The open-audit link seems to be to a piece of software that is unrelated to the text of the summary. Rather than being anything related to people willing to help audit software, it's actually a tool for auditing your network.

In addition, whilst it does seem to be GPL, you need to provide a name, and email to download it.

> Crypto is about math, not programming

The theory of crypto sure, but actually implementing it is much more about programming rather than about math. Most of the attacks on crypto implementations are side channel attacks not attacks on the basic maths that underlies the primitives. The implementation is much harder than the maths.

It seems to a be common belief that morality is only possible when there is a religious basis for it, do you think it's possible to separate the two concepts in the mind of an audience, and if so how?

Perhaps some Nicholas Fisk would fit - I really enjoyed the StarStormers books and Trillions when I was a child. I also loved the older scifi like Jules Verne.

http://en.wikipedia.org/wiki/Nicholas_Fisk

tar cf - somedir | ssh remote@remotehost 'tar xf -'

A nice way to get things moved around. a similar trick is:

tar cf - somedir | (cd /a/local/path; tar xf - )

Which lets you copy things around a local file system.

That's true, though openssl has had the ability to add empty fragments to avoid the chosen plain text attack I suspect you're referring to for many years. What's strange is that the chosen solution (polarSSL) doesn't seem to have support for OCSP which is the main way to quickly revoke bad keys - particularly important in the light of the recent diginotar breach.

Really? I've worked with the bindings perl, python and Java, and also worked on bindings to a couple of different javascript interpreters. The python one was by far the best documented. There are a bunch of tools around like swig that will give the same effect for C code for perl and python (or simple C++ code). For more complex C++ sip does a decent job for python, but doesn't support other languages.

I guess I'm wondering what the criteria you're using to make this statement are?

It's accountants that rain from the sky http://www.mcs.csueastbay.edu/~malek/Surrealism/magritte2.jpg

Would /you/ trust a bomb built by a humanities student?

It's difficult to say from the information provided, but it sounds like someone just rediscovered XML entity attacks (as I did a few years ago). Assuming it is the same thing, here are some references from 2002 and 2006 with more details:
http://www.securiteam.com/securitynews/6D0100A5PU.html
http://www.sift.com.au/assets/downloads/SIFT-XML-Port-Scanning-v1-00.pdf

I've used these attacks in real-world tests and they are still surprisingly effective - just not new.

> including styles, theming, remote access, config databases, scalability, and GUI scripting.

Styles - not unless you count colour schemes which were available on platforms like win3.1 already.
Theming - not at all
Remote Access - only the basics that X11 provided for it.
Config Databases - nothing beyond Xt resources which were a pretty much failed implementation from the start.
Scalability - don't make me laugh.
GUI Scripting - did you ever try tooltalk?

CDE was a poor implementation of existing ideas and brought nothing new to the table.