SSL has two parts that take a lot of time - key exchange using public-key technology, which just depends on the number of connections, and data encryption, which takes time proportional to the amount of data encrypted. Until the last few years, the key exchange time dominated, because public-key operations are slow and most use of SSL was for encrypting passwords, credit card numbers, or other very small chunks of data. It was pulling teeth to get a lot of sites to use SSL at all (though the whole Certificate Authority system is a lot to blame for that), and it was pulling teeth to get a lot of sites to encrypt more than just your login and credit card data (such as the whole page that asks for your login.)

Do you think speed doesn't matter any more, now that lots of sites are running with the CPU relatively idle? How many SSL connections do you use where the server has bothered to turn on PFS, the Perfect Forward Secrecy stuff that does a one-time Diffie-Hellman exchange? (Appallingly few.) How many sites do you connect to that are using 2048-bit public-key or longer? (Some, but hardly most.) It's still about performance.

We'll see if they can get the original OpenSSL project leaders to accept their changes, or whether they'll end up with their own fork of the project.

And while OpenSSL isn't an OpenBSD project (unlike OpenSSH), it's a tool that OpenBSD uses.

You're the first person I've heard of who's gotten something positive out of Scientology (your existence :-). Hope you and your family can recover from the rest of it.

Back when I had a Psion 3A organizer, it was a great tool for taking notes on, though eventually the hardware died.

After that I used a series of Palm Pilot versions, which weren't as good - graffiti was slower than typing, and the text file editor could only handle notes up to 4KB, so I had to start new ones roughly monthly (though at least they did sync with Outlook pretty well.)

For the last decade or so I've been doing most of my work on Windows, so I just keep a Notepad text file open on my laptop all the time, and update the filename quarterly to keep an archive (though I haven't actually truncated the old part of the file in a few years, since Win7's Notepad can handle decently large files.) I back it up to various other media, and I suppose I could also back it up to my phone.

So is there any way to cache Ubuntu upgrades, which would let my large collection of virtual and physical lab machines all fetch them from the LAN instead of the each one having to drag them across its WAN? Might as well fetch the official copy just once, and have everything else update at gigabit speeds.

So if you're still around, and not just drive-by trolling, what do you recommend other than Ubuntu or Mint? (I'm not counting Mint because there's already a thread about that.)

All of the above.

I assume Tahr had to go retest everything with OpenSSL updated to avoid the Heartbleed bug?

JEOS (Just Enough Operating System) used to be a sub-version of Ubuntu, with a minimal server edition; anything else you wanted was an apt-get install away. But there hasn't been a real JEOS version since about 8.04 or so, and with virtual machines these days I have a need for a lot of small-disk-footprint VMs. Is there something that's relatively similar, with basic networking and maybe a LAMP stack?

It would be nice to have a basic X windows environment, but I don't need big piles of Gnome or KDE, and I definitely don't need OpenOffice or lots of the other fun tools. Thanks!

Ubuntu's Debian-based - how much work will it take to migrate this to Ubuntu?

In this case I know it's some kind of privacy software, but typically "FooBatz Release 5.4c is out!!!" is some gaming application or whatever. A half-sentence or more in the Slashdot summary would help, and so would a FAQ that starts with a section of "What is FooBatz?" rather than with "Why won't Ver 5.4b build on Slackware?"

Am I trusting my tax data to online services? Fat chance. Too many people have my data already.

More precisely, my wife runs TurboTax, I run errands and fetch papers and caffeine.
Back in the 80s, we went to H&R Block because of the complexity of moving expenses from my first post-college job, and my wife said "that looks easy", took the H&R Block tax prep course and did a year of working there, then a couple years at another tax/accounting company, then started her own tax business, using TurboTax and a laptop. It was a bit difficult to keep everything working, because TurboTax assumed you had a desktop PC with a real disk drive instead of floppies, but after a couple years of using RAMdoubler and disk compression, she was able to upgrade to a laptop that resembled what TurboTax needed. Eventually she went back to doing computer businesses and was able to get rid of most of her tax clients (and eventually all of them), but she's been doing the taxes in the years since then.

I think we're finally using the personal version of TurboTax by now; we used the tax-preparer version for many years because there were things the personal one just couldn't do or didn't do well (including importing previous years' data from the tax-preparer version, which kept us on that for a couple years after we would have switched.)

No, you actually have to fix the code to add bounds checking, or download a new version of OpenSSL (which probably gets you other fixes as well, unless you were already running the latest version.)

Recompiling OpenSSL with the proper flag isn't enough to do the job - there are people who've done that and had problems keeping OpenSSL stable on their platforms, and more importantly, that still doesn't stop the Heartbleed attack from causing trouble. You need to get the code not to try to fetch memory beyond the appropriate object's array bounds, though OpenSSL should also default to using malloc()/free() instead of rolling its own badly.

Back in the 90s and early 2000s I was consulting, so whether I wore a tie or not depended on the customer. The sales guy I worked with brought me along to one Japanese company in the late 90s, so I guessed conservative and wore a tie. They asked me not to do it again; they'd convinced their management that nobody in Silicon Valley wears ties, and didn't want anybody to mess that up :-)

I did wear a tie to a New Year's party recently, and I wore one to a trade show a year or so ago just because I hadn't had any excuse to wear a tie in ages.

Yes, Dr. Who wears ties any more. (Or at least, David Tennant and Matt Smith did; haven't seen the latest Doctor yet. Bow ties are cool, right?)