Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Not everyone is happy... (Score 1) 105

I know for a fact they haven't "ALWAYS" required contributors to assign any rights.
Even if they have, assignment without consideration may be non-binding.

Also, I'm fairly sure Eric Young and Hudson haven't assigned copyright to them,
they're using the code in a commercial SSL library for $$$, after all.....

Comment Re:Not everyone is happy... (Score 2) 105

They need to make such an assumption if they want to make progress as some people may no longer be reachable

Regardless of what is convenient for the project, the DEFAULT Under copyright is ALL RIGHTS RESERVED.
The licensing for the contributions were not implicit.... OpenSSL contributions were made under a specific license

The license they put it under has a SPECIFIC statement Barring license changes:
* The licence and distribution terms for any publically available version or

  * derivative of this code cannot be changed. i.e. this code cannot simply be

  * copied and put under another distribution licence

  * [including the GNU Public Licence.]


Comment Re:Not everyone is happy... (Score 1) 105

So then encourage as many authors as possible to write a Reply:

I Do Not consent at this time to the license change regarding my contribution Nor any derivative work, added, or modified versions thereof.
Derivative work includes all code added or to the project after my contributions which extended any functionality on
top of OpenSSL based on any derivative of my earlier code, Including any non-literal copying of design style, naming conventions, or other aesthetic and miscellaneous aspects of my work found in later contributions by other authors.

Comment Re:What was the old license model? (Score 4, Informative) 105

Basically two Extended 3-Part BSD licenses WITH Advertising Clause, therefore the Purists would
claim they are GPL-Incompatible, and GPL Software should not link with OpenSSL --- Although I do not
agree with that assessment. No issues linking to OpenSSL so long as you obey the terms of the OpenSSL license
in the binary distribution of OpenSSL, and the GPL in the terms of the distribution of the software linking to openssl.

Comment Re: Never saw that coming (Score 1) 249

The ones that don't do much extra by policy don't qualify to have their root certificate included in browsers.

What do you mean by that? You suggested EV certs mean the CA sends boots on the ground and verifies the presence of your offices, But they don't.

In reality, what it means Is they ask you a series of questions whose answers will be checked using databases containing information gathered from public records.

Because OV certificates are the category you mention above, there isn't much extra qualification involved.

The CAs are not allowed to put in a Company Name they have not verified. They're basically just the same as the EVs. You upload some scanned documents, and then answer some questions, and you'll get either type of cert really quick,
except the EV has an arbitrarily higher price tag.

Comment Re:Phishing is good (Score 1) 249

Let's say, you entered paypal in Google and miraculously the second link leads to

Wait.... Google lists a Fake website as Hit #2 in a search result, and people are ragging on LetsEncrypt? Clearly, the Search Engine is to blame here.

The way you safely access PayPal is DONT SEARCH FOR IT. you type into your Browser address bar, AND you check the typing carefully before pressing enter.

Also, if you typo'd the website name, your browser should show an error page. And if you've ever visited it should warn you that maybe you made a typo, before proceeding to access the different site.

Comment Re:Never saw that coming (Score 3) 249

Informational websites with no credentials do NOT need TLS, typically

Yes they do, if for no other reason than to protect visitors privacy against passive interception and tampering by their ISP.

Furthermore, websites such as Google search engine need TLS to avoid connections being hijacked by a malicious party and then used to phish attack against other properties

Comment Re: Never saw that coming (Score 2) 249

A CA issuing an EV cert IS expected to have "boots on the ground" physically verifying that the cert's applicant is who they say they are, has an office where they say they do, etc.

EV pretty much just means they paid extra, and the buyer is a company. Depending on which CA, there won't be much extra verification.

Also, there's another type of cert you didn't mention which are Organization-Verified Non-EV Certificates. For example: Amazon.Com has one, The certificate lists the company name "Amazon" as the company name on the cert instead of just a blank or "Domain Owner Verified" in the company name.

Although, for some reason Chrome does not show the company name on Organization-Verified certificates.

Comment Re:Never saw that coming (Score 1) 249

If the identity of the endpoint can't be verified, exactly how is it that MITM is prevented?

The purpose of these CAs is to Verify the Identity of the Domain Name for the purpose of establishing TLS connections. They verify DNS domain name Identity, Not Organizational Identity.

I.e. They verify the person who controls the Hostname authorizes the certificate, Not that the Hostname is owned by the company name and end user speculates the DNS domain name belongs to.

Comment Re:Not all wrecks can be avoided (Score 0) 226

It is at best a Crapshoot that in theory the accident might have been avoidable.

"FAILURE TO YIELD" Accidents. Are almost always unavoidable by the party not at fault.
They usually involve a car behind you plowing into your rear, because you stopped properly at a traffic light.

Until shown otherwise, Not at Fault means Not at Fault, the Uber did not cause the accident, and the AI is not responsible for it, period.

I don't believe the collision should turn up the temperature on the "Debate" about SDCs at all.

Comment Re:What videos exactly? (Score 1) 290

Perhaps also an effort to encourage Google to come back and offer these advertisers some discounted rates?

Chances are Google won't need to. I would bet that other companies will continue to buy those ad slots, regardless of what Walmart may do, now it may be true that the winning bids for those ads will be lower as a result of less competition from Walmart, etc, But this is all at Walmart's loss.

Slashdot Top Deals

Make sure your code does nothing gracefully.