Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Just another reminder to use LibreSSL (Score 1) 64

This is not a fair comparison.

LibreSSL forked OpenSSL 1.0.1. Therefore LibreSSL would never have been vulnerable to issues that did not affect 1.0.1 - since those arose after the codebases split. A fairer comparison would be to compare issues that affected OpenSSL 1.0.1 with LibreSSL. You also should not include CVE-2015-0204 since that is just a reclassification of a previously fixed defect. Simillarly CVE-2015-0292 was a historic issue not in recent versions of OpenSSL so also should not be included. By the time you remove all of those you get down to one issue that affected OpenSSL but not LibreSSL:

DoS via reachable assert in SSLv2 servers (CVE-2015-0293) - Severity: Moderate

This issue also did not affect the current development version of OpenSSL only historic versions due to clean ups the OpenSSL team have been doing.

Comment A different perspective (Score 2) 97

First of full disclosure...I am a member of the OpenSSL development team.

I've read a lot of anti-OpenSSL comments here along with some fairly amusing conspiracy theories! Some criticism is fair but much is not in my view.

OpenSSL is a very different project to what it was a year ago. This time last year the development team was very small (6 people...not all of whom were active coders, most of whom were doing it in their spare time). Supporting the project was (and still is) a thankless task, and they did their best - but frankly the resources were not there to do the job properly. There is now a whole new team, built upon the original, running the project. We have gone from 6 people to 15 and brought on board a number of full timers. I know most of that team personally, and I can tell you that you couldn't hope to find a more dedicated and experienced team. There is a strong sense of responsibility, along with lots of plans in place for how to make things better.

A lot is said about the problems with OpenSSL. Let me tell you about some of its strengths. The library will run on practically anything from desktops, to high end servers, to embedded devices, to mainframes, to mobile phones. It is highly optimised and is *fast*. We are lucky enough to have Andy Polyakov on the team who brings an exceptional talent in performing those optimisations. Due to its position in the market place OpenSSL is probably the most studied security software product out there. That study has intensified since Heartbleed. During the last year there have been a number of security issues identified and fixed as a result of that intensified study. This is a *good* news story.

I am really excited about what the future holds for the project. We are busy working on 1.1.0, which brings with it a focus on reducing complexity. Improved documentation (which I've seen mentioned a number of times on this page) is also on our roadmap. I'm not complacent...I know there is a lot still to do...but I have a huge amount of confidence in the team that is now in place.

Submission + - Nintendo Ordered To Pay Royalties On Every 3DS Sold (

An anonymous reader writes: Nintendo must pay royalties on every 3DS sold to date, totalling more than $100 million and counting, following a court ruling that the company has infringed on patents relating to the handheld console's glasses-free 3D technology.

Submission + - Attempt to oust NSA from key standards group fails

An anonymous reader writes: The Crypto Forum Research Group (part of the IRTF) provides advice to the standards organization, IETF, on all things crypto. The co-chair of the group, Kevin Igoe, also happens to be an employee of the NSA. The recent Snowden revelations have caused significant disquiet in the crypto community, culminating in this request to remove Kevin Igoe from the co-chair position — stating that Kevin's NSA affiliation raises "unpleasant but unavoidable questions" regarding his actions. In a formal response, Lars Eggert (IRTF chair) has refused the request stating that the open processes of the IRTF and IETF are the safeguard against anyone attempting to subvert technical work.

Comment Re:Hello World! Computer Programming for Kids and (Score 1) 525

My son has used this book, and I can thoroughly recommend it. It leads the kid through programming by getting them to write various games in python - increasing in complexity throughout. When I was kid learning to program, writing games is what I first wanted to do. The book gets the tone just right, and I think my son has enjoyed working with it.

Comment Re:Don't like beer. (Score 1) 840

SNAP! Well almost snap. I don't like coffee (or tea), or smoking. I like beer, but turned teetotal 2.5 years ago for health reasons. Also don't do drugs (or religion, so being a mormon is definitely off).

Now, I'll just sit here by myself, reading slashdot and drinking my water. I'm enjoying myself dammit!!


The First Photograph of a Human 138

wiredog writes "The Atlantic has a brief piece on what is likely to be the first photograph (a daguerreotype) showing a human. From the article: 'In September, Krulwich posted a set of daguerreotypes taken by Charles Fontayne and William Porter in Cincinnati 162 years ago, on September 24, 1848. Krulwich was celebrating the work of the George Eastman House in association with the Public Library of Cincinnati and Hamilton County. Using visible-light microscopy, the George Eastman House scanned several plates depicting the Cincinnati Waterfront so that scholars could zoom in and study the never-before-seen details.'"

Ubuntu Replaces F-Spot With Shotwell 361

climenole writes "Finally! The much discussed F-Spot vs. Shotwell battle is over. The new default image organizer app for Ubuntu Maverick 10.10 is going to be Shotwell. This is a much-needed change; F-Spot was simply not enough. Most of the times when I tried F-Spot, it just keeps crashing on me. Shotwell on the other hand feels a lot more solid and is better integrated with the GNOME desktop. Shotwell is also completely devoid of Mono."

Deadline Scheduling Proposed For the Linux Kernel 113

c1oud writes "At the last Real-Time Linux Workshop, held in September in Dresden, there was a lot of discussion about the possibility of enhancing real-time capabilities of Linux by adding a new scheduling class to the Linux kernel. According to most kernel developers, this new scheduling class should be based on the Earliest Deadline First (EDF) real-time algorithm. The first draft of the scheduling class was called 'SCHED_EDF,' and it was proposed and discussed on the Linux Kernel Mailing List (LKML) just before the workshop. Recently, a second version of the scheduling class (called 'SCHED_DEADLINE,' to meet the request of some kernel developers) was proposed. Moreover, the code has been moved to a public git repository on Gitorius. The implementation is part of a FP7 European project called ACTORS, and financially supported by the European commission. More details are available."
First Person Shooters (Games)

Playing a First-Person Shooter Using Real Guns 225

Blake writes "A group called Waterloo Labs rigged up a few accelerometers to a large wall and projected a first-person shooter onto it. Using some math, they can triangulate the position of impacts on the wall, so naturally they found someone with a gun and bought a large case of ammunition. Even cooler, this group usually posts a 'how we did it' video a few weeks after a project's debut, including source code."

Japanese Researchers Create Skiing Robot 52

An anonymous reader writes "In a bid to better understand the art of an effective ski turn researchers have recently built a robot to simulate the exact movements of a skier. The team of researchers from Kanazawa University in Japan built the ski robot to investigate the existing movements of skier's turns and see if there is any room for improvement on current techniques."

Slashdot Top Deals

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell