Forgot your password?
typodupeerror

+ - TrueCrypt gets a new life, new name->

Submitted by storagedude
storagedude (1517243) writes "Amid ongoing security concerns, the popular open source encryption program TrueCrypt may have found new life under a new name, reports eSecurity Planet. Under the terms of the TrueCrypt license — which was a homemade open source license written by the authors themselves rather than a standard one — a forking of the code is allowed if references to TrueCrypt are removed from the code and the resulting application is not called TrueCrypt. Thus, CipherShed will be released under a standard open source license, with long-term ambitions to become a completely new product."
Link to Original Source

Comment: Re:while... (Score 2) 117

by Tetch (#47905189) Attached to: Indian Mars Mission Has Completed 95% of Its Journey Without a Hitch

while 95% of the population still live in extreme poverty and could make more use of the billions wasted on this project

Nah, sorry, this argument doesn't work. Far more billions are wasted on completely useless military activity than the relatively miniscule space program of all nations put together - and the space programme at least has a use ...

As 'The Hawk' says, we urgently need to set up an off-world colony before the next asteroid strike wipes our species out. We had an unexpected visit from such an asteroid whizzing past inside the orbit of our geostationary satellites just a couple of days ago - this house-sized lump of rock was only detected for the first time about a week before it arrived. Who knows how long we've got before one of these things actually collides with us. Apparently such an event is now overdue in geological timescale terms.

More space programme please.

Comment: Re:Bad Technology Is Bad (Score 1) 207

by Tetch (#46296011) Attached to: Chevron Gives Residents Near Fracking Explosion Free Pizza

http://en.wikipedia.org/wiki/Trojan_Nuclear_Power_Plant

Thanks - didn't know about that one, and I'm grateful for the information .... It's been worrying me more and more that idiots (i.e. politicians) keep commissioning more and more nuclear power generation facilities without having any idea (and without even wanting to know) how we're going to clean up the aftermath. It's good to know that somebody has made at least one serious attempt to try it. Although ...

Still has the "what do we do with nuclear waste?" problem, but it was decommissioned anyway.

... as you noted, encasing the reactor vessel in concrete foam and burying it under 45 feet of gravel doesn't really cut it.

If you haven't seen it, there's a really instructive documentary ("Into Eternity"), made in 2010, about a nuclear waste storage repository ("Onkalo") being constructed deep underground in Finland, that is tackling - among other things - the extreme difficulty of figuring out how to construct signage ("Stay Away - Extreme Danger To Health") at the entrance to the facility, that will still be adequately durable, legible and understandable to descendant humans 100,000 years from now.

As the narrator says, "Onkalo must last 100,000 years. Nothing built by man has lasted one tenth of that time."

Another instructive documentary covers the herculean efforts made by the Russians/Ukrainians at Chernobyl to avoid a worse disaster than we already had.

It's a horrific story. They used soldiers to go up on the roof of the reactor building, each of whom could only risk being there for 45 seconds before getting their full dose for the year - enough time to chuck 2 shovelfulls of debris over the side, and then run away fast. In the end, they had to mobilise 500,000 (!) workers of all kinds to get the emergency cleanup done - and as we all know, even then it wasn't done very well, so much so that the EU is having to do it all over again.

I don't even want to think about how Fukushima's gonna go - it seems to be a worse mess than Chernobyl (albeit at a somewhat better designed & built power station). One fact that has stayed with me was how, at the time the tsunami took out the power, the on-site engineers had to go get their car batteries out of their own cars, bring them in, and wire them up in series so as to power up the control room instrumentation to find out what was going on in the reactors. We all owe those guys a beer.

It seems to me (somebody else coined this, not me) that our technological capabilities have advanced faster than we have evolved the ability to safely manage them, and we should just take a step back and do some very careful thinking. We can afford to reduce our lifestyles, wait a while, and revisit The Plan repeatedly until its perfect - we only have the one planet. It's the greedy short-termism involved in the rush to have it all that disgusts me.

Personally I imagine the way forward will involve giant solar panels in orbit collecting the Sun's bounteous energy and somehow transmitting it down to the surface. I have no idea whether that's just science fiction :-) .... it does of course require everyone to stop fighting wars, and divert all the money back into a proper space programme.

Comment: Bad Technology Is Bad (Score 5, Insightful) 207

by Tetch (#46292467) Attached to: Chevron Gives Residents Near Fracking Explosion Free Pizza

Yup, don't like fracking - it carries too high a risk of polluting my landscape, and quite likely turning a beautiful view into a rubbish-tip. In the UK, the government has even gone on record to say the extracted oil & gas won't reduce anybody's energy bills. It will, however, make a shit-load of money for some people who already have too much, and who seem willing to rig the deck to make sure they get their way.

