Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Submission + - TrueCrypt is dead? What now? 7

Archeron writes: A colleague visited Truecrypt.org today and brought this to my attention. All the links are gone and the front page contains the message:
"The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP." It goes on to list migration instructions. Is this the end for our beloved open source, multi-platform crypto solution? The question is what now? Planned forks? Any recommendations for freely available, open and multi-platform solutions that will allow for moving storage devices from Linux -> Windows -> Mac?

Submission + - Google Starts Blocking Extensions Not In The Chrome Web Store

An anonymous reader writes: Google has begun blocking local Chrome extensions to protect Windows users. This means that as of today, extensions can be installed in Chrome for Windows only if they’re hosted on the Chrome Web Store. Furthermore, Google says extensions that were previously installed “may be automatically disabled and cannot be re-enabled or re-installed until they’re hosted in the Chrome Web Store.” The company didn’t specify what exactly qualifies the “may” clause, though we expect it may make exceptions for certain popular extensions for a limited time. Google is asking developers to reach out to it if they run into problems or if they “think an extension was disabled incorrectly.”

Submission + - Parenting Rewires the Male Brain (sciencemag.org) 1

sciencehabit writes: Cultures around the world have long assumed that women are hardwired to be mothers. But a new study suggests that caring for children awakens a parenting network in the brain—even turning on some of the same circuits in men as it does in women. The research implies that the neural underpinnings of the so-called maternal instinct aren't unique to women, or activated solely by hormones, but can be developed by anyone who chooses to be a parent.

Submission + - Uk to end net neutrality (dailydot.com)

An anonymous reader writes: The uk government is planning on vetoing the EU legislation that enforces net neutrality under the guise of "won't anyone think of the child pornography blocking?" again.

Submission + - LibreSSL Update (openbsd.org)

the_B0fh writes: Bob Beck reports on the progress the OpenBSD team has made on LibreSSL. Some highlights:

Code was horrible. Nobody wanted to touch it. OpenSSL Foundation appears to be a million dollar a year for-profit company doing FIPS consulting. Bugs rot for years in bug tracker. ROP coding function — allows you to jump to any arbitrary address — ROP coder's wet dream! Current third party ports are all insecure. Need funding. Linux Foundation has not committed to support LibreSSL.

Comment Re:Fuzz Testing. Next! (Score 1) 116

They are all tools that can be applied to improve the quality of the code. No one thing is "The Solution".

* Test Driven Development (TDD) is a good approach to ensure that the code you write is testable. This will not work for things like UI code, but other code will benefit.

* Unit Tests can either be developed via a TDD-like approach (easier to do), or after the code is written (harder to do).

* Automated Regression Tests (a superset of Unit Tests) provide good coverage for ensuring code works as expected without involving a large manual testing team. These will only detect the things covered by the automated tests.

* Static Code Analysis tools can pick up a lot of problem areas, but will not detect every problem. These results can be used to identify what tests need to be created to prevent future regression.

* Fuzz testing is good at providing strange data to e.g. a protocol or file format parser. These are intended to be soak tests -- e.g. "does my regular expression parser handle all these strange and possibly invalid constructs". Fuzz testing would have most likely found the heartbleed bug (because it would have permutated the length of data to request). Any failures here should be converted to Unit/Regression tests to ensure that the problem is (a) fixed by any code changes made and (b) does not occur in the future. Fuzz testing will typically find hard to identify bugs (e.g. data races) that are not easy to identify from manually constructed tests or static analysis.

* Manual/ad hoc testing is important as it can uncover bugs that the developers are not aware of.

* Code and Security Reviews help identify potential issues (e.g. if you have someone knowledgeable about SQL injection, they can assess whether some code is vulnerable to that attack).

None of these is a silver bullet, but the more you have the better the code will be.

Submission + - British government willing to block EU net neutrality deal (buzzfeed.com)

An anonymous reader writes: The British government has said it will block the EU's recently signed net neutrality deal if it stops it censoring the internet. The European Parliament passed net neutrality legislation last month, but member state governments have to sign off the plan before it can become law.

Submission + - Australian government devastates game industry (digitallydownloaded.net)

angry tapir writes: Australia's new conservative government has just handed down its first budget, which includes stripping all funding from the Interactive Games Fund which helps fund the development of video games in the country. The games industry in Australia has had a rough time, with some big names, such as Team Bondi shutting down over the last half decade (that last link is from 2011 and notes that even then the industry was in dire straits).

Submission + - Columbus ship "Santa Maria" has been found near Haiti after 500 Years

rtoz writes: The British Newspaper The Independent has reported that a team led by underwater archaeological explorer Barry Clifford found the wreck of the Christopher Columbus' flagship, the Santa Maria which sank in 1492.

