Slashdot Mirror

I'll give Dieharder a try when I get time. I added the results from the NIST tests to the repo in the mean time.

If it passes NIST and Diehard I'd expect it to pass Dieharder, but it's worth checking.

Try it sometime. It will fail Dieharder. Not because it's bad, but because perfect data will fail. The output from dieharder -l tells you that the OPSO, OQSO, DNA and SUMS tests are suspect or bad and indeed they fail often over good data. Also the default confidence limits mean you are likely to hit a suspect or fail regardless of the quality of the data.

The updated SP800-22rev1a tests are ok, but not if you use the NIST STS-2.1.2 software. The coefficients for the overlapping template matching test are simply wrong. You can buy my book to find the details when it's out next year, but for now, I've made a working implementation of the SP800-22 tests available at https://github.com/dj-on-githu... . This is the only implementation with the right coefficients.

There's also a tool to generate data of known quality to calibrate your tests. https://github.com/dj-on-githu...

There's also a re-implementation of ent for computing statistics over random data with better file handling than the original: https://github.com/dj-on-githu...

You're welcome.

I'll give Dieharder a try when I get time. I added the results from the NIST tests to the repo in the mean time.

If it passes NIST and Diehard I'd expect it to pass Dieharder, but it's worth checking.

Try it sometime. It will fail Dieharder. Not because it's bad, but because perfect data will fail. The output from dieharder -l tells you that the OPSO, OQSO, DNA and SUMS tests are suspect or bad and indeed they fail often over good data. Also the default confidence limits mean you are likely to hit a suspect or fail regardless of the quality of the data.

The updated SP800-22rev1a tests are ok, but not if you use the NIST STS-2.1.2 software. The coefficients for the overlapping template matching test are simply wrong. You can buy my book to find the details when it's out next year, but for now, I've made a working implementation of the SP800-22 tests available at https://github.com/dj-on-githu... . This is the only implementation with the right coefficients.

There's also a tool to generate data of known quality to calibrate your tests. https://github.com/dj-on-githu...

There's also a re-implementation of ent for computing statistics over random data with better file handling than the original: https://github.com/dj-on-githu...

You're welcome.

I'll give Dieharder a try when I get time. I added the results from the NIST tests to the repo in the mean time.

If it passes NIST and Diehard I'd expect it to pass Dieharder, but it's worth checking.

Try it sometime. It will fail Dieharder. Not because it's bad, but because perfect data will fail. The output from dieharder -l tells you that the OPSO, OQSO, DNA and SUMS tests are suspect or bad and indeed they fail often over good data. Also the default confidence limits mean you are likely to hit a suspect or fail regardless of the quality of the data.

The updated SP800-22rev1a tests are ok, but not if you use the NIST STS-2.1.2 software. The coefficients for the overlapping template matching test are simply wrong. You can buy my book to find the details when it's out next year, but for now, I've made a working implementation of the SP800-22 tests available at https://github.com/dj-on-githu... . This is the only implementation with the right coefficients.

There's also a tool to generate data of known quality to calibrate your tests. https://github.com/dj-on-githu...

There's also a re-implementation of ent for computing statistics over random data with better file handling than the original: https://github.com/dj-on-githu...

You're welcome.

The only thing interesting seems to be that they printed the circuit, thus making it suitable for use on flexible electronics. Hard to imagine an application where you would need a good RNG on a flexible circuit, but maybe one exists.

As it happens generating random numbers that pass the NIST tests isn't particularly difficult. Here's some code I wrote that passes all their tests, as well as Diehard and a few others I found: https://github.com/kuro68k/xrn...

Making a RNG from inverters is an old trick (shameless plug). So if there's any news here, it's making an inverter from nanotubes?

First Apple is moving to 64-bit for all iOS devices. Certainly there is some overhead maintaining both 32-bit and 64-bit frameworks.

The frameworks on the computer and compiled code are larger because of that, but the final version that goes out to the users device only includes the architecture they need it for.

Second, Apple seems to be phasing out Objective C in favor of Swift. As the article noted, Swift requires more space

The reason it requires more space is not so much the language itself, but that every app has to ship the Swift framework inside of it - when they reach ABI stability, it will mean you can use the Swift that is included in the system (just once per Swift version) instead of having to include it in the app. But it may be some time before that is complete, they are now talking about what Swift 5 will haveand it's working on one of two major aspects for ABI compatibility...

like I have been working towards?
http://web.archive.org/web/201...
"I feel open source tools for collaborative structured arguments, multiple perspective analysis, agent-based simulation, and so on, used together for making sense of what is going on in the world, are important to our democracy, security, and prosperity. Imagine if, instead of blog posts and comments on topics, we had searchable structured arguments about simulations and their results all with assumptions defined from different perspectives, where one could see at a glance how different subsets of the community felt about the progress or completeness of different arguments or action plans (somewhat like a debate flow diagram), where even a year of two later one could go back to an existing debate and expand on it with new ideas. As good as, say, Slashdot is, such a comprehensive open source sensemaking system would be to Slashdot as Slashdot is to a static webpage. It might help prevent so much rehashing the same old arguments because one could easily find and build on previous ones. ..."

