Slashdot Mirror

I can't confirm it, but I've heard that significant portions of Google are silently controlled by Guice in the background.

My product had our (once) portable init script broken in RHEL7.2 by a systemd change that now declares that the init.d script cannot be a symlink to the product installation area.

This was a bug that had been fixed: https://github.com/systemd/sys...

I have a different vision for future shells: https://github.com/ilyash/ngs/ . Using one of the existing languages has obvious advantages but it's not a domain-specific language for system tasks so it will never be optimal for that. Making DSL on top of an existing language also does not sound like an optimal solution. My approach is a domain specific language which specializes on system tasks and has small simple bash-like syntax mode and "normal" programming language syntax mode. The two modes are easily mixed.

> Just look at all of the shitty, shitty code that's out there.

Sadly the two biggest pieces of shit, PHP and Javascript, have the most crap code.

> What's worse is that they'll try to blame properly trained professional programmers for this shitty code.

What's worse is over-engineered code supposedly written by professionals.

i.e. Look at C++'s Boost's CRC complete clusterfuck.

HOLY FUCK. 1109 lines of over-engineered C++ shit for a simple CRC32 function when a mere 21 lines of code would solve 99% of the problem!?!?

When was the last time you needed a custom CRC hashing function??

Here are the "de facto" easing functions in Javascript. Look at this over-engineered garbage:

easeInElastic: function (x, t, b, c, d) {
        var s=1.70158;var p=0;var a=c;
        if (t==0) return b; if ((t/=d)==1) return b+c; if (!p) p=d*.3;
        if (a < Math.abs(c)) { a=c; var s=p/4; }
        else var s = p/(2*Math.PI) * Math.asin (c/a);
        return -(a*Math.pow(2,10*(t-=1)) * Math.sin( (t*d-s)*(2*Math.PI)/p )) + b;
    },

WTF? This can be written simply as:

easeInElastic: function (x, t, b, c, d) {
        t /= d;
        if (t <= 0) return b ;
        if (t >= 1) return b+c;
        t -= 1;
        return -(c*Math.pow(2,10*t) * Math.sin( (40*t-3) * Math.PI/6 )) + b;
    },

Which is still obnoxious compared to the simple one parameter version:

easeInElastic : function(p) {
        var m = p-1;
        if( p <= 0 ) return 0;
        if( p >= 1 ) return 1;
        return -Math.pow( 2, 10*m ) * Math.sin( (m*40 - 3) * Math.PI/6 );
    },

BASIC, JavaScript, PHP, C++ are only part of the problem -- you can write shit in any code -- it is the mindset of people abstracting everything until it is completely over-engineered where it becomes job security.

Almost no one gives a dam about writing clean, simple, code and taking pride in their craft.

Are you sure the change originated with systemd I had heard the opposite.

Fedora/Rawhide was affected as well. The default was changed in 230:

Changelog

* systemd-logind will now by default terminate user processes that are
                    part of the user session scope unit (session-XX.scope) when the user
                    logs out. This behavior is controlled by the KillUserProcesses=
                    setting in logind.conf, and the previous default of "no" is now
                    changed to "yes". This means that user sessions will be properly
                    cleaned up after, but additional steps are necessary to allow
                    intentionally long-running processes to survive logout.

                    While the user is logged in at least once, user@.service is running,
                    and any service that should survive the end of any individual login
                    session can be started at a user service or scope using systemd-run.
                    systemd-run(1) man page has been extended with an example which shows
                    how to run screen in a scope unit underneath user@.service. The same
                    command works for tmux.

                    After the user logs out of all sessions, user@.service will be
                    terminated too, by default, unless the user has "lingering" enabled.
                    To effectively allow users to run long-term tasks even if they are
                    logged out, lingering must be enabled for them. See loginctl(1) for
                    details. The default polkit policy was modified to allow users to
                    set lingering for themselves without authentication.

                    Previous defaults can be restored at compile time by the
                    --without-kill-user-processes option to "configure".

You are conflating compilers with language stability. The fact is that Apple could discontinue Swift tomorrow and you would by out of luck. Avoid corporate controlled languages.

FFS, what "Corporate Control"???

Did you miss the part where Apple OPEN SOURCED Swift, and basically dumped the ENTIRE Project on GitHub???

JEEZUS, you're stupid.

Interesting, the license file was added 29 days ago, on a 2 year old project; nothing to see here!

