Why bother with a security audit of the whole OpenSSL as-is, right here, right now, when the LibreSSL fork has been doing a lot of work
Presumably the audit was bid fixed-cost. Presumably these guys already built into the cost that they are going to build upon the work the LibreSSL team has done (it would be stupid not to).
LibreSSL is a great project, but they ripped out portability along the way. A fair argument can be made that it's easier to add portability back after all the crap is ripped out, but fixing OpenSSL and leaving portability intact is another valid strategy. That's far more work, but these guys were hired to do it (well,the first step of it) and somebody thinks it's valuable enough that they threw money at the problem.
There's plenty of appreciation to be spread around here for all the teams working to secure our communications.
Yep. And the unqualified claim that "it's not a 'working transmission'" is every bit as incorrect as the claim that "Man 3D Prints a Working 5-Speed Transmission For Toyota Engines."
The nice thing about human communication is that it doesn't need to be explicit and precise in every modicum of phrase. Context is plenty sufficient for normal humans. If somebody said "it's not a working transmission" on a story about "Man Prints a Working 5-Speed Transmission For Toyota Engines" it's absolutely qualified - by the context of the conversation to mean "it's not a working transmission for Toyota Engines".
Please don't try to destroy the effectiveness of communication by treating other humans like untrained neural nets. Work needs to be done on both ends of the conversation for maximum throughput.
Exactly this. I have done percussion, and the cowbell (you're right there) is similar but the hi-hat work is not the same at all. So even the percussion line is not even identical.
When you're learning percussion, you drill books of STANDARD PERCUSSION LINES! The rhythms are *standardized*. This is worse than copyrighting QuickSort!
Jesus, next time just copyright chord progressions and have a government judge kill off music once and for all! Guess what? All blocks of code flying by on a screen on a movie *look the same* to a non-programmer. But they're clearly not to an expert, which is all that actually matters.
First they came for the syncopation, but I did not care for I was not a drummer.
the supposed mineral riches are mostly high priced specialty materials and not the boring metals like iron and aluminum
Huh? The moon has gigatons of common metals and many of the areas are especially aluminum rich (and titanium to a lesser degree).
The idea is to refine those and launch them to a useful orbit for much less cost than trying to throw them out of Earth's gravity well. Whether that's Earth geosync or a LaGrange point, or something else, the challenges are along the lines of having enough utility stock (for doing the Bayer Process, e.g.) - there's plenty of sunlight to make the needed electricity.
The moon process will likely be different than the Earth process, in the end. For instance, all that oxygen that needs to be liberated from AL(2)0(3) can be stored for useful purposes. Even if at first you're storing the separated aluminum for future use, it might still be the best way to make oxygen for those fussy humans to breathe, if you look at the long-term cost/benefit. I seem to recall the University of AZ had a whole system worked out in the 90's and demonstrated using near-analogues to moon rock in big vacuum chamber. Undoubtedly a 2015 plan involves several generations of 3D printers that can eventually be used to print more moon base.
But, yeah, having a H3-H2 reactor would make it much more efficient, but solar or RTG will have to do in the short-term. It's quite the bootstrapping problem. Once you have a major factory complex up and running for safe habitation and flexible manufacturing, you're ready to set the AI's out building more structures night and day, and that's when you get polynomial expansion.
Barring government interference, I fully expect to see moon habitation visible from Earth in my lifetime (the NIMBYs will complain that it should be on the dark side).
Not really. Running Metasploit doesn't require any programming skills. Writing your own tools, on the other hand, would.
Yeah, pen testing, per se, can be scripted. It's what you do about it next that's usually part of the service.
The other day I found a security problem due to the way the linux and BSD kernels handle ARP in different circumstances, and the interaction there created an attack surface. If the guy doesn't know much about networks, he's going to have a hard time of getting into the nitty-gritty.
There are good reasons to invest the time into making a career switch. Being great at network security isn't just something that gets bolted on (though plenty of training outfits will throw you a cert if you pay them for a two week class).
His best option may well be to pass up the opportunity, if this isn't his passion.
I mean, the only security they seemed to be interested in was keeping the emails out of the hands of people with subpoenas, FOIA requests and such.
Plus, it's in her house, so she gets 4th Amendment protections as well, which is pretty smart.
But Qualsys's SSL scan grade is relevant to a server open to the public. Looking at the generated report, the main problem, in a situation where the client software is highly controllable and very likely hand-configured, is the lack of perfect-forward-secrecy ciphersuites. And that only helps prevent future attacks, not past ones (she's "retired" at the moment).
If somebody wanted to attack this system, attacking TLS would not be the way to do it - the configuration is good enough to make so many other vectors much cheaper attacks. I see the engineer used GoDaddy as the SSL vendor. This doesn't speak well for the budget of the project which has implications for the degree of configuration hardening that was done, which is especially crucial for a Windows machine.
hahaha, I did presentations at a conference this past weekend and shared the mini-DisplayPort to VGA adapter I have in my bag with lots of folks with all different hardware.
I'm using a high-spec Taiwanese laptop with Fedora and used this "failed" spec quite effectively.
The 8K display I have on my wishlist is definitely going to use _only_ DisplayPort.
You're a tax-generating asset that has received some amount of investment.
Imagine if you raised a calf and then at two years it decided to jump off a cliff when you needed a three-year-old steer to slaughter for market. You'd be miffed at that animal.
In a world where you're being farmed for a share of your productivity to be transferred to the farmer-class, you're speaking here as a very bad unit of livestock.
they were useful for breaking news in the actual tech industry
This. If you cared more about big transit than trends in cellphone style, Gigaom was worth having in your Google News feed. I'm not sure what the alternative is right now. Back in the day ComputerWorld (in print) used to carry this kind of stuff.
Hopefully the writers (what, the content doesn't auto-generate?) will find a home at other outlets.
If they weren't any good they would flop in the marketplace and not worth suing over, so I see this as a signal from Microsoft that Kyocera is making some good phones. Anybody here have specific models to recommend (preferably with CM11 on it)? Samsung has gone all nuts with no storage or battery options, so since I'm looking for a new vendor, might as well be one that's fighting a bully.
9 deaths in 9 years? Is that supposed to be shocking?
Most fraternities and sororities have no deaths in nine years. Rather than drinking too much beer, the SAE kids that I knew were nouveau-riche who preferred to party by snorting blow off Peruvian hookers.
Last I looked at the student newspaper, they were continuing in the same mould.
Alright everybody - if you think Firefox is better at everything, step over to this side of the line. If you think that Chrome is better at everything, step over to *this* side of the line. Yes sir? Yes, you. Opera? Listen - you just get the hell out of here, and leave your meal ticket on the table. Everybody else: being shouting!
If you play music, my code will go to crap, since I'm trying to do two things with the same set of neurons.
Some of the most amazing brain work is done by/dampening/ the neurons, not hyper-exciting them. For me, music distracts enough of them that the rest can stay focused on the code. aka "in the zone".
For some reason, instrumental is fine for me and talk radio is fine for me, but lyrical music does not work at all. Maybe I'm programming more in the 'song' region.
'Geek' is more the 'script kiddie' version of a nerd. Nerds know what a wire-wrap gun is, even if they're more into grinding lenses for homemade telescopes.
This is fairly well-trodden territory. Nerds are hard-core specialists, fascinated with particular topics. Math nerds, bio nerds, telescope lens nerds (sure, why not?), etc. It's possible to be a multiple-nerd, but Geeks are more obligatorily generalists and tend to be makers.
We support the government when it acts in the interest of the public, and oppose it when it acts against the interest of the public
Obligatory car analogy: Toyotas mostly get people around just fine. They had a problem with uncontrolled acceleration. It happened a few times with bad consequences. They were shady and tried to hide it but finally came clean. So people still drive Toyotas and the acceleration problems are fixed.
Now... imagine that there were at least three stories a day about people being killed by malfunctioning Toyotas and then we found out that Toyota was using its onboard electronics to record everything everybody who rides in them is saying, to be used against them in the future, and remotely detonating a few of them every few days. Most people still get from point A to point B, but still a bunch of people are getting killed because they own a Toyota.
We'd stop driving Toyotas and their resale value would fall to almost zero. It's good that we have Honda and Nissan and Tesla (et. al) to choose from, because we could quickly and relatively easily make that choice.
Now, what do you do when Toyota is the only car manufacturer and they're constantly running people into brick walls at high speed, and the frequency is increasing rapidly? Why should they even bother fixing the problems?
The first stage is suborbital, so that's not really an option.
Yes, you're right of course. I must've been thinking Dragon v2 rather than the first stage burnback. durr.
Still, fuel is currently only a couple percent of the total cost of a launch, so even if you had to double the amount used you'd still see negligible effect on the total launch cost.
Interesting - kerosene may well be cheaper than shipping a rocket across an ocean.
it's a fairly cost-efficient way to buy more time and make business.
It sure is, and the people making such decisions face no consequences for violating the license. Yeah, maybe the corporation will get slapped with a tiny fine that reflects some small percentage of the money saved by incorporating the GPL'ed library, but how is that really any disincentive? It's more of an inconvenience, or simply a cost that gets processed through the EMC legal department, and then only maybe.
The money being spent on the prosecution won't actually change much behavior - there might be better causes to donate your money too (especially if you don't believe in imaginary property) than funding this expedition to behead a hydra.
In the US, if the cops can convince a judge that they know the evidence is on your device (say, they saw you recording when a murder happened), then they can compel you to testify your knowledge of the crime.
If they want to go looking on your device for information to incriminate you, then that's compelling testimony against yourself, so it's forbidden.
The first case is, of course, subject to lying cops saying, "we saw kiddie porn on his screen when we broke in", which will happen (the way they plant drugs, shoot people and animals and lie about it, etc.). Then it's up to a non-corrupt judge to throw out such evidence based on the cops' lies. But if you're up to something illegal you have to weigh the contempt charge against the danger to yourself of disclosure, and if your password sucks or the judge and cops are corrupt, both.
Frustratingly, the USG claims that the rules for itself don't apply at the border - ostensibly it's operating outside the Law in those scenarios. What could SCOTUS really say about this? - they only judge the Law, not lawlessness.
People need to get over this notion that next year a car will drive itself and you'll sit in the back with a Martini and the paper. That probably wont happen in our lifetimes
It'll happen during the next decade. Bet against Dr. Moore at your own peril.
(granted, the government will lag 20 years behind the technology, so we'll still have drunk drivers killing people when the autopilots would have been safer)
gosh, it'd be rather un-aerodynamic without the nose-cone. I rather suspect they'll wait to deorbit until the timing is right for the desired landing zone.
Unless there's a crazy-orbit launch with no good rendezvous, in which case landing on a barge is still going to be much cheaper than building a new rocket by an order of magnitude. This is good enough reason to proceed with clearing the patent. That and spanking BO's deserving ass.
scientific computing. One of the weak points of OSX
I would have guessed that the high price per unit work for their proprietary hardware would be the limiting factor. Can't you hire for "free" a dedicated linux admin for the cost difference between clusters?
Or is there a specific advantage OSX is bringing to the table? XGrid is long dead, right?
Slashdot Mirror
Why bother with a security audit of the whole OpenSSL as-is, right here, right now, when the LibreSSL fork has been doing a lot of work
Presumably the audit was bid fixed-cost. Presumably these guys already built into the cost that they are going to build upon the work the LibreSSL team has done (it would be stupid not to).
