Slashdot Mirror
Domain: github.com
Stories and comments across the archive that link to github.com.
Comments · 4,419
-
Actual License: https://github.com/facebook/react/
The actual license is at https://github.com/facebook/re... .
The license would seem reasonable on the face of it, but it is not a standard BSD or other well-established license. The third clause is Facebook specific. It's just the sort of customized and confusing additions that the Open Source Initiative and the Apache projects leadership try to avoid.
-
Re:As a content creator
Don't forget to send a DMCA takedown for
As a content creator, you must defend your copyrights or risk losing them.
-
Totally pointless
as Linux is already fully running on the PS4. Basically more or less everything is already reverse engineered,
-
Re:Recent experience with C
Chances are your C program would be easy to transform to C++, line for line
I wasn't implying that it would be difficult. It would become plainly slower. The idea is extremely simple: on one hand, you have virtually nothing; on the other hand, you have much more.
See, although you have had a quite acceptably-understanding attitude, I stopped seeing the exact point of this discussion a while ago. For a reason I don't know, you seem to be interested in convincing me about using C++ rather than C and you think that you have a chance. Sorry to burst your bubble, but you have none (not even 1 out a million LOL). I will finish the referred development in plain C and, unless under very specific conditions, I will continue using other programming languages different than C and C++. I guess that you will continue using C++ and I am OK with it.
For the time being, I am not planning to publicly release this C code, although I have created a repository (it is still preliminary/work-in-progress and I am updating it regularly) with some of its accessory methods. I don't think that it would change anything, but you might even take some of this code, convert it to C++ and do some speed tests (in that case, there might something of interest to add to this conversation). You can find it here (ironically, GitHub has automatically tagged that repository as C++ for a reason I don't know). -
Re:Sorry, Frenchie
Don't forget to send a DMCA takedown for
As a content creator, you must defend your copyrights or risk losing them.
-
Re:Sorry, Frenchie
Hello to people googling creamer's name! Welcome to the clown show.
Or check out my GitHub page for a forthcoming YouTube video on how to takedown dick pics from Russian image websites.
https://github.com/cdreimer/how_to_takedown_dick_pics_from_russian_image_websites
-
Re:Android updates sold me on IOS
https://github.com/suisreactio...
I just searched for "tvos10.mobileconfig" in Bing. I have no clue if it's the same, not malicious, etc. But if I had to guess it's exactly what you want.
-
Re:blatent TOS violation in pursuit of TROLLOLOLIS
You can't copyright a name. Go claim your "copyright" from GitHub, you fat fraud.
I don't publish content under my legal name because my legal name isn't unique.
As a content creator, you must protect your copyright or risk losing it, remember?
Yes, C.D. Reimer. Not creimer of Germany, not creimer of Women.
-
Re:Maybe it's good enough?
Isn't the point of MPC that it uses the system level codecs and is basically a UI skin to control the directshow layer in windows?
No. MPC-HC had built in decoders for most common codecs, and in recent years it used an embedded version of LAV Filters. Using internal codecs is one of the reasons why it's so stable, as it's not at the mercy of broken system codecs from users installing iffy codec packs etc.
However you can disable the internal codecs and use external ones, so as you say, it's certainly not the end of MPC-HC just because the application itself isn't getting updates.
-
Re:Yes, go ahead!
> If I write a language in Rust, i doubt that would be the case.
You're wrong. Rust has 'extern "C"' functions.
> No Rust support
That's wrong too, there is a Rust fork targeting Arduino (albeit not mainline).
https://github.com/avr-rust/ru... -
Re:Yes it is too much to ask.
Why replace it at all? Why not just introduce new features into the c compilers, language, and libraries that just identify and correct bad patterns and practices? Why is it that we need to replace the language at all? The whole point of putting logic in software is that it can be changed relatively easily.
Microsoft Research took that approach with "Checked C" and the current version is here:
https://github.com/microsoft/c...
I'm not sure if it comes close to offering the guarantees that Rust does, but I believe it's an attempt to provide a similar set of type and memory safety constructs while still essentially being a variant of C.