Don't like nuclear fission power either - it produces *filthy* dirty waste, that we have no idea what to do with. AFAIK, not a single nuclear power station has yet been decommissioned and cleaned up anywhere in the world - quite a few are mothballed, while an alleged "decommissioning" process achieves almost nothing and stretches endlessly into the future at vast expense to the tax-payer (cos poor little private sector can't take the pain, so public sector has to take that task on, or private sector will take its ball home).

Both these technologies are amateurish, half-assed, ill-thought-out, poor examples of our abilities at this climactic moment of the 21st century, and I'm embarrassed to be a member of the same species that wants to do this crap. Come on ... we're capable of better than that.

For some reason, many of my peers in this /. community seem to take umbrage whenever there is any criticism of any industrial process if there is some kind of "technology" aspect to that process. There appears to be a belief that so long as a process makes money and is technological, it must be undertaken, irrespective of the impact on this one uniquely precious planet that we have here. I will continue to try to understand this point of view, but I fear its exponents are blinded by the flashing lights.

Sigh.

+ - Harvard Bomber Hoax Perpetrator Caught through Tor->

Submitted by Meshach
Meshach (578918) writes "The FBI has caught the student who called in a bomb threat on December 16. The student used a temporary anonymous email account routed through Tor but the FBI were able to trace it because it originated in the Harvard wireless network. He could face as long as five years in prison, three years of supervised release and a $250,000 fine if convicted."
Link to Original Source

+ - Theo de Raadt gives a 10-year summary on exploit mitigation in OpenBSD

Submitted by ConstantineM
ConstantineM (965345) writes "Microsoft has all significant exploit mitigation techniques fully integrated and enabled, claims Theo de Raadt at Yandex ruBSD, whilst giving a 10-year summary of the methods employed by OpenBSD. In year 2000, OpenBSD started a development initiative to intentionally make the memory environment of a process less predictable and less robust, without impacting the well-behaved programs. Concepts like the random stack gap, W^X, ASLR and PIE are explained. Some of them, like the random stack gap, are implemented with a 3-line change to the kernel, yet it appears that some other vendors are still shipping without it."

+ - Image of Europe Getting Nuked Used in Promotion for China's Moon Rover-> 4

Submitted by jjp9999
jjp9999 (2180664) writes "In a promotional exhibit for China's Jade Rabbit lunar rover, an image in the background showed a nuclear explosion over Europe. The image they used was public stock photo titled "Nuclear Explosion on Earth from Space." How it got picked up for the exhibit remains a mystery. The exhibit was shown in November at the China International Industry Fair 2013 in Shanghai ahead of China's recent lunar landing."
Link to Original Source

+ - Qt 5.2 - Foundation for KDE Frameworks 5->

Submitted by KDE Community
KDE Community (3396057) writes "On December 12th, the Qt Project released Qt 5.2. Congratulations to the Qt community for this great milestone! This version will form the foundation of Frameworks 5, the upcoming modularized release of the KDE libraries. As part of the Frameworks efforts, KDE devoted considerable effort to integrating valuable KDE technologies into Qt 5.2. This article is intended to give a glimpse at some of KDE's contributions to Qt."
Link to Original Source

Comment: Re:Time to switch gears (Score 2) 163

by Tetch (#45711021) Attached to: Facebook Tracks the Status Updates and Messages You Don't Write Too

Yes, Javascript is used all over the web, but I find that in almost every case it is unnecessary. I use Noscript, and have a pretty small whitelist, comprising mostly just my bank, some webmail sites, and one or two travel ticket booking sites that just don't work at all without it. I temporarily whitelist quite a variety of sites whose functionality is enhanced by scripting, but only on those occasions when I actually need that extra functionality - and taking that moment to click on the Noscript icon to do the temporary whitelist really doesn't slow me down.

One example is the BBC news website, which runs at least twice as fast with scripting disabled - so I keep scripting blocked there except when I actually want to watch the video associated with a news story.

Facebook stays disabled except on those rare occasions when I actually venture into that cess-pit; I believe (not sure) that this preserves me from most/all of those attempts by Facebook to follow me round the Web ("Like" ... "Share this" ...).

And all those tracker sites of which I'm aware (doubleclick, google-analytics, 2o7, etc.) stay on my Noscript 'Untrusted' list.

All the forums I use regularly work just fine without scripting, albeit sometimes with a slightly clunky look'n'feel. Often a site's 'search' facility just reports "No hits" unless scripting is enabled, but I'm blessed if I know why. So on the rare occasions when I need to search the forum, I temporarily whitelist. Easy, quick.
[BTW: I've authored plenty of websites with a search engine integrated, and scripting is just not necessary (at least with Ht://Dig).]

There is just no need for scripting in the vast majority of cases - genuinely Web 2.0 sites excepted. I reserve a special level of contempt for sites that implement links with Javascript.