LibreSSL is a great project, but they ripped out portability along the way. A fair argument can be made that it's easier to add portability back after all the crap is ripped out, but fixing OpenSSL and leaving portability intact is another valid strategy. That's far more work, but these guys were hired to do it (well,the first step of it) and somebody thinks it's valuable enough that they threw money at the problem.
There's plenty of appreciation to be spread around here for all the teams working to secure our communications.
Yep. And the unqualified claim that "it's not a 'working transmission'" is every bit as incorrect as the claim that "Man 3D Prints a Working 5-Speed Transmission For Toyota Engines."
The nice thing about human communication is that it doesn't need to be explicit and precise in every modicum of phrase. Context is plenty sufficient for normal humans. If somebody said "it's not a working transmission" on a story about "Man Prints a Working 5-Speed Transmission For Toyota Engines" it's absolutely qualified - by the context of the conversation to mean "it's not a working transmission for Toyota Engines".
Please don't try to destroy the effectiveness of communication by treating other humans like untrained neural nets. Work needs to be done on both ends of the conversation for maximum throughput.
Exactly this. I have done percussion, and the cowbell (you're right there) is similar but the hi-hat work is not the same at all. So even the percussion line is not even identical.
When you're learning percussion, you drill books of STANDARD PERCUSSION LINES! The rhythms are *standardized*. This is worse than copyrighting QuickSort!
Jesus, next time just copyright chord progressions and have a government judge kill off music once and for all! Guess what? All blocks of code flying by on a screen on a movie *look the same* to a non-programmer. But they're clearly not to an expert, which is all that actually matters.
the supposed mineral riches are mostly high priced specialty materials and not the boring metals like iron and aluminum
Huh? The moon has gigatons of common metals and many of the areas are especially aluminum rich (and titanium to a lesser degree).
The idea is to refine those and launch them to a useful orbit for much less cost than trying to throw them out of Earth's gravity well. Whether that's Earth geosync or a LaGrange point, or something else, the challenges are along the lines of having enough utility stock (for doing the Bayer Process, e.g.) - there's plenty of sunlight to make the needed electricity.
The moon process will likely be different than the Earth process, in the end. For instance, all that oxygen that needs to be liberated from AL(2)0(3) can be stored for useful purposes. Even if at first you're storing the separated aluminum for future use, it might still be the best way to make oxygen for those fussy humans to breathe, if you look at the long-term cost/benefit. I seem to recall the University of AZ had a whole system worked out in the 90's and demonstrated using near-analogues to moon rock in big vacuum chamber. Undoubtedly a 2015 plan involves several generations of 3D printers that can eventually be used to print more moon base.
But, yeah, having a H3-H2 reactor would make it much more efficient, but solar or RTG will have to do in the short-term. It's quite the bootstrapping problem. Once you have a major factory complex up and running for safe habitation and flexible manufacturing, you're ready to set the AI's out building more structures night and day, and that's when you get polynomial expansion.
Barring government interference, I fully expect to see moon habitation visible from Earth in my lifetime (the NIMBYs will complain that it should be on the dark side).
Not really. Running Metasploit doesn't require any programming skills. Writing your own tools, on the other hand, would.
Yeah, pen testing, per se, can be scripted. It's what you do about it next that's usually part of the service.
The other day I found a security problem due to the way the linux and BSD kernels handle ARP in different circumstances, and the interaction there created an attack surface. If the guy doesn't know much about networks, he's going to have a hard time of getting into the nitty-gritty.
There are good reasons to invest the time into making a career switch. Being great at network security isn't just something that gets bolted on (though plenty of training outfits will throw you a cert if you pay them for a two week class).
His best option may well be to pass up the opportunity, if this isn't his passion.
I mean, the only security they seemed to be interested in was keeping the emails out of the hands of people with subpoenas, FOIA requests and such.
Plus, it's in her house, so she gets 4th Amendment protections as well, which is pretty smart.
