Slashdot Mirror

I had absolutely no idea that Shari Steele and the Tor Project Administration was a court of law!

Oh wait, they're not? Fascinating!

But boy howdy, you gotta admire their moxie. After all they did their own little investigation and found him guilty all by themselves. No pesky evidence or defense lawyers needed -- just enough harpies claiming victimization (but not enough to actually go to the police) and you too can destroy someone's life forever. ... ESPECIALLY interesting since one of the "victims" later pointed out that she wasn't a victim, it was a bunch of SJWs speaking on her behalf without permission to create a lynch mob towards Jacob...

(Although I have it on good authority she's suffering from internalized misogyny and thus you should believe the 3rd party witnesses over her statements, because Third Wave Feminists represent all women, even women who don't want to be represented by them. ESPECIALLY those kinds of women.)

Remember there was an active attempt to frame Linus Torvalds with sexual assault allegations. Around the same time you saw these types trying to push codes of conduct that were backdoors to get editorial control over projects they were targeting.

So everyone needs to be a tiny bit wary when hearing stories like this, especially when you see these SJW style shame lynch mob tactics used. No evidence, mobbing tactics, public shaming, threatening people who question the narrative, and demanding reparations for perceived slights in the form of policy changes and increased decision making power to their political allies. It's a playbook that targets some known exploits in our culture -- namely that everyone's hesitant to demand evidence of an overly emotional woman, and everyone's first response is to beat up whomever she's pointing at and ask questions later.

If there are actual allegations, they need to be taken to a court of law. If they won't hold up in a court of law, recognize it for what it is -- bitchy ex girlfriends wanting to slander an ex boyfriend they're mad at. Don't let the Kangaroo Court bullshit that's infested our campuses start leaking out into the real world.

And if you want to implement an "anti-harassment" policy for your project: Don't. It's a stupid fucking idea leading to drama and abuse by lesser minds.

If you are really looking for a nice Code of Conduct, aim for the Code of Merit - because as ESR has so adamantly pointed out, "We must constantly demand merit – performance, intelligence, dedication, and technical excellence – of ourselves and each other."

SJW Codes of Conduct like the Orwellian Contributor Covenant by Coraline Ada Ehmke (who is tied to Model View Culture, which is ran by white supremacist "feminist" Shanley Kane, which is also tied to the Ada Initiative's two founders, which was the group attempting to frame Linus for rape...) are nothing more than a way to backdoor losers like Ehmke and her ilk into projects they don't deserve access to.

In some ways this is more honest, it's been demonstrated that the OS will talk to 107 domains whether or not some switches are toggled in the Control Panel to give the illusion of privacy.

Any list of those so I can set them to 127.0.0.1 in my Hosts file?

Here you go: https://github.com/WindowsLies...

However it won't work because Windows bypasses its own hosts file for its own purposes. You'll have to block it from your router or other external firewall.

.. it still spies on you.

Destroy Windows 10 Spying

Fuck off M$.

Slashdot may be interested in extensions for Edge as well, now that the is a uBlock Origin port. Of course Edge still sucks in many other ways, but at least you don't have to look at ads on your way to downloading Chrome/PaleMoon/FireFox/Midori/Opera/Vivaldi/Lynx.

* The inability to prevent Windows 10 from phoning home for reasons I'm prevented from knowing.

If you care, there's a great PowerShell script available that turns off everything that's known so far. We're going to include it in our deployment script on principle.

Thanks for the link. I really hope I don't end up needing to us it. I really don't have the spare cycles to engage in an arms race with our OS vendor.

And you can read the source on github.

This flaw resides in a version of the library implemented on a specific platform, namely Windows running on x86 hardware. Makes a good case for not running your infrastructure on a software monoculture. This isn't the first such discovery, see Microsoft ASN.1 Library Length Overflow Heap Corruption from July 2003.

While I didn't find the news article I thought I had read, I did find the Chrome extension 'The Great Suspender', which indicates it 'Automatically suspends unused tabs to free up system resources'. Just installed it in the hope it actually helps - BTW I have no involvement in the creation of this extension, but it does appear to be open source: https://github.com/deanoemcke/...

Considering the Regex code that I see in Perl 6 is easier for me to read than the Perl 5 equivalent. I have more than a decade's worth of experience with the latter, but only a couple years worth in the former. I would definitely say it is worth it.