A while ago I followed TheGrid web development AI project to keep tabs on how this bot is going to try to eat the industry. Now you can barely even load its home page because it makes so many repos https://github.com/grid-bot . see also https://thegrid.io/ "How The Grid Will Automate Web Design Without Killing The Designer" .. this list seems to work, it churns constantly: https://github.com/the-domains

A while ago I followed TheGrid web development AI project to keep tabs on how this bot is going to try to eat the industry. Now you can barely even load its home page because it makes so many repos https://github.com/grid-bot . see also https://thegrid.io/ "How The Grid Will Automate Web Design Without Killing The Designer" .. this list seems to work, it churns constantly: https://github.com/the-domains

At least some of it is shared

Maybe that's because they used MIT License.

At least some of it is shared

Maybe that's because they used MIT License.

Apple could discontinue Swift tomorrow and you would by out of luck.

Unless someone else takes up maintainership of a fork of Swift under the Apache License.

You might want to use rust instead, it has first class support for windows, linux and mac:

https://github.com/rust-lang-n...

Now that we're seeing some real progress with making Swift a cross-platform language, I think it's time for Mozilla to drop their Rust project.

For those who don't know, Rust's home page describes it as "a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety." Well that sounds an awful lot like what Swift is!

While Swift has already seen major adoption and use in the real world, we haven't seen that from Rust. There have been a handful of projects using Rust, but that's it. And the ones that have used it, including the Rust implementation itself and Mozilla's Servo browser engine, have not been very impressive so far.

Despite lofty goals and a lot of hype, we haven't seen anything much of substance come out of Rust. Many have complained that it's an awkward language to use, even more than C++ is. Others have pointed out that C++14 and C++17 actually make much of Rust redundant. Yet others point out that Rust's safety guarantees are only as good as its implementation, which suffers from thousands of bugs despite much of it being written in Rust by the creators of Rust!

There was recent discussion about Google adopting Swift for Android. IBM has also taken an interest in Swift. Instead of continued failure with Rust, which is essentially a proprietary language at this point even if it's developed in the open, Mozilla should really consider using Swift, too.

It wouldn't just be better for Mozilla. It would be better for all developers. Swift is quickly becoming a universal language. The large number of developers proficient with Swift could contribute to Mozilla's code bases, rather than just a small handful of niche developers who know Rust.

Swift is the future. It's where software development is heading. Mozilla can do the sensible thing by getting rid of Rust and moving to Swift early on, or they can continue to waste time and effort on Rust. I sure hope they make the sensible decision! A modern web browser written in Swift would be much more useful than a web browser written in Rust.

... or just search the interwebs for an "unfuck" script that will do all of that for you, like such as:
https://github.com/dfkt/win10-...

But a lot of this is just as applicable to win7 , win8.x , iOS, Android, etc.

I have Win10 on a few devices at home. It's nice. The new touchscreen UI/features can be annoying, but the gestures do make sense if you have a touchscreen. M$ has been trying to do tablet pen/touchscreen devices longer than anyone, so it's funny to watch them play catch-up now. But I remember being just as lost the first time I played with an Android emulator, and even more frustrated the first time I played with iOS. It all makes sense once you bother to learn the new UI quirks and get used to it. And the old Start menu is still there if you're one of those diehards, even if you have to install Start Menu Classic to get it.

So.... stop whining, or listening to other people who whine, and just play with it, even if just in one of those free IE11 test VMs.
https://developer.microsoft.co...

• 1. Ever increasing ads in the start menu, lock screen, and wherever else Microsoft feels entitled to display them?
• 2. That the OS divulges your personal information to 107 domains?
• 3. Uncontrollable auto-updates that reboot while you're in the middle of your work?
• 4. When the OS deletes programs installed on your computer so you'll use the Microsoft equivalent instead?

Then the answer should be obvious.

Explorer has supported 32k pathnames since at least XP

I disagree.

I am using Windows 8.1 and, right now, and I have paths on my computer that were created by npm that I cannot delete via Explorer. I use Tools-RecursiveDelete from github when I need to delete those folders.

(Posted AC cuz I moderated)

Console-it is dead and unmaintained, has been for a few years now.

There's a fork called ConsoleKit2 since last year which is maintained and, rejoice, there's no systemd in the minimum requirements list!

Actually, if, on a Mac running OS X, you do nohup blahblahblah >/tmp/blahblahlog 2>&1 & in a Terminal window in a GUI session, and then log out and log back in again, blahblahblah will still be running (verified experimentally on an El Camino (virtual) machine just now).

Harrumph El Capitan, d00d.

(If it warns you that there's a process running in Terminal, and that logging out will kill it, tell it to close the Terminal window anyway; it's lying, the process will survive. I'm not sure what signal is getting sent, if any, but it ain't SIGKILL - perhaps it's SIGHUP, as nohup's purpose is to make the process ignore SIGHUP.

To be fair, the OS X nohup, as well as, apparently, the OS X screen has been modified to call _vprocmgr_detach_from_console() , and that document is part of a version of tmux ported to OS X.

So perhaps screen, tmux, and nohup need to be modified to, on systems with systemd, do whatever the appropriate magic is necessary, just as is done on OS X.

FWIW, I've only found one quote by Lennart Poettering about the entire thing (source):

I am not sure I follow. Note that user@.service is already reference counted by the login sessions around. i.e. it is started before the first user session of a specific user is created, and stopped when the last user session ends. I don't follow why that behaviour is not sufficient?

Lennart seems to have learned by now to be careful what he says in public, so I don't expect him to call anyone a moron here.

No, there's a similar debate blowing up on the Fedora list as well, it's just that there's hardly anyone left with the energy to fight the cabal any more.

From the Fedora List:

In my view it was actually quite strange of UNIX that it by default let arbitrary user code stay around unrestricted after logout. It has been discussed for ages now among many OS people, that this should possible but certainly not be the default, but nobody dared so far to flip the switch to turn it from a default to an option. Not cleaning up user sessions after logout is not only ugly and somewhat hackish but also a security problem.

...

I am pretty sure we should consider it our duty as Fedora developers to improve the Linux platform, and I am pretty sure that properly cleaning up processes on logout is a step towards that, not against it.

I am not sure I follow. Note that user@.service is already reference counted by the login sessions around. i.e. it is started before the first user session of a specific user is created, and stopped when the last user session ends. I don't follow why that behaviour is not sufficient?

Lennart seems to have learned by now to be careful what he says in public, so I don't expect him to call anyone a moron here.

So what's your favorite part about Windows 10, the 107 domains that the OS sends your personal information to, the uncontrollable auto-updates that reboot while you're in the middle of your work, or when the OS deletes programs installed on your computer so you'll use the Microsoft equivalent instead?

Answering my own question:

https://github.com/kevoree/jav...
http://sma.github.io/stuff/jav...

... and in fact has filed a motion for JOML ...

You've been using Java too much. I think you mean JMOL.

:-D

https://gist.github.com/xvital...

https://www.reddit.com/r/pcmas...

There are a couple utilities floating around that blocks most/all of the M$ telemetry IPs by dumping them into the hosts file. A few months ago I was able to revert a Win10 upgrade back to Win7; not sure if it lets you do that anymore.

Committing shit just makes you look like an asshole. Committing good code makes you look like a rockstar.

That's not how metrics work.

more commits, more green, more Rockstar you are!

Shirley, you're joking. FPGAs took over GPUs for Bitcoin mining in 2011, and later ASICs.

How do you block malware at the hosts file?

By sending the ad networks to 0.0.0.0.

https://github.com/StevenBlack...

That's the one I use.

--
BMO

Signal is OSS, uses client-side end-to-end encryption, and features both messaging and video (formerly 'TextSecure' + 'RedPhone'). If the recipient doesn't have Signal, messaging goes out as a regular SMS/MMS (with 'unsecure' warning).

The only information stored on the Signal servers, iirc, are hashes of the phone numbers and corresponding IPs to allow the clients to find eachother.

Apparently they're responsible for the encryption of Google's Allo, too, as well as WhatsApp.

And then there's Google deepdream

I was speaking in general to the notion that counting commits means anything; I don't know anything about her. And I certainly wouldn't get all pedantic about the term 'developer' as used in an article on the web; where everyone from a system architect, to the person who edits the content on the company intranet via CMS is routinely called a 'developer'.

But fine, you've made me look... happy?

https://www.torproject.org/abo...

"Isis: Lead maintainer and developer on BridgeDB. Used to work on OONI."

So where does that take us:
https://bridges.torproject.org...

"When using Tor with Tails in its default configuration, anyone who can observe the traffic of your Internet connection (for example your Internet Service Provider and perhaps your government and law enforcement agencies) can know that you are using Tor."

"This may be an issue if you are in a country where the following applies:
1. Using Tor is blocked by censorship [...]
2. Using Tor is dangerous or considered suspicious: in this case starting Tails in its default configuration might get you into serious trouble. [...]

