Slashdot Mirror

So is ESR trying to convert the NetBSD CVS repo in some weird and special way or something, and that's why it failed? Because it has already been converted and is on Github; if he needs info on how it was done, there's probably someone on the tech-repository mailing list that can help. It's been converted to Fossil too.

postfix.server from https://github.com/vonSchlotzk... :

[Unit]
Description=Postfix Mail Daemon
After=network.target

[Service]
Type=forking
ExecStart=/usr/sbin/postfix start
ExecStop=/usr/sbin/postfix stop
Restart=always

[Install]
WantedBy=multi-user.target /etc/init.d/postfix :

266 lines, too long to print here, and just as ugly as sendmail.

So the postfix sysv init script is 113 lines LONGER while the .service file is 4 lines SHORTER than the sendmail example.

It came with ipfw, but that was deprecated and replaced with PF in Lion. In short, ipfw has been removed from Yosemite.

The following occur with all privacy options enabled -- including disabling analytics (i.e., Diagnostics and Usage Data).

and then it lists the stuff they are reporting back. Why such a lengthy post without bothering to read the original link?

Why the hell are we still stuck using Javascript for the web? Why have we not got some virtual machine (not a language specific one like the JVM), that we can compile any language we like to?

JavaScript is the 'bytecode' to compile to these days.

Not saying that's optimal, but if JavaScript is what the world's web browsers run, then JavaScript is what people will target to get onto those web browsers. At least you can still use your language of choice to do so...

First JVM is not language-specific: http://en.wikipedia.org/wiki/L...
Second, javascript can be the compile target of LLVM bytecode. You can compile your favourite C program to js. See emscripten: https://github.com/kripken/ems...
Third, javascript has a very fast but still backwards compatible bytecode like subset called asm.js: http://en.wikipedia.org/wiki/A...
asm.js can be set as target for emscripten. The browsers supporting asm.js simply JIT it to bytecode, and those which don't still can run asm.js, but way slower.

Python has obsolesced Matlab. There are even Matlab to Python cross-compilers and packages that allow Matlab to work like a Python library.

Website
Source.

For those of you who are a fan of customizing the colors of message bubbles in Messages.app and don't like that Apple removed this ability as part of the iOSification of Yosemite, there's an app for that: https://github.com/kethinov/Bu...

I made this during the developer previews because I don't like the default puke green for most of my IM conversations. Hope this helps some people. Source code also available.

I use it extensively to port games to the web. It works quite well! It has some limitations, which are given by the browser, but one can work around them quite easy.
Unfortunately, I cannot show off my own work, but others have been using it for some time as well
http://www.quakejs.com/
http://crypt-webgl.unigine.com...
and many more can be found here: https://github.com/kripken/ems...

There's no such operating system as "RTOS". It's a description of a kind of OS - a Real Time Operating System. I know what an RTOS is, which is why I mentioned that the Pi could use one. I've built QNX apps - very nice OS. But it's not ported to the Raspberry Pi.

I've never heard of ChibiOS/RT before - good to know it's there. Does anyone actually using it? I couldn't find anything on the project web site.

How does it compare to FreeRTOS? FreeRTOS is a mature realtime OS, but it's not well supported on the Pi - https://github.com/jameswalmsl... is "a very basic port of FreeRTOS to Raspberry pi. It includes a demo application that use 2 FreeRTOS tasks to flash the LED on and off." So I'm not sure I'd trust it, but at least it's based on a reliable RTOS.

We can argue (and many will!) all day long over what exactly is Free and what is Open Source, but rather than go down that bottomless pit into pointlessness, anyone who is really interested can just read the TrueCrypt license for themselves. It's written in plain language, even if it is somewhat complicated. So it's not GPL and is not compatible with GPL. So fucking what. You can say the same about CDDL or a lot of others, which all give you a lot of freedom. If the code can't be subsumed into GPL, that is the problem of GPL aficionados, not of TrueCrypt's ghost.

I'll just touch on the basics.

You can modify the code, derive a new work, include all the code or selected parts of it in your own work, and you specifically are allowed to profit if you wish.

You have to sanitize your derived code of the word TrueCrypt, logos, website, etc.

You must display a specified phrase, basically "Based on TrueCrypt" and you must link to their webpage.

You have to make the complete source of your product available, just as the TrueCrypt source is.

You are not allowed to obfuscate the source code.

You have to use the unmodified TrueCrypt license only - this part it seems to me VeraCrypt is in blatant violation of, unless they received a special dispensation, which seems unlikely. On the other hand, AFAIK TrueCrypt never sued anyone yet, and they havn't sued VeraCrypt, so anyone can choose how far to stick their own neck out. Remember, RealCrypt went down this route a long time ago and nobody got sued over that.

Disclaimer - I'm not associated with TrueCrypt nor do I have any relationship with them, nor am I a lawyer, nor have I made a painstaking analysis of the license, but I don't see anyone starting a worthwhile discussion of the TrueCrypt license here, so I'm perfectly willing and naive enough to stick my neck out and start the ball rolling.

That's it in a nutshell. You want to tell me that's not "any free software license", go ahead and welcome to your strange interpretation. I myself am not hung up on terms. The license clearly allows VeraCrypt and/or anyone else to run with a derived project.

Note that VeraCrypt can't open existing TrueCrypt container files, nor can it create new container files that are backward compatible with TrueCrypt. Instead it suggests you do a clumsy, "un-enecrypt, copy over, re-enecrypt" lock-in process in order to "upgrade". At least the others (truecrypt.ch, Ciphershed, Tcplay / Zulucrypt, et. al.) allow you to keep working with existing TC container files.

Why this isn't in screaming bold text at the top of the VeraCrypt page (which is here, btw), is beyond me.

Channel bonding sends pieces of the request in parallel over the different channels. It does not send the same request over multiple channels. Channel bonding's goal is to increase total bandwidth, not to reduce latency.

Yes, but most of the important pieces are in place already. I strongly suspect that someone with intimate knowledge of the channel bonding internals (kernel devs, speedify, F5/cisco/etc, other similar services) could add support for sending over both channels with an added flag/option in the config. It may be difficult to piggyback on the existing code, or it could be fairly trivial, but it certainly seems like the right place to add that support. Maybe one of the folks listed here could chime in?

Whether it's practical and worthwhile or not is a different matter. If one is already paying for 2 data connections + the server/service, it'd be cheaper (in most cases) to just get one good connection, and it'd certainly be less complex.

Plenty went "white hat" over a decade ago because it was lucrative.
Just because they're not active now doesn't mean they couldn't be if they wanted to.

There's some crazy stuff you can do these days, like run code on an Intel x86 using ZERO cpu instructions.

Omega See it in action here.

>Instead you've created a tool that will, no doubt, be re-engineered by the black hat community to just redirect all traffic to a host, instead of just BT traffic. Nope. I actually de-engineered one. Here's the python code I found that helped build the ARP cache poisoning in BitHammer: https://github.com/evilsocket/... Notice the "all" selection.

https://github.com/evilsocket/...

https://github.com/MichaelJCol... Copyright (c) 2014 Michael Cole The software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software. Now, these are not licensing terms: this is just a disclaimer.

Eindbazen ebctf sources on github

(for some reason the first time I loaded this page there were no comments, so some of this is duplicate)

Excellent! Very glad to hear it. There are a /ton/ of helpful resources out there for you. Here's a brain-dump of some of the most popular:

* CTFTime : http://ctftime.org/ : Website that tracks team scores, upcoming events, and writeups for previous events.
* CapTF : http://captf.com/ : My CTF dump-site that includes a calendar, links to "practice" sites (aka Wargames), and many years worth of CTF events archived
* Field Guide : http://trailofbits.github.io/c... : Specifically covering the skills / approaches, the field guide is a good read for anyone getting into this world.
* Guide for Running a CTF : https://github.com/pwning/docs... : Written by PPP (CMU's ever-dominant CTF team) along with feedback from the broader CTF community, this guide is more relevant when making a CTF, but can aid in understanding how the good CTFs are designed.
* PicoCTF : https://picoctf.com/ : PicoCTF is designed for high school students, but had an awesome difficulty curve, getting up to some relatively advanced challenges by the end of it. It's also extremely well designed, runs for a longer period of time and is a
* CSAW : https://ctf.isis.poly.edu/ : One of the best events targeted specifically at College students, unfortunately the qualifier round just finished, and the participants already selected for the final round, but you can always check out the archives of previous challenges to get a feel for the difficulty. Note that the qualifier event is typically intended to be much easier than the in-person finals to better encourage new students to get into the sport.
* IRC : irc.freenode.net#pwning : There's a lively and active community in #pwning on freenode that would be happy to help you with questions/advice related to CTFs.
* YouTube : There's a couple of different presentations/talks on CTFs over the years. If your'e interested in learning more about attack-defense CTFs and in-particular DEF CON CTF, I gave an old talk that's mostly still relevant (https://www.youtube.com/watch?v=okPWY0FeUoU), though I'd recommend you not focus on A/D at first, but just get into the regular challenge based or jeopardy boards as they're sometimes called.

The best way to prepare for CTF is by... playing CTFs. There's no real magic formula, just go out there and start working on challenges. Old CTFs are great as learning exercises since you can usually cheat and read a writeup, but avoid the temptation as much as possible. If stuck, go off and try another problem first, and only if you're /really/ stuck should you check out a writeup.

Actually, the FBI believes there was a warrant in Iceland, they just didn't give a copy to the US judge yet:

12. Given this corroboration, we asked the RMP, which coordinated with the FBI on the timing of the search of the Subject Server, to proceed with covertly imaging the server. After obtaining the necessary court order under Icelandic law, the RMP imaged the Subject Server on July 23, 2013. The FBI was not involved in obtaining that court order or ever given a copy of it. Nor was the FBI present for or otherwise involved in the imaging of the server, other than consulting with the RMP as to when the imaging should be done. At no time did the FBI possess any authority to direct or control the RMP’s actions. The RMP decided independently that imaging the Subject Server was feasible and appropriate under Icelandic law and they ultimately decided precisely when and how to do it

Everything up to that point was based on the leaked IP address (and note that the FBI was not the only person to carefully anyalyze the Silk Road 1.0 CAPTCHA, and note a problem with it) and traffic-volume analysis to the target server.

Consider a police officer who sees what looks like a drug buy, doesn't see the buyer or seller well enough to identify and both leave, but one drops a piece of paper in a public street. Officer picks up the paper, it has an address on it. He observes that address, notices a lot of people going in and out. now, that address could just be for a social gathering, or it could even be a rival drug dealer's house being targeted for a hit; but together the evidence so far is probable cause for some sort of warrant.

It is pretty sad to see, that after so many comments nobody really has a clue about what the story is about, and what is happening in the Linux kernel.
The kernel VT system has been considered a monstrosity by kernel developers the last decade and everyone is of the opinion that it should be used to user space.

The finally a really smart guy actually attacks and solve the problem. His name is David Herrmann, and he has tirelessly worked on this for years. Systemd distros will get the full support of his research, simply because almost all Linux distros are using, or a going to use systemd. But don't worry, he has provided rich support user space VT's on non-systemd Linux distros, by eg. "ksmcon"
https://github.com/dvdhrm/kmsc...

Here is his fosdem talk:
https://archive.fosdem.org/201...

Here is his blog that will tell you more about VT's than you ever knew:
http://dvdhrm.wordpress.com/

Here is a wiki link about VT:
http://en.wikipedia.org/wiki/L...

Here is an old blog post about the problems with the old kernel VT:
http://dvdhrm.wordpress.com/20...

In short, no need for the systemd opponents to get their panties in a bunch; they can either use Hermanns user space tools, or pretend there isn't a problem and use the present kernel system.

