Slashdot Mirror

Here are some of them: https://github.com/SverigeLinu...

Where exactly are you missing them?

Similar project, but OpenSource and works on any OS/Browser: https://github.com/HelloZeroNe... (Decentralized websites using Bitcoin crypto and the BitTorrent network)

You can install non-Store extensions in Developer Mode, but Google Chrome will automatically uninstall them when you close and reopen Google Chrome. There exists a workaround, but this workaround requires editing Group Policy, and editing Group Policy appears to require a Pro version of Windows. So you end up paying around $100 to Microsoft to have the ability to use a non-Store Chrome extension more than once.

This is how my kids started with Minecraft plugins, a plugin called ScriptCraft: https://github.com/walterhiggi...
It lets you write mods in JavaScript, either with separate .js files in a directory or directly on the command line in-game. JavaScript was very approachable and forgiving, and gave them immediate visual feedback on their code. Now my 10-year-old has written a Java mod while my younger one is interested in trying. I swear the desire to mod Minecraft is doing more for STEM than any Pearson curriculum...

there's a rumored 3rd party GUI, but I wouldn't trust it unless the code quality is cleared by someone with the know how.

there's also the rumor of a few FOSS media players working well with youtube-dl, too.

"Download videos from YouTube (and more sites)"

https://rg3.github.io/youtube-...

"youtube-dl is a small command-line program to download videos from YouTube.com and a few more sites. It requires the Python interpreter (2.6, 2.7, or 3.2+), and it is not platform specific. We also provide a Windows executable that includes Python. youtube-dl should work in your Unix box, in Windows or in Mac OS X. It is released to the public domain, which means you can modify it, redistribute it or use it however you like."

- Enough cmdline options for just about everyone!
https://github.com/rg3/youtube...

- Discussion:
https://news.ycombinator.com/i...

There's a lot that could have prevented that bug, but the biggest thing that stands out to me was the sloppy code in the function itself.

https://github.com/openssl/ope...

Line 1450: First of all, exactly what "&s->s3->rrec.data[0]" is isn't anywhere near apparent enough. However, the big failing is that, even if we know that it's a buffer of untrusted network data, the first thing we're going to do is rename it to a single letter, thereby making it even less obvious where values referenced by the pointer are coming from.

Line 1452 & 1453: These variables should really be named "payload_size" and "padding_size" or something similar, to reflect that they aren't the payload and padding themselves, but rather, just the size of these things.

Line 1457: Several problems here:

First of all, "p" doesn't scream "OMG don't trust any data read from this pointer!" like it should. Thus, this line doesn't stand out as one that needs particular attention in code review.

Second, even if we're still aware that "p" points to untrusted data, we just stored that data into "payload" using a macro that conceals the fact that "payload" is an output rather than an input. Thus, we might be aware that we just looked at the data in that buffer, but still not be aware that "payload" is now untrusted data, as the macro looks like a function call, and functions can't modify values not passed by reference.

Third, since "payload" is named as if it contains the data rather than the size of the data, we may not even think it's a problem that it's never checked for validity since we know the payload of the heartbeat packet is irrelevant.

Line 1480: ...and now, enabled by the "payload" variable that we've made ourselves blissfully unaware of the contents of, we copy a bunch of random data into an outgoing packet buffer.

You want to prevent bugs like this? Here's some rules:

1. Name your variables such that any moron can figure out what the fuck is in them without having to search all over the code. Whomever is reviewing your code may not remember what the fuck "&s->s3->rrec.data[0]" is, and they may not remember what the "p" you declared just a few lines ago is. Make your variable names obvious enough and it'll be more obvious when you're misusing them.

2. Don't make macros that modify their parameters. I know, this is hard if the macro needs more than one statement, but fuck, do you want it to be obvious what your code does or not?

