Companies and employers are used as Fourth Amendment bypass proxies ALL THE TIME. It's pretty ridiculous. If data is aggregated about me, I am the owner of that data, not the company, and if police want to see that data I should be given notice that they want to see it and the opportunity to argue my case against it.
Free as in freedom, not as in beer. This is the biggest problem with the use of the word "free" to explain it, which was one reason "open source" was coined. "Free" implies "no cost" to most people.
That's a very stupid criterion for making a funding choice. C language projects make the vast majority of other language projects exist. Every mainstream desktop operating system that currently exists is written in C, even Windows. Short of raw assembly language, there is no faster language in such wide usage that exists, and for something like encryption which is a notoriously CPU-intensive process, every ounce of power for running the computations is critical. Why, for example, do you think the reference implementation of Python is written in C?
One of which was the Intel 80386 processor, and which apparently has been a big maintenance thorn in everyone's side for a long time. While there are still plenty of 486 computers floating about out there, 386 and below machines seem to have long ago ended up in the trash.
That's something I came away with as well. Other than this programming error, "two full time developers" have maintained OpenSSL for years. Makes me wonder how many programmers SSH.com employs and how they perform relative to the OpenSSH "team."
Oh, OpenSSL desperately needs money, as well as programmers. The problem is that OpenSSL is not "fun" to work on and is something that largely sits in the background. Everyone knows what Firefox is because it's a big fancy graphical program that does nice things, but OpenSSL and GnuTLS and NSS are kind of obscure because they're just packages that add something to other programs. Libraries often suffer from lack of programmers and funding. It would probably help if there weren't so damned many SSL/TLS stacks out there though.
Ironically, special libraries like CyaSSL which more closely serve the embedded niche tend to draw far more interest than the extremely ubiquitous OpenSSL, probably because OpenSSL is absolutely huge by comparison and not necessarily suitable for the massive embedded systems market.
The author works for the actual SSH company that sells commercial SSH software. Though the points may largely be valid, a lot of the slant in the article is meant to tell people "this is what happens when you don't pay for software, so buy our commercial stuff today. Because it can't POSSIBLY suffer from the same kind of mistake, right? Right guys?...guys?"
SSH programmers make mistakes. The article writer has an agenda and it's quite obvious. There is no reason to assume SSH is of any better quality than OpenSSH. He even shoots his implication in the foot: "are you going to review two year old patches for errors? No, of course not." This is no different in paid software. If it gets missed during any sort of review, the hole remains. See the recent IE 0-day hole (which has only been around for over a decade) for proof that this is true.
If XP had not-crappy 64-bit support and SSD TRIM support, I'd take it over everything Microsoft made after it. On a traditional hard drive it still greatly outperforms Windows 7 on top of the same hardware.
Ford's Dealer Connect software requires Internet Explorer, as does Chrysler StarParts, so Ford and Chrysler dealers, for one. DIS software requires IE too. None of these applications are cheap or easily replaceable. If the computer in use is still running XP, it'll be running IE on XP. (This of course raises the question: why haven't you replaced those boxes if you're running a multi-million-dollar business?) I recently replaced ten XP boxes in a business that uses DIS. IE on XP will be with us for a while yet.
Social justice people consider "personal responsibility" a dirty word, a strong form of so-called "victim blaming." I never thought I would see the day that large groups of people would consider personal responsibility to be an evil immoral thing.
The final release before Winamp was officially "shut down" by AOL and subsequently purchased is 5.666 (note the three sixes, not two) and can be found here.
If you were a 90s Winamp kid and haven't downloaded the last version and hit "Nullsoft Winamp..." in the right-click menu, you should, and watch the credits roll to the end.
I'm listening to Winamp 5.666 right now. Winamp is still being actively developed. I strongly prefer it over things like iTunes and Amarok. The compact design that hails from the era of 800x600 being a common resolution is very nice, the playlist is very compact yet the font size is configurable and the list is resizable, and if I want to listen to anything I know, I just hit "j" and start typing. The only things that are remotely as good are clones of Winamp. Ugly full-screen grey-white music players with tons of space between screen elements are garbage as far as I am concerned.