But Qualsys's SSL scan grade is relevant to a server open to the public. Looking at the generated report, the main problem, in a situation where the client software is highly controllable and very likely hand-configured, is the lack of perfect-forward-secrecy ciphersuites. And that only helps prevent future attacks, not past ones (she's "retired" at the moment).
If somebody wanted to attack this system, attacking TLS would not be the way to do it - the configuration is good enough to make so many other vectors much cheaper attacks. I see the engineer used GoDaddy as the SSL vendor. This doesn't speak well for the budget of the project which has implications for the degree of configuration hardening that was done, which is especially crucial for a Windows machine.
hahaha, I did presentations at a conference this past weekend and shared the mini-DisplayPort to VGA adapter I have in my bag with lots of folks with all different hardware.
I'm using a high-spec Taiwanese laptop with Fedora and used this "failed" spec quite effectively.
The 8K display I have on my wishlist is definitely going to use _only_ DisplayPort.
But I am not allowed to take my own life.
You're a tax-generating asset that has received some amount of investment.
Imagine if you raised a calf and then at two years it decided to jump off a cliff when you needed a three-year-old steer to slaughter for market. You'd be miffed at that animal.
In a world where you're being farmed for a share of your productivity to be transferred to the farmer-class, you're speaking here as a very bad unit of livestock.
people claiming you are impeding on their constitutional right to overthrow the government.
I really, really, wish I was exaggerating or kidding on this one.
I really wish you weren't wishing that. It shows you haven't read your history.
they were useful for breaking news in the actual tech industry
This. If you cared more about big transit than trends in cellphone style, Gigaom was worth having in your Google News feed. I'm not sure what the alternative is right now. Back in the day ComputerWorld (in print) used to carry this kind of stuff.
Hopefully the writers (what, the content doesn't auto-generate?) will find a home at other outlets.
If they weren't any good they would flop in the marketplace and not worth suing over, so I see this as a signal from Microsoft that Kyocera is making some good phones. Anybody here have specific models to recommend (preferably with CM11 on it)? Samsung has gone all nuts with no storage or battery options, so since I'm looking for a new vendor, might as well be one that's fighting a bully.
9 deaths in 9 years? Is that supposed to be shocking?
Most fraternities and sororities have no deaths in nine years. Rather than drinking too much beer, the SAE kids that I knew were nouveau-riche who preferred to party by snorting blow off Peruvian hookers.
Last I looked at the student newspaper, they were continuing in the same mould.
the precise, correct number of photos to take during a vacation is precisely the number you took on that awesome vacation you took decades ago
Beware the ego - it's a powerful confuser.
Alright everybody - if you think Firefox is better at everything, step over to this side of the line. If you think that Chrome is better at everything, step over to *this* side of the line. Yes sir? Yes, you. Opera? Listen - you just get the hell out of here, and leave your meal ticket on the table. Everybody else: being shouting!
If you play music, my code will go to crap, since I'm trying to do two things with the same set of neurons.
Some of the most amazing brain work is done by /dampening/ the neurons, not hyper-exciting them. For me, music distracts enough of them that the rest can stay focused on the code. aka "in the zone".
For some reason, instrumental is fine for me and talk radio is fine for me, but lyrical music does not work at all. Maybe I'm programming more in the 'song' region.
'Geek' is more the 'script kiddie' version of a nerd. Nerds know what a wire-wrap gun is, even if they're more into grinding lenses for homemade telescopes.
This is fairly well-trodden territory. Nerds are hard-core specialists, fascinated with particular topics. Math nerds, bio nerds, telescope lens nerds (sure, why not?), etc. It's possible to be a multiple-nerd, but Geeks are more obligatorily generalists and tend to be makers.
Prohibit them from carrying out a single transaction until they comply with Federal requirements.
You'd be less incensed if you read the summary. And you'd have fewer upmods if the moderators did too. Sheesh.
