Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Submission + - OpenSSL to Undergo Security Audit, Gets Cash for 2 Developers

Trailrunner7 writes: Scarcely a month after announcing the formation of a group designed to help fund open source projects, the Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit Project.

The CII is backed by a who’s who of tech companies, including Google, Microsoft, IBM, the Linux Foundation, Facebook and Amazon, and the group added a number of new members this week, as well. Adobe, Bloomberg, HP Huawei and have joined the CII and will provide financial backing.

Now, the OCAP team, which includes Johns Hopkins professor and cryptographer Matthew Green, will have the money to fund an audit of OpenSSL, as well. OpenSSL took a major hit earlier this year with the revelation of the Heartbleed vulnerability, which sent the Internet into a panic, as the software runs on more than 60 percent of SSL-protected sites.

Comment Re: Burn the Climate Deniers (Score 2) 298

No, the poster was clearly asking to back a very specific assertion, namely that many scenarios have already been proven wrong, which is the claim that needs to be proven.

I also don't accept your claim that the claim must be bullet proof. The expected costs and values can be a combination of likelihood and significance of the effects. If the effects are dire enough and the likelihood not sufficiently remote then it becomes a bad value to not make those changes even accounting for the costs they incur.

Besides, a lot of the money being spent isn't just being thrown into a hole and buried, it'll have positive effects as well even if they don't completely offset the effects you're concerned about.

Comment Re:Wait What??? (Score 1) 612

In what sense is it crucial to lay out the steps to get to each assertion when summarizing the proof? Further, the specific item in question is probably one where if you didn't know it, you're probably not going to be able to delve into the details of the proof anyway, so it seems to me to be a perfect candidate for summarizing here. This article/proof isn't about the Uncertainty principle, its implications are just enabling concepts/steps so summarizing them out of the way seems like the only sensible choice here, right? If you can't summarize the steps used in the proof, what can you summarize?

Comment Re:1984 Cascade (Score 2) 186

Whether polygraphs work or not depends on what you want them to do. You may not be able to say for sure that a person is lying or not, but if you're using it as one tool in a suite to decide if someone is worthy of trust it can be effective. You may rule out some people that you could have trusted, but if you're ruling out people you shouldn't trust it's a good tool. You may trust some people you shouldn't still, but that's why it's not the only tool you use.

And I think they'll still get plenty of recruits because a) there are some people who think that helping the government is a worthwhile pursuit and b) if you have a special qualification in any job (e.g., hold a security clearance) you can generally make more money than someone who doesn't have that qualification.

Comment Re:This is misguided, at best (Score 2) 181

The people presenting are not professional presenters, they're researchers communicating their research. They should not be replaced because they're not great presenters, that's not what their job is. If a tool gets in the way more often than it helps, it should probably be removed. Further, this article suggests that it's the audience's fault at least in part since they consume a presentation differently when there's a PowerPoint presentation rather than a chalkboard talk. Should we also get a better audience?

Comment Re:Win 7 (Score 1) 860

Regarding linux, I think we can evaluate each of the platforms against their claims/goals (as I understand them at least) and avoid your suggested hypocrisy. Linux is often a platform where you combine tools. Billed as such getting the right tool to do what you want is expected and things that get in the way of doing what you want (like the outcry when Gnome 3 came out for example) are disparaged.

Windows, however, is trying to provide (and is charging a fair amount for) a slick, usable interface to your computer. If it fails at that, and you have to get other tools to work around that, then they are not delivering on their claims and should be decried for it.

Each evaluated on its own terms can have different expectations and not involve hypocrisy.

Comment Re:Win 7 (Score 1) 860

Ok, how about we say it's a horribly designed car then? I suppose it all depends on what you're looking to get out of the car, if you want a super car you probably are willing to sacrifice some aesthetics and usability for performance. If, however, you are designing a car for mass consumption and make it awkward for a lot of people to use then you've made a horrible car for your intended purpose. The rest of the engineering may be great, but if you fail at your goal, you've built something horrible for its intended purpose at the very least.

If your computer makes it harder to use the computer, as metro does for most of us it seems, you've made a horrible OS. That you can turn it off is a step toward redemption, but I've yet to be convinced over the last year of using it that windows 8 is as easy to use as XP or win 7 was.

Slashdot Top Deals

Money is better than poverty, if only for financial reasons.