Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Not sure who the market is here? (Score 1) 116

by bonniot (#44470405) Attached to: New, Privacy-Oriented, FOSS Web-mail: Mailpile

Knowing how to "code" isn't enough, you need to study the codebase. A tiny fraction of those who know how to code have studied the mailpile codebase enough to catch a backdoor. I would say, practially speaking... 0 outside the core developers.

Right now, you're probably right. As far as I can see it's not much used yet. But as usage grows, so would the number of contributors looking at the code, to add a new feature of fix a bug, each time increasing the chance malicious code or vulnerability would be found.

Backdoors or snooping are best hidden with plausible deniability. Even if you discover one, it won't be obvious that it was intentional, it will be no more newsworthy than a typical vulnerability report.

Right. Open source does not magically guarantee the absence of vulnerabilities (accidental or intentional). But it makes them easier to detect by the community, and harder to hide malicious code. Take the snooping revealed to be happening in Skype. Would it be that easy to do with open-source clients and servers?

Comment: Re:Not sure who the market is here? (Score 4, Interesting) 116

by bonniot (#44468917) Attached to: New, Privacy-Oriented, FOSS Web-mail: Mailpile

You can read the source code and confirm that it's all legit? The average user can't read source code! These claims are all worthless.

An answer to that is that even though only 0.1% of users can read source code, ...

  • - 5% know somebody who can read code;
  • - 30% know somebody who knows somebody who can read code;
  • - ...
  • - 100% know a newspaper who would publish the story if a single expert read the source code and discovered there is snooping hidden in it (by then a host of other experts can simply confirm this fact)

Given this, it's quite likely that if an open source tool contains malicious code, and it is widely used, this will be revealed eventually. Of course there is no 100% guarantee. But this claim is far from worthless. You can have much higher confidence that an open-source tool does not have hidden snooping compared to closed-source, and this even if you can't or won't read the source code yourself.

Comment: Re:So (Score 3, Insightful) 308

by bonniot (#41630645) Attached to: Linux Foundation Offers Solution for UEFI Secure Boot

Yes you'll have to press a key to approve the Linux bootloader, every time it boots. Not kidding, RTFA.

I don't think so. From TFA: "To facilitate repeat booting (and to make the pre-bootloader useful for booting hard disks as well as USB keys or DVDs) the pre-bootloader will also check to see if the platform is booting in Setup Mode and if it is, will ask the user for permission to install the signature of loader.efi into the authorized signatures database. If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode."

Comment: Re:Question the whole premise (Score 1) 667

by bonniot (#39382843) Attached to: Iran Deleted From the World's Banking Computers

What program? What evidence.

I know many believe that's the case, but there's no conclusive evidence - at least none that isn't the "just trust us wink-wink, our all knowing leaders would never lie to you, and we're perfectly trust-worthy" kind. You know, don't let the problem of actual *evidence* worry your pretty little head. Leave that to the big serious folks. [Who incidentally have financial ties to the military-industrial complex and are hauling home cash by the truck-load.]

Actually, even the U.S. Agencies See No Move by Iran to Build a Bomb.

Comment: Re:the 16 scientists are not climatologists (Score 1) 1367

by bonniot (#38858209) Attached to: Don't Worry About Global Warming, Say 16 Scientists in the WSJ
Interesting point: you should not only consider the risk (for instance of climate change), but rather compare the cost of doing something and the cost of doing nothing. Of course that process alone does not guarantee it is objective: it matters greatly how you define and estimate such costs. This specific economist is accused by some of bias in this regard.

Comment: Re:Open Source (Almost) Everything (Score 2, Informative) 325

by bonniot (#38340866) Attached to: Ask Slashdot: Open Vs. Closed-Source For a Start-Up

I'm not sure if this is on-topic or not, but this one of the reasons why the BSD license is better than the GPL. It allows you to open source everything except the code with the business value. The GPL forces you to open source everything.

Wrong. The GPL doesn't force the copyright owner to do anything, it only give obligations (and rights) to people accepting the license.

They could BSD or GPL the non-business value code, and still release the whole under whatever license they choose (including proprietary).

Alternatively, they could relase the business value code under the GPL, which might solve their dilema. This would attract attention and allow community contributions, but proprietary competitor could not legally use it in their produce. This is where the GPL shines.

Comment: 3.5" floppies (Score 4, Interesting) 191

by bonniot (#34675084) Attached to: AMD Radeon HD 6950 Can Be Unlocked To HD 6970
Reminds me how the way drives recognized 1.44MB floppies (3.5") from 720KB ones was by checking if there was a hole in the bottom-right corner (the bottom-left corner being for write protection). And sure enough, if you made a hole in a 720KB floppy it would be possible to format it as 1.44. There might have been a few more errors, but I remember when HD floppies were 3-4 times more expensive, so it was definitely worth it. At least for a teenager with only pocket money. Ah, those floppy drilling afternoons... Mais où sont les neiges d'antan?

You knew the job was dangerous when you took it, Fred. -- Superchicken