Slashdot Mirror

Gonk is Android in a literal sense. When you build FxOS the first step is actually downloading and building AOSP, as that's the "gonk" layer. It uses repo and lunch and the rest of the Android build chain as well.

Here's the manifest file for the FxOS emulator build: https://github.com/mozilla-b2g/b2g-manifest/blob/master/emulator.xml

You can see plain as day it's pulling in a huge amount of Android code, including the framework.

Not that this is a bad thing, this is the point of open source. Just that the claims that FxOS is somehow lighter than Android is horseshit, because it sits on top of Android.

As a matter of fact, I wish it "just worked".
I have one of these dongles, and last time I tried to use it I was hitting this bug:
https://lists.ath9k.org/pipermail/ath9k-devel/2011-November/007467.html

This is a bug from November 2011 is against the same chipset. But, it was a module that was loading proprietary firmware.

The firmware was released as free software within the past couple of months. So, now instead of the ath9k kernel module folks having to treat the firmware as a black box, they can file bugs and submit patches to the firmware itself.

The reason we certified this device is because it carries freedom to the user. Not arbitrary freedoms, but the specific freedoms to run the program, share it with others, make modifications to the source code, and share modified versions of the source. With this freedom, a user can not only work with others to find and eliminate bugs, but they can find ways to adapt and improve the software so as to squeeze the most they can out of the device. The same can't be said with the 2011 adapters that shipped with this chipset.

And, this isn't just idle speculation. Already we have seen a fair bit of cooperation between this firmwares lead developers and the ath9k module maintainers. I would be very surprised if the almost two-year old bug you pointed to still exists. But if it does, then at least I know you and I can easily reach out to a trustworthy community of free software hackers to explain to us the problem.

As a matter of fact, I wish it "just worked".
I have one of these dongles, and last time I tried to use it I was hitting this bug:
https://lists.ath9k.org/pipermail/ath9k-devel/2011-November/007467.html

This is a bug from November 2011 is against the same chipset. But, it was a module that was loading proprietary firmware.

The firmware was released as free software within the past couple of months. So, now instead of the ath9k kernel module folks having to treat the firmware as a black box, they can file bugs and submit patches to the firmware itself.

The reason we certified this device is because it carries freedom to the user. Not arbitrary freedoms, but the specific freedoms to run the program, share it with others, make modifications to the source code, and share modified versions of the source. With this freedom, a user can not only work with others to find and eliminate bugs, but they can find ways to adapt and improve the software so as to squeeze the most they can out of the device. The same can't be said with the 2011 adapters that shipped with this chipset.

And, this isn't just idle speculation. Already we have seen a fair bit of cooperation between this firmwares lead developers and the ath9k module maintainers. I would be very surprised if the almost two-year old bug you pointed to still exists. But if it does, then at least I know you and I can easily reach out to a trustworthy community of free software hackers to explain to us the problem.

Good analysis. There's a few other possibilities you missed, including utilizing old SSL weaknesses like the null prefix attack. But Just so the AC that you replied to gives you an answer.

Yes.

It's option #1 via one of two common mechanisms:

1) RAT installation of a third party CA. You should be able to imagine any of a dozen remote exploits that make this trivial. You can have a few dozen keys almost entirely pre-generated and do a lawful intercept and rebundling of HTTPS in realtime (This is basically the same way things happen in a corporate intercept, except instead of a RAT, you use group policy to distribute the content inspection server's certificate....)

Lazy implementations can sometimes get by by looking to see if the browser searches for a remote proxy configuration and...supplying it without even needing to engage in dns or arp poisoning.

2) Via issuing a certificate from an existing trusted CA. Take a look at the hundreds in your browser sometime. Then ask yourself if every single one of them would refuse a subpoena from every single government. If there's even one that wouldn't, ask yourself what it would cost to discretely steal that root certificate for limited use that would likely never be noticed or reported.

I /have/ seen attacks against root certificates, but not at a government level.

I wouldn't consider your option #3 out of the question, but I have never actually witnessed such in wild.

I do know for a fact that these devices are available for purchase, and that the law enforcement only ones are marketed as zeroconfiguration.

