Forgot your password?
typodupeerror

Comment: Re:Basic misunderstandings and self-contradictions (Score 1) 293

by Khopesh (#47043591) Attached to: Linux Sucks (Video)

The point is we need people like him to remind us that certain things suck and need to be replaced (cough, X11, cough) otherwise we ae stuck with old badly architected technology for decades.

It's hard to find somebody that says X11 doesn't suck. I am definitely not that person.

My point was that he says forking sucks, he gave an example where (unbeknownst to him?) forking was certainly the best option, then he went on to talk about how forked Linux distributions have made the world a better place. He seems to conclude that forking is great and that he "loves" it.

(Also, I misspelled his name. Sorry, Bryan. I guess my post had room for improvement ... meaning it sucked.)

Comment: Basic misunderstandings and self-contradictions (Score 4, Interesting) 293

by Khopesh (#47041529) Attached to: Linux Sucks (Video)

OpenSSL doesn't listen to bug reports. They don't even accept offered patches to known bugs. It's this spirit of non-cooperation that caused the forking into LibreSSL. See the 30 day prospectus (/. coverage) from the LibreSSL project lead, which details all of the problems. Brian even says forking is ultimately a benefit, and that he "loves that they're doing it."

It seems to be that his definition of "sucks" is "has room for improvement" ... Everything has room for improvement, so apparently everything sucks.

Encryption

30-Day Status Update On LibreSSL 164

Posted by Soulskill
from the all-the-hyperlinks-you-can-handle dept.
ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation."
Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.
Government

Congressmen Who Lobbied FCC Against Net Neutrality & Received Payoff 192

Posted by Soulskill
from the only-your-best-interests-at-heart dept.
An anonymous reader writes "Ars Technica published an article Friday highlighting the results from research conducted by a money-in-politics watchdog regarding the 28 congressmen who sent a combined total of three letters to the FCC protesting against re-classifying the internet as a public utility. These 28 members of the U.S. House of Representatives 'received, on average, $26,832 from the "cable & satellite TV production & distribution" sector over a two-year period ending in December. According to the data, that's 2.3 times more than the House average of $11,651.' That's average. Actual amounts that the 28 received over a two year period ranged from $109,250 (Greg Walden, R-OR) to $0 (Nick Rahall, D-WV). Look at the list yourselves, and find your representative to determine how much legitimacy can be attributed to their stated concerns for the public."

+ - Free software foundation condemns Mozilla's move to support DRM in Firefox.->

Submitted by ptr_88
ptr_88 (3031455) writes "Free software foundation has opposed Mozilla's move to support DRM in Firefox browser partnership with Adobe. This is what FSF has to say about this move : The Free Software Foundation is deeply disappointed in Mozilla's announcement. The decision compromises important principles in order to alleviate misguided fears about loss of browser market share. It allies Mozilla with a company hostile to the free software movement and to Mozilla's own fundamental ideals ."
Link to Original Source

Comment: Re:did you checked the video? (Score 1) 688

by Khopesh (#46890121) Attached to: Firefox 29: Redesign

But part of me wonders if I'm missing the point, if they're so intent on breaking it then might I as well just move browsers now? If I'm having to rely on addons to make a browser work then am I not just sat precariously one step away from Mozilla deciding that addon is unacceptable and cancelling it anyway?

It appears the FF devs have forgotten that their main advantage over Chrome is addons. I have so many addons, with icons to control them in the status bar (addons bar) that the new FF gave me about an inch of locationbar to see URLs. Thanks guys. I reverted this by using the dev version of Status-4-Evar. The GP's mention of Classic Theme Restorer is interesting, but I worry about its compatibility with Tab Mix Plus and other addons, as well as to your point of perhaps trying the new look & feel.

+ - OpenSSH no longer has to depend on OpenSSL->

Submitted by ConstantineM
ConstantineM (965345) writes "What has been planned for a long time now, prior to the infamous heartbleed fiasco of OpenSSL (which does not affect SSH at all), is now officially a reality — with the help of some recently adopted crypto from DJ Bernstein, OpenSSH now finally has a compile-time option to no longer depend on OpenSSL — `make OPENSSL=no` has now been introduced for a reduced configuration OpenSSH to be built without OpenSSL, which would leave you with no legacy SSH-1 baggage at all, and on the SSH-2 front with only AES-CTR and chacha20+poly1305 ciphers, ECDH/curve25519 key exchange and Ed25519 public keys."
Link to Original Source

+ - Yes. The NSA did know about, exploit Heartbleed-> 1

Submitted by squiggleslash
squiggleslash (241428) writes "One question arose almost immediately upon the exposure of Heartbleed (Original Slashdot story), the infamous OpenSSL exploit that can leak confidential information and even private keys to the Internet: Did the NSA know about it, and did they exploit if so? The answer is "Yes". Bloomberg reports that "The agency found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks." Some National Security experts are upset about this, given the same flaw could just as easily be used by foreign governments against Americans as vice versa."
Link to Original Source

+ - Algorithm Reveals Objects Hidden Behind Other Things In Camera Phone Images->

Submitted by KentuckyFC
KentuckyFC (1144503) writes "Imaging is undergoing a quiet revolution at the moment thanks to various new techniques for extracting data from images. Now physicists have worked out how to create an image of an object hidden behind a translucent material using little more than an ordinary smartphone and some clever data processing. The team placed objects behind materials that scatter light such as onion skin, frosted glass and chicken breast tissue. They photographed them using a Nokia Lumina 1020 smartphone, with a 41 megapixel sensor. To the naked eye, the resulting images look like random speckle. But by treating the data from each pixel separately and looking for correlations between pixels, the team was able to produce images of the hidden objects. They even photographed light scattered off a white wall and recovered an image of the reflected scene--a technique that effectively looks round corners. The new technique has applications in areas such as surveillance and medical imaging."
Link to Original Source
Education

Ask Slashdot: Online, Free Equivalent To a CompSci BS? 197

Posted by timothy
from the yes-but-how dept.
An anonymous reader writes "I am a middle school math teacher and I also run a programming club. I recent completed my M.Ed in math education and was inspired to try to do the new GT online MS in Computer Science in a couple of years. I have some background in programming: two intro to comp sci courses, Java, C++, Python, the main scripting languages, and a bunch of math background. I also read through this great article on getting these pre-requisites completed through Coursera but unfortunately you need to wait for courses to enroll. I would like to just learn these on my own time, no credit necessary. Suggestions?"
Media

TrustyCon Session Videos Now Online 6

Posted by Unknown Lamer
from the grab-some-popcorn dept.
The RSA conference counter-conference TrustyCon livestreamed its videos and made the seven hour video available. Al Billings wasn't happy with that, and split the videos into segments for easy viewing. Quoting: "I don't know about you but I like my viewing in smaller chunks. I also tend to listen to talks and presentations, especially when there is no strong visual component, by saving the audio portion of it to my huffduffer account and listening to the resulting feed as a podcast. I took it on myself to do a quick and dirty slice and dice on the seven plus hour video. It isn't perfect (I'm a program manager, not a video editor!) but it works. ... Additionally, I extracted the audio from each of these files and put an audio collection up on the Internet Archive, for people like me who just want to listen to them." The videos are collected into a Youtube playlist.

Passwords are implemented as a result of insecurity.

Working...