My latest efforts along that line: https://github.com/pdfernhout/...

And I put together ideas here like using IBIS:
https://github.com/pdfernhout/...

Of course, there seems to be so much age discrimination at Google (including against people who can't easily relocate), not much point in me applying there in my 50s:
https://www.usatoday.com/story...
http://www.computerworld.com/a...

Of course, older software developers with families and community roots might help provide a moral conscience to the organization as well as provide examples to others about work/life balance -- which might be bad for Google's short-term bottom line...

Although such older people (of all genders) also might have helped Google think through better ways to do hiring long ago.

Also, I've made some previous comments I made about Google in 2008 that might be problematical in getting me hired there: :-)
http://www.pdfernhout.net/a-ra...
"So what is Google Headquarters in Mountain View, California but a little temporary space habitat bubble of happiness for regular employees, but floating on a sea of relative misery for everyone else planetwide who supports it? Can't we as a society or Google/Virgle as an aspiration do better that that? And even within that bubble are emerging issues. How long can a company expect to run on twenty-somethings without kids?
Google-ites and other financially obese people IMHO need to take a good look at the junk food capitalist propaganda they are eating and serving up to others, as in saying (even in jest): http://www.google.com/virgle/o... "we should profit from others' use of our innovations, and we should buy or lease others' intellectual property whenever it advances our own goals" -- even while running one of the biggest post-scarcity enterprises on Earth based on free-as-in-freedom software. :-(
Until then, it is up to us other "semi-evil ... quasi-evil ... not evil enough" hobbyists with smaller budgets to save the Asteroids and the Planets (including Earth) http://www.openvirgle.net/
from financially obese people and their unexamined

like I have been working towards?
http://web.archive.org/web/201...
"I feel open source tools for collaborative structured arguments, multiple perspective analysis, agent-based simulation, and so on, used together for making sense of what is going on in the world, are important to our democracy, security, and prosperity. Imagine if, instead of blog posts and comments on topics, we had searchable structured arguments about simulations and their results all with assumptions defined from different perspectives, where one could see at a glance how different subsets of the community felt about the progress or completeness of different arguments or action plans (somewhat like a debate flow diagram), where even a year of two later one could go back to an existing debate and expand on it with new ideas. As good as, say, Slashdot is, such a comprehensive open source sensemaking system would be to Slashdot as Slashdot is to a static webpage. It might help prevent so much rehashing the same old arguments because one could easily find and build on previous ones. ..."

My latest efforts along that line: https://github.com/pdfernhout/...

And I put together ideas here like using IBIS:
https://github.com/pdfernhout/...

Of course, there seems to be so much age discrimination at Google (including against people who can't easily relocate), not much point in me applying there in my 50s:
https://www.usatoday.com/story...
http://www.computerworld.com/a...

Of course, older software developers with families and community roots might help provide a moral conscience to the organization as well as provide examples to others about work/life balance -- which might be bad for Google's short-term bottom line...

Although such older people (of all genders) also might have helped Google think through better ways to do hiring long ago.

Also, I've made some previous comments I made about Google in 2008 that might be problematical in getting me hired there: :-)
http://www.pdfernhout.net/a-ra...
"So what is Google Headquarters in Mountain View, California but a little temporary space habitat bubble of happiness for regular employees, but floating on a sea of relative misery for everyone else planetwide who supports it? Can't we as a society or Google/Virgle as an aspiration do better that that? And even within that bubble are emerging issues. How long can a company expect to run on twenty-somethings without kids?
Google-ites and other financially obese people IMHO need to take a good look at the junk food capitalist propaganda they are eating and serving up to others, as in saying (even in jest): http://www.google.com/virgle/o... "we should profit from others' use of our innovations, and we should buy or lease others' intellectual property whenever it advances our own goals" -- even while running one of the biggest post-scarcity enterprises on Earth based on free-as-in-freedom software. :-(
Until then, it is up to us other "semi-evil ... quasi-evil ... not evil enough" hobbyists with smaller budgets to save the Asteroids and the Planets (including Earth) http://www.openvirgle.net/
from financially obese people and their unexamined

It's telling that a conservative was the author of the essay

And you base this on? ...Oh that's right, absolutely nothing, just like every other psuedo-fact you routinely post.

Linus Torvalds has said almost exactly the same thing as this guy, by the way.