I would like to see a conventional regex for JSON that is easier to read and understand than JSON::Tiny::Grammar.

Everything that was broken deserved to be broken, and was replaced by a much more generally useful feature.

( That said there is an adverb that you can add to regexes so that you get the Perl 5 semantics )

Here you go: https://github.com/clayface/openvpn_xorpatch

This patch adds obfuscation capability to OpenVPN, allowing it to bypass network traffic sensors which aim to detect usage of the protocol and block it.

I had Steam (both wine version and Linux version) working on my Asus C710 Chromebook a couple of years ago. The system itself lacked enough power to do any big gaming, but FTL worked well enough.

Last year I played quite a bit of Skyrim, streaming it from a Windows desktop elsewhere in the house.

Crouton is good stuff. https://github.com/dnschneid/c...

The guy from piped piper

https://github.com/danielrh

The importance of good commenting can be seen in this winning example of C code

https://github.com/c00kiemon5t...

main(C,V)
char **V; /* C program. (If you don't
  * understand it look it
  */ up.) (In the C Manual)
{
        char _,__;
        while (read(0,&__,1) & write((_=(_=C_C_(__),C)),
        _C_,1)) _=C-V+subr(&V);
}

(GRR, how do you tell slashdot to NOT ALTER THE FORMATTING AT ALL!?!?)

Yes, there's more (see link). But you can clearly see the importance of comments there.

Why the heck aren't there apps that warn you when a new cell tower pops up in an area?

There's AIMSICD, although I'm not sure how accurate it is. I played with it a bit last year and got a few yellow warnings, so the app detects something, but it's possible those were due to legitimate roaming or tower-sharing mechanisms. When protests were ongoing in Baltimore last year, multiple people with the app reported seeing orange warnings, which mean there's definitely some fuckery going on nearby, and red warnings, which mean the user's specific phone is being targeted.

My big problems with AIMSICD last year were that it chewed through battery, the cell tower map never worked right, the upload function for OpenCellID.org was hit or miss, and there was little or no proper documentation about what the app actually does or what its different indicators mean. I think English was a second language for (most of) the developers as well as many of the users; this made the wiki and issue tracker difficult to parse. As neither an Android developer nor a subject matter expert, there wasn't much I could do to understand what was happening under the hood.

That aside, the trouble with any stingray detector app is that it runs at the consumer OS level and can only know the "facts" that OS chooses to expose. It seems likely to me that most of the unconstitutional warrantless wiretapping functionality would operate at the baseband level, below and perhaps invisible to Android/iOS/etc and any apps running there.

I haven't tested this link yet (hesitant to update my Skype for that very reason), but here's a list of DNS names that supposedly cover all that Skype uses for ad lookup:

https://gist.github.com/eyecat...

Now, Skype could circumvent such a mechanism (hard-code the IPs-- which could be circumvented with custom routing tables-- or inline the ads into the regular data stream, which would be very hard to circumvent, or just refuse to run if it can't access any ads (or `signed ads')), so even if it works now, it may not be forever. ...and now I'll shut up and stop giving Microsoft ideas...

> Also... what did an Apple II do if you had two adjacent bytes... one with the msb set, one with the msb clear, and set the rightmost pixel/bit of the first byte, and the leftmost pixel/bit (bit 0) of the second byte?

FTFY. bit 0 is the leftmost bit, not 6. Remember the Apple displays bits in reversed order. :-)

Anyways, if you follow comp.sys.apple2.programmer then it is trivial to try this with Michael's HGR byte inspector:
* https://github.com/Michaelange...

Ctrl I
Ctrl J
Shift 7
Shift 8
L
Shift 1

Or you can do this manually:

HGR
CALL-151
2400:C0 01
2800:C0 01
3400:00 C0 01
3800:00 C0 01

> Did it make white, because you had two adjacent on pixels,

Yes and No.

Yes, as two adjacent bits always make white BUT ...

No, as due to the Apple's video generator and the Monitor's NTSC composite signal conversion it ALSO depends if the first byte was on an even or odd address line ...

> or did the fact that one was a blue or red pixel, and one was a green or purple pixel, make a difference? ... which determines how the leading and trailing edges of the pixels are colorized.

2000:C0 00
2C00:00 01
3000:00 C0 00
3C00:00 00 01

Adjacent pixels on an even address:

* leading edge is colorized blue, half pixel
* trailing edge is colorized green, full pixel

Adjacent pixels on an odd address:

* leading edge is colorized orange, half pixel
* trailing edge is colorized purple, full pixel

You can test this via:

2080:C0 00 01 C0 00 01
2480:C0 00 01 C0 00 01
2880:C0 00 01 C0 00 01
2C80:C0 00 01 C0 00 01

NOTE: Apple emulators (with poor NTSC code) won't colorize the pixels properly. They will show it as just white, but on real hardware you'll see:

[color][white][color]

You could go the whole hog and just the British version of the language. It is far more refined.

* The inability to prevent Windows 10 from phoning home for reasons I'm prevented from knowing.

If you care, there's a great PowerShell script available that turns off everything that's known so far. We're going to include it in our deployment script on principle.

It *potentially* could. And now has been documented as to how it could:

https://gist.github.com/arirub...

Here's what the API can do. It's undocumented, so you can't look it up:

https://gist.github.com/arirub...

"In summary:

        The direct token that Niantic gets can't access the gmail api / gcal api
        However, the token could potentially be exchanged through the undocumented mechanism /MergeSession to create a web session logged in as you on any google property
        I haven't seen the app try to exchange this token for an ubertoken while poking at it
        The app communicates with Niantic with encrypted blobs and theoretically could send this token to them"

I hate the whitespace requirements of whitespace. I don't use malbolge because I'm not smart enough. I'm never going to use lolcode because I hate cats.

Actually, you are the one who is ignorant of how cookies work. Mozilla already has a bug documenting what this guy is asking for, which has several proof-of-concept implementations, one of which is already used in the Tor browser. I implemented vertical and horizontal browser data isolation in about a month in my spare time. Mozilla has finally started working toward this with their isolated tabs. The next logical result will be isolated origins. The change is inevitable. And get this: third-party cookies still work. They are just isolated to the origin domain. You can still use single sign-on, but it becomes one sign-on per origin. You stay logged in for as long as you want. Your browsing habits just stop becoming trackable. Also, browser fingerprinting is a defeated technology. Just randomly rotate between common values, and noise is added to a non-unique signal. The only thing left is IP address tracking, which can easily be defeated by VPNs, or any form of IP masquerading. Tracking on The Web is dying because it is all moving to third-party app monetization libraries, and that is where all of the money is now.

80x86 was what was written. Also known as x86 (which just removes the first two chars from 80x86). In most cases x86 is used to refer to the 32 bit extension (i386) or, like here, the 64 bit extension. That is also known as AMD64 (as AMD introduced the extension), Intel64 etc. and also x86-64 - which is used in the project in question.

https://github.com/tthsqe12/as...

Observe: "Welcome to the project of converting stockfish into x86-64".

So what are you talking about exactly?

The mathematical sections tend to be better, well defined, well commented, and well-written code.

"Extension pack for picking up Matt Damon" is not a link real link

It's linked in the second page attached to this story:
https://github.com/Microsoft/BashOnWindows/issues/637

Perhaps THOBE is mistaking the fact the NASA put up the full assembly code for the Apollo 11 guidance computer on Github and the interest in that (6000+ stars) for a revival of the language instead of a historical artefact.

Check it out here and don't forget to start it, together we can confuse THOBE and make Assembly the #1 language of the world again! ;-)

https://github.com/chrislgarry...

Spoken like a twat that hasn't got any metrics to back up his rhetoric.

You are right. I dont have metrics. I just have binaries.

C++ version of stockfish
80x86 asm version of stockfish

One of these is faster. I'll let you decide what "metric" to use.

I think they're talking about projects whose source code is in assembly language, where a work's "source code" is defined as "the preferred form of the work for making modifications to it" (GPLv2, GPLv3). That is, something like the Pently audio player (which uses a preprocessor written in Python but is otherwise in 6502 assembly) or the video games RHDE: Furniture Fight and Nova the Squirrel .

I think they're talking about projects whose source code is in assembly language, where a work's "source code" is defined as "the preferred form of the work for making modifications to it" (GPLv2, GPLv3). That is, something like the Pently audio player (which uses a preprocessor written in Python but is otherwise in 6502 assembly) or the video games RHDE: Furniture Fight and Nova the Squirrel .

