Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Ask Slashdot: Cryptographers, Crowdfunding, and Cluelessness! 6

David Hook writes: About a month ago the producers of the Bouncy Castle Cryptography APIs, the Legion of the Bouncy Castle, became a fully fledged Australian Charity. There were a few motivations for this: it has allowed us to establish a legal entity that formally owns the code base, it has provided us with a more solid framework in which to manage the project (which is now in the process of heading past 500k lines of C# and Java, so it's getting a bit unwieldy!), and it has given us the ability to legally raise money to support work on the APIs. Armed with our new found legal permission, we decided we'd have a go at raising some funds to have a couple of things FIPS certified. It's proving to be a bit of an adventure!

While a lot of people have asked for FIPS over the years, we do realise, in the light of what's happened recently, thinking about FIPS might seem a bit odd. That said, NIST have announced they're trying to reform, and the reality is that FIPS or something like it will be with us for some time to come. While we'd like to say we hope the reform effort goes well, as organisations like NIST if able to do their jobs well are really really useful, we also figure that having Java and C# APIs which was are not only FIPS certified but publically verifiable would be a step in the right direction all round.

There are other issues we are trying to address with this as well, at the moment FIPS still represents a real barrier to organisations and developers trying to build applications which are to talk to Government and other organisations that require FIPS. There has been some success at crossing this barrier with OpenSSL's efforts but it is clear that a few more offerings in the area are really needed. Most of the users of Bouncy Castle would understand that even if FIPS is not required today, some application they're working on in the future may well require FIPS, or a certification related to it. On top of that, a lot of people have invested a lot of time in learning the BC APIs, and it would seem to be to everyone's benefit that they'd be able apply the same knowledge in a FIPS environment as well. From our point of view going through the process might improve our general QA and further ensure that our implementations really are spot on. Of course, we're still going to maintain our regular distributions, so for anyone using the APIs it'll be their decision to be FIPS compliant or not. We are not really interested in telling people what they can and cannot do — we are more an "opportunity creation" type of group.

So just over a week ago, coinciding with our 50th Java release, Charity registration in hand, we decided to launch our fundraiser. Since then we've had 7943 downloads of the various 1.50 artifacts from our main server, and an unknown number from the central maven repostory and our mirror, and we've raised $2,642.34 AUD and 0.004 Bitcoins. I won't mention everything else that's been downloaded as well, but I'm sure you get the idea. While I'd like to thank the people that have donated, it's clearly a bit of a slow start. Obviously we are a bit new at this, and clearly much better programmers than fund raisers!

So, I guess, my scoop is that we are doing a fundraiser, and despite our abilities in the API department and the widespread use of the APIs, we're clearly not doing it very well. It appears almost no one is aware of it! Anyone interested in donating can find the details on the Bouncy Castle website but I would also like to use this opportunity to get some feed back on the whole idea, and what concerns people might have about the changes to how we are now doing things at Bouncy Castle. Some people have suggested that it would be more appropriate for some larger IT companies to be donating, and while we'd certainly appreciate a grand gesture, for us having a broad base of donors is also an important way of maintaining our independence. Having said that, any suggestions about how we might proceed more effectively will also be most welcome and I will follow this track so I can respond to any questions people might have.

Comment Google trying to save face, except it won't work (Score 0, Troll) 197

This just reeks of desperation, just their way of trying to save face right before Apple kicks them off from the iPhone main screen. It doesn't matter, 99% of users won't even know about this app, they'll just go with Apple's Maps. Even if Google decides somehow magically to introduce turn by turn directions, it still won't matter. Google shot itself in the gut, and they know it. They could have at least kept feature parity with Android, but the fact that iOS Maps app was neglected for years only made Apple react more strongly. Now, Apple controls every main app on iOS (browser, music, maps, messaging). They control their destiny.

Slashdot Top Deals

On the Internet, nobody knows you're a dog. -- Cartoon caption