In any case, it's not about the syntax. I for one am not a fan of Rust's as a language. It's about the very reasonable goal of building software that has some form of baseline resistance to common vulnerability flaws built in.
There's more than one way to skin that cat. It doesn't have to be Rust but it should be something.
-
Re: Creimer! Creimer! Creimer!
You can't copyright your name. Go ahead and "reclaim" creimer from GitHub, you lying weasely fat fuck.
-
Re: CDREIMER ABUSES THE DMCA
You can't copyright your name. Go ahead and "reclaim" creimer from GitHub, you lying weasely fat fuck.
-
Re: You all presumably know why.
-
Re:I figured out
Maybe he's hiding the good stuff in plain sight?
202 contributions in the last year
Not my account. I don't live in Germany.
-
Re:I figured out
why creimer's salary is so low
Maybe he's hiding the good stuff in plain sight?
202 contributions in the last year
-
Re:I figured out
why creimer's salary is so low
1. I'm not a professional programmer, but you already know that.
2. I created that account to access GitHub features.
3. Someday Really Soon(TM) I'll publish my Slashdot comment history scraper Python script to GitHub.
4.
5. "I'm Feeling Lucky: The Confessions of Google Employee Number 59" by Douglas Edwards is a popular book on Slashdot. -
Re: You all presumably know why.
It does look like the security problem was fixed:
https://github.com/systemd/systemd/pull/6300
So they're at least no longer doing the "fallback to root" behavior. Although they still didn't fix the problem of systemd incorrectly deciding that certain usernames are invalid.
-
I figured out
why creimer's salary is so low
-
Re: You all presumably know why.
The issue (which has a CVE with a critical score) was closed as "not a bug".
Think about that for a little while before responding again that it was "fixed".
-
Re:Systemd: What Does It Solve?
The now somewhat long-in-the-tooth In the Beginning... Was the Command Line [ Alternative source, already unzipped ] tells us that a bug was reported against BeOS with the title
BeOS missing megalomaniacal figurehead to harness and focus developer rage
(about three-quarters of the way down, or search for "megalomaniacal").
I don't know if the same bug has been reported against Linux (and if it has then it should be classified EWONTFIX) but clearly Linus himself is not the solution to this. The promoters of systemd want this role to be filled, while everyone else wants it to stay as EWONTFIX.
-
Re: You all presumably know why.
Don't forget the recent severity 9.8 CVE regarding invalid username handling that Poettering closed as NOTABUG. It's a trainwreck of bad design driven by an egotistic idiot.
-
Re:Souls must go for a shitload of money
Well, he already did exactly that (at least on Github)
https://github.com/ParticleCor... -
Re:Use mycroft.ai
That's why you can use a local server to host the speech processing parts.
-
Re: Time for tar and feathers?
The state of the bug is shown near the top. LP closed the bug, saying it's not-a-bug, and then locked the discussion, because he can't stand to have people point out that he's full of crap.
And now systemd will no longer run a unit with an invalid name: https://github.com/systemd/sys... , so as I assumed there where further non-public discussions that eventually led to this bug being solved.
-
Hyper Text Markup Language
Pretentiously so, IMHO.
Come on. Not everything needs to be Turing-Complete.
(as PostScript, PDF and C++'s templating engine are). -
Re:Why is this surprising?
Oculus works in SteamVR and Valve recently released a linux port. Unity and UE4 are the two most popular engines both also have linux support so you might be able to find some decent games.
-
Re:vr is for microsoft os?
For the moment, it's pretty closely tied. But both OSVR and SteamVR do function on GNU/Linux, and if I recall correctly nvidia recently added the direct mode (after a few mishaps including a driver release that simply refused to let us access VR headsets it recognized. OpenHMD works on VR device drivers that are properly free software. There's lots of work to be done still.
Some notes on e.g. https://github.com/ValveSoftwa... and https://www.reddit.com/r/OSVR/...
-
Eucalyptus is already there
This has been around for some time, although more like a - run AWS locally - and it works pretty well.