There are additional theoretical attacks that will strip SSL I can and have used in a laboratory network environment that were witnessed in-the-wild during the Arab spring incidents.

I am not the author -- but for an example of SSL stripping, see https://github.com/moxie0/sslstrip

Interesting, I didn't know about it. I think they made a mistake but it's a simple one to undo for server administrators as it's a configuration switch. Check at the end of this file. Furthermore it's up to the applications to honor the flag, the web server is just a middleman here, right?

Our work from fifteen years ago: https://github.com/pdfernhout/PlantStudio
http://www.kurtz-fernhout.com/PlantStudio/
A user comment: "Plant Studio is the best 3d plant creator/animator that I have seen. Very nice job."

The idea can be used to design almost anything, even music (also by us):
http://www.evojazz.com/

Richard Dawkins had the idea first though (or others before him), as shown by his "Blind Watchmaker" software which we had seen before PlantStudio.

So, basically, for most people, 3D is hard because the dominant 3D software paradigm of assembling shapes via splines and meshes and such is too hard to use.

However, Minecraft (and Infiniminer before it) show another easy to use 3D design paradigm (assembling blocks).

You can perform an analysis using the information of activity in the source code, issue tracker and mailing lists, so you get an idea of the history of the project and how is doing in the last term (who are the most active developers, which parts remain unmaintained, how is the activity of the user/developer mailing lists...). Some companies/consultants offer this kind of service. For example Bitergia license their tools as open source (the MetricsGrimoire toolset, among others) so you can extract the metrics yourself, or contract them for a more comprenhensive report.

What makes JavaScript terrible isn't the user side...as others have pointed out, just whitelist the sites you need to allow to use it and be done with it.

What makes it terrible is that it's the only option available. So when you need to do something dynamic on the client side, you're forced to use it. You can tell it's terrible just by the number of times people have tried to write something that allows you to program in some other language and compile to JavaScript. JavaScript, the rest of it (the diff between JavaScript and JavaScript, the good parts) is just too big.

According to the reference manual there is a "boot button" which will force microSD boot and it will also boot from microSD if the eMMC is "empty" (they don't seem to define exactly what is meant by "empty".

https://github.com/CircuitCo/BeagleBone-Black/blob/master/BBB_SRM.pdf?raw=true

There is such a thing, it's called obase

Cupcake allows you via a browser extension to run a bridge if you won't/can't install the whole Tor suite.

Currently available for Chrome / Chromium, Firefox is in the works.

Please help Tor!

Thought I'd update to answer my own question, this program already interacts with multiple exchanges using the best access methods available:

https://github.com/vbmithr/breakbot

Thanks for this, I was going to post pretty much the same thing. In the same vein of Dremel, my company recently open sourced a similar tool called Druid. If you wan to play with it, it's available on github at https://github.com/metamx/druid

I think this page describes how it would (theoretically) work with the current implementation. Definitely some room for improvement in terms of usability, but it doesn't look too bad.

I haven't tried it with FreeRDP, but Microsoft's version of RDP supports something called "RemoteApp" which lets you run individual programs with network transparency. Some googling turns up what looks to be a FreeRDP version of that.

That is encouraging, but from your link and from this one, it still seems like a hack - i.e., it's not transparent. You have to jump through hoops evidently. The beauty of X11 is the network transparency. If I've got an ssh open to a remote host, all X11 apps I run on that connection on the remote host automatically appear on my own desktop without any special treatment at all.

It might grow, but there is no assurance that it will; not really even any indication.

I haven't tried it with FreeRDP, but Microsoft's version of RDP supports something called "RemoteApp" which lets you run individual programs with network transparency. Some googling turns up what looks to be a FreeRDP version of that.

Hmmmm good tips, I'll try them out.

Here is my current attempt to aid the effort of language learning, FWIW. I've been adjusting it to see how I can best review words to have them stick in my mind. I don't mind if it's boring though, as long as it gets me to the destination fastest.

