Follow Slashdot stories on Twitter


Forgot your password?
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×

Comment Re:The best bug is the one not written (Score 1) 95

Except that pretty much noone spends that time or resources to do that. It's more fun to continue adding features into the doomed architecture. Or start over... again.

If you design a software with a certain feature set insecurely, it's often difficult to keep those features when re-goaling for security.

A depressingly large majority of all software hasn't been coded with best-knowledge tools and APIs in mind. Not even those of the time of writing, but particularly not the one of the current time!

Comment The best bug is the one not written (Score 1) 95

Spending resources on 'finding the next Heartbleed' bug... I fail to see the advantage of finding it by a coordinated search as opposed to someone just stumble on it (as long as the bugs are reported responsibly of course).

Software can't be made secure afterwards, it must be the the primary goal.

Comment Re:Stupid, trucks cause the problem (Score 1) 554

Except that is betting on that peak oil (or whatever) will happen gradually, over a decade or more. If, perhaps due to economical, political or technical reasons, there is a sudden sharp increase in oil price neither market nor society will not have time to adapt.

The countries then still sitting on a huge investment in obsolete gas hungry fleet of vehicles will lose so hard. Many european countries has realised this, thus the high tax on gas to create an artificial incitament.

Comment Article on fusion power (Score 1) 232

While on the subject it's worth mentioning the article from Ask Slashdot which nicely and detailed answers most of the questions you may have.

Actually, this is one of the best content articles I can remember on Slashdot... The graph in the middle is simultaneously funny and sad. :-/

Comment Re:Theo ranting, film at 11 (Score 1) 391

No, this isn't 'Interresting', rather mod as 'Blathering'.

Well, there is no point denying that Theo isn't the most malleable person. But, as has been said here on /. before: while he comes through as whining most of the time, he's also correct most of the time. Many people tries to interpret his statements from the common commercial viewpoint (like in, how to develop a successful software product and make PROFIT, or at least achieve world domination), but rather his goal is quite simple: develop a free, fast and secure Unix OS. That's all. No grand plans of IPOs or commercial success. Theo is quite happy getting by on selling those CDs, living in his little house, and occasionally traveling around the world climbing mountains and hacking Unix. You gotta read goal.html and observe him and the project for a few years to really understand that.

Theo, ranting, is why he got kicked off the NetBSD project.

While this is true, the history also proved him correct on many things (Charles Hannum was on the core team that did the kicking).

Theo, ranting, is why OpenBSD's drivers for Broadcom chipsets stink. (Look up how the original author tried to resolve the licensing problems of sticking his GPL drivers in an OpenBSD kernel and was ignored, then screamed at by Theo for making the issue public.)

That whole mess sucked. The OpenBSD developer that made the port (which was supposed to be a re-implemenation) f*cked up big time and imported GPL-files into the tree. The only thing positive in the whole affair is perhaps Theo's unconditional backing of his developer.

Theo, ranting, is why OpenBSD doesn't properly handle booting from software RAID.

It does (I believe the kernel must be on a non-RAID slice/disk, but that's no different to most other implementations).

Theo, ranting, is why the OpenBSD installer works like the UNIX crap I learned to loath back in 1985 and can't store the state of what you've already selected or go back, you just have to start over from scratch.

Actually, the very minimalistic installer is often hailed as one of the best and fastest in the industry. I don't think that there are that many installers where you can do the install by repeatedly pressing enter (and writing the hostname once) in that short time. And well, it's doesn't remember the state, but then again, you can restart it (a shell script) and start over without rebooting - that can't be said about many others.

Theo, ranting, is why OpenSSH has no built-in support for chroot cages.

This seems to disprove that. Unless you have different definition of 'chroot cage'.

Theo, ranting, is why OpenBSD has no virtualization server capability.

In many aspects virtualization contradicts the goal of security. Also, most VM solutions are proprietary, thus does not run on OpenBSD.

Theo, ranting, is why OpenSSH still stores both host keys and by default, user private keys in clear text with no expiration, and has no plans to fix this.

Yes, in clear text. Do you propose they should be encrypted? And where should the crypto key be placed? Perhaps... on disk? Hashed? If you are paranoid - use whole disk encryption. Because physical security is the key issue here as I see it. The keyfile is supposed to be user-readable only...

What is a reasonable default expiration time? No, there is no plan because the feature doesn't improve anything.

Theo, ranting, is why the "compatiblity chart" is a list of chipsets that don't match the actual chipsets published by the manufacturer, and usually are from chipsets at least 4 years old.

Uhmm, what are you talking about? You aren't... trolling?! Are you?

Theo, ranting, usually means you're doing something right for your actual client base rather than for his ivory tower.

No, here's where you actually are correct. Theo doesn't do shit for the users - he is only concerned with the goal stated above (free, fast, secure). The availability of OpenBSD to the userbase is actually a side-effect.

There's a reason OpenBSD is used only by fanboys who run it on "hobby" systems and don't get any work done.

Hehe, if anyone who uses an OS because he or she likes it is a fan then I guess we are all fanboys (and fangirls).

The vast number (but by no means being even close to a majority) of systems deployed on OpenBSD seems to contradict the second point.

And yes, I've dealt with the crap for years: I *wrote* the first SunOS ports of SSH-1, SSH-2, and OpenSSH.

Nico Kadel-Garcia, is that you?!

(Theo's fan club did not write SSH:

No one has said that. Neither does the manual.

they ported Tatu's previously GPL work into OpenSSH, and screwed up the license.

Excuse me? Tatu's first version was under a BSD-like license, later versions was changed to something incompatible which induced the fork.

And Sun/Oracle, Apple and IBM among others seems to like the license very well, considering they has imported OpenSSH into their own products.

Surprisingly little of the actual codebase is due to OpenBSD hosted development.)

15 years of development and countless of features seems to contradict that as well.

BTW, speaking of rants...

To downgrade the human mind is bad theology. - C. K. Chesterton