For the rest of us who really likes systemd, this is great news. Thanks to Hermann's work, there will be much better console support for early boot debugging, better security, better keyboard and language handling etc.

because none of the software terminals running under X can do this.

Several can, largely thanks to one library. See https://gist.github.com/XVilka...

As a Gentoo dev, your comment made me chuckle (though I'm sadly out of mod points). I know we're a small community - both dev and user - with an ever sticky reputation of having ricer users (http://funroll-loops.org/ anyone? though the site looks dead).

Back on topic, he does seem to like singling Gentoo out, and has done so on numerous occasions (including TFA).

Why Gentoo in particular? Beats me. Maybe it's because of eudev (I don't know anyone running it)? Maybe it's because OpenRC is still the default? Maybe it's because he's been trolled by someone "representing" the entire Gentoo community? I really don't know, but I definitely don't like have mud slung at the entire project/distribution when we have 200+ active developers.

Sources: https://github.com/GamerGateOP...

Heads up, they censored github.

I looked at the F-Droid .ics adapter source, which looked like it would work for importing and exporting .ics files, but after the events were in, that was the end of the life cycle. It probably couldn't maintain a subscription in case of event cancellations or updates.

...Oh. Sorry. Just did some research. You're talking about this, instead, right?

My cynical theory on why there is crappy support in the AOSP app is that Google specifically desires you to use their calendar so they can mine the data.

I looked at the F-Droid .ics adapter source, which looked like it would work for importing and exporting .ics files, but after the events were in, that was the end of the life cycle. It probably couldn't maintain a subscription in case of event cancellations or updates.

...Oh. Sorry. Just did some research. You're talking about this, instead, right?

My cynical theory on why there is crappy support in the AOSP app is that Google specifically desires you to use their calendar so they can mine the data.

https://gist.github.com/emiler... And i did lie about pirating in my previous post! ahem... Not sure about the source of infection but as stated above, dates match.

This has nothing to do with what anyone wrote. It is about the fact that there is a fairly well organized groups and their sustained attack against an imaginary foe. Go read their guide on Github, it's full of information about how to misrepresent the situation and the site's position to manipulate advertisers into withdrawing their material.

The whole thing would have died down months ago if it were not for the anti-feminists keeping it going with endless videos and tweets, all talking about a war that isn't actually happening.

This has nothing to do with what anyone wrote. It is about the fact that there is a fairly well organized groups and their sustained attack against an imaginary foe. Go read their guide on Github, it's full of information about how to misrepresent the situation and the site's position to manipulate advertisers into withdrawing their material.

The whole thing would have died down months ago if it were not for the anti-feminists keeping it going with endless videos and tweets, all talking about a war that isn't actually happening.

Presumably you are referring to Zoe Quinn, and those claims have been thoroughly debunked. This is just a standard 4chan style "op" designed to fight the imaginary war against feminists and SJWs. You can read all about it here: https://github.com/GamerGateOP...

The captcha generator they used is really old and has been solved for ages. It's not called simple_captcha for nothing. Here's another solution explained in detail: mieko/sr-captcha It's really trivial, you don't need any math or AI to figure it out.

The short answer is: SR and SR2 captchas aren't alike, but SR2 is just as trivial. SR2 is also probably fully solvable (99%+) without machine learning, as all of its operations are reversible.

(my emphasis) WTF

And, pray tell, how is that relevant for the demonstration of a fact that it already has been done twenty years ago (as a subject of serious research, in fact)? Where do you see me "recommending something"? I strongly suggest that you read things before replying.

(BTW, the latest commit is four days old.)

# don't work ..
env X='() { :; }; echo "CVE-2014-6271 vulnerable"' bash -c id

# don't work ..
env X='() { (a)=>\' bash -c "echo date"; cat echo

# don't work
bash -c 'true EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF EOF' echo "CVE-2014-7186 vulnerable, redir_stack"

# don't work ..
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"

# don't work ..
foo='() { echo "CVE-2014-6277 vulnerable"; }' bash -c foo ref

https://github.com/kristjankor...
In Python of all languages. Clearly not concerned about the Ai's performance.