I accept that large efficiencies of content data transfer are obtained when AJAX is used nicely (page components updated in situ instead of a complete retransmission of the entire modified page). However, as a capable security-minded sysadmin I'm also aware of that fundamental security adage: "If you let a Bad Guy run His program on Your computer, it's not Your computer any more", ((c) Microsoft). Javascript functions are programs, so to allow all websites to run Javascript on my computer is an act of faith that :

  1. 1) The site administrator is not a Bad Guy
  2. 2) The site administrator is competent enough to author and/or run the webserver platform in a sufficiently secure manner that it never gets broken into by a Bad Guy and infected with a silent drive-by malware download.

I'm afraid I just don't have that level of confidence in the abilities and motivations of all 5 Gajillion website sysadmins out there - and they not only have to be that competent, but also remain that competent 100% of the time. Heh.

I run without scripting enabled, I enjoy a significantly faster and more ad-free web experience, I visit all kinds of murky parts of the Web :), and it's literally years since any PC of mine acquired an infection - unlike the army of friends and relatives whose PCs I'm regularly called to disinfect. Sadly, I accept that most Ordinary Folks just cannot get their heads round this stuff, and are completely fazed by the idea of having to "authorise" anything that ever happens on their computer. This, my friends, is Our Fault - we should not have engineered a WWW that functions so dangerously.

Dialog Box (n):
A small window containing an 'Ok' button, a 'Cancel' button, and some text that the user will ignore.

You know that almost all drive-by downloads (apart from those that target buggy embedded document viewers) exploit a flaw in the DOM that requires Javascript to leverage, right ?

+ - Ask Slashdot: How reproducible is arithmetic in the cloud? 1

Submitted by goodminton
goodminton (825605) writes "I'm research the long-term consistency and reproducibility of math results in the cloud and have questions about floating point calculations. For example, say I create a virtual OS instance on a cloud provider (doesn't matter which one) and install Mathematica to run a precise calculation. Mathematica generates the result based on the combination of software version, operating system, hypervisor, firmware and hardware that are running at that time. In the cloud, hardware, firmware and hypervisors are invisible to the users but could still impact the implementation/operation of floating point math. Say I archive the virutal instance and in 5 or 10 years I fire it up on another cloud provider and run the same calculation. What's the likelihood that the results would be the same? What can be done to adjust for this? Currently, I know people who "archive" hardware just for the purpose of ensuring reproducibility and I'm wondering how this tranlates to the world of cloud and virtualization across multiple hardware types."

Comment: Re:9am to 5pm work day? (Score 1) 309

by Tetch (#45116705) Attached to: My productivity peaks between...

most people start work at 8am

No they don't !
What kind of slave-drivers do you work for ?
American slave-drivers, by any chance ?

Over here in Europe there are all kinds of work routines, largely depending on the type of climate. And in my experience there are always at least two major groups: those who like 8am-4pm, and those who like 10am-6pm. The first group claim they get a lot done early in the morning, but on the rare occasions I was in that early (all-nighters, go-lives) I noticed a lot of chatting or reading news among that group ... especially among the subgroup who actually liked getting in at 7am for some benighted reason.

Personally, I don't get out of bed till 9am, and find mid-to-late-afternoon the most productive, after the fire-fighting and routine meetings are done.

PS: given the traffic overload on transport infrastructure these days I think it's a very good thing that arrival & departure times are staggered throughout the start and end of working days.

Comment: Re:The obviously stupid question. (Score 1) 163

by Tetch (#44966209) Attached to: Ask Slashdot: Best Open Source CRM/ERP System For a Small Business?

Once upon a time, all organisations of any significant size had an in-house 'Computer Department', with systems analysts, and programmers, and computer rooms, and operations teams ... which provided bespoke custom-developed applications suites to perform all the business functions that organisation depended upon. These custom applications worked more or less well.

Then, along came the Big Bad articles in CEO magazine, which convinced the CEO to liberate herself from the need to employ all those IT weirdos (with their strange clothing, incomprehensible jargon, and salaries that offended the HR department), by simply outsourcing the organisation's IT needs - usually by buying an off-the-shelf ready made suite of software (often from SAP Corporation) that allegedly could perform any conceivable kind of business function ... all you had to do was write a few configuration files that specified the parameters that defined the actual business needs of that organisation, press the 'Run' button, and hey presto.

This off-the-shelf ready-made software is known as Enterprise Resource Planning (ERP) software, and it never does exactly what you need it for, but the CEO and the ERP sales consultants all get to have huge bonuses, and three holidays a year, and the actual end-users get to 'blame the computer' for the rest of their lives. Only a few old-timers still whisper in the canteen about the days of The Mainframe when Things Just Worked.

Oh, and the redundant in-house IT staff, who used to work on the bespoke custom application systems, get to have no cookie :)

These days I dust and polish my old COBOL-74 manuals in the shrine in the attic, tell my nephews and nieces lurid tales of paper-tape punches and systems that were taken down every Wednesday morning for hardware maintenance, shake my head in disbelief at all the J2EE-framework websites that litter the Interwebs, and stare into the distance a lot.

Did I ever tell you about the time th..[][][][][]..NO CARRIER

"When it comes to humility, I'm the greatest." -- Bullwinkle Moose

Working...