Forgot your password?
typodupeerror

Comment: Re:A reason why they SHOULD have... (Score 1) 37

by drinkypoo (#46765409) Attached to: Ubisoft Hands Out Nexus 7 Tablets At a Game's Press Event

I actually picked up FOUR 7" Android 4.x tablets from DealExtreme for ~$35 each last year, during a half-price sale...and I doubt they'd let even such a sale as that rob them entirely of profits...

Dealextreme is like BG Micro. Sure, they buy stuff to stock and sell, but much of what they sell is some crap that someone else couldn't sell, which they got for a song. Just because DX got a bunch of tablets nobody wanted to buy in a store for $20/piece doesn't mean someone will sell you new, supported ones for that.

Comment: Re:Mr Fixit (Score 1) 377

by drinkypoo (#46763325) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

We should remember that FLOSS reacted very quickly to the "revelation," but the bug itself has been sitting there for years, which isn't really supposed to happen.

Unfortunately, the very same thing happens in proprietary software. And "isn't supposed to happen" is a misunderstanding. It's just supposed to happen less, and it's supposed to get fixed easier. The latter, at least, has been proven out.

Comment: Re:not at those prices, it won't fly off the shelv (Score 1) 138

by drinkypoo (#46763285) Attached to: How Apple's CarPlay Could Shore Up the Car Stereo Industry

like the other poster said, all I want in there is an amp and speakers with a jack for audio input

That's what I put in my truck. You can't listen to optical media in it unless you have a heavy load, because the suspension is too hard. So I have a $20 amplifier with stereo in and four outputs.

I'd like my 1964 Dodge back. fixable, the controls fall where your hands are, no menus, and no nonsense.

Yes, if I had perfect foresight instead of excellent hindsight, I'd have kept my 1960 Dodge. It got over 20 mpg on the freeway and it was stupid simple. But I didn't know how to rebuild a brake system then (dirt simple, as it turns out) and so I couldn't afford to keep it.

Comment: Re:Why spend another $700 for a car stereo (Score 1) 138

by drinkypoo (#46763257) Attached to: How Apple's CarPlay Could Shore Up the Car Stereo Industry

It's more reliable. Bluetooth Audio is miserably finicky. The only thing that ever worked right with my JVC was AT&T Fuze. With a couple different Android devices now including the Nexus 4 I get occasional skips. I used to use an Xperia Play, that skipped a lot. Flawless using the headphone cable in my truck instead.

I'm going to try adding bluetooth to my car anyway, switching into the line inputs from the changer with an audio signal relay, and using an ultra-cheap receiver. but i'm also going to have line in, just in case.

Comment: Re:Two things to note (Score 1) 377

by danheskett (#46763203) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

The reason is understandable and explained in the above paragraph - the vast majority of software developers out there are probably not able to contribute meaningfully to a project such as OpenSSL.

You got it big time, right on the nose. The power of Open Source is that it attracts professionals and experts from across the world to contribute. Do we really think that there is a big concentration of the best and most skilled crypto experts in the world all centered around Redmond Washington USA? Money will only go so far. There are likely exploits in Microsoft's SSL stack that are so subtle that their small team of experts are not even aware that they exist. Assuming they were not paid for by the NSA or other agency.

Comment: Re:The bug was found because it was open source.. (Score 1) 377

by danheskett (#46763183) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Agree. OpenBSD and folks like Theo are integral to pushing the world forward on this stuff. You have my point exactly which is it is statistically unlikely that there isn't an SSL exploit, in the wild today, that is undetectable, undisclosed, unknown. We don't even know what we don't know. For all we know, the NSA and Microsoft collobrated to weaken the standard, make an implementation fault, and suppress it from being discovered, patched, and closed. Literally, MS can deny it, the NSA can deny, but it's all based on trust. And trust is a crappy plan.

With OpenSSL, it's not based on only on trust, it's based on verification.

Was I annoyed that I had to spend 2 hours investigating and answering client questions? You betcha. Is it a heck of a lot better than the alternative? It's not even close.

Comment: Re:It doesn't. (Score 1) 377

by danheskett (#46763165) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Right, and I agree. However, for example in case of Heartbleed, I run a fairly sophisticated IDS platform, and do my own random log reviews, and all that, (turns out I was never at risk on any of my networks), but it still didn't turn up evidence of Heartbleed, nor would it even if I was actively exploited.

You do what you can, but it's never enough.

Comment: Re:This was positive (Score 1) 377

by dublin (#46761557) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

So there was a bug in OpenSSL. Big bug, yes, but that's not the reason it was (and still is!) a big problem.

The genesis of the big problem is one of monoculture, not only of OpenSSL being the dominant SSL implementation, but probably more importantly, the fact that pretty much all Internet security that is accessible and matters to ordinary users is SSL/TLS in the first place.

If you think this is bad, imagine what happens if the fundamantals of SSL itself are compromised: What would we replace it with? How, considering this is effectively the only secure connection technology available across all common OSes and embedded devices? How long would that take? (Years, at least, I'd wager...)

What we need is more flexible security methods in the first place, and open, standard implementations (like OpenSSL, but growable) that can allow us to proactively extend security methods as the net matures, and *quickly* address bug-based vulnerabilities when that approach fails. (Note that this may require the implementation of some kind of standard "secuirity code VM", so new code and new methods can be easily distributed even to older systems that may not be fully supported anymore. And no, I'm not glossing over things like limits on code space, memory, and the like, nothing will allow every system to be upgraded, but we do need some way to allow and authenticate that (while preventing bad guys, including governments, from using the mechanism to create weaknesses.))

"If John Madden steps outside on February 2, looks down, and doesn't see his feet, we'll have 6 more weeks of Pro football." -- Chuck Newcombe

Working...