Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



OpenSSL: the New Face of Technology Monoculture

xxxJonBoyxxx What monoculture? (112 comments)

OK - here's a niche industry page listing about forty open source, commercial and cloud solutions that all have secured by SSL and their responsed to heartbleed:

Of these...maybe a third had OpenSSL...most of the rest used a Java stack, and many of the rest were on IIS or using MS crypto. Within my own company (about 1500 people and 20 web apps on a mix of platforms), heartbleed affected exactly 3 sites.

If you looked around other industries and saw >50% affected rates maybe I'd believe "monoculture"...but if you're talking the entire web dev world, OpenSSL is just one of the top options.

10 hours ago

iPad Fever Is Officially Cooling

xxxJonBoyxxx The real reason behind this: Jobs RIP (309 comments)

The real reason behind this? Jobs is dead. Yeah, it sucks, but no one could market tech like he could, and without that cheerleader out front, Apple has begun to look and behave like every other tablet-pusher on the planet.

10 hours ago

VK CEO Fired, Says Company Under Kremlin Control

xxxJonBoyxxx Don't Mess with April Fools (146 comments)

>> He appeared to announce his resignation from the company on April 1st, but later claimed that it was an April Fools' joke, and that he would remain onboard. In a statement issued Monday, however, VK said that Durov submitted a resignation letter on March 21st and never withdrew it within the mandatory one-month window. Because of that, Durov said, he will be "automatically relieved" of his position.

Politically, it's bad, but I do enjoy seeing someone's stupid April Fools stunt blow up in their face.

2 days ago

In the US, Rich Now Work Longer Hours Than the Poor

xxxJonBoyxxx Obamacare as a cause? (310 comments)

I have more than a few friends on the low end of the pay scale who've been pushed down below 30 hours a week by their employers so their employers stay clear of Obamacare insurance mandates. (e.g., http://www.theguardian.com/wor... ) It usually comes across as a double-whammy: now they have less money in their pockets, and they're still up a creek in terms of health insurance.

2 days ago

Not Just a Cleanup Any More: LibreSSL Project Announced

xxxJonBoyxxx Re:Or.. (349 comments)

PolarSSL doesn't have the same licensing model as OpenSSL, so it's not a drop-in replacement. (https://polarssl.org/how-to-get vs. http://www.openssl.org/source/...)

2 days ago

Heartbleed Pricetag To Top $500 Million?

xxxJonBoyxxx MySQL used to have a license like this... (80 comments)

In the 2000's (before Oracle), I negotiated a license with MySQL that allowed our company to bundle the software in my commercial app (for ease-of-install, especially demo time) even though someone could have downloaded and installed their own copy of MySQL for free. The OEM license cost something like $150-250/license (kept going up, of course).

3 days ago

Samsung's Position On Tizen May Hurt Developer Recruitment

xxxJonBoyxxx "too hard for developers" (sniff) (92 comments)

I don't understand the belly-aching. When I wrote code for Apple II machines, I had to know both BASIC and assembler. PC? Batch scripting, VB, C++, C#, SQL, InstallShield and still a little assembler. Web and mobile? Javascript, Java, Perl, PHP, Ruby, C#, ASP, Objective-C plus a few dozen "platforms", "frameworks" and what-not cobbled together with JSON, XML, CSS and various template and scripting syntaxes.

So, you have to learn three platforms to keep up with a line of devices? Boo hoo. Besides, an "app" should be something you can crap out in a month or two - these generally aren't monolithic platforms like Office - even the context-switching-disabled should be OK.

about a week ago

Heartbleed Sparks 'Responsible' Disclosure Debate

xxxJonBoyxxx Re:are we seriously blaming google (188 comments)

>> are we seriously blaming google and not NSA who found the bug 4 years ago when the bug was first introduced?

Yes. The NSA is the US gov's lead black hat. Google's an advertising company that depends on people trusting the Internet for information and commerce. I'd expect the NSA to hoard information to assist their black-hatting, and I'd expect Google to quickly share anything they know so security vulnerabilities can be patched and people don't lose faith in the Internet*.

* = (Seriously, when people have asked me what to do about Heartbleed, I've said "don't buy anything you don't need, and try to avoid paying any bills online or doing any online checking for a week or two - then change your password as soon as you sign on.")

about a week ago

Heartbleed Sparks 'Responsible' Disclosure Debate

xxxJonBoyxxx CISSP opinion: the patch proves Google f***ed up (188 comments)

>> Google notified OpenSSL about the bug on April 1 in the US – at least 11 days after discovering it.