"the most important part of open source is that people are allowed to do what they are good at" and "all that [diversity] stuff is just details and not really important."

https://arstechnica.com/inform...

Unless you want to argue that Linus is a conservative (lol). And because this issue is so important to you, then I encourage you to join the FSF:

Absolutely no coding experience is necessary: all code are equal in the eyes of the Feminist Software Foundation. There is no objective way to determine whether one person's code is better than another's. In light of this fact, all submitted code will be equally accepted. However, marginalized groups, such as wom*n and trans* will be given priority in order to make up for past discrimination. Simply submit a pull request for any submission, whether code, artwork, or even irrelevant bits — nothing is irrelevant in the grand struggle for a Truly Tolerant UNIX-ike Kernel!:

https://github.com/The-Feminis...

If the domain name isn't part of the [content of] requested page then it should require explicit permissions to access it.

You know, there's an extension for that: Request Policy.

Or you could use the all-in-one solution uMatrix. It gives the user control over cookies, css, images, media files, scripts, XHR, frames, and other requests, by domain. It allows for conveinent whitelisting, blacklisting, and greylisting of domains as well as resource types. It even comes with lists of known-to-be-hostile domains which are blacklisted by default.

This functionality should be included by in all browsers. It would be included too, if the browser vendors considered the "user-agent" to be an agent of the user, instead of the ad companies.

It annoys me that Microsoft, a company I want nothing to do with, put their Office apps on every Samsung phone, AND THOSE APPS PHONE HOME ALL THE TIME. I don't use their app, I don't want their app, Microsoft paid to put that crap on the phone with network, camera, microphone permissions.

If you don't use the app, there is actually a simple solution. Even though you can't remove preinstalled apps without rooting your phone, you are usually allowed to disable the apps, which prevents it from working and thereby from phoning home. Disabling intrusive preinstalled apps is the first thing I do when I get a new Android phone; check out the menu Settings -> Apps -> ... -> Disable. If you have installed any updates to the app, you may have to uninstall these before you can disable the app.

For stronger privacy controls, you might be interested in rooting your phone, in which case you can actually remove the app entirely, and also use stuff like XPrivacy.

He worked on the Aiki Framework. Check https://github.com/aikiframewo... - he's got over 500 commits in the history changing actual code. He was a real software developer.

I don't know what you're mouthing off about.

The gedit source is 50k lines, with another 40k lines of code for the plugins. That's a couple months of work if your feature set is already worked out.

The code is on GitHub, so a quick glance tells me that this is the only place where that error occurs: https://github.com/mozilla/sen...

So the browser must support the Web Cryptography API along with the modern GCM cipher for encrypting/decrypting the file. I don't see enforcing high-grade end-to-end cryptography as "marketing bullshit."

A lot of it is open source software anyway. I think the majority of the Phantom firmware has been hacked and is now on Github.

Thanks for the ideas/requirements. I too have 1000s of bookmarks. I might try to implement some of these ideas here: https://github.com/pdfernhout/...

The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Useful links:
The Intel ME subsystem can take over your machine, can't be audited
REcon 2014 - Intel Management Engine Secrets
Untrusting the CPU (33c3)
Towards (reasonably) trustworthy x86 laptops
30C3 To Protect And Infect - The militarization of the Internet
30c3: To Protect And Infect Part 2 - Mass Surveillance Tools & Software

1. Introduction, what is Intel ME

Short version, from Intel staff:

Re: What Intel CPUs lack Intel ME secondary processor?
Amy_Intel Feb 8, 2016 9:27 AM

The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional part in all current Intel chipsets, I even checked with the engineering department and they confirmed it.

Long version:

ME: Management Engine

The Intel Management Engine (ME) is a separate computing environment physically located in the MCH chip or PCH chip replacing ICH.

The ME consists of an individual processor core, code and data caches, a timer, and a secure internal bus to which additional devices are connected, including a cryptography engine, internal ROM and RAM, memory controllers, and a direct memory access (DMA) engine to access the host operating system's memory as well as to reserve a region of protected external memory to supplement the ME's limited internal RAM. The ME also has network access with its own MAC address through the Intel Gigabit Ethernet Controller integrated in the southbridge (ICH or

One reason does seem to be to convert. As per https://github.com/mozilla/send/blob/master/docs/metrics.md

Are non-Firefox users converted to Firefox users?

> Are you the dev? Also what happened to the toecdn.org site?

Yes I am. The site hasn't been updated since I've got no feedback for TOECDN. You can access the site at https://www.toecdn.org/

There is no site at http://www.toecdn.org/ if that was you were trying to use.

Right now I'm currently rewriting my authority dns server from scratch, which has the required functionality for TOECDN as Lua scripts.

These script can be found at https://github.com/fredan/fDns under lua/toecdn directory. However, I have not been updated that for almost a year now.

What the fuck happened to the C2 wiki? It used to be plain static-ish HTML. Worked in every browser.

Now it loads all its content via AJAX.

(Answering myself: apparently this: https://github.com/WardCunning... )

CAPTCHA: renovate

The vendors aren't leaving telnet ports open

A huge chunk of them are. There was a talk at defcon last week (titled "All Your Things Are Belong To Us") where they showed exploits for a couple dozen devices. A good number of them had ports open. The Mirai botnet spread through devices that not only had telnet open, but also had them connected to the internet (which is where your idea would be helpful). You can see the source code and a list of passwords used starting on line 124.

I've actually thought a lot about IoT security, as well as independence from service providers.

I had at some point started this but uh. Was ... diverted.

The idea was to have an IoT hub that acts as the gateway to your IoT device. An IoT device or client would connect to an IoT hub via some system (e.g. Bluetooth) that's not flat-out open (e.g. you have to push a button and confirm pairing). The IoT hub uses a self-signed TLS certificate and exchanges it with a newly-generated certificate on the device or client. Viola: identity.

It works with self-signed certificates because you have to be physically present to exchange them: you've verified face-to-face with the issuer, so the certificate is valid. Because of this trust, the IoT hub can sign extra certificates, acting as a CA.

The IoT hub can get itself an IPv6 Internet address. If so, it can exchange that address to your client (e.g. phone, Yubikey) or IoT device (which might now be in another building, communicating over the Internet to your hub!). Now your devices know how to talk to the hub, and can tell it their address if they so desire when they're somewhere off in another network or on the local LAN.

When your phone, computer, or anything else tries to talk to the IoT Hub, the HTTPS connection initiates over TLS using the exchanged keys: each device authenticates the other by validating certificates first. Your entire attack surface is the Kernel's network stack and facilities it uses; the code paths in the Web server that handle the request; and the code paths in your encryption library that validate e.g. Curve 25519 ECC (TLS 1.3 required). If you have an exploitable vulnerability and it's not in that set of code, then your IoT Hub and your IoT devices are patently unhackable, period.

Let's face it: You can't hack what you can't access. The surface I describe above is equivalent to the air gap when you unplug a network cable, except this air gap might be hackable. If you can't hack that air gap, you can't hack what's behind it.

That leaves you one big, important piece of security: key management. You have to keep those private keys on the client devices away from malicious actors (hackers, worms, trojans). Pass-through to a Yubikey U2F would be great, but ...tricky. The only way to use a hardware security key is to validate the certificate, then do a U2F validation, enlarging the attack surface. In theory, the client software could send a challenge to the Yubikey, get a response, and send a signed session key down the pipe encrypted with the IoT Hub's public key; but you can't use the Yubikey to decrypt something sent encrypted by the certificate, so it's a no-go.

This is actually app-to-app 2-factor if you're doing it by TLS exchange, then U2F: the app "knows" (permanently stores) its TLS key, and it "has" (is running on a machine physically capable of accessing) the Yubikey.

So, yeah. Unhackable IoT proxy, for some reasonable definition of "unhackable" (that being the reduction of probability of hackability by restricting the portion of running code in which vulnerabilities will enable a successful exploit).

The other part was to provide service, either in proxy or right on the IoT hub, packaged as Docker containers. You'd have to provide authentication per-app, validated by IoT device identity (i.e. your Nest Cams each have a separate key, and those keys identify them, and those devices are given access only to the Nest Cam service) or by Client identity (each client application would have a separate key) both at the front-end Web server and by the service itself. Services may be clients of each other.

So what have we got?

You can access your IoT devices through your own public IP, rather than bouncing through a cloud service.

You may be able to disconnect your IoT from the cloud. Google has a lot of stuff with the Ne

Hopefully

I think that sums up the basic problem with Flash. You're put in a position where you have to petition and hope. The Shumway git repository hasn't seen much activity for a couple of years.

The biggest problem with WSL is that the mount performance is unusable for every day web development.

There's been a pending issue on GitHub for a year at https://github.com/Microsoft/B....

The TL;DR is, a real world web application might be able to load and get updated in 5 seconds in development on native Linux (imagine a large Rails app with hundreds of assets), but the same exact app ran through WSL takes 32 seconds before you can see your changes. That's straight up unusable.

Personally, I just run VMWare in Unity mode. At the end of the day it lets me run graphical Linux apps with floating windows that feel and act as if they were running in Windows. The performance is excellent (it feels nearly identical to a native Linux experience with none of the WSL downsides). If anyone is interested, I put together a screencast and have a few screenshots showing how to do it at https://nickjanetakis.com/blog....

At no point did anyone suggest it wasn't a bug, nor did anyone suggest it shouldn't be fixed

Ah, you mean like this one?. You're sounding kinda muffled down there.

You have got to be fucking kidding me: systemd can't handle the process previlege that belongs to user name startswith number, such as 0day #6237

And what's worse is Pottering's complete lack of UNIX awareness.

Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create it in the first place. Note that not permitting numeric first characters is done on purpose: to avoid ambiguities between numeric UID and textual user names.

Somehow FreeBSD doesn't have an issue:

[root@freenas2 ~]# adduser
Username: 0day
Full name: 0 Day
Uid (Leave empty for default):
Login group [0day]:
Login group is 0day. Invite 0day into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash git-shell netcli.sh ksh93 mksh zsh rzsh scponly nologin) [sh]: bash
Home directory [/home/0day]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: no
Username : 0day
Password :
Full Name : 0 Day
Uid : 8001
Class :
Groups : 0day
Home : /home/0day
Home Mode :
Shell : /usr/local/bin/bash
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (0day) to the user database.
Add another user? (yes/no): no
Goodbye!
[root@freenas2 ~]# su - 0day
[0day@freenas2 ~]$ id 0day
uid=8001(0day) gid=8001(0day) groups=8001(0day)

His failure to understand POSIX has shown up in the past as well: tmpfiles: R! /dir/.* destroys root #5644 with Pottering's amazing comment of:

I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?

It's not like you couldn't take 5 seconds to test that:

root@m6700:~# mkdir /foo
root@m6700:~# touch /foo/.test
root@m6700:~# mkdir /foo/.test2
root@m6700:~# ls -lah /foo/
total 12K
drwxr-xr-x 3 root root 4.0K Jul 29 14:04 .
drwxr-xr-x 25 root root 4.0K Jul 29 14:04 ..
-rw-r--r-- 1 root root 0 Jul 29 14:04 .test
drwxr-xr-x 2 root root 4.0K Jul 29 14:04 .test2
root@m6700:~# rm -rf /foo/.*
rm: refusing to remove '.' or '..' directory: skipping '/foo/.'
rm: refusing to remove '.' or '..' directory: skipping '/foo/..'
root@m6700:~# ls -lah /foo/
total 8.0K
drwxr-xr-x 2 root root 4.0K Jul 29 14:04 .
drwxr-xr-x 25 root root 4.0K Jul 29 14:04 ..

You have got to be fucking kidding me: systemd can't handle the process previlege that belongs to user name startswith number, such as 0day #6237

And what's worse is Pottering's complete lack of UNIX awareness.

Yes, as you found out "0day" is not a valid username. I wonder which tool permitted you to create it in the first place. Note that not permitting numeric first characters is done on purpose: to avoid ambiguities between numeric UID and textual user names.

Somehow FreeBSD doesn't have an issue:

[root@freenas2 ~]# adduser
Username: 0day
Full name: 0 Day
Uid (Leave empty for default):
Login group [0day]:
Login group is 0day. Invite 0day into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash git-shell netcli.sh ksh93 mksh zsh rzsh scponly nologin) [sh]: bash
Home directory [/home/0day]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: no
Username : 0day
Password :
Full Name : 0 Day
Uid : 8001
Class :
Groups : 0day
Home : /home/0day
Home Mode :
Shell : /usr/local/bin/bash
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (0day) to the user database.
Add another user? (yes/no): no
Goodbye!
[root@freenas2 ~]# su - 0day
[0day@freenas2 ~]$ id 0day
uid=8001(0day) gid=8001(0day) groups=8001(0day)

His failure to understand POSIX has shown up in the past as well: tmpfiles: R! /dir/.* destroys root #5644 with Pottering's amazing comment of:

I am not sure I'd consider this much of a problem. Yeah, it's a UNIX pitfall, but "rm -rf /foo/.*" will work the exact same way, no?

It's not like you couldn't take 5 seconds to test that:

root@m6700:~# mkdir /foo
root@m6700:~# touch /foo/.test
root@m6700:~# mkdir /foo/.test2
root@m6700:~# ls -lah /foo/
total 12K
drwxr-xr-x 3 root root 4.0K Jul 29 14:04 .
drwxr-xr-x 25 root root 4.0K Jul 29 14:04 ..
-rw-r--r-- 1 root root 0 Jul 29 14:04 .test
drwxr-xr-x 2 root root 4.0K Jul 29 14:04 .test2
root@m6700:~# rm -rf /foo/.*
rm: refusing to remove '.' or '..' directory: skipping '/foo/.'
rm: refusing to remove '.' or '..' directory: skipping '/foo/..'
root@m6700:~# ls -lah /foo/
total 8.0K
drwxr-xr-x 2 root root 4.0K Jul 29 14:04 .
drwxr-xr-x 25 root root 4.0K Jul 29 14:04 ..