I think they're talking about projects whose source code is in assembly language, where a work's "source code" is defined as "the preferred form of the work for making modifications to it" (GPLv2, GPLv3). That is, something like the Pently audio player (which uses a preprocessor written in Python but is otherwise in 6502 assembly) or the video games RHDE: Furniture Fight and Nova the Squirrel .

I wanna see a human beat any modern-day compiler to optimizations.

asmfish

10% to 20% faster than the C++ version.

The authors of the c++ version have attributed the speed gains to better register usage. The author of this asm version says he hasnt actually started optimizing yet.

You C++ programmers are delusional.

Good question: How does Mozilla Foundation spend $300,000,000 each year?

I understand that Mozilla Foundation now gets most of its money from Microsoft: Microsoft pays Yahoo. Yahoo pays Mozilla Foundation to make "Yahoo search" (actually mostly Microsoft Bing search) the default search engine in Firefox. That means Microsoft gets more money from advertisers when Firefox users do a search.

Firefox is now, apparently, mostly controlled by Microsoft, who is apparently trying to destroy it. In the past, Google paid Mozilla Foundation $300 million each year to make Google search the default search engine in Firefox. Google apparently didn't cause problems in the design of Firefox, even though it paid a shocking amount.

The Thunderbird and SeaMonkey Composer GUIs have been damaged, apparently deliberately. File saves in the newer versions of both ask for a new file name, and don't suggest the last one chosen. The damage was reported several months ago, but has not been fixed. Is that another example of Microsoft's Embrace, Extend, Extinguish? People who feel forced away from Thunderbird may choose Microsoft software to replace it. Is that something Microsoft is trying to accomplish?

In my opinion, dishonest people should not be employed in management. In my opinion, the managers and members of the board of directors of both Microsoft and Mozilla Foundation who approved the dishonesty of sneakily re-configuring Mozilla Foundation products should be immediately fired, and not allowed to have management positions in the future.

The browser situation is very, very ugly.

Google is becoming more and more abusive, and more and more incompetent. Want to download the Google Chrome Browser? The download file name does not give the version number. Even the badly managed Mozilla Foundation puts the Firefox version number into the file name. (But the file names for the 32-bit and 64-bit versions of Firefox are the same.)

An earlier version of the Google Chrome browser installs 3 system services. Google has more control over computers than limited rights users. Is Google paid by the U.S. government to include software to control computers?

I would like Slashdot stories about:

1) The fact that most people aren't technically involved enough to know that their Firefox browser search was hijacked by Microsoft, or how to change back to Google search.

2) Bad and sneaky management. One of the many examples: Microsoft will make more money if it arranges that people are discouraged from using the Firefox browser. Another example: Why was this pastebin script removed?

3) Counteracting abuse. We need stories about web sites like this:

Remove spyware in Windows 10.

Disabling Windows 10 Tracking.

Destroy Windows Spying - Windows spying removal tool.

4) How do download a Windows 10 ISO file: Windows 10 Tech Bench Upgrade Program.

If you do graphics intensive applications (image editing, video editing, CAD, etc) or applications that can benefit from offloading tasks to GPU (via whatever technology/cores/execution units/stream processors the cards offer), then possibly/probably but the improvement may not be worth the extra cost, power, and or noise that comes with the discrete GPU.

What do you mean by offloading? In my experience, image and video editing don't use enough GPU power to justify a discrete card. The main work is done on CPUs, and some OpenGL features might be used for filtering. Unless, of course, you offload the actual work to GPUs as well.

Even so, today's Intel graphics do plenty of OpenGL (see shameless plug for example). CAD will generally benefit from "real" GPUs due to better conformance/precision, not so much due to raw speed; see this Intel HD bug for example.

Video encoding/decoding might be a useful offload, but software will give you much better encoding quality. Hardware encoding is mainly useful if you need real-time encoding for live streaming. Hardware decoding is more generally useful and you'll find it on many Intel HDs too.

Heavier Open[CG]L is an obvious reason to get a discrete GPU, but anything else, not so much.

https://github.com/ShiftSpace

The code for removing the watermark is actually quite basic as you alluded to, but is still important and interesting nonetheless.


https://github.com/grayleonard...