"Tor bridges, also called Tor bridge relays, are alternative entry points to the Tor network that are not all listed publicly. Using a bridge makes it harder, but not impossible, for your Internet Service Provider to know that you are using Tor."

isislovecruft #1: 1,619 commits, 130,599++ / 82,789--
https://github.com/isislovecru...

and
https://ooni.torproject.org/

"A free software, global observation network for detecting censorship, surveillance and traffic manipulation on the internet"

isislovecruft #2 with 271 commits, 31,590++, 23,581 --
https://github.com/TheTorProje...

She removed ONE line of code (a double free). That is it. That isn't a core developer.

That burning feeling in your cheeks... that's the shame. Assuming you are a decent human.

I was speaking in general to the notion that counting commits means anything; I don't know anything about her. And I certainly wouldn't get all pedantic about the term 'developer' as used in an article on the web; where everyone from a system architect, to the person who edits the content on the company intranet via CMS is routinely called a 'developer'.

But fine, you've made me look... happy?

https://www.torproject.org/abo...

"Isis: Lead maintainer and developer on BridgeDB. Used to work on OONI."

So where does that take us:
https://bridges.torproject.org...

"When using Tor with Tails in its default configuration, anyone who can observe the traffic of your Internet connection (for example your Internet Service Provider and perhaps your government and law enforcement agencies) can know that you are using Tor."

"This may be an issue if you are in a country where the following applies:
1. Using Tor is blocked by censorship [...]
2. Using Tor is dangerous or considered suspicious: in this case starting Tails in its default configuration might get you into serious trouble. [...]

"Tor bridges, also called Tor bridge relays, are alternative entry points to the Tor network that are not all listed publicly. Using a bridge makes it harder, but not impossible, for your Internet Service Provider to know that you are using Tor."

isislovecruft #1: 1,619 commits, 130,599++ / 82,789--
https://github.com/isislovecru...

and
https://ooni.torproject.org/

"A free software, global observation network for detecting censorship, surveillance and traffic manipulation on the internet"

isislovecruft #2 with 271 commits, 31,590++, 23,581 --
https://github.com/TheTorProje...

She removed ONE line of code (a double free). That is it. That isn't a core developer.

That burning feeling in your cheeks... that's the shame. Assuming you are a decent human.

This might be relevant. Not a contributor to the core code base, but somewhat in the loop.

Given the competence and professionalism shown by the FBI on this, I imagine their method for choosing a target was less about how important they are to the project and more about how accessible and vulnerable they are to law enforcement threats.

Or you could have spent a little more time to discover that she appears to be maintaining the nextgen spec for Tor. She also appears to be actively involved with accepting/rejecting proposed changes to the spec. Just because someone is not contributing to the mainline project doesn't mean they're not actively involved in it.

I decided to verify some of this speculation with information easy to obtain.. It turns out she's a very minor contributor. 3 commits, ever. To suggest her code contributions wouldn't be reviewed by the plethora of more active maintainers is pretty wild. Tor is open source, the FBI can make "clever" contributions on their own. They don't need the secret help of a very minor contributor. Furthermore, exit nodes are a much better avenue for compromise.

Something fishy is going on here. If she's running and offering this bad of an excuse ("I don't want people to get hurt") it sounds like she's got something more I important to hide. Don't be surprised when more of this unravels and she turns out to be complicit in some illegal activities on that network.

Indeed, you could even set up a user that can only write to the challenge folder; that's the recommended configuration for acme-tiny.

But to set that up you need knowledge of how to set permissions; I think certbot expects root in order to avoid that.

[rant on] It strikes me that Google hires probably the brightest minds and do not grasp basics of IT: different people have different needs!

While it is acceptable to start restricting an securing web browser by disabling some features and external plugins for general public, it is quite unacceptable NOT to leave any option but not to upgrade for specialized use. I still did not get over NPAPI deprecation. Companies like mine have built specialized solutions around plugins and/or flash and with Google ecosystem (and with Apple one) we have NO choice.

As they represents a sizeable chunk of the market. It's a PROBLEM.

We had to basically rebuild our own web browser with NPAPI support to continue our business.

https://github.com/operationiv... (for those interested)

I can imagine how flash based solutions companies are thrilled about this announcement. And then - the question: what is the procedure to make it into the 'whitelist'. Google is turning into nanny state organization. Seems that they upgraded their motto as well

'Don't do evil' -> 'We do you good (even against your wish)

At least, the reviled Microsoft is doing a fine job ensuing good compatibility with their decade old WIn32 API. The perfect example is ActiveX support that has been removed from WIn10 / EDGE browser. But Win10 ships with Internet Explorer that HAS kept the active X support.

