No, he's talking about mitigation, which is a well-known security practice. It's not about obscurity - you can have two or more open source implementations, but it's then harder for the same bug to be in both or all.

To give a concrete example, take a look at the DNS root zone servers operated by Verisign. They run a 50:50 mix of Linux and FreeBSD and increasingly a mix of BIND and Unbound. They use a userspace network stack on some and the system network stack on others. If someone wants to take out the root zone, they need to find exploits for each of these systems. A bug that lets you remotely crash a FreeBSD box likely won't affect Linux and vice versa. That gives them a little bit more time to find the fix (they also massively overprovision, so if someone does take out all of the Linux systems then the FreeBSD ones can still handle the load, and vice versa). If someone finds a bug in BIND then the Unbound servers will be fine.

If your web site were running a mixture of OpenSSL and something else, then it would be relatively easy to turn off the servers running OpenSSL as soon as the vulnerability is disclosed and only put them back online when they've been audited for compromises. Of course, it depends a bit on what your threat model is. If a single machine being compromised is a game-over problem, then you're better off with a monoculture (at your organisation, at least). If having all (or a large fraction) compromised is a problem, but individual compromises are fine, then it's better to have diversity.

If that's the take-home that you got from that video, I suggest you watch it again. You clearly missed the point.

The problems with OpenSSL aren't actually in the crypto parts. libcrypto is pretty solid, although the APIs could do with a bit of work. The real problems are in the higher layers. In the case of heartbleed, it was a higher-level protocol layered on top of SSL and implemented poorly. It was made worse by the hand-rolled allocator, which is also part of libssl (not libcrypto).

OpenSSL is quite shockingly bad code. We often use it as a test case for analysis tools, because if you can trace the execution flow in OpenSSL enough to do something useful, then you can do pretty much anything. Everything is accessed via so many layers of indirection that it's almost impossible to statically work out what the code flow is. It also uses a crazy tri-state return pattern, where (I think - I've possibly misremembered the exact mapping) a positive value indicates success, zero indicates failure, and negative indicates unusual failure, so people often do == 0 to check for error and are then vulnerable. The core APIs provide the building blocks of common tasks, but no high-level abstractions of the things that people actually want to do, so anyone using it directly is likely to have problems (e.g. it doesn't do certificate verification automatically).

The API is widely cited in API security papers as an example of something that could have been intentionally designed to cause users to introduce vulnerabilities. The problem is that the core crypto routines are well written and audited and no one wants to rewrite them, because the odds of getting them wrong are very high. The real need is to rip them out and put them in a new library with a new API. Apple did this with CommonCrypto and the new wrapper framework whose name escapes me (it integrates nicely with libdispatch), but unfortunately they managed to add some of their own bugs...

If by 'any deal' you mean 'any contract' then they generally do come with either unlimited texting or quite a lot, but that's not true for pre-paid plans, which have made up the majority of the market for the last few years. I'm currently with Three, and they charge 3p/min for calls, 2p/min for texts and 1p/min for data - I'd have to spend a lot of time on the phone to come close to the cost of the cheapest contract plan, so they really only make sense for people who use their phone for business, or who haven't worked out that the 'free' phone that they get is really a loan at 50+% APR to buy a phone. For 2p, I can have one SMS or 2MB of data. The latter is enough to keep an IM connection open all day, so I can see the attraction of things like WhatsApp, especially since you can switch to the desktop version whenever you find the keyboard too limiting.

And that's not counting the fact that you can use WiFi when you're somewhere where roaming is expensive, which is the only reason I still have a SIP client installed on my phone: It's cheaper for me to make calls to the UK from the UK over the mobile network, but when I'm abroad (outside one of Three's Feel at Home countries) it's often a lot cheaper to use SIP. Sending text messages abroad is very expensive, but using WiFi is usually free.

No prepaid plans in the UK come with unlimited texting. You can generally buy a bundle that includes it, but a bundle that provides more data than it's easy to use on a smartphone (without tethering) is generally cheaper and allows you to use email and the web as well as IM apps. I generally pay £1-2/month, and it costs as much in terms of data to have an entire day of IM connectivity as it does to send one SMS.

Well, I can't speak for the failure rate but my iPhone 4 is now 3.5 years old and during Easter I used it a lot, even after a day of heavy use I still had 20% battery left. Today it's at 67% after a 2 hours of GPS tracking. For daily use it's still fine and I'm guessing will be fine for years to come. For weekends and vacations away from a charger I'm considering getting a battery pack - compared to the original 1420 mAh battery you can get a 7000-10000 mAh external charger for cheap. You put it in your backpack or luggage, plug it in where you sleep at night even if that's a remote cabin or a tent in the wilds. Or for that matter just turn off the "smart", if I kill data traffic it'll last very long as a dumb phone as I've done that abroad due to cost. Basically as long as the battery works it's not really a problem.