I think the biggest problem is that a lot of programmers are under the impression that, as long as code compiles and does what it is supposed to, then the code is fine and no one has any right to complain about it. However, I would have looked at that code for about ten seconds, realized it was too hard to follow, and told whomever sent it to me "no thanks, it's too hard to follow." If it isn't obvious what a piece of code does, or if it isn't obvious that it does it correctly, then it isn't obvious that the code is secure.

So is the code secure? Well, you may have people review each other's code for the added security that that brings, but if the code they're reviewing is difficult enough to follow that they aren't willing to take the time to understand it, then you might as well not even ask them to look it over.

I'm sure that's what happened here. Dude just typed out some code when he should have been sleeping, submitted it, and the next day someone looked at the code to review it, realized that following what was going on with all of those misnomer and non-descriptive variables was going to require some actual effort, and just said "fuck it, dude is cool, and he wouldn't have submitted it if it didn't work." After all, what was he going to do? Send it back with the message "uhm, yeah, I'm not taking the time to try to follow this code, why don't y

Technically you can't log in to it - every access to the Web gui and/or ssh has been "blocked" (only they forgot IPv6).

Firmware ripped out is here: Github

Eventually you end up with a table of figures either hardcoded into the code, or as a configuration file.

Things can get out of alignment with spaces, and everybody sees its wrong. But Tabs might look fine for one dev, but be completely misaligned for another. And because you might be sharing tables with anybody on the planet, you either enforce a tab convention worldwide, or go with spaces.

Or you can just use GitHub's Windows client which, the last time I used it required me to use the command line to init non Githib repos but then didn't require the user to use the command line for anything. Might even be better now, it's been a couple of years since I had to support software developers running on windows.,

Yes, thanks to Joyent, who opensourced smartdatacenter the software they use to run their public cloud...

The hypervisor is SmartOS, it is based on Illumos (fork of opensolaris)..
It has ZFS, Dtrace, Zones (think virtualisation with bare metal performance), crossbow.. and KVM as they ported it..
You can run SmartOS instances inside Zones, and even Linux instances (by way of ABI translation), or any OS using KVM,
And even present you datacenter as an elastic docker host, as they implemented Docker API in SDC.. (sdc-docker aka Triton)

I'm currently evaluating it, so far I'm impressed..

Here are the github repository and the docs

Ms-PL is basically ancient history by now. Most of Microsoft's open source projects are released under either Apache License 2.0 or MIT License. CoreCLR (the current effort to open source .NET), in particular, is under MIT.

Nope, but a person believing that Microsoft is more trustworthy than global community,

That is their opinion. It doesn't mean that they are a Microsoft shill as you claimed.

that .NET runtime is a silver bullet that will kill Ruby, Go and Rust

The AC didn't say .NET would kill those languages, just make them less useful.

person that keeps insisting that MS won't sue anyone over .NET despite the shady language in the license and a number of restrictions (.NET code can only be used to create a runtime adhering to MS specs and for no other purpose)

There is simply no shady language in the license that is going to affect Mono. If they ever decide to change Mono from an implementation of the .NET platform to something else (eg. JVM) whilst retaining Microsoft's code then they could be in trouble. But do really think for a second that they would change the focus of the project like that? Absolutely not.

And yet that is the main message of your post, that if you don't adhere to Microsoft's spec then they could sue. Well Mono is compliant with the licence, so they are not going to get sued.

Also, for this same time .NET has failed to see adoption the likes of Java did, and right now, Microsoft has even more hooks inside their license allowing them to sue the living hell out of anybody, and (Like with Oracle, Google and Java) they can sue if the code used in .NET will be used for anything other than making a fully fledged .NET runtime (that part is straight in their license, no guessing involved here).

So your response to me pointing out that Microsoft hasn't actually sued anyone for the last 13 years despite all the claims that they would is that Java is still bigger and that if you made something that was unlike Mono that you would get sued. How is that counter my claim that saying that using Mono will not get you sued?

Previous comment was regarding Microsoft and open-source in general - this is an answer in general. Commenter said he trusts Microsoft more than RedHat or opensource developers, I pointed out that trust is a personal issue, ability to verify - is more objective.

Irrelevant. You have the ability to verify code from an open source project.

Actually, use this link https://github.com/riverar/uxstyle/releases as it has the latest version.

I've been using UxStyle for a long time without issue, so I fell behind on versions.

Just because Rust may make you think about possible error conditions it doesn't mean that they're handled any better than when using other languages.

Look at Servo. This is a web browser rendering engine written using Rust, written by many of the same people working on Rust. Specifically, look at a bug like https://github.com/servo/servo/issues/5051.

That bug report shows that Servo crashed at runtime. You'll also see error messages like

thread 'LayoutWorker worker 3/6' panicked at 'called `Option::unwrap()` on a `None` value', /Users/larsberg/rust/src/libcore/option.rs:362

and

thread 'PaintTask' panicked at 'called `Result::unwrap()` on an `Err` value: RecvError', /Users/larsberg/rust/src/libcore/result.rs:743

That looks an awful lot like an uncaught Java NullPointerException or an uncaught C# NullReferenceException! All of this unwrap() crap that's supposed to prevent problems like runtime failures has, guess what, resulted in a runtime failure!

Contrary to what you're claiming, even the people behind Rust write applications that "simply pretend errors don't exist and end up crashing at runtime"!

The Rust compiler itself is rife with runtime failures. Look at the Rust compiler bug list, and do some filtering on "ICE" or "Internal Compiler Error". For a compiler for a language that's supposed to help avoid errors, that's written in that very language, it sure does suffer from a lot of unexpected runtime failures and other bugs!

If the people creating Rust end up creating so much broken code while working on the Rust compiler itself, even now that it's supposed to be getting "stable", how the hell can we expect it to be any better for the rest of us mere mortals who aren't Rust experts?

Just because Rust may make you think about possible error conditions it doesn't mean that they're handled any better than when using other languages.

Look at Servo. This is a web browser rendering engine written using Rust, written by many of the same people working on Rust. Specifically, look at a bug like https://github.com/servo/servo/issues/5051.

That bug report shows that Servo crashed at runtime. You'll also see error messages like

thread 'LayoutWorker worker 3/6' panicked at 'called `Option::unwrap()` on a `None` value', /Users/larsberg/rust/src/libcore/option.rs:362

and

thread 'PaintTask' panicked at 'called `Result::unwrap()` on an `Err` value: RecvError', /Users/larsberg/rust/src/libcore/result.rs:743

That looks an awful lot like an uncaught Java NullPointerException or an uncaught C# NullReferenceException! All of this unwrap() crap that's supposed to prevent problems like runtime failures has, guess what, resulted in a runtime failure!

Contrary to what you're claiming, even the people behind Rust write applications that "simply pretend errors don't exist and end up crashing at runtime"!

The Rust compiler itself is rife with runtime failures. Look at the Rust compiler bug list, and do some filtering on "ICE" or "Internal Compiler Error". For a compiler for a language that's supposed to help avoid errors, that's written in that very language, it sure does suffer from a lot of unexpected runtime failures and other bugs!

If the people creating Rust end up creating so much broken code while working on the Rust compiler itself, even now that it's supposed to be getting "stable", how the hell can we expect it to be any better for the rest of us mere mortals who aren't Rust experts?

Have you actually tried Servo? It doesn't even have a usable UI

Yes, I have. You can use servo-shell

the date then became May 2015. I don't have much faith in them meeting that deadline.

You don't need faith. It's software, not religion. Here's the Rust 1.0 schedule, so why whine?

You worry too much. Relax, take a rest. You'll be happier.

@HarryCheung has tested mobile app by reimplementing the same app with 13 different languages. This includes C++ (fastest on iOS and Android), Swift, Xamarin, J2ObjC, Javascript & RubyMotion (slowest on iOS). All the code is available on GitHub for the community to improve further. Disclosure: I provided feedback on the posts but was not involved in the testing.

Or use a language like Rust which aims for memory safety without garbage collection. Servo is implemented in Rust.

Don't be foolish. Dogmatic adherence silly acronyms at the expense of readability is a bad thing. You often end up with more code, not less, trying to avoid any and all redundancy. If it's cleaner and easier to read and maintain, it's worth the exchange.

Let's look at your justification for your dogmatism:

If the other person does not even look for the second check then you now have broken code.

What you've written here, is that if a developer makes a mistake modifying code they don't understand, you'll have broken code. It doesn't look that strong now, does it?

Further, I'd argue that adding more, likely more complicated, code to avoid a tiny bit of redundancy is far more likely to bring about those circumstances where a developer is going to modify code they don't fully understand.

Have you ever played code golf? The idea is to make the shortest possible program that meets some requirement. The most common strategy is to start with a normal implementation and then find ways to reduce the codes size. Essentially, it's about eliminating redundancy. The results look really impressive, short and compact code that does a lot. They're also impossible to read and maintain!

What I'd challenge you to do is find some short bit of code you've written that you think is particularly good, then play code golf to reduce its size. I can guarantee that you'll find plenty of redundancy in function of which you can take advantage to reduce the code size. I'll also guarantee you that your code will be less readable and far more difficult to maintain.

If you really are a born-again acronymist, you'll happily take DRY to its absurd conclusion and golf your way to an unmaintainable nightmare. My guess is that you'll quickly come to your senses and realize that DRY is really just a bit of folk wisdom. It's good to avoid a lot of redundancy (somethings things should be made more generic) but that it's not truy evil, and can sometimes be helpful. Particularly when it makes your code easier to read.

Speaking of making code generic, that's not always a good thing either. You've probably seem this yourself, where a programs size and complexity were dramatically increased by trying to make everything as generic as possible (usually justified as making the code 'reusable'). While a joke, FizzBuzz Enterprise Edition makes my case here nicely.

Keeping code simple and readable is far more important than any fly-by-night acronym you'll run across.

Open Source Software by Facebook like React also includes some pretty weird PATENTS clauses.

First, a message sent out by the Chinese authorities to not comment on the attack.

The following censorship instructions, issued to the media by government authorities, have been leaked and distributed online. The name of the issuing body has been omitted to protect the source.

Regarding the large-scale distributed denial-of-service (DDoS) attack on GitHub, do not conjecture or comment of your own accord before the authoritative media have reported the case, and do not republish foreign coverage. (March 28, 2015)

Next, the two specific targets of the attack.

The DDoS attack “weaponizes” Internet users outside China who visit websites containing Baidu tracking code. As long as they remain on an affected site, their browser will quietly make repeated requests to the GitHub URLs of censorship monitoring and circumvention project GreatFire.org and its censorship-evading Chinese New York Times mirror, in an effort to overwhelm GitHub’s servers.

This is what GreatFire, the target of the attack, had to say:

When we first blogged about this attack we did not want to level accusations without evidence. Based on the technical forensic evidence provided above and the detailed research that has been done on the GitHub attack, we can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks [the ongoing one against GitHub, and another against GreatFire earlier this month].

[] Inserting malicious code in this manner can only be done via the Chinese Internet backbone. Even if CAC did not launch the DDoS attack directly, they are responsible for managing the internet in China and it is not possible that they did not know what was happening. These attacks have occurred under CAC’s watch and would have needed the approval of Lu Wei.

Lu Wei and the Cyberspace Administration of China have clearly escalated the tactics that they use to control information. The Great Firewall has switched from being a passive, inbound filter to being an active and aggressive outbound one. This is a frightening development and the implications of this action extend beyond control of information on the internet. In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on internet users worldwide. CAC can launch these attacks quickly and easily and they have the technical and financial resources behind them to continue to launch DDoS attacks against any website, anywhere in the world.

GitHub is used by GreatFire as a way around Chinese government censorship by the Great Firewall. Here's what GitHub had to say about the attack.

GitHub commented last week that “we believe the intent of this attack is to convince us to remove a specific class of content,” apparently referring to GreatFire’s censorship circumvention tools. GitHub’s compliance would resolve a dilemma for Chinese censors: the site’s HTTPS encryption prevents blocking its contents selectively, and its ubiquity in the tech industry would impose a high economic toll on blocking the entire site. This “collateral freedom” strategy is central to GreatFire’s circumvention projects on other platforms, such as Amazon’s and Microsoft’s.

It's very even handed of the Slashdot Pundits to support the Chinese government contention that they are just poor innocent bystanders who haven't ever censored anybody ever. Of course it's way to much effort to go online and find out what the attack victims think. Our Pundit class nev

First, a message sent out by the Chinese authorities to not comment on the attack.

The following censorship instructions, issued to the media by government authorities, have been leaked and distributed online. The name of the issuing body has been omitted to protect the source.

Regarding the large-scale distributed denial-of-service (DDoS) attack on GitHub, do not conjecture or comment of your own accord before the authoritative media have reported the case, and do not republish foreign coverage. (March 28, 2015)

Next, the two specific targets of the attack.

The DDoS attack “weaponizes” Internet users outside China who visit websites containing Baidu tracking code. As long as they remain on an affected site, their browser will quietly make repeated requests to the GitHub URLs of censorship monitoring and circumvention project GreatFire.org and its censorship-evading Chinese New York Times mirror, in an effort to overwhelm GitHub’s servers.

This is what GreatFire, the target of the attack, had to say:

When we first blogged about this attack we did not want to level accusations without evidence. Based on the technical forensic evidence provided above and the detailed research that has been done on the GitHub attack, we can now confidently conclude that the Cyberspace Administration of China (CAC) is responsible for both of these attacks [the ongoing one against GitHub, and another against GreatFire earlier this month].

[] Inserting malicious code in this manner can only be done via the Chinese Internet backbone. Even if CAC did not launch the DDoS attack directly, they are responsible for managing the internet in China and it is not possible that they did not know what was happening. These attacks have occurred under CAC’s watch and would have needed the approval of Lu Wei.

Lu Wei and the Cyberspace Administration of China have clearly escalated the tactics that they use to control information. The Great Firewall has switched from being a passive, inbound filter to being an active and aggressive outbound one. This is a frightening development and the implications of this action extend beyond control of information on the internet. In one quick movement, the authorities have shifted from enforcing strict censorship in China to enforcing Chinese censorship on internet users worldwide. CAC can launch these attacks quickly and easily and they have the technical and financial resources behind them to continue to launch DDoS attacks against any website, anywhere in the world.

GitHub is used by GreatFire as a way around Chinese government censorship by the Great Firewall. Here's what GitHub had to say about the attack.

GitHub commented last week that “we believe the intent of this attack is to convince us to remove a specific class of content,” apparently referring to GreatFire’s censorship circumvention tools. GitHub’s compliance would resolve a dilemma for Chinese censors: the site’s HTTPS encryption prevents blocking its contents selectively, and its ubiquity in the tech industry would impose a high economic toll on blocking the entire site. This “collateral freedom” strategy is central to GreatFire’s circumvention projects on other platforms, such as Amazon’s and Microsoft’s.

It's very even handed of the Slashdot Pundits to support the Chinese government contention that they are just poor innocent bystanders who haven't ever censored anybody ever. Of course it's way to much effort to go online and find out what the attack victims think. Our Pundit class nev

If they actually forked the kernel I'm pretty sure it would be in their repository and not one that's 11 days old.

News like that just feels like an April fools joke to me and I would assume it would to others. I mean, the systemd developers don't operate like that at all. That people would think it to be true at all shows how strange of a perception there is around the systemd project (take that as you want, one way or another people think the systemd devs would be crazy enough to do a full out fork of the kernel--does that mean people are deluded about systemd's goals or that systemd has put off indications that they would do such a thing).