It's sad that this hasn't taken off more, it's pretty nice to be able to jump back and forth between a private/local bunch of vms and then throw them out on AWS if the need arises. Note that it doesn't have 100% of the AWS functionality but works for my smaller projects.
-
Re:What about DOS CMD on Unix??
What about PowerShell? https://github.com/PowerShell/PowerShell
-
You can be even more fine grained
ASLR randomizes the general offset.
This randomizes the object file order.
Selfrando randomizes every single function.
-
Re: Time for tar and feathers?
The goal really is to be distribution agnostic, that is why the master list of unit files are managed in a central location from which the various distributions fetches the majority of their unit files (and contribute changes). Things like exec of course does exist but if you use a distro specific script there then your unit file will not be accepted upstream, but writing your own personal unit files are of course ok.
Fixing this problem doesn't stop systemd from being distribution agnostic in any way. If he wants a policy of "no usernames starting with numerals in standardized unit files", that's fine. But refusing to fix a systemd problem for a completely valid configuration just because of his tremendous ego? Not acceptable.
This is hardly a security hole. All sysv scripts have run as root for ages without people crying wolf...
These aren't equivalent. In this case, the user is telling systemd to run something as another user, and systemd is ignoring that directive, without any notification to the user. So you end up with something that is intended to run as another user with root permissions.
With sysv init, the scripts are intended to run as root. If you want to run something from a sysv init script as a different user, that's easy to do with various tools. And guess what -- if those tools can't run the command as the specified user, they don't run the command. That's how you handle this situation correctly in a secure way. You don't say, "screw it, if I don't like the username I'll just run it as root instead!"
...and for this to impact your security you have to first come up with a way where I can attack you with this bug with no other possibility for me to run things as root on your system first.
Typical systemd apologism. LP claims that it's not a problem because any tool that can create one of these userids is broken. (He's wrong.) You claim that it's not a problem because you can't see a way to trivially exploit it. (You're wrong.) In both cases, you dismiss any criticism of systemd because you don't understand the underlying issues. We've see this happen over and over.
In the real world, most security exploits need multiple steps to exploit. Running software with elevated permissions is a classic security vulnerability. This is the kind of bug that turns a small problem into a gaping security hole.
All that said, I believe that this behaviour is going to change, LP is not the sole dictator of systemd and note that the bug on GitHub was not closed but closed for public discussion so to me this looks like they discuss it internally.
According to https://github.com/systemd/systemd/issues/6237, it's been closed with not-a-bug. I hope it gets fixed someday, but I'm not holding my breath.
-
Re:Still image encoder
https://nokiatech.github.io/heif/ which is presented as the official site.
It's better to look directly at the HEIF git repository than the website. To quote from the HEIF README: "HEIF is a media container format. It is not an image or video encoder per se. Hence, the quality of the visual media depends highly on the proper usage of visual media encoder (e.g. HEVC). Current standard allows containing HEVC/AVC/JPEG encoded bitstreams. This can be easily extended to future visual media codecs."
So right now HEIF supports AVC (H.264), HEVC (H.265), and JPEG. And in the future in can be extended to also include AV1.
-
Re:Don't make counter-factual statements.
Is that true? I've never used iStuff, but at least it used to be the case that you needed to register as a developer in order to install programs that you have compiled on your own iPhone.
Yup, it's true. You're correct that it used to require a paid account, but we haven't needed paid accounts to compile and sideload apps since Xcode 7 launched in mid-2015.
One point of clarification: you do need a developer account, just not a paid one. Getting a free developer is as simple as visiting Apple's developer site, logging in with your Apple ID, and agreeing to their developer terms. That's it. Once you do, it'll unlock access to the developer tools for your Apple ID, including the ability to sideload.
it would then be possible to distribute free software to iPhone users without jailbreaking.
Indeed, which is why you can find plenty of emulators and other apps that aren't allowed in the App Store being distributed via other channels.
-
Re:not the init, and it doesn't affect Debian
elogind is alive and well
-
Re:Time for tar and feathers?