But using C doesn't allow the SJWs to bikeshed over a buildbot being called a "master" or a "slave."

bad_style to be removed because it is "a rather rebuke-y shame-y annotation on code"
https://github.com/rust-lang/r...

"Reword 'stupid' and 'crazy' in docs."
https://github.com/rust-lang/r...

bad_style to be removed because it is "a rather rebuke-y shame-y annotation on code"
https://github.com/rust-lang/r...

"Reword 'stupid' and 'crazy' in docs."
https://github.com/rust-lang/r...

What I don't get is why the Rust community lacks diversity, despite them putting so much emphasis on supposedly supporting diversity.

Years ago, back when I was a Java developer, I would sometimes go to Java conferences. There would be men there. There would be women there. There were probably transsexuals there. There would be old adults and young adults. There would be people representing every possible skin color. There would be somebody from pretty much every major ethnicity. There would be practitioners of pretty much every major religion. There was true diversity, without anyone actually trying to impose it through Codes of Conducts and Moderation Teams and "initiatives" and "affirmative action".

Yet here we have Rust, with its invasive Code of Conduct, and the Rust Moderation Team to force it on the community, and all of its focus on "diversity" and "social justice". But when we look at the profile pictures of Rust's contributors, they appear to mostly be mid-20s white males (I'm assuming "steveklabnik" is a male).

Now don't get me wrong, there's nothing wrong with being a mid-20s white male programmer. This isn't about singling anyone out, or about claiming that some mythical "privilege" exists, or anything like that.

The issue here is that it appears that the more that the Rust community intentionally pushes for "diversity", the less of that we actually see. Instead of seeing a naturally diverse community form on its own, like pretty much every other programming language has, we've seen Rust's community become extremely homogeneous.

It's as if the Rust community's efforts to force diversity on their community has actually had the complete opposite effect! While trying to create the most diverse community, they've actually only managed to create the least diverse one I've ever seen!

In the time Slack has not a Linux client, I've created a similar client using qtwebkit for Linux: https://github.com/raelgc/scud.... It was a bit popular, then Slack released the official client, and I thought that my simple client was dead. For my surprise, it's still alive for all people complaining about resources.

Sure, still a web container running the web version with desktop integration, but at least is using directly a web engine, not an entire browser. The reason is because Slack has no messaging API at all.

Two downsides: Slack keep changing their JS all the time, so it's a cat and mouse game. And qtwebkit itself keep breaking small stuff, so, last month I got 2 major issues: Arch Linux got the newest qtwebkit version, and it was crashing with a dump, not even a python stack (fix was downgrade. Ubuntu 16.04 faced the opposite: Slack upgraded their CSS and qwebkit version included in Ubuntu 16.04 was no more properly rendering the CSS (I pointed people to a package that upgraded 16.04 webkit.

I contacted Slack at least 2 times offering helping on Linux as a volunteer, as their client is just a "compiled" JS and I told them I can: fix some issues, help testing and improve integration with major Linux desktops, but most of the times I have no answer or the traditional "we appreciate, but no".

Straight Guys React to Dick Pics

Creimer Reacts to Dick Pics

Who'd you outright sizzle w/ facts so badly?

The prick who posted dick pics with my info on Russian image websites. I'm turning that into a YouTube video project.

https://github.com/cdreimer/how_to_takedown_dick_pics_from_russian_image_websites

Oh, and I'd like to add:
Torrent Client: qBittorrent — easily the best GUI client for Ubuntu 16.04, in my experience. Last I checked, Transmission on 16.04 was buggy and would not properly resume torrents. qBittorrent is the most featured client I've tested and was very recently patched to support categories and tags (pull request).

Oh, and I'd like to add:
Torrent Client: qBittorrent — easily the best GUI client for Ubuntu 16.04, in my experience. Last I checked, Transmission on 16.04 was buggy and would not properly resume torrents. qBittorrent is the most featured client I've tested and was very recently patched to support categories and tags (pull request).

And your AC license has the same issue. If you build your business around such AC software, and AC does something nasty to you like pollute your water supply or infringe your patents, and you sue over that harm, you lose the right to use the AC software in your business. It is a Trojan Horse license in that sense. See.also my comments on this starting in 2015: https://github.com/Automattic/...

This is the issue on systemd's github. It actually notes that they are aware of this and downgraded support for libidn2 to experimental.

This issue isn't newsworthy. As others have noted in the comments, underscores are not supposed to be in hostnames (they can be in other DNS RRs) and is about a bug in an experimental feature in a release of systemd that is not in any stable distros. People running rolling distros using the latest versions of everything are going to experience bugs. That's not news.

It's getting more and more difficult to respect the anti-systemd arguments when issues this trivial make headlines. Add to this that many of the arguments raised against systemd are disingenuous or plain ignorant.

I have been using systemd-networkd and systemd-resolved on Debian 9 and so far I like it. It's easy and clear to configure, just like using systemd service units. The integration with systemd-nspawn is very handy. And it introduces new features such as domain name routing.

It's abundantly clear that systemd-resolved has quickly become a train wreck. It's inclusion in Ubuntu 16.10 was widely lamented and many folks have pointed out huge concerns for several different assumptions that it makes for fallbacks and erroneous configurations. That's not including the several different bugs that have plagued systemd-resolved thus far. Granted many of them are fixed but with the breakage what have we bought? Something that's a pretty basic task now requiring patch after patch. Additionally, what has this solved? Now we can make DNS configuration a bit easier to integrate across the board?

The bad rep that systemd especially resolved has obtained isn't just simply one where grey breads say "it's too different". It is one that time and time again, ignorant assumptions, bloated egos, and hasty code have led to a general distrust, especially when tools that have always worked are suddenly not working or worse still, become methods for exploits. I still think systemd is a vast improvement over the "ye olde init scripts", but while the idea is commendable, it's execution has been somewhat lack luster to put it mildly. There needs to be a serious "Come to Jesus" moment for the systemd team. You need to build trust if your going to build something that's rewriting the books. This is just another example of how that trust is being chipped away. Complexity of the task at hand aside, either the team is up to delivering or they are not. This ostinato where breakage just keeps happening needs a serious all hands or something to restore trust in the team guiding this project. Poettering, you are doing no favors to yourself nor your team by these stories. Deliver us from the hell of bad init if that's what you seek, but don't plunge us deeper into a different hell of your making and say that it's alright because you're the one who built it.

It's abundantly clear that systemd-resolved has quickly become a train wreck. It's inclusion in Ubuntu 16.10 was widely lamented and many folks have pointed out huge concerns for several different assumptions that it makes for fallbacks and erroneous configurations. That's not including the several different bugs that have plagued systemd-resolved thus far. Granted many of them are fixed but with the breakage what have we bought? Something that's a pretty basic task now requiring patch after patch. Additionally, what has this solved? Now we can make DNS configuration a bit easier to integrate across the board?

The bad rep that systemd especially resolved has obtained isn't just simply one where grey breads say "it's too different". It is one that time and time again, ignorant assumptions, bloated egos, and hasty code have led to a general distrust, especially when tools that have always worked are suddenly not working or worse still, become methods for exploits. I still think systemd is a vast improvement over the "ye olde init scripts", but while the idea is commendable, it's execution has been somewhat lack luster to put it mildly. There needs to be a serious "Come to Jesus" moment for the systemd team. You need to build trust if your going to build something that's rewriting the books. This is just another example of how that trust is being chipped away. Complexity of the task at hand aside, either the team is up to delivering or they are not. This ostinato where breakage just keeps happening needs a serious all hands or something to restore trust in the team guiding this project. Poettering, you are doing no favors to yourself nor your team by these stories. Deliver us from the hell of bad init if that's what you seek, but don't plunge us deeper into a different hell of your making and say that it's alright because you're the one who built it.

It's abundantly clear that systemd-resolved has quickly become a train wreck. It's inclusion in Ubuntu 16.10 was widely lamented and many folks have pointed out huge concerns for several different assumptions that it makes for fallbacks and erroneous configurations. That's not including the several different bugs that have plagued systemd-resolved thus far. Granted many of them are fixed but with the breakage what have we bought? Something that's a pretty basic task now requiring patch after patch. Additionally, what has this solved? Now we can make DNS configuration a bit easier to integrate across the board?

The bad rep that systemd especially resolved has obtained isn't just simply one where grey breads say "it's too different". It is one that time and time again, ignorant assumptions, bloated egos, and hasty code have led to a general distrust, especially when tools that have always worked are suddenly not working or worse still, become methods for exploits. I still think systemd is a vast improvement over the "ye olde init scripts", but while the idea is commendable, it's execution has been somewhat lack luster to put it mildly. There needs to be a serious "Come to Jesus" moment for the systemd team. You need to build trust if your going to build something that's rewriting the books. This is just another example of how that trust is being chipped away. Complexity of the task at hand aside, either the team is up to delivering or they are not. This ostinato where breakage just keeps happening needs a serious all hands or something to restore trust in the team guiding this project. Poettering, you are doing no favors to yourself nor your team by these stories. Deliver us from the hell of bad init if that's what you seek, but don't plunge us deeper into a different hell of your making and say that it's alright because you're the one who built it.

Plus it appears the code's been backed out: https://github.com/atom-minima...

It has been done: @mehcode is maintaining a clean fork with additional improvements and no Kite garbage: https://atom.io/packages/minim... https://github.com/mehcode/ato...

But what would you say about Firefox dropping sound support (PulseAudio might work on some machines, but not on any I own),

I'd wonder if it works with apulse, which seems like software well worth improving.

Because I keep seeing these pointless tirades, and I just don't get it.

I think nerd culture (computers) is being undermined by jock culture (locker rooms) in the US. Now that everyone uses computers at work (not just nerds anymore), the jocks are reasserting themselves in the workplace. All the sexual harassment nonsense at Uber comes from jocks.

My chief antagonist on Slashdot thinks he's better than me because makes $200K per year in IT (I don't), has a wife and children (I don't), owns a home (I don't), and vacations throughout Europe and Israel (I've been to Idaho), and that gives him the right to post dick pics my with name, email address, website URLS and/or an image of my head superimposed. I haven't heard from him since I recently announced on GitHub that I was making a YouTube video about taking down dick pics from Russian image websites (still a work in progress). Supposedly the Russian image websites were beyond my reach since I'm not fluent in the Cyrillic alphabet, but Google Chrome does an excellent job in translating Cyrillic into English and the Russian admins who have responded to my DMCA takedown notice emails have done so in English. A majority of those dick pic links on Slashdot are broken.

https://github.com/cdreimer/how_to_takedown_dick_pics_from_russian_image_websites

That BSD 3-clause license is not the problem, the problem is the PATENTS file alongside it. This is a one sided agreement - Facebook promises not to assert any patents it may hold over the ReactJS code against you for using the said opensource code, and in return you and all your company's subsidiaries and associated companies must promise not to assert any patents against Facebook for anything ever.

Quoting from this on the SJW community takeover formula:

I've actually been following that case pretty closely. It's interesting because the person that complained (CoralineAda) is also the originator for the code of conduct they eventually merged in (http://contributor-covenant.org/).
To me it very much looks like.

1) start shit over UNRELATED nothing
https://twitter.com/krainboltgreene/status/611569515315507200

2) step in with a solution
https://github.com/opal/opal/issues/942#issuecomment-113227261

3) strong arm & shame project into accepting you CoC
https://twitter.com/CoralineAda/status/611595849416577024
https://twitter.com/CoralineAda/status/611635597145305089

3a) call reinforcements
https://twitter.com/CoralineAda/status/611574385028149248
https://twitter.com/compay/status/611616476685041664

4) update CoC to include whatever you want
https://twitter.com/CoralineAda/status/611714757318549504

5) Boot anyone that disagrees with your opinion

What a shock, all the Drupal Code of Conduct authors are women. Remember when GitHub was about to adopt the TODO Group's Open Code of Conduct that enforces a whole lot of identity politics bullshit? Well, while the most blatantly hateful anti-white anti-male anti-normie items have been cleaned out of it, Drupal's using the current version of the same godforsaken thing. We've seen this formula play out time and time again with SJW infections. Drupal is an SJW infested project with SJWs running everything. Is it any surprise that development is tertiary to micro-aggressive oppression olympics squabbling and Tumblr feminist grade virtue signalling competitions?

No. No it's not. "Social justice" is antithetical to actual work. It is a cancer. Drupal needs some serious anti-feminazi chemo.

While we're remembering "retarded" hurtful word shit, let's also revisit the time GitHub blew away a project for using the word "retard." The GitHub code of conduct drama shitstorm is eye-opening reading while we're looking back at things.

I believe in the iDubbbz position on hurtful words and slurs: either all of it is okay or none of it is.

What a shock, all the Drupal Code of Conduct authors are women. Remember when GitHub was about to adopt the TODO Group's Open Code of Conduct that enforces a whole lot of identity politics bullshit? Well, while the most blatantly hateful anti-white anti-male anti-normie items have been cleaned out of it, Drupal's using the current version of the same godforsaken thing. We've seen this formula play out time and time again with SJW infections. Drupal is an SJW infested project with SJWs running everything. Is it any surprise that development is tertiary to micro-aggressive oppression olympics squabbling and Tumblr feminist grade virtue signalling competitions?

No. No it's not. "Social justice" is antithetical to actual work. It is a cancer. Drupal needs some serious anti-feminazi chemo.

While we're remembering "retarded" hurtful word shit, let's also revisit the time GitHub blew away a project for using the word "retard." The GitHub code of conduct drama shitstorm is eye-opening reading while we're looking back at things.

I believe in the iDubbbz position on hurtful words and slurs: either all of it is okay or none of it is.

I'm afraid I'm going to have to retract part of my note. The ReactJS license if fine: it was the patent encumbered RocksDB license, which that was the issue.

RocksDB has already corrected the issue on their end, their new license file is at https://github.com/facebook/ro.... It was corrected a week ago today.