In case anyone is looking for it:

https://github.com/WedjaaOpen/ElasticJasper

You sound like the guy who wrote FizzBuzz Enterprise Edition

Bugs can be reported here.

You'd better hope that Valve pays more attention to it than the Source-1-Games bug tracker, which is basically ignored at this point.

It's in beta.
It has not yet been officially announced, and the Steam page does not yet have a Tux icon.
That is also why "your mileage may vary".
Bugs can be reported here.

this gives you the ability to get a unique, one of a kind design for only $60.
Made to your specifications down to micro millimeter precision. $60 is not bad since they use professional 3D printers.

Maybe you'll prefer one of these over an iPhone case.
3D printed hash tumbler for under 50 Euro in parts.
https://github.com/HanfJoghurt...

That's a different project. This one is written in C++ and it uses Qt for the GUI: https://github.com/ricochet-im...

Still sounds like a derivative work, thus subject to licensing. What they need is a ground-up implementation. A better use of time for someone capable of handling crypto code with care would be auditing tc-play.

As a sidenote, today I came across an interesting XBMC plugin called xbmctorrent which allows you to directly watch movies behind magnet links. So I guess it's like the Popcorn Hour thingy.

PDFjs is alive. It's part of Firefox since version 19.

quietnet: Simple chat program using inaudible sounds

##

Simple chat program using near ultrasonic frequencies. Works without Wifi or Bluetooth and won't show up in a pcap.

Note: If you can clearly hear the send script working then your speakers may not be high quality enough to produce sounds in the near ultrasonic range.

https://github.com/Katee/quiet...

##

- Installation

Quietnet is dependant on pyaudio[1] and Numpy[2].

[1] http://people.csail.mit.edu/hu...
[2] http://www.numpy.org/

##

Better Projects

Quietnet is just a toy! Take a look at minimodem[3] or gnuradio[4] if you need something robust.

[3] http://www.whence.com/minimode...
[4] http://gnuradio.org/

quietnet: Simple chat program using inaudible sounds

##

Simple chat program using near ultrasonic frequencies. Works without Wifi or Bluetooth and won't show up in a pcap.

Note: If you can clearly hear the send script working then your speakers may not be high quality enough to produce sounds in the near ultrasonic range.

https://github.com/Katee/quiet...

##

- Installation

Quietnet is dependant on pyaudio[1] and Numpy[2].

[1] http://people.csail.mit.edu/hu...
[2] http://www.numpy.org/

##

Better Projects

Quietnet is just a toy! Take a look at minimodem[3] or gnuradio[4] if you need something robust.

[3] http://www.whence.com/minimode...
[4] http://gnuradio.org/

quietnet: Simple chat program using inaudible sounds

##

Simple chat program using near ultrasonic frequencies. Works without Wifi or Bluetooth and won't show up in a pcap.

Note: If you can clearly hear the send script working then your speakers may not be high quality enough to produce sounds in the near ultrasonic range.

https://github.com/Katee/quiet...

##

- Installation

Quietnet is dependant on pyaudio[1] and Numpy[2].

[1] http://people.csail.mit.edu/hu...
[2] http://www.numpy.org/

##

Better Projects

Quietnet is just a toy! Take a look at minimodem[3] or gnuradio[4] if you need something robust.

[3] http://www.whence.com/minimode...
[4] http://gnuradio.org/

I actually did reverse engineer Keen 5 and put together a playable version for Win/Mac/Linux.
It was quite a lot of work, though the Commander Keen community had already done a lot of reverse engineering
and a few people pitched in, so it wasn't nearly as much work as I'd feared.

The source code for the original games, of course, has been found and (lawyers permitting) will be GPLed, so I've not put much more work into the reimplementation.

Binaries: http://davidgow.net/keen/omnis...
Code: https://github.com/sulix/omnis...

(I've also started work on an updated port of Keen Dream based on the source release, though it isn't working yet: http://davidgow.net/keen/omnis... )

Catacomb, Catacomb 3D, and Hovertank

Still not Keen 1-6 though!