Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Obligatory reminder that an alternative exists (Score 1) 96

by Carewolf (#48902903) Attached to: OpenSSL 1.0.2 Released

That's at least three sorts of nonsense:




The OS has no magic either, or are you saying that it's random seeds all the way down?



Yes. There is for thing dedicated random number hardware and there is hardware that can produce partially random data, such as network cards and radios, but the latter are only really good when combined with eachother and with a random number tracker, which is something the OS can do.

Comment: Re:libressl-2.1.3 (Score 1) 96

by Carewolf (#48902895) Attached to: OpenSSL 1.0.2 Released

Care to provide any actual statistics for that claim, or are you just one of those annoying morons with a habit of being FUDsy against anything with "Gnu" in the name?

No, I prefer GPL when other choices are equal. GnuTLS has just never had a very good reputation, and even from the most optimistic point of view, it has always been secondary to OpenSSL just by having fewer users and fewer developers. I would be great if it was better, but it has had some unfortunately design choice and a long string of serious vulnerabilities. Just look it up.

Comment: Re:Obligatory reminder that an alternative exists (Score 1) 96

by Carewolf (#48897585) Attached to: OpenSSL 1.0.2 Released

No matter what the security problem, it's always the random numbers, or lack thereof that is the problem.

(checks apt-get before making a fool of himself) ... Why the hell hasn't somebody made libRNG?

p.s. Seriously, how hard could it be to split out the RNG code of openssl or libressl and make it the gold standard? Yeah, I know it's generally unproductive to ask such rhetorical questions. Yes, I'm a coder that could do it (never looked at openssl code, but I'm sure I've dealt with worse, so I know it's possible), but I have no desire to become the owner of such a project, so I won't even bother to look at the effort required. Nor will you, probably. I have plenty of other things occupying my time. Maybe in another 20 years, if I'm retired by then...

Because on a unix system you just read from /dev/random anyway. Random seeds is an operating system responsibility, you can not make good random numbers without a little good random seed.

Comment: Re:libressl-2.1.3 (Score 2) 96

by Carewolf (#48897579) Attached to: OpenSSL 1.0.2 Released

OpenSSL remains the only portable SSL library that can be used by both open source and commercial developers alike. Which is really a shame, because OpenSSL sucks. All the bad things the libressl people have said about OpenSSL are absolutely true.

We have GnuTLS which is only one year younger than OpenSSL, has a nicer API, is portable to Windows, has a better track record with regard to binary compatibility, a better build system, and can be used by commercial software (it’s LGPLv2.1). Comparison of features with other SSL libraries.

It also has a much worse track record in security, which is why no one uses it as the a primary SSL library and only as a library for operating on certificates.

Comment: Re:Performance Mouse MX (Score 1) 416

by Carewolf (#48897427) Attached to: Ask Slashdot: Where Can You Get a Good 3-Button Mouse Today?

Can't recommend enough the Performance Mouse MX enough.

While it does have the middle button integrated into the scroll wheel, once used to it you will find it completely intuitive. I middle click hundreds of times a day and only found it difficult during the first two weeks of owning the mouse. 5 years later I still prefer the Performance MX over anything else.

To middle click I typically shift my index finger over a centimeter or two. My hands are slightly above average size and ergonomically the PerfMX is perfect for me.

Logitech Anywhere MX is similar except it actually has a separate button for the middle mouse button. The wheel click is changed to be the free-wheeling lock which makes much more sense.

Also, free wheeling for the win.

Comment: Re:Internet cables? (Score 2) 415

by Carewolf (#48876695) Attached to: Blogger Who Revealed GOP Leader's KKK Ties Had Home Internet Lines Cut

Who the hell writes this crap? Internet cables?

I assume this is in the US. Where the cables are in the air going from the house to the utility pole, just like in 3rd world countries. They probably cut the telephone cable as well if there was one, but who would notice that?