We support the government when it acts in the interest of the public, and oppose it when it acts against the interest of the public
Obligatory car analogy: Toyotas mostly get people around just fine. They had a problem with uncontrolled acceleration. It happened a few times with bad consequences. They were shady and tried to hide it but finally came clean. So people still drive Toyotas and the acceleration problems are fixed.
Now ... imagine that there were at least three stories a day about people being killed by malfunctioning Toyotas and then we found out that Toyota was using its onboard electronics to record everything everybody who rides in them is saying, to be used against them in the future, and remotely detonating a few of them every few days. Most people still get from point A to point B, but still a bunch of people are getting killed because they own a Toyota.
We'd stop driving Toyotas and their resale value would fall to almost zero. It's good that we have Honda and Nissan and Tesla (et. al) to choose from, because we could quickly and relatively easily make that choice.
Now, what do you do when Toyota is the only car manufacturer and they're constantly running people into brick walls at high speed, and the frequency is increasing rapidly? Why should they even bother fixing the problems?
The first stage is suborbital, so that's not really an option.
Yes, you're right of course. I must've been thinking Dragon v2 rather than the first stage burnback. durr.
Still, fuel is currently only a couple percent of the total cost of a launch, so even if you had to double the amount used you'd still see negligible effect on the total launch cost.
Interesting - kerosene may well be cheaper than shipping a rocket across an ocean.
it's a fairly cost-efficient way to buy more time and make business.
It sure is, and the people making such decisions face no consequences for violating the license. Yeah, maybe the corporation will get slapped with a tiny fine that reflects some small percentage of the money saved by incorporating the GPL'ed library, but how is that really any disincentive? It's more of an inconvenience, or simply a cost that gets processed through the EMC legal department, and then only maybe.
The money being spent on the prosecution won't actually change much behavior - there might be better causes to donate your money too (especially if you don't believe in imaginary property) than funding this expedition to behead a hydra.
In the US, if the cops can convince a judge that they know the evidence is on your device (say, they saw you recording when a murder happened), then they can compel you to testify your knowledge of the crime.
If they want to go looking on your device for information to incriminate you, then that's compelling testimony against yourself, so it's forbidden.
The first case is, of course, subject to lying cops saying, "we saw kiddie porn on his screen when we broke in", which will happen (the way they plant drugs, shoot people and animals and lie about it, etc.). Then it's up to a non-corrupt judge to throw out such evidence based on the cops' lies. But if you're up to something illegal you have to weigh the contempt charge against the danger to yourself of disclosure, and if your password sucks or the judge and cops are corrupt, both.
Frustratingly, the USG claims that the rules for itself don't apply at the border - ostensibly it's operating outside the Law in those scenarios. What could SCOTUS really say about this? - they only judge the Law, not lawlessness.
People need to get over this notion that next year a car will drive itself and you'll sit in the back with a Martini and the paper. That probably wont happen in our lifetimes
It'll happen during the next decade. Bet against Dr. Moore at your own peril.
(granted, the government will lag 20 years behind the technology, so we'll still have drunk drivers killing people when the autopilots would have been safer)
gosh, it'd be rather un-aerodynamic without the nose-cone. I rather suspect they'll wait to deorbit until the timing is right for the desired landing zone.
Unless there's a crazy-orbit launch with no good rendezvous, in which case landing on a barge is still going to be much cheaper than building a new rocket by an order of magnitude. This is good enough reason to proceed with clearing the patent. That and spanking BO's deserving ass.
Oh, but its people *vanished*. Like freaking David Copperfield.
They didn't die off or move or even, gosh, "left". *Poof* - probably beamed up to the Mayan God's mothership for slave labor.
scientific computing. One of the weak points of OSX
I would have guessed that the high price per unit work for their proprietary hardware would be the limiting factor. Can't you hire for "free" a dedicated linux admin for the cost difference between clusters?
Or is there a specific advantage OSX is bringing to the table? XGrid is long dead, right?