Code Quality: Open Source vs. Proprietary
With all the noise about OpenSSL lately, running this Coverity test on it (and other security software like GNUTLS) and sharing the results seems like it would be a good thing...
Ask Slashdot: What Good Print Media Is Left?
Here in Australia, my experience is that the genuinely local newspapers (limited to specific suburbs or council areas and usually available for free every week) are great as a way of finding out whats going on in the local area. The normal daily newspapers are full of crap and not worth reading.
Slashdot Asks: How Do You Pay Your Taxes?
Here in Oz we dont have state income taxes or state returns to worry about and if you don't want to use an accountant or tax agent to do the return (because you have a simple return), you can just file it electronically with the free government-supplied etax app. (or as a paper form if you really want to)
How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?
How do we know that serious security flaws don't exist in the SSL implementations used by Microsoft or other proprietary vendors?
Obama Says He May Or May Not Let the NSA Exploit the Next Heartbleed
IMO the NSA should be split into 2 agencies.
One would be tasked with protecting the security of data, information, communications and networks of the United States government, its agencies and any entity deemed to be vital to national security. And this does include finding and fixing (or giving to vendors to fix) bugs in software being used by those entities it is tasked with protecting. And developing new protocols and algorithms and systems and hardware and software to protect the stuff it is tasked with protecting. And certifying software, hardware, algorithms, protocols and systems (developed in-house or externally) as being safe (or unsafe) for use in storing, manipulating, handling, transmitting or receiving the stuff it is tasked with protecting.
The other would be tasked with spying on threats to national security. Including monitoring communications, email, data, computers and software belonging to those threats. Yes that includes hacking into the computer of a bad guy who stole classified secrets or launched malware that compromised government systems.
This agency would have constraints placed on it so that it was only monitoring threats and not anyone else and so that it was not compromising global security in the course of carrying out its mission (e.g. it would be prohibited from trying to weaken the security of software/hardware/protocols/algorithms/etc in order to be able to spy on entities using those things)
Remember that when Truman created the NSA, a computer was a device that took up several rooms, there were only a handful in the entire world and only a small number of of people even knew what one was, let alone were able to use one. And the closest thing to digital communications networks were teleprinters. And the biggest threat to national security was a Soviet Tupolev Tu-95 bomber with a nuclear bomb underneath.
These days, computers are everywhere and being used for all sorts of things never imagined in the 50s. And the biggest threat to US national security is not a Russian bomber or missile but a terrorist with a suitcase bomb or hijacked airliner. Or a hacker from a foreign intelligence agency.
Why the IETF Isn't Working
FPGA vendors probably don't want to open up their specs and stuff because they are worried that opening up everything will give their competitors the secrets to what makes their FPGA "good".
Patents may come into it as well (I dont know how the patent situation is in the FPGA marketplace). And possibly a desire to stop people from being able to just buy the FPGAs at x amount per unit and force them to pay up for the toolchain too.
Private Keys Stolen Within Hours From Heartbleed OpenSSL Site
https://www.openssl.org/docs/a... suggests that OpenSSL (the official upstream version at least) does in fact support DHE and PFS without EC.
Private Keys Stolen Within Hours From Heartbleed OpenSSL Site
The problem with replacing HTTPS is that you will need to maintain regular HTTPS for all those clients that cant upgrade to a newer browser. (which exposes web sites to these threats) And you have to convince browser and web server vendors to support the new HTTPS replacement.
Google would probably do it (on desktop, ChromeOS, Android and its custom web/SSL server software) especially if it made it harder for the kind of man-in-the-middle-using-fake-certificates type attacks the NSA have been using (the ones that let the NSA serve up fake copies of popular web sites as a vector to infect other machines). Opera and others that use the Google rendering engine would probably use the Google support.
Mozilla would probably do it if you could convince them that its not just going to be bloat that never gets used.
Apache would probably support it via a mod_blah and if they dont, someone else would probably write one.
