Forgot your password?

Comment: Re:Externalities (Score 1) 117

by ledow (#46779369) Attached to: Steam's Most Popular Games

With a laptop in idle? Pence.

10 hours with a 100W idle, even (nowhere close to screen-off usage, but let's over-estimate) - 1KWh. Unit price for that doesn't compare to even one trading card sold for penny-cheaper-than-every-other-similar-card for me.

Plus, I normally just have the game on in the background while I'm doing other things on the machine, so the actual "real" usage of electricity etc. is basically zero.

Comment: Re:Hours Played is a bad metric. (Score 1) 117

by ledow (#46777013) Attached to: Steam's Most Popular Games

I'm not a $1-kind-of-guy. But, yes, I have made profit on the bundles. Especially if you buy quick, get the discount, and get the cards into the market before it gets flooded by all the other sellers.

But I don't buy bundles that don't have at least something worth the money in them, and don't beat-the-average unless there's a game I really want on that side either.

Comment: Re:Don't keep vulnerable servers running! (Score 2) 151

by ledow (#46741373) Attached to: Private Keys Stolen Within Hours From Heartbleed OpenSSL Site

When I looked into my server, I found out:

The OpenSSL library I'm using wasn't vulnerable.
Thus, my keys are as "safe" as they were before.

Also, to enable PFS, I would have to upgrade - to one of those OpenSSL versions that is vulnerable (but obviously there are "fixed" ones now).

I would also only be able to use EC cryptography with PFS with OpenSSL. I don't trust EC personally, yet. It's just not been around long enough for me. And I find it suspicious that every time something happens, the answer is "Let's go to EC!". If anything, I suspect it might well be something that people we don't want deciding algorithms are driving us towards.

Sorry, but until I trust EC, I can't trust PFS. And I can't use either until I upgrade to a version of OpenSSL that was vulnerable to this attack for a long time without anyone noticing (whereas my current version wasn't).

Ironically I "score" more on certain SSL test sites with old OpenSSL than with the newer one... and I get artificially capped because I don't support EC.

Until someone shows me that PKE is broken, then EC is not necessary for my usage. PFS is something I'd like but, as OpenSSL only supported it when using EC algorithms last I looked, I don't see it as any more secure.

Comment: What? (Score 0) 731

by ledow (#46738855) Attached to: Ask Slashdot: Are You Apocalypse-Useful?

I'm sorry? Why would "decades without computers ... render computer science and related professions useless"?

I don't think you get that "science" bit on the end of it. Nor that much of computer science goes back to extreme basics. Morse Code? That's coding theory. It's only if you take a narrow-minded view that it doesn't appear as computer science.

You can build a computer from the simplest of building blocks - it just so happens we prefer semiconductors - but as has been historically proven you can build a mechanical computer capable of just about anything (and that was proven how? Turing machines? Oops, that's computer science!). Maybe not fast, but accurate and useful when it comes to larger calculations. We had a need for such things several hundred years ago and, even big projects aside, we made them and used them (Abacus for thousands of years? Calculating machines were rife for centuries from the 1600's).

The fact is that computer science is, like any other science, not only useful as a nurturer of people with a logical mind, but also directly useful in any size society once it's settled a bit. Mostly because much of it is maths. And the rest of it is directly applicable to real-world calculations.

Sure, you can live without it. But you can live without an awful lot of things. But with it, you gain an advantage. Where best to site my defence towers against the pillaging hordes? How best to send a message asking for allies to appear without the enemy knowing what is in it? How to ensure we don't waste time dividing food equally with various random weights and measures?

It's the old fallacy - but it's wrong. You do not need a computer to perform computer science. And you do not need a computer to get useful data out of your computer science. It just helps, and speeds along the process.

Fact is, in any kind of apocalyptic even like this, you'll be glad of any academic, especially one that can provably solve practical problems like this. Hell, simple ballistics is a nightmare to solve by hand.

And, if it comes to it, you can build a computer out of blocks of wood (there are several examples of this), water-filled tubes (the Russians did concrete calculations on one), or pieces of paper. We're all taught how to do at least the last one of those in computer science courses, too.

A computer scientist may not be the immediate asset who scavenges food or heals the sick or welds defences. But you'll want one on your team before long, and they'll give you an advantage over any group that doesn't have one.

Comment: Re:Oh great (Score 1) 64

by ledow (#46722773) Attached to: Future Airline Safety Instructions Will Be Given By Game Apps

More importantly, please tell me what's in the pre-flight safety check.

Chances are that you've heard it so many times that you could give it.

Your belt clips around your waist. You undo by lifting the buckle. Your oxygen mask will drop down from the overhead compartment. Your exits are here, here and here, etc. etc. etc.

The danger of the pre-flight "safety" check is that it's nonsensical to do it. Emergency measures should not be designed that people have to learn to use them. They should be clearly marked, with - at most - one simple diagrammatic instruction. If you can't make them that simple, redesign them.

Same goes for nautical safety but there's a lot more to go wrong by your own hands on a ship. In a plane, well, you're just holding onto your own backside and hoping it all goes okay no matter what.

Honestly, I think it's about time we scrapped them. They tell us nothing we'll remember in an emergency, even though we've memorised every step. They talk about extreme situations that happen in extraordinarily rare circumstances. They scare passengers who are nervous. And yet, pretty much, studies show that in an emergency it's every man for himself and we'll all forget the briefing anyway.

Take the briefing away. Take the flight safety card away, Put simplified instructions everywhere (oxygen mask is here, pull to start flow, with a little diagram). Let people relax on their flight without being FORCED to sit through a briefing they are desperate to shut the hell up so they can sleep.

If you want to have the briefing, do this - hand out a little app that lets you do it on a personal basis.

Most importantly - SHUT THE HELL UP on flights. Let people relax, sleep and journey and then - when an emergency happens - they won't be so stressed that they do quite so stupid things.

Comment: Yep (Score 2) 301

by ledow (#46715779) Attached to: Theo De Raadt's Small Rant On OpenSSL

Can't say I'm surprised. OpenSSL is a pile of dung. It's nothing to do with being written in any language, it's just horrible.

There's not even any documentation. I mean, literally, none. Nothing vaguely useful. How do I programmatically load a certificate into the store, along with a chain of related trusted certificates, and then set my requirements (must be in-date, must be validly signed, etc.) and get out a "It's fine" / "Something's not right" response? The only answers I could ever find were to follow published examples and tweak.

And when it comes to working out where in the published examples structure X comes from, or how to convert it to structure Y, you're on your own unless you happen to have picked a comprehensive (and almost certainly not OpenSSL-supplied) example.

It's just that bad. I was writing a pseudo-DRM for a game / Steam-like distribution platform as a hobbyist project. It was literally horrible to even try to self-sign some certificate and then see if it all panned out later from another computer to guarantee integrity. In the end, I had to "imagine" every possible case and find a way to counter it (i.e. client cert expired, client cert invalid, server cert not signed client cert, server cert has bad chain of trust, client cert not signable for that purpose, etc.) - and almost always there was NOTHING to indicate what the recommended way to do it was.

There is no decent OpenSSL documentation at all. Not even a decent overview of the process of checking certificates. It scared me at the time, knowing how important the library is, and it can only lead to bad code.

In the end, I'm quite glad I don't have to program against it for a living. If I did, I'd be seriously looking for something else.

The test of intelligent tinkering is to save all the parts. -- Aldo Leopold