I do remember when I've been in language classes, that each week I had to memorize 25 words or so. After time passed, I looked back on the words I learned, and it seemed I had only remembered 20% of them, maybe less. I thought, "if only I had focused on the words I would remember, then I could have learned faster." I'm not really sure what the answer is to that. Maybe a better ordering of the words that are memorized?

Or maybe, in addition to better ordering, more reading assignments, a lot more reading assignments, so I could use the words over and over again. That might be something worth looking into.

I took a somewhat different approach. I keep all my passwords in an encrypted database (I like Password Gorilla). I wrote the password to this database, and the login password to my home PC, on a slip of paper and put it in a safe deposit box at my bank.

The safe deposit box uses two-factor authentication: you have to possess the key, and you need a photo ID identifying you as an authorized user of the box.

I prefer this approach because it is not reliant on human memory. I am not carrying a list of passwords around with me to be found by a stranger if I ever lose my keychain. It is also robust in the event I forget my "master" password, which could happen if I were disabled and went without using it for a few months. I can change who has access to the passwords through my will: currently my wife has access, but it could just as easily be the executor of my estate.

This is what you want: https://github.com/AppScale/appscale/wiki

Sounds like you may want to check out hosting your stuff over a VPS, maybe with Hawkhost (http://www.hawkhost.com/vps-hosting) or some similar provider?

I guess the general idea is that you'd want to install / set up your own OpenStack (cloud) solution, and then scall VPS coverage if you need it, without having to install / clone over multiple machines. Check out Openstack and Java integration. As far as I know there's an SDK available: https://github.com/woorea/openstack-java-sdk, but I'm not sure how complete it is, what features it offers, or even how you would go about setting up your project, considering how vague you were in TFA.

In any case, this may be a good starting point for you to look. Alternatively you could host everything out of your own house on your own servers, but that scales terribly if you need to buy 50 more servers, so I wouldn't recommend it.

As I wrote on here on TeX.SE, an interface allowing to use to online compilers would be great. So we could have a slim LyX installation while being able to use a maintained up-to-date TeX distribution instead of installing gigabytes locally on each computer. For example the open source LaTeX web API CLSI could be used.

FOSS video decoder (minimal!):
https://github.com/iainb/open_cdxalloc
Also CedarX source code is available, though not Free.
The GPU stuff is in progress, though not yet functional...

It's only a problem with software that doesn't live in your butt if that software requires you to phone in, or has an auto-update feature that you can't disable. Otherwise, while sure you might not have complete control over its behavior, you *can* at least guarantee that it will always have the *same* behavior... why I don't like software that silently auto-updates, instead of at least prompting.

Ideally they'd release a test suite, and anything that passes the test suite may be called OpenStack, while anything that fails may not. That would be a simple, objective criterion.

You are talking about tempest here! :)

* http://wayback.archive.org/web/20110514070546/http://elveos.org/ the source of which is available at https://github.com/BloatIt/bloatit

* http://selfstarter.us/

This catincan business seems nice enough until you notice a Facebook like button on the page. The 0-click variant, no less.

I'd also point out that this very idea has been tried several times already, never with much success.

I worked on a project called Fundry, that was exactly this. Developers could add projects and setup paypal etc attached to it, then users could "put their money where their mouth is" so to speak and directly fund features they wanted. The idea being features would pay for themselves and developers wouldn't end up implementing features nobody wanted.

But alas it ended up failing, as the poster above mentioned, we weren't the first to try it, kickstarter beat us to the bunch by about 2 weeks but we continued on hoping we were targetting a different market than kickstarter.

We ended up open sourcing the code in case someone else wanted to run with the idea, I wonder if the new mob used it at all? We'll probably never know.

I'll be glad when this is actually able to run on Lenovo's notebooks, which require an ugly ACPI hack to enable the Nvidia GPU: https://github.com/Bumblebee-Project/bbswitch/issues/2#issuecomment-3797568

To answer my own question-- looks like this was an issue with xorg not the kernel.