"OK, maybe it was caught up in legal. Suits at large corporations can take a while."

>> Google would not reveal the exact date it found the bug, but logs show it created a patch on March 21,

"On second thought, if the geeks on the ground had the authority to patch and roll to production, then why the finger to the Open Source community, Google?"

about a week ago

RCMP Arrest Canadian Teen For Heartbleed Exploit

xxxJonBoyxxx "The Register has the story as well" (104 comments)

>> The Register has the story as well

Duh - the Register is where most of us read the story so we'll know what to write when the same news appears on SlashDot tomorrow.

about a week ago

Switching From Sitting To Standing At Your Desk

xxxJonBoyxxx Cynic (312 comments)

>> Advocates of sit-stand desks

Sorry, I read that as "vendors of sit-stand desks"

Seriously, does anyone still work at a tech job crappy enough where they care if you sit, stand or bounce around on a pregnancy ball all day?

about a week ago

The Best Parking Apps You've Never Heard Of and Why You Haven't

xxxJonBoyxxx tldr (163 comments)

can we all pitch in $5 a month and get this bennett guy his own blog? (and punt him the hell off slashdot?)

about two weeks ago

Mr. Schmidt Goes To Washington: A Look Inside Google's Lobbying Behemoth

xxxJonBoyxxx I doubt "no one knew" (128 comments)

>> What none of the attendees of the conference knew was that Google was pulling many of the strings behind the event

I doubt/hope that "no one knew." Conference agendas, like news stories, should always be read for brand-name frequency. (The brand name that appears most frequently or in the most positive manner is usually the one that hired the PR agency to plant the story in the first place. Same thing goes for a conference agenda.) What's the number one name on this conference agenda? Google.

So...if the academics attending the conference didn't guess it was Google sponsored...then they're probably not as bright as their titles suggest.

about two weeks ago

Google Chrome 34 Is Out: Responsive Images, Supervised Users

xxxJonBoyxxx Nah...TL:DR (115 comments)

A "responsive image" will load either a small or large version (or multiple versions) depending on the browsers's screen resolution. To do this, it makes an extra request to the server before requesting the appropriate image size.

(The referenced Opera article prattles on and on - Google's faster.)

about two weeks ago

Judge (Tech) Advice By Results

xxxJonBoyxxx TLDR? Exactly. (162 comments)

C'mon, with BUILD just behind us, how did this wall of text make it up here? (It's NOT a slow news day.)

about two weeks ago

Interview: Ask Bruce Perens What You Will

xxxJonBoyxxx Er...what's left in "open source" to talk about? (129 comments)

Having lived through the entire lifecycle of "open source," it seems like its place in development communities and businesses is well-established, with a mix of different licensing and deployment models for whatever anyone wants to do.

So...is there really anything interesting left in "open source" to talk about? (Software patents, maybe, but even that's picked up some case law.)

about three weeks ago

NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

xxxJonBoyxxx He pretty much agrees with you on page 12. (277 comments)

>> Sane people will stay with salting and stretching, ideally with scrypt() to neutralize GPUs.

"Key stretching is orthogonal to PolyPassHash and could be trivially used in conjunction."

Hell, just the bit about bcrypt, etc. using a unique hash per password would have stopped most of these "grab the file then crack the table" hacks; the current focus of developers should probably just be to replace anything still using unsalted (or common salt) MD5/SHA1/SHA256 schemes.

about three weeks ago

The Inside Story of Gmail On Its Tenth Anniversary

xxxJonBoyxxx WTF would you think we would enjoy an "audio ver"? (142 comments)

>> some readers may note that with this story we are slowly rolling out one we hope you enjoy -- an audio version of each Slashdot story.

Er...no thanks. There's a reason video tanked on this site too - your readership is too damn busy to wait for the talky-talk. So, we skim (and type) like crazy, and value text-heavy sites like Slashdot and Reddit. (OK, 15 seconds - time up - back to work!)

about three weeks ago

The Inside Story of Gmail On Its Tenth Anniversary

xxxJonBoyxxx TL;DR (142 comments)

Early use by a major company of Javascript consuming XML-based web services. Successfully leveraged Google's search engine. Design conflicted with the all-on-one-page "portal" paradigm of the time. Text ads instead of banner ads, and controversial because they were tied to the content of the messages. Original cluster was 300 servers.

about three weeks ago


xxxJonBoyxxx hasn't submitted any stories.


xxxJonBoyxxx has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account