Sorry,
You make no sense at all.
Why would one remove AWT and what would be the point?
Old code relies on it.
Same for Swing.
If you don't like Swing, use JavaFX. But there is no need whatsoever to 'remove' anything. That would break backward compatibility.
Java has Generics, no idea what you want to update there. Perhpas giving it a true templates would be a point. Linq would be a thing, but Java went for the new Streams API.

Regarding native code: there are plenty of runtime environments and compilers for Java that compile to native code. E.g. https://github.com/ReadyTalk/a...

Regarding your favourism of C#/.Net ... it does not run on most platforms I'm using. And they made some mistakes regarding class and method names ;)

You keep bringing up ads... I don't put ads on my sites. I develop web based applications for businesses, with the odd small business and community organization websites sprinkled in.

I've written a script that sits between static files and the web (or a CDN depending on the project) to automatically optimize all of these things for me, so I don't even have to think about it anymore, it just does it automatically.

The script also optimizes images (with optipng, jpegoptim, etc). It even goes as far to do image scaling based on a GET parameter (eg. ?scale=WxH) using ImageMagick. It automatically caches the optimized files and serves them up. It watches the file modified time of the original files to ensure whenever a change is made, the cached optimized files are updated on demand as well.

I've already posted above that I don't use big libraries... really basic things like DOM manipulation, the odd modal window, and some iframe stuff.

As an example, a site I built recently for a local church has a single JS file called core.js. The original file is 14340 bytes. Compressed it is 3732 bytes. Minified and compressed it is 2792 bytes.

Another example, a project I built last year, is a web based document management system for an appliance manufacturers customers (dealers/retailers/distributors) to access product documentation (service manuals, marketing materials, etc), there is a total of 3 JS files. Each file is only loaded on pages it is needed.
portal.js - orig 7959 bytes - compressed 1971 bytes - minified/compressed 1636 bytes
rpc.js - orig 2088 bytes - compressed 819 bytes - minified/compressed 554 bytes
admin/docs.js - orig 1543 bytes - compressed 526 bytes - minified/compressed 405 bytes

Now these are pretty small files, as I've mentioned already I don't do very much JS. Some example CSS files from the document management system:
structure.css - orig 12589 bytes - compressed 2615 bytes - minified/compressed 2128 bytes
responsive.css - orig 7227 bytes - compressed 577 bytes - minified/compressed 433 bytes
forms.css - orig 5951 bytes - compressed 1262 bytes - minified/compressed 1097 bytes

For the record I use a fairly simple PHP-based CSS and JS minification classes to perform the minification. The compressed sizes are with 'gzip -9' compression.

I agree with some of your points, I just would like to mention jRuby on Rails : https://github.com/jruby/jruby...
You can cherry pick what you want and what you consider good from the Java/Ruby/Ruby on Rails worlds.
It's very interesting to see how it's written, it's pretty stable, fast, and you can get very useful web-services out of tried and true jar files in no time.

Lately I find that the most practical way to keep notes is simply to write them to Gist. Need to be on the Internet for that though, but don't need any apps.

All this makes me long for the simple days when I used TiddlyWiki on a flash drive I'd carry around and plug into computer or laptop, back before smartphones and other mobile devices.

Tiddlywiki-in-the-sky: https://github.com/Jermolene/T...

Yes, but check out RARFlix. Better version (IMO) of the Roku Plex channel.

I think that the Rust programming language project refutes what you're saying. If we look at its list of contributors, we can easily see based on their profile pictures that they're typically young white males. A small number may be male-to-female transsexuals. Yet despite having such a homogeneous, male-dominated contributor community, we see a huge amount of drama from this rather small community. It has gotten to the point where their code of conduct and their Moderation Team generate, in my experience, way more drama than they might ever hope to prevent! Just look at how these men overreact and downvote anyone at Reddit or HN or other sites who don't show 100% devotion to Rust. The drama the Rust community engages in is universal. It doesn't matter what the venue or discussion medium is, the moment they get involved there is instant drama. How do you explain this situation?

But they allow https://github.com/GNOME/gimp so what's the problem?