The solution:

lspci | grep NVIDIA

then add the right value to /etc/bumblebee/xorg.conf.nvidia, such as

BusID "PCI:01:00.0"

Good luck fending off the javascript hordes. Innovation in the js oss community is at an insanely fast pace at the moment. Who knows, it might all crumble, but I have a hard time believing a particular native UI framework could compete any time soon. Check out the github traffic on the node.js core to get an idea of the pace. On top of that, the js community is moving towards small modularized packages and away from big frameworks, so you have wayyyy more people actually contributing their own work. Check out @substack on github https://github.com/substack . He is just one guy and has nearly 5000 checkins in the last year across hundreds of libraries and he is not even that unusual in the community. IDK how a C++ framework could really keep up at this point.

Agreed. Also, https://github.com/damentz/zen-kernel

As requested, I have put it on github now:

https://github.com/ZivaVatra/SDAT

Hope it is useful to you, or at least interesting :)

I don't think it is worth selling the script, it isn't that fancy, not to mention that then I would be on the hook for supporting it.
Since the recession hit I've had to work 2 jobs, and I really don't have much time to devote to personal nerdy pursuits. Barely have time to sleep as it is :(

All I can do is publish and hope it helps others. That little script has made my life a lot easier and less cluttered. With any luck others with more time will improve on it and we all benefit :)

And it isn't your settings. I also get an invalid certificate on Firefox and Chromium. Something is up with the link, so I just went ahead and used the actual github.com site to host it.

And done :)

https://github.com/ZivaVatra/SDAT

Figured I would take the opportunity to try out GIT (have not bothered so far).

Also, seems that I have recently made it actually save to tagged PNG's rather than TIFFs. Forgot about that :)

Hope it turns out to be useful to you. Let me know if you want commit privs for any fixes you do. Happy Hacking!

to overcome this we worked for a while on Tagnlock

It is supposed to do the following:
- allow you to easy label /tag documents
- gui way of defining tags, if they are free form or not, compulsorary etc.
- encrypt and then store via method of choice (email included)

I am afraid that it currently is abondonware...

You can also:
Find some way to tag and use duplicity to make encrypted incremental backups to a cloud service. That's what I do now. I simply use duplicity to duplicate (and encrypt) to the same drive and use the dropbox deamon to sync the encrypted copy to my dropbox

Please do post the script. Throw it up on pastebin, or, better yet, https://gist.github.com./

There's always TeXLive.js, if you actually need full (La)TeX environment in your browser.

Yes you can. Now pay up.

The folks working on the PaySwarm stuff believe in data portability, so you own your private data and can take it with you when you leave the system. That's a design goal. As far as access to your hard drive, that's a bit vague - does writing a cookie to your hard drive count? Same with access to the network, vague. Care to elaborate? There are a number of open source implementations of clients now: https://github.com/digitalbazaar/payswarm.js/ https://github.com/digitalbazaar/payswarm-wordpress/ Since it's an open, patent and royalty-free spec, there will be open source implementations of a PaySwarm Authority (the things that process payments and move money around in the network) in time.

The folks working on the PaySwarm stuff believe in data portability, so you own your private data and can take it with you when you leave the system. That's a design goal. As far as access to your hard drive, that's a bit vague - does writing a cookie to your hard drive count? Same with access to the network, vague. Care to elaborate? There are a number of open source implementations of clients now: https://github.com/digitalbazaar/payswarm.js/ https://github.com/digitalbazaar/payswarm-wordpress/ Since it's an open, patent and royalty-free spec, there will be open source implementations of a PaySwarm Authority (the things that process payments and move money around in the network) in time.

"PGP Creator Phil Zimmerman has a new business, Silent Circle [silentcircle.com], that does proper encryption for voice and SMS on mobile devices."

Before you place your trust in this, consider:

Silent Circle Dangerous to Cryptography Software Development
http://log.nadim.cc/?p=89

The Baffling Patronage of Silent Circle
http://log.nadim.cc/?p=102

And, amusingly enough:

Is Silent Circle Open Source Yet?
http://issilentcircleopensourceyet.com/

No.
Silent Circle have only released incomplete source code[1], but have been telling press and activists that all source code has been released and openly reviewed.

[1] https://github.com/SilentCircle

You say, "Creator of PGP Has Already Fixed This" I would disagree at this time.