It was closed because it has already been discussed at length here:
6237 is about running services as the wrong user, 6259 is about usernames allowed by POSIX but not by systemd.
Do you actually have an argument against his logic here? As in a good reason to follow POSIX rules in this case when Linux in general, which is what systemd follows, does not.
Linux doesn't even know about usernames (just uids), you may at most discuss the behaviour of a particular userland program. And every program I know of (a bunch was tested by someone on IRC) except systemd handles ones starting with a digit correctly, as POSIX prescribes. For some reason, adduser (but not, eg, useradd) dislikes creating new accounts with such a name but all it takes is specifying an option when it relaxes the check from names merely discouraged to ones that are illegal only. No other account creation program complains.
The other reason is that you have to accept any legal external input, and input allowed by the standard is certainly legal. And you need to handle illegal input as well, at the very least by returning an error rather than giving full root access.
any actual argument beyond "he immediately closes bugs I think are obvious!"
That's Lennart's usual response to anything that's not obvious to him. Most of us try to at least research a bug or ask the reporter to explain.
-
Re:Time for tar and feathers?
It was closed because it has already been discussed at length here:
6237 is about running services as the wrong user, 6259 is about usernames allowed by POSIX but not by systemd.
Do you actually have an argument against his logic here? As in a good reason to follow POSIX rules in this case when Linux in general, which is what systemd follows, does not.
Linux doesn't even know about usernames (just uids), you may at most discuss the behaviour of a particular userland program. And every program I know of (a bunch was tested by someone on IRC) except systemd handles ones starting with a digit correctly, as POSIX prescribes. For some reason, adduser (but not, eg, useradd) dislikes creating new accounts with such a name but all it takes is specifying an option when it relaxes the check from names merely discouraged to ones that are illegal only. No other account creation program complains.
The other reason is that you have to accept any legal external input, and input allowed by the standard is certainly legal. And you need to handle illegal input as well, at the very least by returning an error rather than giving full root access.
any actual argument beyond "he immediately closes bugs I think are obvious!"
That's Lennart's usual response to anything that's not obvious to him. Most of us try to at least research a bug or ask the reporter to explain.
-
Re:Time for tar and feathers?
It was closed because it has already been discussed at length here: https://github.com/systemd/sys...
Do you actually have an argument against his logic here? As in a good reason to follow POSIX rules in this case when Linux in general, which is what systemd follows, does not.
I'm not saying he is right, merely that your statement gives a false narrative of what actually happened and that you don't seem to have any actual argument beyond "he immediately closes bugs I think are obvious!"
-
Re:Time for tar and feathers?
Tarring and feathering would indeed be good -- especially that Lennart as usual insta-closes an obvious and nasty security bug[1] as "non-bug". And when presented with standards documents, he says they don't apply to him. Seriously, can someone buy this guy an "Unix for dummies" book?
While we don't exactly suffer from a dearth of kooks, this particular kook enjoys having his employer promote his masterpieces even when totally inadequate. The world would be so much better without systemd, PulseAudio and avahi.
[1]. "0day" is somehow a popular name for CI systems these days, and those often allow weakly-trusted or even completely untrusted submissions.
-
Same thing happened to me; submissions marked SPAM
... then I could not post any replies. It took me a couple of months to figure out what had happened. I had just figured Slashdot was failing with some weird error message, guessing incorrectly perhaps related to the IP range of my ISP. I was also going through mixed feelings about Slashdot, so fixing it was not high on my priority list.
I eventually had to contact someone at Slashdot via email to fix my account. Then I could post again.
But they never unmarked the submissions as SPAM.
Here are the three submissions I posted that got marked SPAM:
"SPAM: Investigation of Nano-Nuclear Reactions in Condensed Matter"
https://slashdot.org/submissio..."SPAM: Employment Law and Robotics, AI, and Automation"
https://slashdot.org/submissio..."SPAM: Trump GOP convention infringed copyright for at least seven songs "
https://slashdot.org/submissio...My stats on submissions over the past fifteen years or so:
https://slashdot.org/~Paul+Fer...