"All the geographical, underwater topography and archaeological evidence strongly suggests that this wreck is Columbus’ famous flagship, the Santa Maria," said Barry Clifford.

Santa María was the largest of the three ships used by Christopher Columbus in his first voyage.

The Santa Maria was built at some stage in the second half of the 15 century in northern Spain’s Basque Country. In 1492, Columbus hired the ship and sailed in it from southern Spain’s Atlantic. After 37 days, Columbus reached the Bahamas. But after few weeks Santa Maria drifted at night onto a reef off the northern coast of Haiti and had to be abandoned.

Submission + - UK ISPs to send non-threatening letters to pirates (bbc.co.uk)

echo-e writes: A deal has been made between groups representing content creators and ISPs in the UK concerning how the ISPs should respond to suspected illegal file sharers. In short, the ISPs will send letters or emails with an "educational" rather than threatening tone, alerting users to legal alternatives. The rights holders will be notified of the number of such alerts that have been sent out, but only the ISPs will know the identity of the offenders. Only four of the UKs ISPs have agreed to the "Voluntary Copyright Alert Programme" so far, but the remaining ISPs are expected to join the programme at a later stage. The debate between rights holders and ISPs has raged on for years. This agreement falls short of the of the proposals put forward by the rights holders groups, but the ISPs have argued that it is not their responsibility to police users and that a legal process already exists for going after individuals.

Submission + - McAfee accused of McSlurping Open Source Vulnerability Database (theregister.co.uk)

mask.of.sanity writes: Intel security subsidiary McAfee may be in hot water after it allegedly scraped thousands of records from the Open Source Vulnerability Database instead of paying for them. The slurp was said to be conducted using fast scripts that rapidly changed the user agent, and was launched after McAfee formally inquired about purchasing a license to the data. Law experts say site's copyright could be breached by individuals merely downloading the information in contravention to the site's policies, and did not require the data to be subsequently disseminated.

Submission + - The upcoming Windows 8.1 apocalypse 2

arglebargle_xiv writes: As most people will have heard, Microsoft will end support for anyone who hasn't upgraded to Win8.1 Update 1 on May 8. What fewer people have heard is that large numbers of users can't install the 8.1 Update, with over a thousand messages in this one thread alone, and that's for tech geeks rather than home users who won't find out about this until their PC becomes orphaned on May 8. Check your Windows Update log, if you've got a "Failed" entry next to KB2919355 then your PC will also become orphaned after May 8.

Submission + - Oklahoma Moves To Discourage Solar and Wind Power

Hugh Pickens DOT Com writes: Paul Monies reports at NewsOK that Oklahoma's legislature has passed a bill that allows regulated utilities to apply to the Oklahoma Corporation Commission to charge a higher base rate to customers who generate solar and wind energy and send their excess power back into the grid reversing a 1977 law that forbade utilities to charge extra to solar users. "Renewable energy fed back into the grid is ultimately doing utility companies a service," says John Aziz. "Solar generates in the daytime, when demand for electricity is highest, thereby alleviating pressure during peak demand."

The state’s major electric utilities backed the bill but couldn’t provide figures on how much customers already using distributed generation are getting subsidized by other customers. Oklahoma Gas and Electric Co. and Public Service Co. of Oklahoma have about 1.3 million electric customers in the state. They have about 500 customers using distributed generation. Kathleen O’Shea, OG&E spokeswoman, said few distributed generation customers want to sever their ties to the grid. “If there’s something wrong with their panel or it’s really cloudy, they need our electricity, and it’s going to be there for them,” O’Shea said. “We just want to make sure they’re paying their fair amount of that maintenance cost.” The prospect of widespread adoption of rooftop solar worries many utilities. A report last year by the industry’s research group, the Edison Electric Institute, warns of the risks posed by rooftop solar (PDF). “When customers have the opportunity to reduce their use of a product or find another provider of such service, utility earnings growth is threatened,” the report said. “As this threat to growth becomes more evident, investors will become less attracted to investments in the utility sector.”

Submission + - Koch brothers get efficient bus system banned in Tennessee

Andy R writes: Just as the city of Nashville was prepared to invest in Bus Rapid Transit, an efficient bus system that has been found effective in other countries both in reducing cars on the road and stimulating economies, the state of Tennessee bans them. Why? Because the Koch brothers opposed it and twisted the arms of politicians they control. For a while I thought they were another left-wing bogie man, but this is downright corrupt.

Slashdot Top Deals

I am a computer. I am dumber than any human and smarter than any administrator.

Working...