Forgot your password?

Comment: What monoculture? (Score 1) 109

by xxxJonBoyxxx (#46832143) Attached to: OpenSSL: the New Face of Technology Monoculture

OK - here's a niche industry page listing about forty open source, commercial and cloud solutions that all have secured by SSL and their responsed to heartbleed:

Of these...maybe a third had OpenSSL...most of the rest used a Java stack, and many of the rest were on IIS or using MS crypto. Within my own company (about 1500 people and 20 web apps on a mix of platforms), heartbleed affected exactly 3 sites.

If you looked around other industries and saw >50% affected rates maybe I'd believe "monoculture"...but if you're talking the entire web dev world, OpenSSL is just one of the top options.

Comment: Don't Mess with April Fools (Score 2) 144

by xxxJonBoyxxx (#46815121) Attached to: VK CEO Fired, Says Company Under Kremlin Control

>> He appeared to announce his resignation from the company on April 1st, but later claimed that it was an April Fools' joke, and that he would remain onboard. In a statement issued Monday, however, VK said that Durov submitted a resignation letter on March 21st and never withdrew it within the mandatory one-month window. Because of that, Durov said, he will be "automatically relieved" of his position.

Politically, it's bad, but I do enjoy seeing someone's stupid April Fools stunt blow up in their face.

Comment: Obamacare as a cause? (Score 4, Informative) 307

by xxxJonBoyxxx (#46814943) Attached to: In the US, Rich Now Work Longer Hours Than the Poor

I have more than a few friends on the low end of the pay scale who've been pushed down below 30 hours a week by their employers so their employers stay clear of Obamacare insurance mandates. (e.g., ) It usually comes across as a double-whammy: now they have less money in their pockets, and they're still up a creek in terms of health insurance.

Comment: MySQL used to have a license like this... (Score 1) 80

by xxxJonBoyxxx (#46808267) Attached to: Heartbleed Pricetag To Top $500 Million?

In the 2000's (before Oracle), I negotiated a license with MySQL that allowed our company to bundle the software in my commercial app (for ease-of-install, especially demo time) even though someone could have downloaded and installed their own copy of MySQL for free. The OEM license cost something like $150-250/license (kept going up, of course).

Comment: "too hard for developers" (sniff) (Score 3, Informative) 92

by xxxJonBoyxxx (#46789085) Attached to: Samsung's Position On Tizen May Hurt Developer Recruitment

I don't understand the belly-aching. When I wrote code for Apple II machines, I had to know both BASIC and assembler. PC? Batch scripting, VB, C++, C#, SQL, InstallShield and still a little assembler. Web and mobile? Javascript, Java, Perl, PHP, Ruby, C#, ASP, Objective-C plus a few dozen "platforms", "frameworks" and what-not cobbled together with JSON, XML, CSS and various template and scripting syntaxes.

So, you have to learn three platforms to keep up with a line of devices? Boo hoo. Besides, an "app" should be something you can crap out in a month or two - these generally aren't monolithic platforms like Office - even the context-switching-disabled should be OK.

Comment: Re:are we seriously blaming google (Score 4, Insightful) 188

by xxxJonBoyxxx (#46786979) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate

>> are we seriously blaming google and not NSA who found the bug 4 years ago when the bug was first introduced?

Yes. The NSA is the US gov's lead black hat. Google's an advertising company that depends on people trusting the Internet for information and commerce. I'd expect the NSA to hoard information to assist their black-hatting, and I'd expect Google to quickly share anything they know so security vulnerabilities can be patched and people don't lose faith in the Internet*.

* = (Seriously, when people have asked me what to do about Heartbleed, I've said "don't buy anything you don't need, and try to avoid paying any bills online or doing any online checking for a week or two - then change your password as soon as you sign on.")

Comment: CISSP opinion: the patch proves Google f***ed up (Score 1) 188

by xxxJonBoyxxx (#46786835) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate

>> Google notified OpenSSL about the bug on April 1 in the US – at least 11 days after discovering it.

"OK, maybe it was caught up in legal. Suits at large corporations can take a while."

>> Google would not reveal the exact date it found the bug, but logs show it created a patch on March 21,

"On second thought, if the geeks on the ground had the authority to patch and roll to production, then why the finger to the Open Source community, Google?"

Comment: I doubt "no one knew" (Score 2) 128

>> What none of the attendees of the conference knew was that Google was pulling many of the strings behind the event

I doubt/hope that "no one knew." Conference agendas, like news stories, should always be read for brand-name frequency. (The brand name that appears most frequently or in the most positive manner is usually the one that hired the PR agency to plant the story in the first place. Same thing goes for a conference agenda.) What's the number one name on this conference agenda? Google.

So...if the academics attending the conference didn't guess it was Google sponsored...then they're probably not as bright as their titles suggest.

Comment: Nah...TL:DR (Score 5, Informative) 115

by xxxJonBoyxxx (#46698583) Attached to: Google Chrome 34 Is Out: Responsive Images, Supervised Users

A "responsive image" will load either a small or large version (or multiple versions) depending on the browsers's screen resolution. To do this, it makes an extra request to the server before requesting the appropriate image size.

(The referenced Opera article prattles on and on - Google's faster.)

Is a person who blows up banks an econoclast?