Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×

Comment Re:PolarSSL (Score 2) 304

Yes, openssl is a piece of junk that is far too widely used. Polarssl looks nice and especially interesting is the version that was mathematically proven to be immune to a whole bunch of CWEs: http://trust-in-soft.com/polar...

But for OpenBSD they can't use polarssl since it's gnu licensed. The sad thing is polarssl was originally called xyssl and xyssl was originally BSD licensed. If only OpenBSD would start with the final xyssl codebase and replace OpenSSL with that...

Comment South Africa (Score 1) 290

Theo, you left South Africa at the age of 9. Do you have any connection to the country? Have you been back? Do you think of yourself as a South African or a Canadian? Do you speak any Afrikaans? Places like Cape Town are beautiful and hike-worthy. I believe you enjoy hiking so was wondering if you've ever been back there for hiking.

Also, it is interesting that there are so many South Africans in tech. Elon Musk (Tesla), Mark Shuttleworth (Ubuntu), etc. Do you feel any connections to them due to a common heritage?

Comment Re:Wait, wait , WAIT a moment. (Score 3, Interesting) 277

I tried to do the math on this too. First of all, I'm not sure if the number is 20,000 USD or CAD (Since OpenBSD is based in Canada not the US). Next up is the fact that many of the machines are older non x86 machines that are not power efficient. For example when the SGI/AlphaStations/VAX/SparcStations were produced, focus was on MHz not power utilization. Finally, I think the project might use some type of uninterruptible power supply (UPS) as well as network switches, etc.

So by your math you're looking at CAD 20,000 = EUR 13,500 which at EUR 0.20 per kWh would buy you 67500 kWh = 7.7 kWh.

Now the project has supports about 20 architectures. And there are dedicated machines used to build the base system and dedicated machines used to build ports so at least 2 of each machine. On top of that there's probably an NFS server to host the source code, some UPS, network switches, etc, etc. So say about 50 machines total.

So 7.7kWh / 50 machines gets you to 154 watts per machine. I do believe they are on 24x7 as there are daily builds for many architectures, etc, etc. 150 watts is not unreasonable power consumption in my opinion.

Comment very misleading (Score 1) 376

Take a closer look at the google trends data. If you click on the "qt" tab you actually see that most of the searches are related to "qt syndrome" or "long qt". these are medical conditions and have nothing to do with UI toolkits. if you click on the "gtk" or "gnome" tab, the search terms are all related to UI toolkits.

Perhaps it's not something specific to gtk/gnome, but maybe all the toolkits including qt are in decline. Either due to smartphones/mobile or ubunut's unity or something else.

Comment just like BSD (Score 1) 74

So they're basically "reinventing" how BSD does things? They even blatantly copied an OpenBSD image for this presentation...

(Compare slide 13 from the presentation with OpenBSD 4.9 art)

In all seriousness though, it's a pretty good plan. Everyone knows that BSD means real engineering while Linux is "just a hobby, won't be big and professional"

Comment nothing new here, please move along... (Score 1) 311

Even if you have the source, it doesn't mean you can confirm what the binary is doing. See the classic "Trusting Trust" attack which is decades old. In my experience the most common reason for binaries that are not reproducible is due to build timestamps being embedded into the binary. For example, the ar command added the D flag in the past few years exactly for the purpose of being able to output reproducible results. (see the man page at http://linux.die.net/man/1/ar) It's true that reproducible binaries are probably a good thing from a security stand point, but in practice it can be a lot of work to make sure the build produces these. And even then, as Thompson showed, that doesn't always guarantee that what you see is what you get.
Security

Submission + - The Use of Exploit Kits Changed Spam Runs

An anonymous reader writes: Spammers used to depend on email recipients to tie the noose around their own necks by inputing their personal and financial information in credible spoofs of legitimate websites, but with the advent of exploit kits, that technique is slowly getting sidelined. Prompted by the rise in numbers of spam runs leading to pages hosting exploit kits, Trend Micro researchers have recently been investigating a number of high-volume spam runs using the Blackhole exploit kit. According to them, the phishing messages of today have far less urgency and the message is implicit: "Your statement is available online"; or "Incoming payment received", or "Password reset notification."
Data Storage

Submission + - Sapphire disk to last tens of thousands of years->

Frosty Piss writes: No data storage medium seems to last long before becoming obsolete. This has become an issue for the builders of nuclear waste repositories, who are trying to preserve records of what they've buried and where, not for a few years but for tens of thousands of years. The solution may be a sapphire disk inside which information is engraved using platinum. The prototype costs around $30,493 to make, but Patrick Charton of the French nuclear waste management agency ANDRA says it will survive for a million years. The aim, Charton says, is to provide 'information for future archaeologists.' But, he concedes: 'We have no idea what language to write it in.'
Link to Original Source
Music

Submission + - Supreme Court strikes down copyright fees on music, video->

An anonymous reader writes: Quick submission for all us Canadian's, looks like the Supreme court finally decided to rule on various copyright issues. No more fees to "preview" a song. Another of these rule changes could save our schools a lot of money. No more fee's required to photocopy material for students.
Link to Original Source

To downgrade the human mind is bad theology. - C. K. Chesterton

Working...