There is a user exhibiting developed software and the source code, too, for the purpose of giving harm to specific futaba-channel type bulletin board service but isn't it against a term of service of act GITHUB which exhibits such one?
znk_project
Developer's remark at 2channel (Japanese)

Why can't they just use passive-SSIDs instead of infrared? A simple idea for a similar situation (where phones needed to be automatically put in silent mode as in a church or a hospital) is detailed below (and at https://gist.github.com/tariqm...) [Starts] People are generally caring. When in a gathering, especially indoor gatherings, there is often a need to put the cellular phones on silent mode (with or without vibration mode on, depending on users preference). Despite the good intentions, people often forget to put their phone sets on mute only to realize when the ringtone suddenly disrupts an otherwise serious, somber or respectful activity (such as a board meeting, a serious discussion, a funeral or a ritual/prayer) and causes a) disruption to the event and embarrasses the phone users. With most of the modern phone features, a solution to this problem is possible which will enable phone users to display their sincerity to the requests of phones silence being made by the hosts to the gatherings by automating this process. Over a period of time, this could become an international norm. The feature is being summarily called 'Honoring Silence Requests' This is a feature that Nokia can be proud of in the area of sensible social responsibility features that come as part and parcel of Nokia phones and reflects the innovative image of Nokia. The phones that will carry this feature will have wifi access. For this feature to be used, the wifi service layer must be activated on the handset. Upon activation of the feature, the phone set will scan available wifi hotspots periodically. The event/conference/meeting hosts will need to add a preset text string at the end of the SSID of their existing wifi router/access point (say, NK-HSRF-999000). So a wifi hotspot which was previously named, let's say, 'BoardRoom Nokia' will now say 'BoardRoom Nokia - NK-HSRF-999000'. When the phone user with HSR feature on enters this area, it will detect the wifi network and the preset trailing text in the SSID. Irrespective of the fact whether the user connects to this SSID or not, the phone will immediately go into silence (with or without vibration) mode. There is no need of any additional hardware to be put in by the hosts or the phone user to implement this feature. All components are already present. The solution is non disruptive to existing functions of the phone sets and the meeting are hosts. The activated HSR feature will only activate the silence mode once it receives a fairly strong (say, 80%) strong wifi signal. This will ensure that silence requests set by wifi hotspots that just happen to be nearby are not considered as valid requests and the feature is only used as intended. [Ends]

For the DMCA takedowns, yes we can - they are at https://github.com/github/dmca (it's in the second-to-last paragraph). I don't think they're allowed to for the NSLs. I didn't spot any listings for other forms of takedowns.

It appears that the massive majority (>5000, according to https://github.com/github/dmca... ) is one project; judging by Google results of the repo name, it's some Chinese e-commerce site's source code. Not sure why people would be so interested in forking it that there's that many copies floating around...

For the DMCA takedowns, yes we can - they are at https://github.com/github/dmca (it's in the second-to-last paragraph). I don't think they're allowed to for the NSLs. I didn't spot any listings for other forms of takedowns.

It appears that the massive majority (>5000, according to https://github.com/github/dmca... ) is one project; judging by Google results of the repo name, it's some Chinese e-commerce site's source code. Not sure why people would be so interested in forking it that there's that many copies floating around...

On github, what constitutes being a valid target for a DMCA takedown?

Well, you can look at the full list of DMCA complaints they have received and see for yourself.

I randomly looked through them and many appear to be pretty reasonable. Many are related to simple copyright infringement, such as storing textbooks or published homework and test questions and answers. This isn't surprising, as GitHub is basically just a place you can store files.

Some say the code or data is internal or non-public and was uploaded without permission. There are also a bunch from Qualcomm complaining about firmware images and driver code. VMWare complained about internal roadmap documentation.

Some are just files with links to other materials, such as TV shows and movies. Sony and Marvel make appearances.

The line blurs some for others. There are HTML5 versions of classic games, such as ones from Nintendo and Blizzard, that got pulled down. A few companies appear to have searched GitHub for serial numbers and license keys of their products, and requested the entire repo be pulled if it contains a single file with a serial number in it. Many of these appear to be honest mistakes and have counter-notices.

In any case, it's nice to see GitHub being transparent. The DMCA requests themselves are pretty interesting, but since the vast majority of the targeted repos are no longer accessible, it's hard to gauge how justifiable most of the complains really were.