Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - Amazon's new 6K LOC SSL/TLS implementation->

bmearns writes: Amazon announced today a new library called "s2n", an open source implementation of SSL/TLS, the cryptographic security protocols behind HTTPS, SSH, SFTP, secure SMTP, and many others. Weighing in at about 6k lines of code, it's just a little more than 1% the size of OpenSSL, which is really good news in terms of security auditing and testing. OpenSSL isn't going away, and Amazon has made clear that they will continue to support it. Notably, s2n does not provide all the additional cryptographic functions that OpenSSL provides in libcrypto, it only provides the SSL/TLS functions. Further more, it implements a relatively small subset of SSL/TLS features compared to OpenSSL.
Link to Original Source

Comment No complex constructs in python? (Score 1) 648

I'm curious what "complex constructs" the teacher thinks are missing from python that can be done in Visual Basic, or C for that matter. I haven't done VB in a long time, but I have significant experience in C and Python. The only construct I can think of that exist in C and not in Python is pointers, and I'd be surprised if they are covering pointers in VB in an intro class.

Any ideas what is being referred to?

Comment Re:No progress at all... (Score 1) 160

Looking at a random page from the book, the manuscript is clearly nonsensical

Yeh, you're right. The world's greatest linguists, historians, and cryptographers have been studying this for a century and are still undecided about the nature of the work, but you "looked at a random page" and have a pretty solid grasp on it.

Submission + - Another possible Voynich breakthrough, this time not by botanists

bmearns writes: Over the past few weeks we've been hearing a lot about a possible breakthrough in decoding the infamous Voynich manuscript, made by a team of botanists who suggested that the plants depicted in the manuscrit may have been from the New World and the mysterious writing could be a form of an Aztec language. But the latest development comes from linguist Stephen Bax, of Bedfordshire University, who believes he has identified some proper names (including of the constellation "Taurus") in the manuscript and is using these as a crib to begin deciphering the rest of the text, which he believes comes from the near east or Asia.

Submission + - Voynich Manuscript may have originated in New World

bmearns writes: The Voynich Manuscript is every geek's favorite "indecipherable" illuminated manuscript. It's bizarre depictions of strange plants and animals, astrological diagrams, and hordes of tiny naked women bathing in a system of interconnected tubs that bare an uneasy resemblance to the human digestive system, have inspired numerous essays and doctoral theses', plus one XKCD comic. Now a team of botanists (yes, botanists) may have uncovered an important clue as to its origin and content, by identifying several of the plants and animals depicted, and linking them to the Spanish territories in Central America.

Comment Re:Easy (Score 1) 330

Yeh, and for a long time, SSL was considered "good enough".

But honestly, getting two people to assure you that "yes, this is solid, the NSA isn't trying to trick you and certainly hasn't recruited me to play along" is hardly "good enough". A dozen experts, maybe. A hundred independent experts from different institutions around the globe is getting close to "good enough". But I hardly think two people is sufficient.

Comment Re:Trust no one (Score 3, Insightful) 330

But from whom do you learn the math? A teacher? A textbook? Unless you derive it all yourself from base axioms, you do have to trust someone at some point. Math is logic, pure and simple: that's true, but it is subtle enough and complex enough, especially at the level of cryptography, that you could be taught something which is false and yet verifiable (i.e., internally consistent, but externally incorrect). And of course, beyond outright misinformation, there is the very real possibility that the math is sound but someone has discovered a technique for busting right through it.

But I think the more important point is that our entire society breaks down instantly without trust. Specialization is the basis for all of human advancement, and trust is the basis for specialization. You don't learn to build a car yourself, you trust an auto mfr to do it for you. You don't spend time growing or hunting your own food, you trust the food industry to provide you with safe and sufficient sustenance. If you didn't trust anyone, you'd spend all your own time and resource attending to your most basic needs.

The same goes for cryptography and software: everybody uses crypto these days (TLS, for instance), but the vast majority of people don't have any where close to the expertise to verify even the algorithms, let alone the implementations. Sure, we could have a society of crypto experts and everyone could independently verify every algorithm and every piece of code that they use. But whose going to build the the cars and grow the food?

Submission + - Hypothetical: Can Bruce Schneier be Trusted 1

An anonymous reader writes: Security guru Bruce Schneier is, among other things, a world renowned cryptography expert, author of several popular books, and a second-order internet meme. He is also an outspoken critic of the NSA, in particular the massive NSA surveillance programs disclosed over the summer by Edward Snowden. Schneier has been involved in reviewing the leaked documents and has put in effort to determine which cryptosystems should still be considered safe. I'm a big fan of Bruce Schneier, but just to play devil's advocate, let's say, hypothetically, that Schneier is actually in cahoots with the NSA. Who better to reinstate public trust in weakened cryptosystems? As an exercise in security that Schneier himself may find interesting, what methods are available for proving (or at least affirming) that we can trust Bruce Schneier?

Submission + - Ray Dolby Dies at 80

bmearns writes: NPR is reporting that audio pioneer Ray Dolby has died, at age 80. Dolby is best known for inventing an important noise reduction technique for audio called Dolby SR, and for founding Dolby Laboratories which contributed immensely to the development of surround sound technology.

Comment Re:Just Stand - sitting is the new smoking (Score 1) 461

There's basically nothing you can do that isn't bad for some part of you. Living produces wear and tear on your body.

I switched to a primarily standing desk about three years ago and, anecdotally, it's been going great. I don't think I lost any significant amount of weight because of it, but my back doesn't get tired, and I generally feel less lethargic at the end of the day. I also feel like it helps my working because I can more easily pace around my office when I need to work through a tough problem.

Most people who recommend standing recommend alternating between standing and sitting every few hours, to avoid the kinds of issues you mention. But I think part of it has to do with your general fitness level. If your legs are strong, your knees are in good shape, and you're not carrying around too much extra weight, you'll probably hold up a lot better to extended periods of standing. Then again, if you're not really in shape, you may have even more reason not to sit all day.

Personally, I sit while I eat my lunch, I typically sit a bit more on Mondays, and I just generally sit when I feel tired, but I spend most of my work day standing. And you don't need a fancy convertible desk, just a set of cinder blocks to elevate your desk, and a high chair to sit on when you feel like it (the kind you find in electronics labs).

Submission + - Full moon may effect sleep after all 1

bmearns writes: NPR is reporting that new statistical research by Swiss scientist Christian Cajochen suggests that the full moon may actually have an impact on human sleep, both in terms of duration and quality. "We found that people who entered the lab during a full moon slept, on average, 20 minutes less than people who came in during the new moon phase," says Cajochen. The results were statistically significant, but Cajochen admits that he is still skeptical of the conclusion.

Using TSO is like kicking a dead whale down the beach. -- S.C. Johnson

Working...