Forgot your password?

Comment: Re:Apples and oranges (Score 1) 73

by plover (#46830465) Attached to: OpenSSL: the New Face of Technology Monoculture

I think the bigger problem is that everything about encryption software encourages a monoculture. Anyone who understands security will tell you "don't roll your own encryption code, you risk making a mistake." I would still rather have OpenSSL than Joe Schmoe's Encryption Library, simply because at this time I trust them a bit more. Just not as much as I did.

Another problem is that the "jump on it and fix it" approach is fine for servers and workstations. It's not so fine for embedded devices that can't easily be updated. I'm thinking door locks, motor controllers, alarm panels, car keys, etc. Look at all the furor over the hotel card key system a few years back, when some guy published "how to make an Arduino open any hotel door in the world in 0.23 seconds". Fixing those required replacing the circuit boards - how many broke hotels could afford to fix them, or even bothered to?

The existence of a "reference implementation" of security module means that any engineer would be seriously questioned for using anything else, and that leads to monoculture. And in that world, Proprietary or Open doesn't matter nearly as much as "embedded" vs "network updatable".

Comment: Re:Express elevators (Score 2) 29

Some of these towers have an upper lobby. So you take the express from 1 to 75, then a 'local' from 76 to 100.

Usually the 'important people' are on the top floors so the elevator ratio is better and there's little waiting in the upper lobby. Unless you stop at the bar.

Once in a blue moon there's an express to the penthouse, but to pay for an entire express elevator entirely in the rent of the penthouse apartment isn't feasible for all but the ultra-ultra rich.

Comment: Re:Wrong battle. (Score 1) 226

by Sycraft-fu (#46829897) Attached to: F.C.C., In Net Neutrality Turnaround, Plans To Allow Fast Lane

There's a lot of politics and BS involved, right of way costs and such. Also issues of older infrastructure. The US had widespread cable and phone back before many countries, and as such there is this lethargy with companies to just try and use what's already there rather than put in all new stuff that works better.

However one thing to be careful of when you look at your Internet is how the backhaul is. Something I've observed with a number of the "really fast, no limits, very cheap," networks is that they are basically a big WAN. They don't have the backhaul to the rest of the Internet to maintain those speeds. So big speeds to your neighbours, and your ISP, but not so much to the world.

If you do speeds tests, make sure you test to something not on your ISP, and a decent bit away. That gives you a more realistic speed test. Good internet in the US tends to be fast too all places like that.

For example I pay $100 per month (about 72 Euro) for 150mbit/20mbit Internet, with burst speeds up to 180mbit. Testing to a server in town here, I get that, actually a little over, 183mbit. Testing to a different provider in another state, about 550km away, I get 175mbit. Testing to yet another provider across the country, around 3000km away, I get 140mbit. So I get the speed promised, to a diverse amount of networks. The backhaul is there to support my connection. That is part of the cost.

Not saying it isn't for yours, just check if you want to compare it to US Internet. I've seen more than a few cases where big numbers to the home aren't backed up by big pipes to the Internet. So the speedtest server at your ISP gives you amazing numbers, but one on a different datacenter a few hundred klicks away is much slower.

Comment: Re:Specious Argument (Score 1) 73

by bill_mcgonigle (#46829375) Attached to: OpenSSL: the New Face of Technology Monoculture

It was the lack of altruistic eyes scrutinizing it.

That was a secondary effect. People who might want to analyze code want to do a good job, and there's a lot of code worth analyzing.

To do that job there are tools that help with that analysis. OpenSSL's use of non-standard internal memory management routines makes it resistant to use of such analysis tools.

Is it impossible for a code auditor to keep everything in his head? No, but it's tough and error-prone. Some people have found OpenSSL bugs before, of course, but there are ways to make it easier for auditors to stand a fighting chance.

That's largely what the OpenBSD team is doing - ripping out all of that unneeded memory management crap, killing OS/2, VMS, and MacOS7 support code, etc. The payoff should be more people looking at it, but it sure wouldn't hurt for some companies that save millions by using OpenSSL to throw the team a few bones once in a while to make it more regular. Or hire their own internal folks to do the same, if that would work out better.

Comment: Re:Too good to be true? (Score 1) 144

by bill_mcgonigle (#46827089) Attached to: OnePlus One Revealed: a CyanogenMod Smartphone

$300 for the 16 GB model and $350 for a 64 GB model? Knowing what Samsung charges for comparable devices

Yes, but the recent build estimate based on tear-down for the S5 was $255 or so.
    That gives these guys in China almost a hundred bucks, which is a good margin for any business. Samsung is just making money hand-over-fist, but there's plenty of long-tail to profit in.

Comment: Re:Justice Sotomayor... (Score 1) 353

She doesn't want to admit that "affirmative action" is just racial discrimination by another name, and that in practice it amounts to a modern-day Chinese Exclusion Act.

The Wise-Ass Latina is, herself, a perfect example of why racial preferences are a Bad Thing. She's not fit to be on the bench at all, let alone on the supreme court.


Comment: Re:X Miles IS a standard for me (Score 1) 384

Now that's a neat idea hidden behind your words.

What if you had a serial hybrid, with a decent navigation system (that included such things as terrain on route) and *intelligent* battery charging based not just on taking care of the battery (like in a Prius) but also predictive (based on navigation system route). So for a 10 mile trip full charge from wall, it doesn't bother, but for a 20 mile trip battery charging kicks in after the first 5 miles of driving.

If bankers can count, how come they have eight windows and only four tellers?