Astroturfing Microsoft on websites, duh...

Well the cops did get a tip of one reckless maneuver that allegedly forced the tipper off the road. They tailed the truck for five minutes, saw no traffic violations or poor driving to collaborate the story. Then they pulled the truck over instead of being on their way. I'd agree with the dissenters, there's no reasonable suspicion of an ongoing crime - that is, drunk driving - and they pulled him over on a fishing expedition. One incident, observed by nobody but an anonymous tipper who may or may not have called it in just to be mean - I mean it's quite impressive to get a full license plate down while you're really being run off the road so some generous exaggeration may have happened. She didn't even accuse them of driving drunk, that's the court's argument that maybe they were while completely ignoring that the officers saw no sign of it.

Or maybe you just have a pack rat obsession with owning things while the rest of us as just looking to get some entertainment. I "buy" a non-transferrable license to a DRM-locked online-tied sandbox, even a DVD which also has DRM is more liberal as I can sell, lend, play anywhere without anyone's approval or activation but even that one I can't back up or format shift legally as I expect to do with my own property. None of that is an absolute necessity though, what matters if if the value (utility, desire) exceeds the costs (money, inconvenience) and if I am confident that I'll get my money's worth from it before Steam goes under and the service disappears in a puff of smoke I come out ahead. If I desperately want to play it 10+ years down the line I suspect it will be available somehow on GOG (legally), TPB (not so legally) or whatever so it's not a "now or never" situation.

Yes, I get pretty pissed when you abuse DRM to deliver use control like unskippable commercials and region locks, crap that acts more like malware (hello StarForce) and such things but ultimately I am looking to get entertained, it's in the same class as Netflix (subscription), Spotify (subscription) not about having my documents and data trapped in proprietary products with lock-in. Realistically if Steam said all games are now a 5 year lease it'd probably not change my habits at all. If they start acting like asses I always have the option to say here are the letters F and U, I'll be sourcing my entertainment elsewhere from now on. It's not like there's a shortage or anything, particularly since it won't cost me a moral fiber to download games I used to have on Steam off TPB should that ever become necessary.

The last time I bought a dedicated device like this, I got a PC Engines WRAP, which is similar to the boards that Soekris sells. For about £100, I got a 266MHz AMD Geode (x86) CPU, a board that could boot from a CF card, and had 3 wired sockets and 2 miniPCI slots (with an 802.11g card in one), a metal case and a couple of antennae. That was quite a few (actually, almost ten) years ago.

The first search result has a similar kit for £139, which is a bit more, but if you shop around you can probably get it for cheaper. That includes a 500MHz x86 CPU and 256MB of RAM, so it will happily run most stock *NIX distributions, or something firewall-centric like pfSense.

Well, if we do an experiment on gravity we determine it only in a point location at a given time, the rest is extrapolation/intrapolation that gravity remains constant between locations and across time. Take two sections of forest, build greenhouses around them and pump more CO2 into one and you have a pretty good scientific experiment. Yes, putting the pieces correctly together is complicated but as long as you accept that things obey the laws of physics and chemistry and don't magically become different at a macro scale you can build bigger and bigger pieces of the puzzle from small blocks. There's no "irreducable complexity" here as the relgious like to trot out when they don't like the science.

No, you shouldn't, but the laptop is probably drawing something on the order of 60-85W and there's no reason why it couldn't get that from a power supply in the display, rather than a separate wall wart...

Thunderbolt doesn't do USB, however the fact that it does PCIe means that you can run a USB controller on the other end. You wouldn't want a Thunderbolt mouse, because it would require sticking a USB controller in the mouse as well as a Thunderbolt interface and a load of PCIe bus logic. USB is nice because the client component is relatively simple and can be made very cheap. It's also nice because there are a number of standard higher-level protocols built on top of it (e.g. HID for keyboards, mice and so on, DUN for things that look a bit like modems). Thunderbolt doesn't replace USB, it's the connection that you use between your laptop and the display or docking station that has all of the USB devices plugged into it.

With Thunderbolt, since it can carry two DP signals, you can plug in one cable to drive two monitors. Since it also carries PCIe, you can drive a USB hub and SATA controller and NIC in one display and also connect the keyboard and mouse and an external disk and network at the same time. Having the same connector able to deliver power would mean that you'd be able to drop a phone in a dock and have it gain access to all of those things and charge, which sounds pretty compelling to me.

We're also finding it useful because you can get PCIe enclosures so we can plug FPGA boards directly into laptops, rather than needing to have a desktop sitting under the desk doing nothing except exposing a high-speed JTAG interface, but that's a fairly niche use.