing has been broken.

Oh and FIPS support? Not gonna happen. Bob Beck has been very very clear on that subject. OpenBSD does not care too much about US government standard.

That was the goal from the vey beginning: make the code less horrible to get people involved and correct as much as possible.

So, yes, they will find more problems. They expect that.

Acetaminophen is illegal now??!! Please say it ain't so!!

... And just about any form of meditation revolves about emptying your mind, focusing on your breathing and discarding thoughts (after examination) rather than dwell on them.

I just read this study as an example of how people are completely disconnected from their own inner life and addicted to constant stimulation. Seriously, an electric shock instead of enjoying a little bit of peace and quiet and a chance to gather yourself? What kind of total lack of self-control is that?

... Yet. They are working on it, thank you very much. See here. Or here.

Your poor attempt at sarcasm betrays (a) an overly sensitivity to criticism of your country, and (b) a complete misunderstanding of the issue at hand. There is no Berlin Wall because there is no escaping the NSA. They are spying on the entire world. You can move to Mexico - that makes you a suspect. You can move to Canada - that makes you a suspect. If you even talk to someone who may know someone who may have been in contact with a suspect, you will be caught in the dragnet.

Everyone is fair game, everyone is a potential target. Everyone will be spied on, because terrorists! 9/11! Dirty bomb! Mushroom clouds! They hate our freedom!

I suspect YOU did not get THAT memo. Or maybe you are of the "I did not do anything wrong - so I have nothing to hide and nothing to fear from Big Brother" persuasion? Hmmm?

By the way, why are you reading Slashdot, citizen? Do you have your permit for that? And why talk to this terrorist suspect or that one?

The rest of your comment are more of the same drivel, so I will not even dignify it with a response.

The Stasi (East Germany Secret Police) used to be one of the most powerful intelligence service in the world. It is estimated they had hundreds of thousands of informants and it maintained files on millions of citizens of East Germany.

But the Berlin wall eventually fell, despite all its efforts and all its agents. I believe the same thing will happen in the US. When the times comes, the whole rotten house of cards will crash down to earth.

Oh, and, NSA? Please go f**** yourself.

That's funny. It's almost as if some people just can't grok emacs while other can't grok vim.

I suspect you are right in this: maybe the first exposure is the one determinant factor. If you learn Emacs first (I remember trying it for the first time on my Amiga 500 - Lord, I am getting old) then you are going emacs all the way. If it's vi you learn first, then vim is the one you use. Almost philosophical.

Well, I was told to learn vi because... it's everywhere.

And, as I have said, while far from being a vim master, I really believe learning 20+ commands is enough to make you very productive under vim.

I have tried and tried and tried to ''get'' emacs, but I always give up after learning 5 or 6 Ctrl+something commands. Maybe I'll just give up one day and use vile, but vim is enough for my needs right now.

As the joke goes, "vi a veggie peeler knife, vim is a finely-honed, precision surgeon knife and emacs is a light saber. Most of the time, I cook, but, once in a while I need to fight hordes of battle droids."...

Here is my problem in the vim-vs-emacs debate:

Vim is pretty much the standard vi/editor/$VISUAL on every Linux distribution I use. Emacs is usually an extra package. Therefore, vim is installed, while emacs is not.

Once you have mastered the basic commands of vi, and its mode dichotomy (edit/command) you can edit text in a very efficient manner. Not to mention the goodies of vim, such as "vim -d" or "vim -x". I am so used to vim that, these days, I find myself hitting the Escape key under Word or Firefox. And I still have a lot to learn!

Emacs, on the other hand, is a complex, jumbled mess, a crazy carpal-inducing kitchen sink of a program that requires you to master its twisted logic before you can actually benefit from all the lispy goodness hiding inside. In the meantime, if you master, let's say, about 20 commands under vim, you undertand that its power is in its own logic, so to speak. Vim is complex, but it seems to me much more predictable and logically organized than Emacs.