Other FOSS browsers and servers (those that do HTTPS) would probably support it if someone wrote good patches.
But good luck convincing commercial vendors like Microsoft and Apple to support a new protocol. And the Certificate Authorities would fight hard against anything that made them obsolete (which any new protocol really needs to do)
Ask Slashdot: Are You Apocalypse-Useful?
What might be useful would depend on how bad the catastrophe is. If its something like the TV show "Revolution" where electricity magically stops working, different people would be useful vs a situation where electricity is still available.
IRS Misses XP Deadline, Pays Microsoft Millions For Patches
I think the parent was referring to the IRS paying to make ReactOS a replacement for Windows and not Microsoft doing it.
Intel and SGI Test Full-Immersion Cooling For Servers
If you search for "computer immersion cooling" with Google it will throw up a bunch of people (and companies) doing PC systems totally immersed in mineral oil and things as a way to get even more power out of a system (even more than regular liquid cooling gets you)
Heartbleed OpenSSL Vulnerability: A Technical Remediation
If OpenSSL is (as quite a few people who know what they are talking about have claimed) poorly written and hard to maintain, why no-one has tried to come up with a simple, easy to evaluate solution.
Or is SSL/TLS really that hard to properly implement?
In-Flight Wi-Fi Provider Going Above and Beyond To Help Feds Spy
Last I checked, no international flights are using Gogo.
Fifty Years Ago IBM 'Bet the Company' On the 360 Series Mainframe
And if you get paid electronically via bank transfer, its a good bet that the machines at both your bank and your employers bank that handle the transactions are mainframes of some sort.
Australia May 'Pause' Trades To Tackle High-Frequency Trading
Just introduce a 0.001% tax on all transactions
(not just shares but other traded instruments like bonds and commodities).
Anyone buying shares or bonds or whatever to keep long term will see almost no impact from the tax. Even on a million dollar transaction, the tax would only be $1000 (so even big funds or corporate buy-outs or whatever wouldn't be affected by the tax). It would make high frequency trading (and day traders etc) unviable though.
Why No Executive Order To Stop NSA Metadata Collection?
If he issues an executive order to undo the spying, it is likely that those in congress who want the spying to stay will refuse to support Obama on other things he wants.
CryptoPhone Sales Jump To 100,000+, Even at $3500
There ARE phones out there that dont give the baseband processor and other hidden CPUs access to the main RAM. The Neo900 for example doesn't give the cellular radio module ANY access to the main ARM CPU or its RAM. In fact, design of Neo900 means that only the Linux software running on the main ARM CPU can touch the main RAM. And there is no reason you cant run 100% FOSS stack on that CPU.
So if your stuff is encrypted by software on the main CPU, any backdoors in the baseband or SIM or whatever have no way to compromise that.
Mystery MLB Team Moves To Supercomputing For Their Moneyball Analysis
Just be glad you yanks broke away from the motherland all those years ago otherwise you would probably be doing what us Aussies are doing and playing the one team sport on this earth MORE boring to watch than Baseball, Cricket.
UK Government Pays Microsoft £5.5M For Extended Support of Windows XP
If I had a dollar for every time I have heard of someone that has used a Microsoft product (Access included) for the wrong thing (or used the wrong Microsoft product) I would probably have enough money that I wouldn't need to work for such people anymore (to be fair, the last job I had was a job replacing an Access based system with a much better VB.NET/SQL Server system (my part was converting reports from Access to SQL Server Reporting Services)
NASA To Catalog and Release Source Code For Over 1,000 Projects
It would be very cool to see the source code for the Space Shuttle. Its retired now so releasing it shouldn't have any operational impacts on the shuttle itself and I doubt the Chinese or the North Koreans or the Iranians are interested in building their own shuttle (and certainly not one using a hardware architecture developed in the 1970s reverse engineered from a source code release)
jonwil hasn't submitted any stories.
jonwil has no journal entries.