"47 declined, 12 accepted (59 total, 20.34% accepted)"I did get one front page submission again today (on Moore's Law ending). The problem is that many interesting tech stories are about specific companies that might sell something -- like that one by HP Labs. I could maybe understand the reasoning that an article about a law firm's report about employment law (and technology) might seem spammish. But a fact-based article about the GOP convention (and tech hypocrisy)? Or an article from a US government agency about cold fusion replication (vindicating the original researchers)?
The person who responded to my email (maybe six to nine months ago?) said Slashdot had been working on its spam filters.
Still kind of annoyed those all three still have bright red SPAM tags since they were not intended as such and I have no financial interest whatsoever in those groups mentioned. But I was glad to get posting privileges back.
Much more frightening was the time my GitHub account went away after posting an issue on Calypso (for WordPress). That felt like having my whole career deleted. I had spend hours writing up the comment previously intending to post it on Matt Mullenweg's blog, but it did not go through (guessing for length and links), and then decided to make a GitHub issue instead. Their spam filters must have detected that a lot of text with links was pasted right after opening an issue. Fortunately GitHub put my account back right away after I contacted them. That issue:
https://github.com/Automattic/...
And a post about that to Mullenweg's blog:
https://ma.tt/2015/11/dance-to...Both cases serve as reminders to me of the problems of investing time into specific commercial online services with creating a body of published works and an associated online reputation. Fortunately, both companies fixed things up -- since they have reputations to maintain too.
Anyway, hope Slashdot resolves the account issue for you too, Mosquito Bites! I see Slashdot marked twelve of your submissions as spam -- which all look like good articles to me:
https://slashdot.org/~Mosquito...Seeing this happen both to me and someone else makes me really wonder about the risk of submitting any more articles to Slashdot? I'd rather be able to discuss stuff than get front page articles posted.
Anyway, could be worse -- see the movie Brazil (hopefully not the darker Director's cut version though).
-
Re:Is Ruby's Decline In Popularity Permanent?It definitely won't disappear but we are probably past peak Ruby. It has simply been out-niched, I can't easily think of a 'Ruby is best for this' use case today. Python hitching a ride on the data science gravy train might be the first nail - remember the days when your scientist or mathematician or engineer buddy would ask whether they should learn Ruby or Python, and you actually had to think.
When the rise and fall of the Ruby empire is written, Chef will probably have a part in both stages. Ruby is more a victim there, but some of my most frustrating encounters with Ruby have involved Chef. Sticking to Ruby earned Chef favour from developers but Puppet's custom DSL choice was the right one. Using Ruby forces hard dependencies where everything ends up being dependent on 'windows' and 'yum' and 'apt'.
A major problem with the first era of config management / DevOps was too much code that does too little. Instead of telling Chef via an abstraction to enable the apache service, you have to write:service 'apache2' do
service_name apache_service_name
case node['platform_family']
when 'rhel'
if node['platform_version'].to_f < 7.0 && node['apache']['version'] != '2.4'
restart_command "/sbin/service #{apache_service_name} restart && sleep 1"
reload_command "/sbin/service #{apache_service_name} graceful && sleep 1"
end
when 'debian'
provider Chef::Provider::Service::Debian
when 'arch'
service_name apache_service_name
end
supports [:start,
action [:enable,
only_if "#{node['apache']['binary']} -t", environment: { 'APACHE_LOG_DIR' => node['apache']['log_dir'] }, timeout: 10
endAnd this is one of the better written actively maintained cookbooks.
Then there is the annoyingly common convention where every time there is a new release of the underlying package, you have to update a hash in the Chef code and release a new version of the Chef cookbook, which of course is delayed - looking at you Elasticsearch.
It runs 'yum install elasticsearch' which installs a signed package from the repository. But the first law of config management is 'support everything and let the lowest common denominator dictate design'. So supporting whichever crappy OS / release that does not have native packages always takes priority over writing something that just works and will continue to just work.
e.g. The Chef yum provider can't handle obsolete package versions. If you tell Chef to install somepackage-x.y.1, and that version has been obsoleted by somepackage-x.y.2, somepackage-x.y.2 gets installed while Chef thinks it installed somepackage-x.y.1. The next time you run Chef with exactly the same config, it will fail because of the implicit downgrade.