Nothing ever truly competed with Winamp. It has a great and DISCOVERABLE interface with heaps of easy-to-find hotkeys. Winamp is like the Windows XP of music players; Amarok and iTunes and everything else like that is the Windows 8.0 of music players: crap interfaces, slow to get around, takes up way too much space, and hotkeys aren't discoverable enough. They might as well be RealPlayer from 1998.
There aren't many high-speed peripheral connection formats that don't have a bunch of ridiculous plugs once they're sufficiently popular. USB has tons of plugs because it wasn't made with devices like thin smartphones in mind and thin phones would look extremely stupid with a huge USB B-type connector on the bottom. Thunderbolt doesn't have this problem because no one beyond small niches uses it but Apple. If I don't own Apple products or need to connect niche hardware meant to only work with Apple computers, Thunderbolt is absolute garbage to me and I'd rather have a USB 3.0 connector.
The biggest enemy of a better way is an existing one that is good enough. I wish I remembered where that quote I paraphrased came from.
People also don't seem to remember that background checks don't catch high-risk people, particularly the ones that have never been caught or are risky due to behavior and attitude rather than past actions. They deny jobs to people who have strong incentives to walk the straight and narrow path while giving management a false sense of security about the big red unknowns. They way they are used assumes past transgressions (even if only a single one exists) are a guaranteed predictor of future actions, which would only be true if humans never, ever changed and learned and grew.
The thief with a squeaky clean record is a bigger danger than the guy with one trial for larceny; "squeaky" looks like he's a model employee, while "tainted" faces much harsher punishment if convicted of another crime plus the destruction of the rebuilt life he's working on, which is hard enough because even renting a house in the middle of nowhere tends to require "background checks" that ultimately deny him basic needs such as housing. Inability to rebuild a stable life opens the door to commission of crime, in many cases just to survive. Sadly, America has a punishment and revenge fetish, and until that changes there will be nothing done to solve these problems.
Slashdot Mirror
Companies and employers are used as Fourth Amendment bypass proxies ALL THE TIME. It's pretty ridiculous. If data is aggregated about me, I am the owner of that data, not the company, and if police want to see that data I should be given notice that they want to see it and the opportunity to argue my case against it.
Free as in freedom, not as in beer. This is the biggest problem with the use of the word "free" to explain it, which was one reason "open source" was coined. "Free" implies "no cost" to most people.
That's a very stupid criterion for making a funding choice. C language projects make the vast majority of other language projects exist. Every mainstream desktop operating system that currently exists is written in C, even Windows. Short of raw assembly language, there is no faster language in such wide usage that exists, and for something like encryption which is a notoriously CPU-intensive process, every ounce of power for running the computations is critical. Why, for example, do you think the reference implementation of Python is written in C?
One of which was the Intel 80386 processor, and which apparently has been a big maintenance thorn in everyone's side for a long time. While there are still plenty of 486 computers floating about out there, 386 and below machines seem to have long ago ended up in the trash.
Wait. There's CONTENT on SLASHDOT?! D:
That's something I came away with as well. Other than this programming error, "two full time developers" have maintained OpenSSL for years. Makes me wonder how many programmers SSH.com employs and how they perform relative to the OpenSSH "team."
As a programmer who uses git daily, your use of the word "git" in this sentence has proven amusing. They should add a "git donate" command...
OpenSSH relies on OpenSSL, so OpenSSH is only partially audited if OpenSSL isn't also being examined.
Oh, OpenSSL desperately needs money, as well as programmers. The problem is that OpenSSL is not "fun" to work on and is something that largely sits in the background. Everyone knows what Firefox is because it's a big fancy graphical program that does nice things, but OpenSSL and GnuTLS and NSS are kind of obscure because they're just packages that add something to other programs. Libraries often suffer from lack of programmers and funding. It would probably help if there weren't so damned many SSL/TLS stacks out there though.
Ironically, special libraries like CyaSSL which more closely serve the embedded niche tend to draw far more interest than the extremely ubiquitous OpenSSL, probably because OpenSSL is absolutely huge by comparison and not necessarily suitable for the massive embedded systems market.
The author works for the actual SSH company that sells commercial SSH software. Though the points may largely be valid, a lot of the slant in the article is meant to tell people "this is what happens when you don't pay for software, so buy our commercial stuff today. Because it can't POSSIBLY suffer from the same kind of mistake, right? Right guys? ...guys?"