I can here teams of young (male virgin?) bright devs shrieking and getting excited by the newest JS bla bla framework and sighting when having to support legacy code. What a turn off for them !

But ....

To me, plugins where not only 'small add-ons'. They represented a web compound documents model, open toward other technologies.

Pure HTML5 is a 'la pensée unique', 'there is no alternative' way.

It reflects in the code how insecure people feel about 'foreign' things more generally and it is sad.

[/rant finished]

You need to prove to Let's encrypt that you own the domain. For that you have to add a special file to a special place inside the http accessible part of the website.

So, I'd also have to open up the standard HTTP port to outside traffic just so they can check I 'own the domain'? that, and the idea of running
a 'certificate management agent' on my web server....

I've been using StartSSL's free certs for that exact reason. They've got free 1 year certs vs LE's 30 days - and recently they've done a StartAPI to get these automagically.

Right now though, they still use HTTP validation - like LE - but hoping they'll have other options.

I've also just finished a proof of concept implementation of their API at https://github.com/CRCinAU/sta...

Hoping to get some review on it and hopefully some submissions to add to the functionality.

There's very useful service https://tapiriik.com/ (free and open source https://github.com/cpfair/tapi... ) that lets you migrate workouts between different fitness apps. It supports runkeeper, strava (my favourite), endomondo, garmin and even dropbox.

I found a Linux desktop client called Whatsie which works well (there are Whatsie clients for OSX and Windows as well). https://github.com/Aluxian/Wha...

They guys at soylent already did it.

https://github.com/SoylentNews...

What's the best manual for Git?

$ man git

"man git" is about as useful for learning git as an engineering manual is to teaching somebody to drive.

The best way to learn Git is to use it as part of a team for a project, otherwise the terms are misleading, the commands are idiosyncratic and the options are endless.

Create a project on Github, go through their tutorial https://help.github.com/. It helps with the absolute basics.

Try https://github.com/felipec/git for a git fork with some attempts at being kinder with its behaviour (although it doesn't appear to be maintained anymore).

Linus himself admits it.

I use Amaze file manager, and have no complaints.

It's open source, GitHub is here: https://github.com/arpitkh96/AmazeFileManager.

These pseudo-privacy-friendy search engine companies cause me grave concern. There are very few of them (DuckDuckGo, Disconnect.me, Startpage) and all promise something entirely unverifiable: where it the source code to their search engines? Even more concerning: where on earth did DuckDuckGo get all of that money if not from ad revenue and selling user search information?

The only positive advance can come from decentralizing search, but in the meantime there are Searx instances where at least the source code is available to all under the Affero GPLv3+ license, which is the only decent license for software that users access through a network. "Cloud computing" is a terrible name for this. It is using software executing on someone else's computer: that is essentially what so-called "Web apps" are, and AGPLv3+ protects the deserved liberties of users in a global internetworked world.

Now the benefit of Searx is the fact that anyone can run an instance of it, so we can choose where we proxy out from, but it still is merely a centralised glorified proxy to Google/Bing/Yahoo/etc. It does however have one of the best user interface and features of any search engine I have ever used.

There is an instance in the USA that is perhaps most popular:

http://searx.me/

And one in France from La Quadrature du Net (and associated Onion hidden service):

http://searx.laquadrature.net/
http://searchb5a7tmimez.onion/

And here is another Searx hidden service instance, no idea which country it is in:

http://ry2yhmjtylb6vtta.onion/

If one wants any decent level of anonymity, stop accessing search engines running non-free software and stop sending clearnet DNS requests and use an .onion Searx instance. Only then can one begin to have even an iota of defense searching the web.

Free VPN is not possible.

So how do I access this service from Android again?

Also, Microsoft could bundle ssh/scp in their next release - or make their own similar third-party service.

Already here, as an open-source Powershell plug-in: Posh-SSH.

My own (huge) institution has banned Dropbox entirely. Instead, a subscription to Box Sync was purchased for everyone.

Dropbox has a client for GNU/Linux OS; Box appears not to because of low demand. Did the price of this "subscription to Box Sync" include a subscription to Windows for Linux users to run in a VM? Or how well does the Box client for Windows work in Wine? Or are you using an unofficial client?

Why not use HTTPS everywhere?

There are about three reasons: