Slashdot Mirror

The 3C Transaction seems to have a lot of potential. I like the idea of never handing out a credential that can be used to compromise my account.

Look, I don't like FB either but you're looking at this in a very one-sided way. As the article points out, Instagram and WhatsApp haven't been subsumed into FB in any obvious way following their acquisition. Go to the websites for those services and you won't see evidence of FB. With Instagram, for instance, it appears from the site that FB sharing is optional (I haven't used the App, but the website indicates this). So from past behaviour, FB haven't done an all-out assimilation of everything they've purchased. In addition, FB have contributed plenty to the opensource community. So there are good things there in addition to the crap they've pulled. Finally, they haven't done hardware before and so this very new territory. We know very little about what FB want to do with OR and, frankly, it doesn't look like they know either. It's quite plausible that they will be hands off. No 180 turns needed to envisage such a scenario.

For people who want to give the Graphics Programming Black Book a read, you can do so here. Chapters 64 to 70 are relevant to his work on Quake with Carmack.

And the ones who want to roll their own version from the eBook sources can go here!

True, true, but the magnitude of the task is not to be under-estimated. Right now I have four languages I'm trying to learn, I figure I ought to get somewhat through them before throwing another on the pile.

I've only ever had the online version. Apparently someone recently converted it to Markdown (hopefully the generated epub is better than the one I made from the PDF files a while back).

Check out: http://open-zfs.org/wiki/Main_...
http://dtrace.org/blogs/ahl/20...

ZoL is very active and very up-to-date. All the versions and compatibility is in sync with Illumos (the main source of OpenZFS) and FreeBSD. You can create and move zpools between these 3 platforms seamlessly.

2 of the main founders and creators of ZFS itself (who used to work for Oracle and wrote ZFS) who now work for Delphix and continue to improve OpenZFS (started with the last open release of Oracle ZFS) in Illumos and have actually made it better than the now closed Oracle ZFS.

See how OpenZFS is actually better than Oracle ZFS now:
http://dtrace.org/blogs/ahl/20...

Actively adding new features: https://github.com/zfsonlinux/... (Largeblock support to match the newer Oracle ZFS)

Etc...

Maybe if we pray to the ZFS gods Matthew will start implementing block pointer rewrite some day!

Anyways, OpenZFS is very active and kicking, and that includes the Linux port.

Actually, several of the developers are major contributors to open source projects: Here's open-source libraries that are DIRECTLY the result of Defender's Quest development:
http://github.com/HaxeFlixel/f...
http://github.com/HaxeFlixel/f...
http://github.com/larsiusprime...
And here's my open-source report card:
http://osrc.dfm.io/larsiusprim... Nicolas Canasse, developer of Evoland, *created* the Haxe programming language. It's totally open source. Here's his open-source report card:
http://osrc.dfm.io/ncannasse Here's Sean Hogan (Anodyne/Even The Ocean)'s contributions:
http://osrc.dfm.io/seanhogan That's just off the top of my head.

Actually, several of the developers are major contributors to open source projects: Here's open-source libraries that are DIRECTLY the result of Defender's Quest development:
http://github.com/HaxeFlixel/f...
http://github.com/HaxeFlixel/f...
http://github.com/larsiusprime...
And here's my open-source report card:
http://osrc.dfm.io/larsiusprim... Nicolas Canasse, developer of Evoland, *created* the Haxe programming language. It's totally open source. Here's his open-source report card:
http://osrc.dfm.io/ncannasse Here's Sean Hogan (Anodyne/Even The Ocean)'s contributions:
http://osrc.dfm.io/seanhogan That's just off the top of my head.

Actually, several of the developers are major contributors to open source projects: Here's open-source libraries that are DIRECTLY the result of Defender's Quest development:
http://github.com/HaxeFlixel/f...
http://github.com/HaxeFlixel/f...
http://github.com/larsiusprime...
And here's my open-source report card:
http://osrc.dfm.io/larsiusprim... Nicolas Canasse, developer of Evoland, *created* the Haxe programming language. It's totally open source. Here's his open-source report card:
http://osrc.dfm.io/ncannasse Here's Sean Hogan (Anodyne/Even The Ocean)'s contributions:
http://osrc.dfm.io/seanhogan That's just off the top of my head.

Other than bitcoins, are other virtual coins worthless?

Mining many scrypt altcoins and immediately trading them for Bitcoin can net 40-50x or more what the same hardware would deliver mining for Bitcoin directly. CoinChoose will show you what's most profitable. You can set up CryptoSwitcher (disclaimer: I'm a contributor) to manage pool switching and exchange operations, or you can mine someplace like WeMineAll that manages all of that for you.

Made me think of the open hardware Bitcoin miner - https://github.com/GeorgeHahn/.... Anyone had a chance to check that out?

Even without the source you could do a symbol scan of the app executable looking for unique method names in some target code.

There are some quite interesting observations. The libwaze.so shipped in the APK contains a lot of symbols starting with "navigate_" such as "navigate_main_get_distance_str". Such a function also exists in the GPLed version, casting some doubts about the proprietary version being a complete rewrite. Looking at the machine code should make it possible to check whether they are really identical or not, but I'll leave that to the ARM experts. Even if they're identical, this code appears to have been written by one of the Waze founders although the file carries the statement "This file is part of RoadMap.", which is GPLed software written mostly by non-Waza people. So the interesting question seems to be whether these function contained in the proprietary Waza app are a derivative work of the GPLed RoadMap.

To me, elegance at code level means succinct and readable code. Optimizing for performance usually comes at a lower level of readability.

Therefore, first write the code in the most elegant way.

Then, write an optimizer that optimizes that code. Of course, the optimizer itself should be elegant, but it need not be efficient.

For some reason, your comment reminds me of this:
https://github.com/mame/quine-...

Code doesn't get much more beautiful than:
https://github.com/mame/quine-...

To me, elegance at code level means succinct and readable code. Optimizing for performance usually comes at a lower level of readability.

Therefore, first write the code in the most elegant way.

Then, write an optimizer that optimizes that code. Of course, the optimizer itself should be elegant, but it need not be efficient.

For some reason, your comment reminds me of this:
https://github.com/mame/quine-...

Code doesn't get much more beautiful than:
https://github.com/mame/quine-...

I've been coding for the fun of it again in my spare time, and have a fair bit of code up on GitHub now. I've only been seriously using C++ for the last couple of years, and you can see a bit of a progression from my early code (fr_demo) to more recent code like the data library and resumetron. Stuff like cppxml which I use frequently gets updated more often than the old demo code.

I particularly like my factories. I have a relative going through a CS program right now and he's had some questions on a couple of his assignments and got a look at a piece of code with data readers provided by his professors. They always look like C code that was written 15 years ago. I know this because I also very recently was digging through some C code that was written 15 years ago. I like to think they're doing that on purpose, but they're not. So his introduction to design patterns could have been a nice clean data factory that requires three lines of code to write, but instead it's the singleton pattern, which every design review board on the planet will now reject immediately after the word leaves your mouth, whether it's actually justifiable or not.

One of these days real soon now I'm going to need to go back and replace all my std::string throws with std::logic_errors or other appropriate std::exception errors, and I'm kicking around the idea of building up a simple rest server around my old socket server code one of these days. That sounds like fun to me!

Linux Kernel is good, but huge... Doom3 seems more of a manageable. https://github.com/id-Software...

Someone posted the source to GitHub for easy browsing: https://github.com/Incognito/m...

I use wordkey (my own work) to create passphrases. From the source you will see each word contains 12-bits of entropy (there are 2**12 words in the dictionary), so a random 4 word password has 48 bits of entropy (use wordkey -l 5, length is in bytes of entropy) when both the dictionary and schedule is known (I suggest regenerating your own dictionary with mkwords.pl if you're going to use it).

The prebuilt dictionary in the github is less than ideal for memorisation as it includes plurals and similar words. I mean to improve it by using some kind of phonetic distance algorithm to create a maximally spaced dictionary, but I just haven't got round to it.

A 128-bit entropy passphrase (again, with the dictionary and schedule known), equivalent to the complexity of AES-CCMP used by default in WPA2 is 11 words long, easy enough for me to memorise, though others might struggle.

Also if the dictionary is not known to the adversary, say it is regenerated (mkwords.pl does not use strong RNG, could be improved), the entropy is quite a bit higher, as the attacker has to assume all 38619 words (in my /usr/share/dict/words) are in play, making the complexity of a four word passphrase nearly 61 bits, and requiring only 9 words for complexity equal to that of AES-CCMP (ignoring any known reductions of AES-CCMP).

I don't know if WPA2-PSK utilises a large-n rounds challenge, but a good passphrase authentication system requires the authenticatee to compute some variable large-n number of rounds of some transform over the PSK, with each handshake, so that the cost of each handshake is reasonable for valid authenticatees but serves to render rainbow tables ineffective and bruteforce attacks infeasible. Where this is not possible, for example in HDD encryption, it is still possible to use a unique static large-n with each ciphertext so that a rainbow table computed against one ciphertext is usable only against that single ciphertext, or to devise a scheme whereby the exact large-n is computed as a function of both the encrypted volume key and the supplied PSK.

-puddingpimp

While Sublime isn't quite a full-blown IDE, this integration with Vim might be closer to what you are talking about:

https://github.com/lunixbochs/...

... but rationalizing it. Sometimes you just need to run more or less isolated single apps, not for a full blown OS. In a lot of usage scenarios is far more efficient, (both in disk/memory/cpu usage and app density) and probably more flexible. In others full OS virtualization or running on dedicated hardware may be the best option.

It also brings a virtualization-like approach for apps in the cloud. You can have cointainerized apps in aws, google apps and many others, something like having a vm inside a vm.

Is not the only solution of its kind. Google is heavily using containers in Omega (you can try their container stack with lmctfy), you can use openvz, lxc, or solaris zones or bsd jails. But the way that docker mixes containers (not just lxc by 0.9) with union fs, making them portable and to have inheritance, is a touch of genius.

The missing pieces are being added by different projects. CoreOS as a dedicated OS for containers (that coupled with etcd and fleet could become a big player in a near future), OpenStack/OpenShift bringing manageability, and maybe someone could bring to the table what Omega does with google containers.

Good points on dreams, and disappointments, and continuing hopes.

Here are some rambles of my own thoughts and experiences with OLPC and an independent software developer long interested in education (my wife and I made a free garden simulator in the 1990s).

I got two OLPs via the G1-G1 program. One never even made it out of the box, sadly. (I think of donating them somewhere sometimes, thinking it is better a kid has it than it becomes an unused collector's item.) I made a demo version of some of our plant growth software under Sugar and ported to Python, but did not take it much further. The code is here:
https://github.com/pdfernhout/...

My hopes from 2007:
https://mail.python.org/piperm...

As I see it, the OLPC project shot itself int the foot unfortunately, especially with Sugar. (I've done that to myself enough times, so I know. :-) Sugar was a great idea, and still is, but it was just too much of a stretch and not especially central to the overall OLPC goal. The push to Sugar also just underestimated how fast kids can learn -- contrast with the Hole in The Wall project. As others have said, it would have been better to just get a plain Linux system running Debian and a standard window manager into kids' hands on a low-end ruggedized laptop. Sugar may have had innovative ideas, but it was a real stumbling block, Also not choosing ARM was another stumble. Dumbing down the browser was another stumble, Also promoting Python on low-end hardware was another stumble, as much as I've liked Python; Java or just C would have been a better choice. Or instead of Sugar, just all Squeak on Forth and ditching the OS would have at least been a more innovative plan and improved performance and understandability by ditching Linux. The keyboard also is a problem of usability and reliability. One of the USB ports on the machine we used stopped working quickly, and I can't see how they would really be waterproof anyway. Sugar was also a distraction form finding and organizing existing educational software and content, another stumble. (I know a separate foundation started to do free content for the OLPC, not sure where it went.) Not understanding that a village of often related people works together and could have a networked central facility (with one computer per child who wanted to use it, plus cheap usb storage fobs) is another cultural stumble. It's easy to say with 20/20 hindsight the OLPC group should have know these things as with all after-the-fact comments, but I won't let them off that easily, because people did point such things out from the start, and also you'd expect the team to have some expertise in education and culture and system design. These point to some sort of dysfunctional social process that must have been going on with early decision making.

What it mostly came down to as far as my involvement was that as a developer, why should I make an educational app specific for Sugar to reach an audience of a million (or whatever), going up a painful bleeding edge learning curve dealing with buggy ever-changing Sugar infrastructure, when I can potentially reach an audience of a billion or more writing a JavaScript-powered web app or just a plain cross-platform Linux/Mac/Win app like with Java or C/C++ or even Squeak? And knowing Moore's law means whatever I write now of bigger platforms will be accessible more cheaply in five or ten years? Even as a volunteer, the value proposition is weak.

I wanted the OLPC project to succeed. I even used it as an example here, suggesting the world might be better off if Princeton University dissolved itself and spent the endowment on OLPCs:
http://www.pdfernhout.net/the-...
http://www.pdfernhout.net/post...

Overall, though, just JavaS

I really want to add a Bionic comparison, but in order to be comparing apples with apples (or non-apples with non-apples, pardon the pun) we need an x86 build of Bionic, or need to re-do all the other libcs' figures for arm. I've been looking for a way to build Bionic outside of the Android build system and use it on non-Android systems, and the gentoobionic repository at https://github.com/gentoobioni... looked promising, but I couldn't get it to work. It also may be much larger than the official Bionic.

If anyone is willing to help us figure out how to setup x86 Bionic for testing, please stop by the IRC channel (#musl on Freenode) or send a message to the mailing list.

It sounds like you CAN host your own Firefox Sync server.

"As with the previous version of Firefox sync, users still have the option to take their data with them and host their own sync service using the open source server-side software."

https://github.com/mozilla/fxa...

Why go through all this effort when they could simply used one of the C-like strongly typed languages is beyond me.

Because they already have a huge PHP codebase. That said, Twitter moved from Ruby to Scala for their back-end; it seems it can be done. I suspect Facebook have more of a lots-of-programmers problem: they all know PHP, and they might not all know, say, Scala.

to creating a PHP-to-Java converter or something along those lines.

You mean take PHP source and translate it into readable, maintainable Java source? That's all but impossible. They're very different languages, and source-to-source translators tend to produce pretty unreadable code when faced with that kind of task. A human wouldn't design a PHP program the same way she'd design the same program in Java. Without some terribly impressive AI, there's really no way around this.

They could have translated PHP into totally-unreadable Java and then (run that through javac and) run the result on the JVM, sure, but then you're really just creating a rival PHP implementation. (Look like two separate projects have done just that, though, and apparently had pretty good results, outperforming the official PHP interpreter. All that says is that the official PHP interpreter is crap, which I think we all knew anyway.)

Allow me to introduce you to C+= and ArnoldC.

Allow me to introduce you to C+= and ArnoldC.

effectively forcing XMPP server admins to lower their security if they want to federate with Google

Just for the Google server, if you use a proper XMPP server (like Prosody, for example).

Beware that many servers on the XMPP network use self-signed or invalid certificates, or even don't support TLS at all (such as gmail.com and all Google-hosted domains). It is possible to make exceptions like this:

-- These hosts are allowed to authenticate via weaker mechanisms, such as dialback:
s2s_insecure_domains = { "gmail.com" }

[Server-to-server XMPP]

XMPP server operators are pushing for a wholly encrypted XMPP network with several test-days, where they'll be flipping the switch to allow only encrypted communication, and the final switch to disallow unencrypted communication on May 19, 2014.
It's going to include SSLv3, unfortunately, but we'll get there.

It's in 29.0. Just be aware that your data will be encrypted using the password you use to login to Sync, so ideally your password needs to have the same amount of entropy as your current sync key (meaning you'll need to get it from your existing browser anyway.)

Also, I can't quite get my head around how you can do authentication with a password, use the same password as an encryption key, and keep that key a secret from the party doing the authentication. There's a document describing the protocol here if you want to have a go at working that out.

The American sequestration didn't help ZFSonLinux, since the primary developer is Lawrence Livermore National Laboratory (a research lab funded by the US government). But the pace of development has been pretty constant:

https://github.com/zfsonlinux/...

Just because the last stable build was released in 2013 doesn't mean there hasn't been work done.

You can create a file system on a file on your disk (similar to a swap file).
Contrary to popular believe this is not slower than a partition, because if the file is mostly continuous, it can be mapped to disk directly by the kernel. Here I create a file system using a sparse file:
$ truncate +20G mylocal.fs
$ mkfs.btrfs mylocal.fs
$ mkdir -p mylocal; sudo mount mylocal.fs mylocal/

You can use such file systems, for example, to bundle directories with many files, which are deleted/created many times. This causes fragmentation in the file system. Contrary to another popular believe, yes, this is a problem on Linux file systems, and it slows down reads. None of the file system currently has a defragger implemented. Btrfs is actually developing one, but I think it is not in the release yet. The recommended solution is rewriting files (shake).

Sub file system containers can be easily resized, and with sparse files only use up the space filled with data. I use them for the linux kernel build directory (you shouldn't build in /usr/src), for portage (many files, changing frequently), and scientific data directories, to limit the fragmentation, and keep speed high. I use reiserfs for this -- find a managing script here: https://github.com/JohannesBuc...

The important write protects are whether the BIOS configures itself as locked or not after it's booted far enough to determine there are no BIOS updates pending. You can check if your BIOS is open or closed to attackers by running Copernicus or Chipsec.

Flash is no more native than HTML5. At this point it doesn't make sense to "place bets" on Flash at all, unless like the article author you've spent many years on Flash and are not interested in change.

Flash can create a 'native' PC or OS X app (OK, it consists of a standalone Flash player bundled with your flash App, but the practical upshot is the same unless some strange permutation of misconceptions has led you to expect 'bare metal' efficiency from something like Flash).

You can also have this type of 'native' using HTML5 and Nodejs. By using this component called node-webkit.

I just learned about this from Popcorn-time, they package a "native" app using this technique, and the application is all HTML+CSS+Javascript.

Flash is no more native than HTML5. At this point it doesn't make sense to "place bets" on Flash at all, unless like the article author you've spent many years on Flash and are not interested in change.

Flash can create a 'native' PC or OS X app (OK, it consists of a standalone Flash player bundled with your flash App, but the practical upshot is the same unless some strange permutation of misconceptions has led you to expect 'bare metal' efficiency from something like Flash).

You can also have this type of 'native' using HTML5 and Nodejs. By using this component called node-webkit.

I just learned about this from Popcorn-time, they package a "native" app using this technique, and the application is all HTML+CSS+Javascript.

Again, you clearly did not read the article. For people who hate the Flash API, there is lime: https://github.com/openfl/lime

Maybe because all the code is open source and you can inspect it yourself? http://www.github.com/openfl

They haven't kept entirely silent. They put a post on the issue up here: https://github.com/blog/1800-u...

And for those too lazy to actually read, the CEO appear to completely agree with their now former employee, serious misconduct by the founder in question and the wife is no longer allowed in the building.

This weekend, GitHub employee Julie Horvath spoke publicly about negative experiences she had at GitHub that contributed to her resignation. I am deeply saddened by these developments and want to comment on what GitHub is doing to address them.

We know we have to take action and have begun a full investigation. While that’s ongoing, and effective immediately, the relevant founder has been put on leave, as has the referenced GitHub engineer. The founder’s wife discussed in the media reports has never had hiring or firing power at GitHub and will no longer be permitted in the office.

GitHub has grown incredibly fast over the past two years, bringing a new set of challenges. Nearly a year ago we began a search for an experienced HR Lead and that person came on board in January 2014. We still have work to do. We know that. However, making sure GitHub employees are getting the right feedback and have a safe way to voice their concerns is a primary focus of the company.

As painful as this experience has been, I am super thankful to Julie for her contributions to GitHub. Her hard work building Passion Projects has made a huge positive impact on both GitHub and the tech community at large, and she's done a lot to help us become a more diverse company. I would like to personally apologize to Julie. It’s certain that there were things we could have done differently. We wish Julie well in her future endeavors.

Chris Wanstrath
CEO & Co-Founder

I use 'grive' myself, while not as good as the linux dropbox client, it does the job okay for my backups.. https://github.com/Grive/grive

Actually from what I've seen so far, I'm not sure she's a developer, or even technical, at all. She's called herself a "designer", a "web generalist" (whatever that is), marketing manager, and product marketing coordinator.

Also, GitHub's "Team" page talks about their "pixel stylists", and with nearly 300 employees, I'm sure there is a lot of scooter-driving, foosball-playing, meeting-holding "overhead" (read: cost centers) at the company.

This https://github.com/blog/1800-u... seems to indicate that she's pretty much right on about the two major factors though.

GitHub has banned the wife, the founder involved was put on leave, as was the engineer who apparently handled rejection well (he should be used to it...)

This weekend, GitHub employee Julie Horvath spoke publicly about negative experiences she had at GitHub that contributed to her resignation. I am deeply saddened by these developments and want to comment on what GitHub is doing to address them.

We know we have to take action and have begun a full investigation. While that’s ongoing, and effective immediately, the relevant founder has been put on leave, as has the referenced GitHub engineer. The founder’s wife discussed in the media reports has never had hiring or firing power at GitHub and will no longer be permitted in the office.

GitHub has grown incredibly fast over the past two years, bringing a new set of challenges. Nearly a year ago we began a search for an experienced HR Lead and that person came on board in January 2014. We still have work to do. We know that. However, making sure GitHub employees are getting the right feedback and have a safe way to voice their concerns is a primary focus of the company.

As painful as this experience has been, I am super thankful to Julie for her contributions to GitHub. Her hard work building Passion Projects has made a huge positive impact on both GitHub and the tech community at large, and she's done a lot to help us become a more diverse company. I would like to personally apologize to Julie. It’s certain that there were things we could have done differently. We wish Julie well in her future endeavors.

Chris Wanstrath
CEO & Co-Founder

They haven't kept entirely silent. They put a post on the issue up here: https://github.com/blog/1800-u...

There's already an update to this story here: Update on Julie Horvarth's Departure

GitHub has built-in geoJSON mapa capabilities:
https://help.github.com/articl...
Example:
https://github.com/benbalter/d...
A GitHub organization may have multiple contributors.
There's forum and wiki support.

GitHub has built-in geoJSON mapa capabilities:
https://help.github.com/articl...
Example:
https://github.com/benbalter/d...
A GitHub organization may have multiple contributors.
There's forum and wiki support.

Why always picking on the HD manufacturers? Your GigE network runs at 1,000,000,000 bits per second, not 1,073,741,824, what a scam!

Memory is measured in multiples of powers of two because that's how the addressing works. Disks and network have no such fundamental limitations - they count in sectors and frames, which are themselves not necessarily powers of two.

https://github.com/astrada/goo... FUSE filesystem for gdrive

20TB is not out of the world. With a RAID of 4TB disks you can cover that at home, and it doesn't need to be on all the time. Maybe you can reduce the amount of disk usage by reducing duplicate content using bup or an appropriate FS.

nobody needs to write their own webserver, try Civetweb - the MIT licenced version of mongoose - that is small (at 180k) and gives you a web server embedded in your program in 3 lines of code. It works on Android too.

This is why open source bug reporting systems need a "developer in denial" status. Here's the original bug report. If a developer tries to close a bug and the users don't agree, the bug should go into "developer in denial" status and that should count against the developer's stats. This particular bug was closed by Drew Bliss of Valve. 3 followers, 0 stars, 0 following. Should be flagged as "unsuitable for employment on security-related projects".

This is why open source bug reporting systems need a "developer in denial" status. Here's the original bug report. If a developer tries to close a bug and the users don't agree, the bug should go into "developer in denial" status and that should count against the developer's stats. This particular bug was closed by Drew Bliss of Valve. 3 followers, 0 stars, 0 following. Should be flagged as "unsuitable for employment on security-related projects".