Without FIPS certification system engineers won't be able to include BoringSSL in US-government facing applications, since doing so will disqualify them from procurement lists. Since US gov't is largest consumer of cryptographic products in the North American market, BoringSSL must certify or stay irrelevant.
Right, because Google is irrelevant.
It will be if it can't sell products to the US government.
The last one is the one I'd go with. Simple and straight forward - drop the P, and you lose the weird sexual double entendre while gaining a nice verbage: "that image is a bit big. take it to the gim" "run it through the gim" etc.
OSS seriously needs to be mindful of these things. There's some remote desk manager called "gigolo". Bravo to whoever named that - I can absolutely never install it on my kid's computers.
That description isn't very good for the bug: a specially crafted buffer overwrites Alice's data - what? I presume they mean that Bob could takeover Alice's connection, but the description isn't very good.
Moreover, it very much ignores an important issue: just because a bug is spotted, doesn't mean the fix is trivial. In security software the fix might very well open up a different vulnerability.
Debian's SSH flaw was exactly something like this - inappropriately commented weird looking code was removed to "improve" things. And it's exactly that sort of problem which I suspect LibreSSL is going run straight into at some point as well.
Unless there's been an actual source leak, there is no possible way anyone was looking the C++ code for Watch_Dogs to be able to get that screenshot. Which means they couldn't possibly see code comments.
Would NFC really be the answer here? I would think it would still be better to pick a more robust bar code format (QR codes would offer a nice phone-app tie in for customers) and supply better quality scanners? After all you can just print a barcode/QR code...
I've always been a little surprised there isn't more talk about "lost wax" style casting with PLA prints. Does it fundamentally not work, or are most 3D printer people just generally not involved with metal casting (which would be understandable, it's a whole extra level of dangerous and prep-work to do at home)?
Because like everything else once this fishing expedition points the finger back at bills and instruction which has Republican signatures from Congress on it as well they'll mysteriously lose interest in the problem.
It mystifies me how people can continue to make completely bullshit claims like this. You are the one not Congress who should be making sure that something like the IRS affair and subsequent destruction of evidence doesn't happen again.
Oh surprise surprise, this can't possibly be Congress's fault because that would imply the party with a majority there would somehow be responsible. Thanks for proving exactly my point.
I like the part where you ignored the issue that none of this happened "yesterday" and all happened many years ago for apparently legitimate reasons, which are what happen when you don't ever fund an agency to update it's hardware and hire more IT support.
You know I bet if someone asked, they could probably figure out the average rate of computer failures in the IRS and put a number on the estimate rate of lost email correspondence. Probably work all that up into some kind of report, maybe the kind that congress would then ignore like they've done at every juncture because despite a 7 to 1 return on dollars invested at the moment, nobody ever wants to increase funding to the IRS to prevent tax fraud.
So no, I'm not concerned. Because like everything else once this fishing expedition points the finger back at bills and instruction which has Republican signatures from Congress on it as well they'll mysteriously lose interest in the problem. Oh, what's that about cutting funding for embassy security? That was championed by who again?
You do realize Win XP has nothing to do with the lifetime durability of magnetic media right, and that any system the IRS has is going to be horrendously old because they pretty much never get funding to upgrade anything.
Well if you read any of the articles you'd note that what was missing in the original story was any email prior to 2011 due to the computer of the employee involved crashing in the summer of that year.
"The IRS was able to generate 24,000 Lerner emails from the 2009 to 2011 because Lerner had copied in other IRS employees. The agency said it pieced together the emails from the computers of 82 other IRS employees."
The IRS said in a statement that more than 250 IRS employees have been working to assist congressional investigations, spending nearly $10 million to produce more than 750,000 documents.
Overall, the IRS said it is producing a total of 67,000 emails to and from Lerner, covering the period from 2009 to 2013.
This is going to be "email of the gaps" because the Republicans are just desperate for a scandal they pin on Obama and gosh darnit Benghazi just isn't sticking!
Oh you know, except where the Republicans control congress, and this whole situation is a result of Congress failing to give clarifying instructions to the IRS about whether or not a certain group can be tax-exempt while engaging in political advocacy.
The IRS is obligated to collect taxes, and was ordered to determine if groups were engaged in political advocacy, but given no instruction on how it was to proceed about this.
And how do you? You have to look at their materials, determine if they look like they're engaged in it such that they would be excluded, and then make a decision. Only this is a hazy process, with - again -- no clearly defined metric. Filtering based on keywords (of which "tea party" was not the only one) is one way to deal with the issue since those groups are probably politically affiliated and there was a huge increase in applications since Obama was elected.
As it was, roughly equal numbers of conservative and progressive groups got stung by this, a situation created due to congress not properly defining the way it wanted law implemented (but demanding it be implemented) and also not increasing funding for the IRS to hire more assessors for these types of applications.
The Orwellian telescreen was coupled to a rather effective police state where it was considered normal for them to summarily torture and execute people.
Do you really think the problem in 1984 was the telescreens?
The people who talk about what could happen live in a very specific kind of fantasy. They perceive all threats as coming from the government, and capable of being defended by technical measures. They ignore political and social realities, and construct a world in which he with the best encryption will totally be passed over then the tyrants come for their first born.
The reality is closer to "any delivery man could one day decide to just steal your mail, and this is pretty likely to happen actually". But why don't they? In fact why doesn't anyone with some control over your life use that position to screw you over and take what they want? It's the question never pondered.
Julian Assange is wanted for questioning in regards to sexual assault.
Chelsea Manning forwarded classified documents en masse from an active warzone to an unknown foreign national.
Edward Snowden did the same.
None of these people are as innocent as you claim they are. You just liked some of the things they said and are happily turning a blind eye to the rest. And worse, you're doing it because they had good PR - nothing Edward Snowden revealed couldn't be reasonably inferred as happening beforehand, nor was expressly illegal due to the Patriot Act - a fact many people took issue with when that bill was created.
NASA has given the approval to communicate and control it, so there's a partnership there (and probably a lot of goodwill to, since NASA isn't doing this because they couldn't find the funding for the project).
It would be a diplomatic incident if China did it without seeking approval, but again, it's unlikely anyone would care if it wasn't active disruption.
You can't leave any type of storage media inactivated for that long and expect it to survive. The only "safe" storage is the type you constantly re-verify.
Slashdot Mirror
Please outline the evil Google has done.
You know, actual events, not your imagined slights because somewhere, somehow, they might someday do something.
Who in their right mind would have used Dropcam in their home to start with?
The news here certainly isn't Google buying it...
Without FIPS certification system engineers won't be able to include BoringSSL in US-government facing applications, since doing so will disqualify them from procurement lists. Since US gov't is largest consumer of cryptographic products in the North American market, BoringSSL must certify or stay irrelevant.
Right, because Google is irrelevant.
It will be if it can't sell products to the US government.
GNU Image Editor (GIE)
GNU Raster Editing And Touchup (GREAT)
GNU Image Manipulator (GIM)
The last one is the one I'd go with. Simple and straight forward - drop the P, and you lose the weird sexual double entendre while gaining a nice verbage: "that image is a bit big. take it to the gim" "run it through the gim" etc.
OSS seriously needs to be mindful of these things. There's some remote desk manager called "gigolo". Bravo to whoever named that - I can absolutely never install it on my kid's computers.
That description isn't very good for the bug: a specially crafted buffer overwrites Alice's data - what? I presume they mean that Bob could takeover Alice's connection, but the description isn't very good.
Moreover, it very much ignores an important issue: just because a bug is spotted, doesn't mean the fix is trivial. In security software the fix might very well open up a different vulnerability.
Debian's SSH flaw was exactly something like this - inappropriately commented weird looking code was removed to "improve" things. And it's exactly that sort of problem which I suspect LibreSSL is going run straight into at some point as well.
That screen shot is a fake.
Unless there's been an actual source leak, there is no possible way anyone was looking the C++ code for Watch_Dogs to be able to get that screenshot. Which means they couldn't possibly see code comments.
Would NFC really be the answer here? I would think it would still be better to pick a more robust bar code format (QR codes would offer a nice phone-app tie in for customers) and supply better quality scanners? After all you can just print a barcode/QR code...
When basic internet access becomes a government supplied service, then we can talk about forgetting about ubiquitous postal service.
It isn't, and no one is proposing to make it such when they talk about shutting down the USPS.
I've always been a little surprised there isn't more talk about "lost wax" style casting with PLA prints. Does it fundamentally not work, or are most 3D printer people just generally not involved with metal casting (which would be understandable, it's a whole extra level of dangerous and prep-work to do at home)?
Because like everything else once this fishing expedition points the finger back at bills and instruction which has Republican signatures from Congress on it as well they'll mysteriously lose interest in the problem.
It mystifies me how people can continue to make completely bullshit claims like this. You are the one not Congress who should be making sure that something like the IRS affair and subsequent destruction of evidence doesn't happen again.
Oh surprise surprise, this can't possibly be Congress's fault because that would imply the party with a majority there would somehow be responsible. Thanks for proving exactly my point.
You can disable depth of field with the new mods.
I like the part where you ignored the issue that none of this happened "yesterday" and all happened many years ago for apparently legitimate reasons, which are what happen when you don't ever fund an agency to update it's hardware and hire more IT support.
