Forgot your password?
typodupeerror

Comment: Is the open-audit link really related? (Score 1) 135

by Rich (#45727351) Attached to: Academics Should Not Remain Silent On Government Hacking

The open-audit link seems to be to a piece of software that is unrelated to the text of the summary. Rather than being anything related to people willing to help audit software, it's actually a tool for auditing your network.

In addition, whilst it does seem to be GPL, you need to provide a name, and email to download it.

Comment: Re:you have the source (Score 1) 566

by Rich (#44812743) Attached to: Linus Responds To RdRand Petition With Scorn

> Crypto is about math, not programming

The theory of crypto sure, but actually implementing it is much more about programming rather than about math. Most of the attacks on crypto implementations are side channel attacks not attacks on the basic maths that underlies the primitives. The implementation is much harder than the maths.

Comment: Re:Why should we trust openssl? (Score 5, Interesting) 53

by Rich (#38161058) Attached to: Dutch Government Officially Trusts OpenVPN-NL

That's true, though openssl has had the ability to add empty fragments to avoid the chosen plain text attack I suspect you're referring to for many years. What's strange is that the chosen solution (polarSSL) doesn't seem to have support for OCSP which is the main way to quickly revoke bad keys - particularly important in the light of the recent diginotar breach.

Comment: Re:Lua? (Score 1) 425

by Rich (#37268736) Attached to: Sixteen Years Later: GNU Still Needs An Extension Language

Really? I've worked with the bindings perl, python and Java, and also worked on bindings to a couple of different javascript interpreters. The python one was by far the best documented. There are a bunch of tools around like swig that will give the same effect for C code for perl and python (or simple C++ code). For more complex C++ sip does a decent job for python, but doesn't support other languages.

I guess I'm wondering what the criteria you're using to make this statement are?

+ - OpenOffice.org Celebrates Tenth Anniversary

Submitted by kami911
kami911 (997871) writes "The OpenOffice.org Community is turning ten years of age. Launching the celebration of a decade of open and free office productivity, the project's annual conference will take place in the city of Budapest from August 31 — September 3. Organized by the local community, supported by major sponsors and filled with life by a highly engaged, vivid community, the OpenOffice.org Conference (OOoCon) is the premier event for all those interested in OpenOffice.org development, OpenDocument technology and the future of free office software.

Since OpenOffice.org was created in 2000, the community behind the software has shaped a new era of open and free office productivity and is responsible for the creation and adoption of open standards. With studies showing more than 20 percent market share, coupled with an increasing number of governments, enterprises and private end-users taking advantage of OpenOffice.org technology, this year's conference will not only be our annual gathering for developers, adopters, enthusiasts and evangelists, but also the start to well-earned celebrations in local communities around the world.

At the event, attendees will find:
        * More than 100 speakers will present their thoughts and visions in four parallel sessions.
        * An ODF 1.2 Interop Demo. Hosted by OASIS, the international open standards consortium, the ODF 1.2 Interop will showcase applications processing ODF documents on the desktop, in the cloud and on mobile devices.
        * More than 80 presentations will show the variety of the community and highlight worldwide success stories.

"Our team has been working very hard to make this anniversary conference the best OOoCon ever", says Péter Szakál from Open SKM, the team lead for the Budapest organizational committee in charge of hosting the event. "With the help of our sponsors, and with the support of not only the local community, but the worldwide project, we're looking forward to an extraordinary event in the capital of Hungary. Framed by many community events, we're confident that the OpenOffice.org Conference 2010 will be a memorable event for everyone."

"For 10 years, OpenOffice.org has powered millions of users around the world with an award-winning, easy-to-use office productivity suite," said Michael Bemmer, vice president of Oracle Office. "At Oracle, we are proud to be the primary contributor to OpenOffice.org, as well as a Platinum sponsor of this year's OpenOffice.org conference and we eagerly look to passing yet more milestones."

Today, OpenOffice.org is the major open source office suite and one of the largest open source projects worldwide with
        * over 43 million downloads of its current 3.2 version
        * more than 300 million downloads since the project's creation in 2000
        * support for all major platforms
        * 10 years of community experience
        * more than 90 languages available

This year's OpenOffice.org Conference takes place from August 31 — September 3, at the Central European University in Budapest, with the plenary session being held at the Hungarian Parliament. The event is organized by ODFA Hungary, a nonprofit organization, with support from sponsors IBM, Multiracio, Oracle and in joint cooperation with the worldwide OpenOffice.org community.

Registration is open until the end of August, and all participants are encouraged to register online at http://www.ooocon.org/

More information: http://wiki.services.openoffice.org/wiki/OOoCon2010

FB events: http://www.facebook.com/#!/event.php?eid=134248523255484"

Comment: Someone just rediscovered XML Entity Attacks (Score 3, Interesting) 140

by Rich (#28962499) Attached to: XML Library Flaw — Sun, Apache, GNOME Affected

It's difficult to say from the information provided, but it sounds like someone just rediscovered XML entity attacks (as I did a few years ago). Assuming it is the same thing, here are some references from 2002 and 2006 with more details:
http://www.securiteam.com/securitynews/6D0100A5PU.html
http://www.sift.com.au/assets/downloads/SIFT-XML-Port-Scanning-v1-00.pdf

I've used these attacks in real-world tests and they are still surprisingly effective - just not new.

Comment: Re:KDE is actually repeating the CDE mistake (Score 1) 199

by Rich (#27808523) Attached to: Social Desktop Starts To Arrive In KDE

> including styles, theming, remote access, config databases, scalability, and GUI scripting.

Styles - not unless you count colour schemes which were available on platforms like win3.1 already.
Theming - not at all
Remote Access - only the basics that X11 provided for it.
Config Databases - nothing beyond Xt resources which were a pretty much failed implementation from the start.
Scalability - don't make me laugh.
GUI Scripting - did you ever try tooltalk?

CDE was a poor implementation of existing ideas and brought nothing new to the table.

This system will self-destruct in five minutes.

Working...