Comment: Re:Crusty Hardware (Score 2) 188

by Carewolf (#48875287) Attached to: User Plea Means EISA Support Not Removed From Linux

I find it hard to believe that anyone is using EISA still. It got almost no traction in desktops and the only systems that ever had EISA slots were 386-486 era servers before the VL-BUS and PCI bus started to gain traction in late 486's.

If someone actually has a working EISA system, I'd like to see a photo. I had never managed to see more than one of these systems in my lifetime, and only saw one because it was being replaced in 1997 by a Pentium desktop.

I've actually seen more MCA systems than I've ever seen EISA.

EISA was parallel with VL-BUS for a long time, where consumer hardware used VL-BUS and enterprise or server hardware used EISA. PCI replaced both that wasn't until the mid 1990s. Still 20 years ago though.

Comment: Re:Not "like Slashdot" (Score 1) 224

by Carewolf (#48867621) Attached to: Facebook Will Let You Flag Content As 'False'

Exactly my 1st thought. Maybe not "false" exactly, but I've long wanted to be able to mod comments "-1 incorrect". Of course I also want a "+1 funny AND insightful".

Yeah I have often missed it too, but I guess the point is that if the post is incorrect you should reply to it and correct it, and moderators should look for replies that correct it to upvote.

The real problem is that you are not allowed to comment after voting on a story.

Comment: Re:Nice laptop, but dislike the keyboard design (Score 1) 588

by Carewolf (#48846835) Attached to: Why Run Linux On Macs?

A recent employer issued me a new 15" MacBook Pro. I really liked the weight, battery life, screen quality, and the feel of the keyboard. But the non-PC keyboard layout drove me nuts. I.e., the absence of stand-alone keys like home, end, page-up, alt, etc.

You should happy they removed home and end. At least if you are running OS X. You might end up hitting them otherwise, and then chaos and stupidity ensues. It seems Apple instead of fixing the retarded behavior of home and end in OS X just removed the buttons so users would hit them and be thrown around and lose the position in the document they were working on. Typical Apple; fixing the problem, not by admitting any fault but by removing user options.

Comment: Re:Here's an interesting follow-up idea (Score 4, Insightful) 291

by Carewolf (#48842007) Attached to: Innocent Adults Are Easy To Convince They Committed a Serious Crime

What would be interesting would be to see what a polygraph says about their false memories. Can it distinguish between an event that occurred and one that was from a false memory? If not, that would be the final nail in the coffin.

What coffin? Polygraphs are a hoax intended to scare stupid criminals into confessing. It does even work on real memories, why would it work on false ones?

Comment: Re:Microsoft: No evidence flaw successfully exploi (Score 1) 262

by Carewolf (#48832077) Attached to: Google Releases More Windows Bugs

Uh, isn't that what Google's proof-of-concept does - demonstrate the flaw being successfully exploited? Does Microsoft need to see N. Korea exploiting it before they believe it's real?

If you personally create a remote account for a North Korean spy and he uses this exploit to see you power control settings. You really were asking for it, not sure what but something.

Comment: Re:"Forget about the risk that machines pose to us (Score 4, Insightful) 227

by Carewolf (#48825337) Attached to: An Open Letter To Everyone Tricked Into Fearing AI

No, forget you. Yes journalism is crap and yes sensationalism rules the day. That doesn't make AI in 2015 and ongoing any less persistent a threat to humanity.

You are right, it doesn't make it any less of a threat, which is to say any less that non existing. You are exactly who this article is about, you have been conned into thinking AIs are actually real and could in any near future cause a threat to you, when that is in fact not the case. AI do not exists, all those software emulating AI are all smart systems working either deterministic based on specific rules set out or does stastical modeling to make guesses at what you mean or what they are looking at. Stastical modeling that makes a black yellow striped pattern look like a school bus, because it has no concept of anything and not intelligence in any sense of the word and that is the just what fits the statistical model.

Wherever you go...There you are. - Buckaroo Banzai