The open-audit link seems to be to a piece of software that is unrelated to the text of the summary. Rather than being anything related to people willing to help audit software, it's actually a tool for auditing your network.
In addition, whilst it does seem to be GPL, you need to provide a name, and email to download it.
> Crypto is about math, not programming
The theory of crypto sure, but actually implementing it is much more about programming rather than about math. Most of the attacks on crypto implementations are side channel attacks not attacks on the basic maths that underlies the primitives. The implementation is much harder than the maths.
It seems to a be common belief that morality is only possible when there is a religious basis for it, do you think it's possible to separate the two concepts in the mind of an audience, and if so how?
Perhaps some Nicholas Fisk would fit - I really enjoyed the StarStormers books and Trillions when I was a child. I also loved the older scifi like Jules Verne.
tar cf - somedir | ssh remote@remotehost 'tar xf -'
A nice way to get things moved around. a similar trick is:
tar cf - somedir | (cd
Which lets you copy things around a local file system.
That's true, though openssl has had the ability to add empty fragments to avoid the chosen plain text attack I suspect you're referring to for many years. What's strange is that the chosen solution (polarSSL) doesn't seem to have support for OCSP which is the main way to quickly revoke bad keys - particularly important in the light of the recent diginotar breach.
Really? I've worked with the bindings perl, python and Java, and also worked on bindings to a couple of different javascript interpreters. The python one was by far the best documented. There are a bunch of tools around like swig that will give the same effect for C code for perl and python (or simple C++ code). For more complex C++ sip does a decent job for python, but doesn't support other languages.
I guess I'm wondering what the criteria you're using to make this statement are?
It's accountants that rain from the sky http://www.mcs.csueastbay.edu/~malek/Surrealism/magritte2.jpg
Would
It's difficult to say from the information provided, but it sounds like someone just rediscovered XML entity attacks (as I did a few years ago). Assuming it is the same thing, here are some references from 2002 and 2006 with more details:
http://www.securiteam.com/securitynews/6D0100A5PU.html
http://www.sift.com.au/assets/downloads/SIFT-XML-Port-Scanning-v1-00.pdf
I've used these attacks in real-world tests and they are still surprisingly effective - just not new.
> including styles, theming, remote access, config databases, scalability, and GUI scripting.
Styles - not unless you count colour schemes which were available on platforms like win3.1 already.
Theming - not at all
Remote Access - only the basics that X11 provided for it.
Config Databases - nothing beyond Xt resources which were a pretty much failed implementation from the start.
Scalability - don't make me laugh.
GUI Scripting - did you ever try tooltalk?
CDE was a poor implementation of existing ideas and brought nothing new to the table.
Ok, a plasmoid is generally a visualisation of a Data Engine. There can be many plasmoids for the same data engine (eg. this means that if we write 10 task bars then the back end code is all shared). Unlike an application a plasmoid doesn't have its own process, and simply responds to changes in the underlying data engine (because of various bits of wizardry this means that they will consume less battery power too btw). In a model-view design, you can consider a plasmoid to be a pure view. That said, many of the current plasmoids blur this by including model functionality - this is likely to become less prevelant as we determine what data engines we need.
The confusion of a staff member is measured by the length of his memos. -- New York Times, Jan. 20, 1981