I prefer to run Linux on Chrome, myself.

Actually read about the language. It's a pretty awesome language that has most of the power and expressiveness of C++ while being safe-by-default in ways that C++ can't support even with fancy smart pointers. A web browser is definitely a good application for Rust, but I suspect it's in a good sweet-spot for a lot of native application development that is presently done in C/C++.

What concepts does Rust introduce that aren't already present in the latest C++ standard?

Too many to enumerate, but the main one is: not being a crazy impractical language which so many programmers were ill-taught to use.

Which aren't already present in Scala?

Not using a Java VM.
Doing actual Unicode natively, not the UTF-16 bastardization of it.

Which aren't already present in Go?

I'll let the FAQ take this one...

Roadrunner consists of 6480 QS22 Blades. Using Cellminer each will yield approx. 56 MHash/s, or 363 GHash/s in total. Using the Bitcoin profitability calculator we can then estimate that one will gain ~27 BTC/day (ATM $2667) while paying $3360/day for power (assuming cheap $0.07/kWh). So yes: mining on Roadrunner would not be cost-effective.

I have had the same issue, email archives that are complete from the mid-90s and sporadic emails from the 1980s. What I've been doing is archiving most of the messages in text files in mbox format , one file per month, and I gzip them after a certain period of time to conserve space.

Unfortunately 'grep' and similar utilities have been insufficient to do decent searches on them. What I ended up doing is building my own search utility in python. It allows me to specify multiple search terms, regular expressions or strings, search blocks of files (e.g. in this case finding blocks that are delimited by a starting '^From ' line), as well as automatically descending into directories, tar files, gzipped files, etc. With this I can easily run a search across any set of files that I desire (even if I've tarred and compressed them) and get out resulting output that I can read with a mail reader program such as Mutt. I've found it to be extremely useful for this, as well as almost all other search tasks that I do.

If you are interested in using it, I've made it available on github. It's at https://github.com/bruceisrael/search

This is so totally wrong I first thought it was a parody. On closer inspection, it does appear like they mean it. Unfortunately, that doesn't make it any less wrong. They're open-source and printable, which would make them trivial to counterfeit. Yes, real bills could readily be identified given a computer with internet, but if you have that, what's the point of the paper? You're not "off-grid" anymore and validating the bill would be just another bitcoin transaction. Now, buying stuff from "someone who is new to bitcoin" with counterfeit PrintCoins? Genius!

See also.

The claim that VP8's inferior isn't a foregone conclusion based on what it doesn't infringe upon.

Maybe not, but there are some clever bits that are locked away by patents so VP8 cannot use them. For example, B-frames. Are you going to claim that B-frames are not useful when trying to encode video?

Also, see the actual results of actual tests.
http://www.compression.ru/video/codec_comparison/h264_2010/vp8_vs_h264.html
https://gist.github.com/Hupotronic/4645784

Don't forget Debris, which at a moderate 197kB beat a lot of multi-megabyte sized other demos at Breakpoint 2007...

Also, it comes with full source.

Multipath TCP works in this use case and supports seamless handover. See http://inl.info.ucl.ac.be/publications/exploring-mobilewifi-handover-multipath-tcp for a detailed explanation. See https://github.com/mptcp-nexus/android for the MPTCP port on the google nexus

ABSOLUTELY! This is supposed to be a developer's conference. This "woman" has never written a LINE OF CODE in her life. Her public github shows two commits--a file name change and a comment! https://github.com/OpenScienceFramework/citations/commits?author=adriarichards Tech Conferences should have a NARROW focus. On the technology. It's not a place for broad-spectrum political activism. It's not an "Occupy" demonstration. Professional Victims should not attend

I kind of agree with you, however I tink the science progress is running in the path you describe more than you think. For example, the "meh, some kind of back propagation" thought has is now being replaced by RBM and SVMs, which are based in new theories of how the brain works. This has given some kind of new 'life' to AI. It is now known that the typical neural networks and other "classical" machine learning techniques are very prone to overfitting.

As with every field in science, we put theories, and base new research on those theories, until it yields everything it can, and then someone comes with a new theory.

.