Which brings us to the Third law of config management: Idempotence in config management is like world peace for the U.N. - promising an idealized unachievable goal confers nobility and thus failing at it all the time is ok.
Ruby isn't the culprit here but it is the enabler. Manual dependency management means no one configures versioned cookbook dependencies. So your infrastructure is code defined, but what that code is is a spur of the moment thing as Chef fetches the freshest stuff off supermarket.chef.io. Bringing us to the second law 'it mostly works' is good enough.
In the world of clustered distributed multi-node services, the much praised Kitchen test framework can't test multi node deployments. Have a two-node Elasticsearch cluster - forget writing tests, and add a bunch of timeout hacks to handle asynchronous builds. Let's have a long existential discussion over whether multi-node testing is really needed and continue to write tests for whether "package 'ap -
Re:User Interface
What are you talking about? There's already a WebExtensions version of uBlock Origin. Read the release notes.
-
Re:a ten-minute investment in user script
User scripts. Firefox is almost always a greasemonkey script. Start here - https://github.com/OpenUserJs/...
-
Re:My certs expire every 30 days...
Setting up multiple cron jobs will probably take a bit longer than 15 minutes. I got too many items on my to do list to dive into the cron job rabbit hole.
1 cron job for ~90 websites. No need to modify the cron job to add a new site, duh.
here you go:
https://github.com/srvrco/gets...Just as fast as your provider and I hate web management interfaces. As a matter of fact, it is probably faster than it is at your provider because all you need to do is edit text files.
-
Re:My certs expire every 30 days...
True enough, I have renewed several times in the same day when setting up automation. 60/90 days seems like good default values for now with a concern to not overload the system for nothing. This is what is recommended here:
https://letsencrypt.org/2015/1...Also 60/90 is fine for me because I always manually restart apache (apachectl restart) at least once a week so new certificates should always be loaded on time. I don't want the automated script to restart my server for stability concerns.
On a side note, most clients seem to have way to many dependencies. I found a pure bash one without any dependencies. Here it is:
https://github.com/srvrco/gets...But anyway, Let's Encrypt certificate expire after 90 days, period.
-
Re:win8.1 vs win10
It was only "backported" in the form of "recommended" (not "critical") telemetry updates, most of which can easily be removed.
And telemetry can be disabled by opening Task Scheduler and looking through all the schedules tasks, along with the disabling "Customer Experience Improvement Program" which is what opts the user into telemetry collection in the first place.
-
Re:Poettering strikes again
Ironically you don't need a GUI to edit Windows registry hives under Linux.
-
For those keeping track...
SystemD has 617 issues open and there is no sign of all issues being resolved this decade.
-
Re:Libraries as distributed digital knowledge repo
Just saw that Rahiel Kasim, Scientific Programmer at Vrije Universiteit Amsterdam, made a plugin like this -- yay!
https://news.ycombinator.com/i...
===
I made a browser extension [1] that automatically archives bookmarks to archive.is or (currently Chromium only) locally as MHTML files.
[1]: https://github.com/rahiel/arch...
===Seen here:
"Show HN: Tesoro -- Personal internet archive (tesoro.io)"
https://news.ycombinator.com/i...He was responding to other people with similar ideas for browser plugins.
Now we just need the local library infrastructure and data standards to connect to.
-
YakYak
YakYak is an unofficial, open source Hangouts client that works almost as good as GTalk client did. On top of that it works on Linux / Mac & Windows. You can find it here. Licensed under MIT license.
I used to like GTalk client a lot and used it to its last day. The switch to Hangouts was painful, both the Chrome App and Extension were terrible. I almost switched to the FB alternative, but I found YakYak and I'm pretty happy with it.
Reading what I just wrote I cannot believe that I'm not their rep