OpenPOWER is Open. Here's the source code for the OpenPOWER BIOS. Enjoy... https://github.com/open-power

Some other comments mention that you can just clone your git repositories and use that a backup, but that's not practical when you're using git workflow as a core part of running your development team.

Relying on external services is never a good business move, so the a solution is to use GitHub Enterprise, which lets you run a private copy of the GitHub site on your own servers, with your own backup solution and security provisions.

Maybe this is what your coworker is advocating.

Well... on GitHub the wiki _is_ actually stored in a Git repo... and all of the pages are simply Markdown. They are VERY easy to move to many other systems (or even to view locally).

GitHub even publishes an open source version of its wiki renderer to make it even easier: https://github.com/gollum/goll...

NOW: The bugtracker stuff is a little more difficult. You can use the GitHub API to pull out all of the info easily enough and store it locally... but you have to do some sort of transformation to get it into a new format if you're trying to move to a different service.

Personally, I've done this the other way around. We went from using Trac on our own servers to using GitHub. I wrote scripts to take all of our Tickets from Trac and upload them to GitHub as Issues using the GitHub API. It was a pain but not impossible....

PHP can be good or bad, like any other code. Lately it's getting better.
As an example, do you think this looks bad? Looks pretty good to me.

  https://github.com/symfony/sym...

I have some awful, unreadable examples I could share in Java, PHP, Javascript and even C, but chosen language no longer forces you to write bad code. Maybe Perl, but I haven't seen it lately.

When it works.

No, seriously, that's the prime criteria. I'll take crap code over good code anytime, it it works and the "good" code needs some arcance and/or bizar setup procedure that I have to put up with to perhaps get it running.

Point in case: WordPress, a PHP driven Web CMS that today runs about 20% of all websites, is a huge pile of typical PHP spagetti. And don't even get me started on the data model ... the WP crew probably doesn't even know what that is. Anyway, just the other day I spent two hours hacking the login template to coax it into not getting in the way of an auto-login feature built with Active X and JavaScript (...don't ask, the customer spends 150 Euros an hour, I'm sure as hell not gonna make stupid remarks on all this).

I mean, just look at it! (Surgeon Generals Warning: Looking at WP code can cause instant heart problems and depression!)

It was quite an adventure.

However, it works. My grandma can setup WP in 10 minutes. Come around the corner with your flashy new Java whatnot, clean model and all, if I spend more than a week trying to get it runing on Debian or some other widespread Linux, I will ditch it, no matter how well the app itself is coded.

Programms are for users, and they have to work. The rest is icing. End of story.

> backing up the GitHub repo
> What if it goes down?

It took me about 60 seconds with google to find answers to your questions.

And here's the thing - I knew those answers would be there. Not because I know anything about github, I know jack-shit, but because there is no way that despite being around for seven years with more than 200 employees, nobody at github had ever thought out about those issues. Your complaints simply did not pass the laugh test.

Or rather than fucking around with dice, you could just use my program wordkey and generate a similarly strong and memorable password with much less effort.

-puddingpimp

... for better understanding:
https://github.com/TruthWillFr...

I just gave up and filed a bug: https://github.com/facebook/au...

There's even an aptly-named tool for it!

There's already a tool for this, with a funny name: https://github.com/tylertreat/...

That would be a resounding YES, check it out. Hilarious stuff.

I wouldn't say DICSS is a particularly useful piece of software, and I doubt it's gonna get very wide adoption. But it's a real Javascript library released under the MIT license. IMHO both the README and the parts of the source code are hilarious. YMMV.

The author of DICSS seems like a pretty good comedian. If lewd humor gets your knickers in a twist, you might prefer his Artisanal Javascript page instead.

Link here: https://github.com/letsgetrand...

You should really read the readme.