SSH programmers make mistakes. The article writer has an agenda and it's quite obvious. There is no reason to assume SSH is of any better quality than OpenSSH. He even shoots his implication in the foot: "are you going to review two year old patches for errors? No, of course not." This is no different in paid software. If it gets missed during any sort of review, the hole remains. See the recent IE 0-day hole (which has only been around for over a decade) for proof that this is true.
If XP had not-crappy 64-bit support and SSD TRIM support, I'd take it over everything Microsoft made after it. On a traditional hard drive it still greatly outperforms Windows 7 on top of the same hardware.
Ford's Dealer Connect software requires Internet Explorer, as does Chrysler StarParts, so Ford and Chrysler dealers, for one. DIS software requires IE too. None of these applications are cheap or easily replaceable. If the computer in use is still running XP, it'll be running IE on XP. (This of course raises the question: why haven't you replaced those boxes if you're running a multi-million-dollar business?) I recently replaced ten XP boxes in a business that uses DIS. IE on XP will be with us for a while yet.
2008 before R2 is based on Vista. 2003 is based on XP.
Not fixing things fast enough, kids: http://pastebin.com/qPxR9BRv
Peter Gibbons, is that you?
Social justice people consider "personal responsibility" a dirty word, a strong form of so-called "victim blaming." I never thought I would see the day that large groups of people would consider personal responsibility to be an evil immoral thing.
I just wanted to say that I love your /. user name. A little jealous over not thinking of it myself.
You're far more likely to be an unemployed former IT worker in your 20s now, regardless of race.
The final release before Winamp was officially "shut down" by AOL and subsequently purchased is 5.666 (note the three sixes, not two) and can be found here.
If you were a 90s Winamp kid and haven't downloaded the last version and hit "Nullsoft Winamp..." in the right-click menu, you should, and watch the credits roll to the end.
I'm listening to Winamp 5.666 right now. Winamp is still being actively developed. I strongly prefer it over things like iTunes and Amarok. The compact design that hails from the era of 800x600 being a common resolution is very nice, the playlist is very compact yet the font size is configurable and the list is resizable, and if I want to listen to anything I know, I just hit "j" and start typing. The only things that are remotely as good are clones of Winamp. Ugly full-screen grey-white music players with tons of space between screen elements are garbage as far as I am concerned.
Nothing ever truly competed with Winamp. It has a great and DISCOVERABLE interface with heaps of easy-to-find hotkeys. Winamp is like the Windows XP of music players; Amarok and iTunes and everything else like that is the Windows 8.0 of music players: crap interfaces, slow to get around, takes up way too much space, and hotkeys aren't discoverable enough. They might as well be RealPlayer from 1998.
BUFFERING *snicker*
There aren't many high-speed peripheral connection formats that don't have a bunch of ridiculous plugs once they're sufficiently popular. USB has tons of plugs because it wasn't made with devices like thin smartphones in mind and thin phones would look extremely stupid with a huge USB B-type connector on the bottom. Thunderbolt doesn't have this problem because no one beyond small niches uses it but Apple. If I don't own Apple products or need to connect niche hardware meant to only work with Apple computers, Thunderbolt is absolute garbage to me and I'd rather have a USB 3.0 connector.
The biggest enemy of a better way is an existing one that is good enough. I wish I remembered where that quote I paraphrased came from.
Someone please mod this up to +5 Funny. I lol'd.
I don't understand how ANYTHING should constitute wiretapping when there is no wire to tap.
People also don't seem to remember that background checks don't catch high-risk people, particularly the ones that have never been caught or are risky due to behavior and attitude rather than past actions. They deny jobs to people who have strong incentives to walk the straight and narrow path while giving management a false sense of security about the big red unknowns. They way they are used assumes past transgressions (even if only a single one exists) are a guaranteed predictor of future actions, which would only be true if humans never, ever changed and learned and grew.
The thief with a squeaky clean record is a bigger danger than the guy with one trial for larceny; "squeaky" looks like he's a model employee, while "tainted" faces much harsher punishment if convicted of another crime plus the destruction of the rebuilt life he's working on, which is hard enough because even renting a house in the middle of nowhere tends to require "background checks" that ultimately deny him basic needs such as housing. Inability to rebuild a stable life opens the door to commission of crime, in many cases just to survive. Sadly, America has a punishment and revenge fetish, and until that changes there will be nothing done to solve these problems.