You know I bet if someone asked, they could probably figure out the average rate of computer failures in the IRS and put a number on the estimate rate of lost email correspondence. Probably work all that up into some kind of report, maybe the kind that congress would then ignore like they've done at every juncture because despite a 7 to 1 return on dollars invested at the moment, nobody ever wants to increase funding to the IRS to prevent tax fraud.
So no, I'm not concerned. Because like everything else once this fishing expedition points the finger back at bills and instruction which has Republican signatures from Congress on it as well they'll mysteriously lose interest in the problem. Oh, what's that about cutting funding for embassy security? That was championed by who again?
You do realize Win XP has nothing to do with the lifetime durability of magnetic media right, and that any system the IRS has is going to be horrendously old because they pretty much never get funding to upgrade anything.
Well if you read any of the articles you'd note that what was missing in the original story was any email prior to 2011 due to the computer of the employee involved crashing in the summer of that year.
"The IRS was able to generate 24,000 Lerner emails from the 2009 to 2011 because Lerner had copied in other IRS employees. The agency said it pieced together the emails from the computers of 82 other IRS employees."
The IRS said in a statement that more than 250 IRS employees have been working to assist congressional investigations, spending nearly $10 million to produce more than 750,000 documents.
Overall, the IRS said it is producing a total of 67,000 emails to and from Lerner, covering the period from 2009 to 2013.
This is going to be "email of the gaps" because the Republicans are just desperate for a scandal they pin on Obama and gosh darnit Benghazi just isn't sticking!
Oh you know, except where the Republicans control congress, and this whole situation is a result of Congress failing to give clarifying instructions to the IRS about whether or not a certain group can be tax-exempt while engaging in political advocacy.
The IRS is obligated to collect taxes, and was ordered to determine if groups were engaged in political advocacy, but given no instruction on how it was to proceed about this.
And how do you? You have to look at their materials, determine if they look like they're engaged in it such that they would be excluded, and then make a decision. Only this is a hazy process, with - again -- no clearly defined metric. Filtering based on keywords (of which "tea party" was not the only one) is one way to deal with the issue since those groups are probably politically affiliated and there was a huge increase in applications since Obama was elected.
As it was, roughly equal numbers of conservative and progressive groups got stung by this, a situation created due to congress not properly defining the way it wanted law implemented (but demanding it be implemented) and also not increasing funding for the IRS to hire more assessors for these types of applications.
The Orwellian telescreen was coupled to a rather effective police state where it was considered normal for them to summarily torture and execute people.
Do you really think the problem in 1984 was the telescreens?
You said they were punished for telling the truth.
That's not why they were punished.
You're not free to yell fire in a crowded theater.
The people who talk about what could happen live in a very specific kind of fantasy. They perceive all threats as coming from the government, and capable of being defended by technical measures. They ignore political and social realities, and construct a world in which he with the best encryption will totally be passed over then the tyrants come for their first born.
The reality is closer to "any delivery man could one day decide to just steal your mail, and this is pretty likely to happen actually". But why don't they? In fact why doesn't anyone with some control over your life use that position to screw you over and take what they want? It's the question never pondered.
Julian Assange is wanted for questioning in regards to sexual assault.
Chelsea Manning forwarded classified documents en masse from an active warzone to an unknown foreign national.
Edward Snowden did the same.
None of these people are as innocent as you claim they are. You just liked some of the things they said and are happily turning a blind eye to the rest. And worse, you're doing it because they had good PR - nothing Edward Snowden revealed couldn't be reasonably inferred as happening beforehand, nor was expressly illegal due to the Patriot Act - a fact many people took issue with when that bill was created.
Isn't unicode already variable-length integer-ish via the UTF-8 standard?
Surely we could implement a version which accommodate an effectively infinite number of character sets.
NASA has given the approval to communicate and control it, so there's a partnership there (and probably a lot of goodwill to, since NASA isn't doing this because they couldn't find the funding for the project).
It would be a diplomatic incident if China did it without seeking approval, but again, it's unlikely anyone would care if it wasn't active disruption.
10 years is an absurd timeframe.
You can't leave any type of storage media inactivated for that long and expect it to survive. The only "safe" storage is the type you constantly re-verify.
RAID-Z will absolutely detect and fix bit-rot.
RAID-Z is single disk parity redundancy aka RAID-5 (but using CoW to plug the write-hole).
A regular, single-disk ZFS device will detect but not be able to fix bit-rot, but that's not any type of RAID.
And again, which part of that seems like I'm saying it's not worth doing error recovery at all, given that I'm saying the exact opposite.