Should github be involved? We could ramp it up and pretend the project was actually hateful, instead of not being that at all. When should github care? If they are an open source repo, shouldn't they be that?

Here's an emulator for Nintendo hardware. It's safe on legal grounds (even though console companies have lawyered up and taken down some emus by threatening the authors):
https://github.com/dolphin-emu

Here's an archive of "hacking tools". While almost everyone reading this post will understand the context of "hacking", and the fact that these are completely innocuous, would you put that past everyone in the world?
https://github.com/Gexos/Hacki...

Remember, some people consider "hacking" to equal "a crime done to people that should be result in life in prison". Even among those that are a bit smarter than that, you could EASILY argue that labeling something a "hacking tool" is "encouraging people to commit a crime" or somesuch- there's a reason the crack pipes at the flea market are not labelled as such, and have a sign saying that if you call them that, they'll kick you out.

You could argue that the above two projects, along with MANY others, are offensive or encourage illegal activities. You may not agree, but the argument could be made.

If someone is concerned about some cock and balls jokes because some section of the population (certainly not "women" and not really even "feminists", but likely "people who professionally get offended about bullshit to honk their own horns"), I will point out that **there's already a ton of projects that would offend fucking SOMEONE**.

This shouldn't be a story at all.

Should github be involved? We could ramp it up and pretend the project was actually hateful, instead of not being that at all. When should github care? If they are an open source repo, shouldn't they be that?

Here's an emulator for Nintendo hardware. It's safe on legal grounds (even though console companies have lawyered up and taken down some emus by threatening the authors):
https://github.com/dolphin-emu

Here's an archive of "hacking tools". While almost everyone reading this post will understand the context of "hacking", and the fact that these are completely innocuous, would you put that past everyone in the world?
https://github.com/Gexos/Hacki...

Remember, some people consider "hacking" to equal "a crime done to people that should be result in life in prison". Even among those that are a bit smarter than that, you could EASILY argue that labeling something a "hacking tool" is "encouraging people to commit a crime" or somesuch- there's a reason the crack pipes at the flea market are not labelled as such, and have a sign saying that if you call them that, they'll kick you out.

You could argue that the above two projects, along with MANY others, are offensive or encourage illegal activities. You may not agree, but the argument could be made.

If someone is concerned about some cock and balls jokes because some section of the population (certainly not "women" and not really even "feminists", but likely "people who professionally get offended about bullshit to honk their own horns"), I will point out that **there's already a ton of projects that would offend fucking SOMEONE**.

This shouldn't be a story at all.

There are more answers: https://github.com/M66B/XPriva...

I've also used PDroid and LBE Privacy Guard: https://play.google.com/store/...
The latter seems to have gone to shit, though. It always was ran at a layer too high to allow it to catch everything reliably anyway.

PDroid was great if your ROM supported it. The original version isn't maintained anymore, but replacements seem to have popped up:
https://play.google.com/store/...

In general though, using a CyanogenMod ROM with privacy features is definitely the easiest route. Which is what I do.

have a look at umatrix for selective disabling of javascript in chromium/chrome
puts it ahead of the firefox stuff IMO

(now if only chrome would fix their high-dpi support on linux)

Yeah, it's definitely "fresh and new". As in having over 2000 of its own "fresh and new" issues. All Servo has done is trade one set of bugs with its own set.

I wouldn't even recommend bothering with hstore. There are several even better ways to use Postgres in a "NoSQL" setting.

For example there is the Mongres project, that lets a PostgreSQL database emulate the MongoDB protocol. So you could literally drop Postgres into a Mongo-powered application with not a single hiccup, and get a) better performance and b) all the back-end relational stuff you need when it comes time to do reporting or other business logic.

There's also the new JSONB datatype in PostgreSQL 9.4, which I would recommend over hstore if you want to just store "free-form" data in records.

EnterpriseDB did a very well-thought-out study on PostgreSQL/NoSQL.

I wouldn't even recommend bothering with hstore. There are several even better ways to use Postgres in a "NoSQL" setting.

For example there is the Mongres project, that lets a PostgreSQL database emulate the MongoDB protocol. So you could literally drop Postgres into a Mongo-powered application with not a single hiccup, and get a) better performance and b) all the back-end relational stuff you need when it comes time to do reporting or other business logic.

There's also the new JSONB datatype in PostgreSQL 9.4, which I would recommend over hstore if you want to just store "free-form" data in records.

EnterpriseDB did a very well-thought-out study on PostgreSQL/NoSQL.

Please follow up at https://github.com/WhiteHouse/.... We are keen to understand these issues and find solutions. We also do know a thing or two about web hosting and HTTPS.

Hi oneiros27, please take a look at the open issues and provide your feedback at https://github.com/WhiteHouse/...

The "additional CPU" nowadays for SSL is fairly trivial. If you've done some experiments that demonstrate a meaningful performance impact, and you can quantify the costs of that, we'd LOVE your feedback so that we can help you mitigate that or convince you that the benefits are worth the costs. We'd like to see data here.

Likewise with the caching issue. The use of CDNs can mitigate some of the performance impact you're worried about. If you're working with a specific scientific project or experiment where you need to shuttle around a lot of data, and are presently using HTTP and HTTP caching solutions to implement that, I would propose there are better ways of efficient data distribution. Again, submit an issue at the link above about this and someone can work with you to talk about your situation.

The IDS problem can be solved by moving the SSL termination to the other side of your IDS. It's not necessary for the origin server to serve HTTPS. It can also be resolved by changing your approach to IDS to one that doesn't require inspection of the payload at a distance from where it's served.

We do see privacy incidents routinely due to someone thinking "gosh, I didn't expect that would be private" or "I forgot to move that to the https site". We also routinely see ISPs and governments inject ads and tracking mechanisms into HTTP responses. We are also just simply concerned about the privacy and safety of people that browse government web sites and by standardizing on HTTPS everywhere, it eliminates the need for these mistakes and oversights and ensures a minimum bar for privacy and data integrity. It also makes it super easy to be FISMA compliant without having to spend extra to lock down a particular feature or product.

Please raise your concerns with the link given above and let's chat.

If there are specific concerns you have with the memo as it applies to the federal agencies it's talking about, we'd love to get your feedback on how we can achieve these goals while minimizing the issues you allude to.

https://github.com/WhiteHouse/...

This isn't about mandating HTTPS everywhere outside of government, and those agency sites that might perform worse due to losing intermediate caches can always implement the policy using existing CDNs to try and get the content as close to the user as possible.

Is there something about what the memo proposes that looks to be obsolete soon? We're trying to get ahead of the curve here, because it does take time to change things in the government. We'd love to better understand your "when the government gets involved" concerns.

Do you think you might be interested in participating in things like this on a more ongoing basis?

https://18f.gsa.gov/
https://www.whitehouse.gov/usd...

I checked out the link, there was no mention of what kind of encryption they will be implementing.

Actually, one link directly says what kind of encryption:
https://github.com/yahoo/end-t...

Use OpenPGP encryption in Yahoo mail.

Yahoo End-To-End
A fork of Google's End-to-End for Yahoo mail.

and the other link shows it in action:
http://yahoo.tumblr.com/post/1...

If you watch the gif, you can see a PGP code block

Head tracking may work well, depending on ability to control head/neck. There are several methods (mostly originating in the flight sim community).

1. Face tracking (very easy to try, FaceTrackNoIR or Opentrack)
2. Head tracking with IR clip (bit more reliable than face, many DIY guides out there)
3. Head tracking with Aruco marker (available in Opentrack)

This project aims to do exactly that. https://github.com/ikreymer/py...

It'll record your browsing experience and play it back for you later. It will even record links that you did not originally browse. (You have to configure the depth)

The developer is working on it constantly