Slashdot Mirror

We need an official Tor discussion forum.

I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.

----------
DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

We need an official Tor discussion forum.

I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:

** HackBB:
http://www.tinyurl.com/hackbbonion

** Onion Forum 2.0
http://www.tinyurl.com/onionforum2

Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.

I know the Tor developers can do better, but how many years are we to wait?

Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.

If you prefer to visit the hidden services directly, bypassing the tinyurl service:

HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/

Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/

The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).

[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.

----------
DNSCrypt for Linux, Windows, Mac (from opendns.com)

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

"That's quite true. However, your traffic is STILL going through your ISP. There literally isn't any way around that."

Tor, or:

DNSCrypt

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

"That's quite true. However, your traffic is STILL going through your ISP. There literally isn't any way around that."

Tor, or:

DNSCrypt

"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"

https://www.opendns.com/technology/dnscrypt/

- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/

https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/

For the least amouint of effort, you could simply use git and keep the same name. That'll let you have revision control of the single document.

http://rogerdudler.github.com/git-guide/

While this isn't a permanent solution it's better than what you have and pretty damn easy to setup.

...John Carmack goes through to add comments, clean up code, ...

That should be part of the deal. Or maybe it's a reason why we don't see more open sourced commercial software?

id Software has open sourced many of their games, for example DOOM 3 (see GitHub). However you still need the game data (wad, pk3, pk4, ... files) from the original media.

The following crappy solver I cobbled together solved it in 33 seconds under Cygwin:
https://github.com/fhstoica/NumbersAndLettersSudokuSolver

Just wondering...
If you find one that takes much longer to solve with this solver... Does it mean that it is actualy harder, or just that this solver is not exactly the most efficient one for this particular sudoku?

The following crappy solver I cobbled together solved it in 33 seconds under Cygwin:
https://github.com/fhstoica/NumbersAndLettersSudokuSolver

Check out Peter Norvig's web site for a very elegant solver and look for the "impossible puzzle" if you really want a difficult one:
http://norvig.com/sudoku.html

You jest, but one of the interesting things about Boot 2 Gecko is that all the apps are just localled cached web apps, which means that they get "updated" seamlessly without having to interact with an app store or package manager. You get all of the updating advantages of a web app like Google Docs or Gmail, in that installation and upgrading is completely invisible to the user. Even the included apps (the launcher, the dialler, photo viewer, web browser, etc.), which would be native on any other platform, are all just web apps loaded from a particular URL - you can access the same URL using Firefox on a desktop PC, or from an Android phone running Firefox Mobile, and those apps will run. It's the cross platform solution that eliminates the need for native code (think Phone Gap).

Mozilla is aiming to produce a platform that will make apps just an extension of the web. And to standardize everything that they need to do, so that other platforms can implement their APIs. Is it possible for everything? Perhaps not. Does it feel like we are throwing away decades of work on native code? Perhaps, but the web stack of HTML and Javascript is the only cross-platform, globally accepted solution we have. Google tried to add native code to Chrome - it's impressive, it works, but nobody's using it. We had Java applets on the web, but those are effectively dead now. There are projects now that can compile from native code to Javascript - see this amazing demo of Sauerbraten in Javascript running with accelerated WebGL. It's not difficult to imagine a world where Javascript is basically the common bytecode, and with bridges to native APIs it becomes possible to access all hardware, do anything, from a web app that is running on any platform, be it iOS, Windows, Android, Linux, etc.

As I wrote in another comment: the current situation with apps is a bit of a throwback - can you imagine if viewing a web site required you to install it through an app store? And for an author, updating their web site required them to push their site to Dell, who would then approve it and push it out to people with Dell computers? But you need a different web site for people with Asus computers, and you have to push your Asus-build site to them for approval and redistribution? It's crazy, if that were the situation with the web it would've never taken off. Making apps more like the web, or expanding the web to consume apps, whichever way you look at it, is a good thing.

I'm kind of confused about what he's actually doing. "I build and maintain the “official” installers and packages and provide them, to those that contribute." Does that mean he's holding back make files and install scripts?

Clicking through to his GitHub link, I can't even find any source code.

It's shorter, both in original code size and in the number of documentation pages required to understand it.

Code size, yes and no. Yes in what you typed ...

Most of the time, that's all I really care about.

Absolutely No to "number of documentation pages required to understand it"

I disagree. I only had to reference two jQuery doc pages to write my version. I'd have a harder time finding the two doc pages needed for your version, plus I'd probably glance over the reference for Javascript looping constructs since I don't write in that language every day.

As I pointed out, you need to know more about javascript to understand the jquery version than you do the plain js version.

Again, we'll have to "agree to disagree". I may never know enough about Javascript to understand (and/or replicate) the entirety of jQuery, but I know how to use it. To the casual driver, an automatic transmission is simpler to use. Most mechanics prefer a clutch because more efficient and easier to repair. I'm a casual driver, not a mechanic.

A few pages you might also find of interest:
  Slides from Estelle Weyl's presentation at OReilly's Fluent Conference

IE9 won't show the third and subsequent slides, and my Linux box is in the shop for repairs, so I'll have to check that one out later.

JQuery without JQuery

Precisely the reference I was requesting several comments earlier. Thanks.

It's shorter, both in original code size and in the number of documentation pages required to understand it.

Code size, yes and no. Yes in what you typed, no in what your page needs to function.

Absolutely No to "number of documentation pages required to understand it" As I pointed out, you need to know more about javascript to understand the jquery version than you do the plain js version. You also need to understand css selectors and jquery. I'm not buying it.

Further, the jquery version is harder to read and debug than the plain js version. Sure, it only takes a few extra seconds to parse out the jquery version, but multiply the number of cryptic lines of jquery (you know, by using it in practice) and start the inevitable chaining and you've got a maintenance nightmare!

To save a few seconds of typing you've traded efficiency, readability, maintainability, and bloated the page with a fat library.

Thanks. I assume you mean this one [amazon.com]. I'll check it out.

Yep, that's the one. A few pages you might also find of interest:
  Slides from Estelle Weyl's presentation at OReilly's Fluent Conference
JQuery without JQuery

I can't watch youtube at work. Is there a text version of this?

You know what, there actually is!

https://github.com/jwise/28c3-doctorow/blob/master/transcript.md

that doesn't include the Q&A section though, which is just as long (30 minutes talk, 30 minutes Q&A) and interesting, if not to say important :)

Here's a transcript: https://github.com/jwise/28c3-doctorow/blob/master/transcript.md

So? Machine code isn't typed either. Much like for native applications, you can use a statically (and strongly) typed language and compile it down to JavaScript.

List of languages that compile to JavaScript.

The 2D context (canvas) is probably rendered in software, so it makes sense that it is slow - I'd use WebGL 2D for games. WebGL at least uses an established, if old API - OpenGL for Embedded Systems - it was 2.0 last I checked and if that still aligns with OpenGL 2.0 I'd hate to start developing on it because I'd dread the move to 3.0 (porting from OpenGL 2 to OpenGL 3 was a MAJOR pain because the GLSL language changed drastically - if you don't use GLSL, porting is a non-issue). For random numbers you could use a hardware accelerated noise function like this one: https://github.com/ashima/webgl-noise/wiki and then just access the texture procedurally. That may cause issues if the game is online though (hackers would read the memory and edit it on the fly if you copy it out of texture memory into main memory, which you may need to do for speed).

I'm hyping my own projects here, but over the past weeks I've been porting free software games over to Android. Specifically, games that use the Simple DirectMedia Layer (SDL) library. Most of the games are written in C++, and the OpenGL (OpenGL ES in the case of Android) functionality is handled via the SDL library. I have had a good response so far for some of the games.

I have the games as different branches from my tree on Github. My tree is a fork of Sergii "Pelya" Pylypenko's port of SDL 1.2 to Android. One branch is a (partial) port of the popular educational game Tux Math. Another branch is of the game Circus Linux, which I felt did not translate well to Android (at least as I did it) so I never published it to Google Play. I should be putting a few more branches up on Github soon - ports of Ri-li, Hex-a-hop, Ice Breaker and so forth. The Ri-li source will probably be the next one that I will put up.

Nvidia did most of this with their cuda stuff already...

CUDA Frontend: http://www.phoronix.com/scan.php?page=news_item&px=MTA5OTU
Nvidia PTX Backend: http://www.phoronix.com/scan.php?page=news_item&px=MTA5MzM

The missing nvidia part is currently provided by GDEV (the opensource device driver) https://github.com/shinpei0208/gdev

I had the idea of creating a P2P social network a while ago, and actually started writing code: https://github.com/macourtney/masques

However, I haven't finished much due to lack of time. It's open source. Any help would be appreciated.

Instead of going through a website, each node in the network connects directly to each friend and all information is encrypted. Though you can create a handle, your real id is your public key. This causes some issues when finding friends, but public keys seem like the best way to go.

Not much is done right now. I wasn't planning on any kind of announcement yet. Since the topic came up and people are clearly interested in a more secure social network, I thought I would throw it out there and hopefully get some help.

yeah, that part is easy. Now, from the command line, can you provide something to extract the music from all the video listed at http://www.youtube.com/music, skipping ads ?

http://rg3.github.com/youtube-dl/documentation.html

The actual forum software is apparently here, and is licensed under the GNU Affero General Public License.

Keeping your system up-to-date with security fixes is going to take care of nearly all your ills on the actual level of your LAMP stack. Any decent distribution (Debian Stable, CentOS) can be configured to automatically install security updates.

What is more important is application level security. Are the web frameworks your websites are built on vulnerable to SQL injections?

As mentioned above, leaving the MP off of the LAMP, if possible, is going to greatly reduce your vulnerability surface.

As a sysadmin in charge of security for numerous LAMP servers, I'd recommend using Denyhosts and PSAD

The ISP issues are variable. Mine doesn't have any problems with what I'm uploading to. Worst case you'll have to redirect your port through a service like no-ip.

It's not Patent Holders Only. The current text of the license, as found on Github, states that:

3. 'DPL User' means an entity or individual that:

(a) has committed to offer a license to each of its Patents under the DPL, or, if such entity or individual has no Patents, has committed to offer a license to any Patents it may obtain in the future under the DPL; and

(b) has declared such commitment by means of an Offering Announcement;

(c) and, if the entity or individual has made a Discontinuation Announcement, the Discontinuation Date has not yet occurred.

So you can take part if you don't have any patents as long as you promise to license any patents you get later under the DPL.

YouTube? I know a few people visit that site.

YouTube can be watched with a Python script.

He holds 3 certifications in Word, Minesweeper, and Internet Explorer. Dont try and pull a fast one over him.

This is elegant proof that DHS is a waste of taxpayer money. 30 seconds on google would have given him more detail than any interrogation would have revealed.

Hey DHS, I'll take Director of IT position for only $290,000 a year. I cracked the secret of CryptoCat for you....

https://github.com/kaepora/cryptocat

Everything is right there, and I did not have to waterboard anyone.

OK, now that doesn't make sense.

First off, you're really not guaranteed that there's going to be a decent source of random numbers[1]. And there's not a need for truly random numbers; you don't want to consume them if you don't need to. Besides...I like deterministic addresses I can see traffic on my network and immediately know which machine it corresponds to, without having to use something stateful like DHCP. If your network has fewer than ten nodes on it, it doesn't long at all to get to know it.

So instead take the SHA1 hash of the MAC address (or perhaps the MAC address appended to the prefix), and use the first N bits. Then, at least, you have a deterministic method to generate the IP address.

[1] Believe me, this is a problem I'm trying to provide solutions for. My etools/entmesh package has been stagnant for a while, but that's because I've been getting prepping for getting married, getting married, doing the honeymoon thing, and dealing with other life surprises. Happens.

GMail, and much of Google's stuff is written with GWT, which is a platform for developing the client-side of web applications that compiles Java code into JS. You can't really make a modern web app with Java and run it as java (you know, through a JRE, unless someone makes a JRE in the browser, and lol @ that), but you can cross-compile. GWT is like Coffeescript on steroids with a framework behind it as well. These meta-compilation schemes are becoming more and more popular. Look at Facebook, they write their website in PHP and compile it to C++ for efficiency with Hiphop. Google's Traceur compiles code from ES5+ down to ES3 so you can write code with advanced ES5 features on modern browsers that still only have ES3 support.

It is still pretty common to write Java back-ends (primarily on Tomcat and a few other major players), but that's becoming less and less common in newer more modern web apps. I have no citation for this outside of my own observations, and I surely haven't seen everything so I might just be horribly wrong.

Regardless of what back end language you pick, a good front end helps a lot. I have found the twitter bootstrap package to be very helpful..

You can find it at: http://twitter.github.com/bootstrap/

They have a nice dynamic setup you can use that allows your page to collapse down to be easily usable by phone browsers, tablets, etc... It also gives you a good display framework to start from to ensure consistancy of your user interface.. and since the display is css based, you can tweak it how you want.

He writes a decent amount of popular code if you check his GitHub profile.

This is well-written, but mostly incorrect, based on some bad assumptions about sandboxing and encryption.

The main differences are as follows: the iOS sandbox is somewhat weaker than the Android sandbox. It restricts fewer things and in the past (not sure if it was fixed these days), key first-party apps such as the web browser were not sandboxed at all, which is how several generations of jailbreak worked.

No, the iOS sandbox is stronger, in that it supports more fine-grained control over access to individual syscalls (based on the BSD-heritage Mandatory Access Control framework), as well as the API-level and filesystem permission-level isolation that Android relies upon. Jailbreaks didn't rely on a lack of sandboxing, for the most part -- they exploited kernel bugs in e.g. the graphics driver. It took until 2011 that "rooting" on Android even approached the complexity of the 2008 iPhone exploits; the neccesary exploits on Android were generally much simpler.

Android was designed from the ground up with the mentality that there should ideally not be an "us vs them" divide - Android treats all apps more or less the same, security-wise, meaning that the browser is just a regular app that runs in a permission-controlled sandbox like any other. This open design is one reason why the permissions UI on Android is more complex than for iOS - apps can do more things and the OS has to communicate that to you.

This is only partially true. Android most certainly does distinguish between "system apps" and 3rd-party apps -- why do you think people have to root their phones to remove crapware?

The main reason that Android's permissions UI is more complex is ... a design issue. The Android team decided that it was better to make all users click through a screen showing a bunch of scary shit, so that they could later blame the user if the app does something strange. "Dialog fatigue" ensures that very few people actually read the whole UI, and the fact that you can't (on a stock system) individually deny any access (while still using the app) means that most people just suck it up and run the app and take their chances.

Most of the rest of what you wrote is wrong, because you base it on the statement that Android's sandbox is stronger.

With regards to other features, like drive encryption, as of the latest releases I believe both operating systems are largely comparable.

Okay, now go back and actually read the Apple paper, starting with page 8. iOS's encryption is fine-grained -- the whole partition is encrypted, and then individual files are further encrypted, depending on the application and use (e.g. you can receive new email and take new photos while the phone is locked; that stuff is then encrypted and written to flash, and cannot be accessed until you unlock the phone with a PIN. Older contents cannot be decrypted until you unlock the phone). Android only got encryption with 3.x and 4.x -- about 2 years after it appeared on iOS -- and it's a shitty implementation (requires a full battery, AC power, and > 1 hour to enable or disable; any interruption will cause data loss; must enter PIN code on boot, which then causes the whole flash to be decrypted in memory until you turn the phone off).

I know there are all sorts of craziness for bills, but wouldn't something like a Git repository be ideal? that way, you can have the hash of the exact version of the bill your voting on, so the people know stuff wasn't 'slipped in' before it becomes law. Oh, wait, that is probably a 'feature'

I really need to get some time to work on it some more, but that was exactly the idea I had a few years ago when I set up github repositories to track the US Code and Utah Code.

Of course, the only data I had easy access to was the codified law, some time after it was passed and went into effect, so my repos only track changes at that point. But, yes, what would be perfect is a distributed version control system that tracks the changes. Each legislator, each committee, each house would have its own fork, as would special interest groups, etc., even individual citizens with ideas about how to improve the law. Everyone could hack on their copies, push and pull changes, etc., all tracked by version history, and with official versions merging changes at point of adoption.

Imagine being able to run "annotate" on the law to find out where each bit of it came from! Of course, true sources would still often be obscured.

My next step, BTW (should I ever get time to hack on it), is to build a web UI that allows easy navigation of the code. I need to switch to pulling the XML version of the US Code from Cornell, then create some XSLT filters to hide some of the extraneous stuff and convert the links into a functional form and some stylesheets to present the code nicely, and finally create a web interface that allows the changes to be navigated and summarized.

I know there are all sorts of craziness for bills, but wouldn't something like a Git repository be ideal? that way, you can have the hash of the exact version of the bill your voting on, so the people know stuff wasn't 'slipped in' before it becomes law. Oh, wait, that is probably a 'feature'

I really need to get some time to work on it some more, but that was exactly the idea I had a few years ago when I set up github repositories to track the US Code and Utah Code.

Of course, the only data I had easy access to was the codified law, some time after it was passed and went into effect, so my repos only track changes at that point. But, yes, what would be perfect is a distributed version control system that tracks the changes. Each legislator, each committee, each house would have its own fork, as would special interest groups, etc., even individual citizens with ideas about how to improve the law. Everyone could hack on their copies, push and pull changes, etc., all tracked by version history, and with official versions merging changes at point of adoption.

Imagine being able to run "annotate" on the law to find out where each bit of it came from! Of course, true sources would still often be obscured.

My next step, BTW (should I ever get time to hack on it), is to build a web UI that allows easy navigation of the code. I need to switch to pulling the XML version of the US Code from Cornell, then create some XSLT filters to hide some of the extraneous stuff and convert the links into a functional form and some stylesheets to present the code nicely, and finally create a web interface that allows the changes to be navigated and summarized.

It would be nice to see a git-tree of legislations (revision history, diffs, who wrote what line when). I'm not expecting governments to do that, but it might be insightful and interesting.

https://github.com/divegeek/uscode

I haven't looked too much at it to determine if it has that kind of fine-grained revision history, but what you are asking for is essentially here.

They actually are abandoning their legacy OS. While it may have been a great smartphone OS when originally introduced, its been pushed far beyond its design limits and is very much running out of steam.

The new OS in development, which is currently called "BlackBerry 10" (formerly called "BBX") is using the same basic modern architecture as everyone else. Under the covers, its using QNX (a POSIX-compliant realtime multitasking OS). On the surface, RIM is building a whole software stack and set of applications. They've got a new UI framework based on C++/Qt called Cascades. They're also supporting a variety of additional development options, including raw native code (for game developers), HTML5-based apps, Adobe Air, and even the "Android runtime".

They've also been holding a whole series of developer events to promote the new platform, and are seeding developer devices to help everyone get started with it. If you actually dig up and see what they've been working on, its obvious that they're dead serious about moving forward to the future.

Of course this all takes time, but they are fully committed to building out the new platform. They've even engaged the whole developer community directly, in more ways than many realize. They've been posting a ton of open source content, and have made many of their developers and program managers directly accessible to the developers out there in the community.

So people, please stop thinking they're some stodgy company still trying to push 5-year-old phones. They've changed a lot since then. It just takes time for everything to come to market, and even more time for the popular-press (who seems to have negative retorts "in the can" prior to RIM press releases being published) to notice.

You're kidding, right? IE8 lacks: Rounded corners, SVG anything, more robust font support, most HTML5 goodies (enhanced form support for things like validations and placeholders), text on canvas, CSS media queries, javascript optimizations like nested arrays and getElementsByClassName. IE8 is definitely a primitive browser.

IE9 is much closer, but it's still pretty bad. AFAIK it still doesn't support rounded borders + gradients and it has a number of problems with its SVG support. Others have linked to caniuse.com, but I'll point you in the direction of D3's issue tracker>.

If you're doing a dead simple site, sure IE8 not too bad. If you're trying to take advantage of "new" features, you're pretty much SOL (even with IE9).

I too, like the Yahoo Mail UI (and use it), however:

- pop3 access is for paying customers only ("free" pop3 servers are only accessible through ip assigned to mobile networks)
- if you use their "forward" option to forward your mail to another address, then you can't use pop3 anymore (true story)
- No Imap option *even for paying customers*
- Unlike Gmail, Yahoo doesn't warn you if somebody logs in to your webmail from an unusual ip, they also don't offer anything like a list of recent login ip.
- And worst of it all: Yahoo still doesn't offer https. They only offer https login, which is a joke security wise, as sessions can be hijack with something as trivial as a browser plug in.

I could swallow a few things, like no imap which is only a sign of how technically obsolete Yahoo mail is, but the inadequate level of security is really Yahoo taking a giant shit on the head of their users.

There was a very preliminary port, but Mozilla abandoned work when Apple made it clear they wouldn't allow Firefox on iOS. For jailbroken phones, here's a repo maintained by a volunteer.

https://github.com/redpanda321/Icefox

You might try bitpocket (see https://github.com/sickill/bitpocket or http://ku1ik.com/2011/07/18/bitpocket-as-a-dropbox-alternative.html ) or Unison.

This is extremely obvious to anyone who is older than 15 years old and especially for those of us who live overseas and have friends, family and people all over the world and helps to keep in touch with people easily (and no, I'm not going to bother them all by emailing them on little things).

You make a valid point, but this quoted part is pure bullshit.

The actual good Facebook has done is by contributing to projects like Cassandra and a bunch of work it did on MapReduce and Hadoop, memcached and what not. Visit their github.com to check on that, though those aren't the only projects they worked on (more like, those are the projects they have started)

Dude, those are mere tools.

They exist to DO THINGS.

It's the THINGS that are important.

This is extremely obvious to anyone who is older than 15 years old and especially for those of us who live overseas and have friends, family and people all over the world and helps to keep in touch with people easily (and no, I'm not going to bother them all by emailing them on little things).

You make a valid point, but this quoted part is pure bullshit.

The actual good Facebook has done is by contributing to projects like Cassandra and a bunch of work it did on MapReduce and Hadoop, memcached and what not. Visit their github.com to check on that, though those aren't the only projects they worked on (more like, those are the projects they have started)

Hello fellow MT4GS owner, allow me to introduce you the magic of community ROMs. I've been running an unofficial CM9 build from here on mine recently, and it only has a handful of bugs. The current builds are using a 2.6 kernel because the 3.0 tree isn't playing nice with the keyboard. It is a completely open community project, so you can watch progress on the TeamDS github page.
It sucks that HTC and/or T-Mobile aren't providing us with an official ICS ROM, but when you buy a phone you are buying that phone, assuming you will be getting major updates is a sure path to disappointment. This isn't specific to Android, Apple drops iOS hardware from being supported in new versions approximately two years after release. Manufactures have a double incentive not to provide updates for devices in the cost and complexity of supporting old devices and the encouragement to buy new hardware that not providing updates brings. At least with Android you get snazzy community projects because the parts are open.

wait. There is an OPenCL implementation for video encoding and decoding.

https://github.com/awatry/libvpx.opencl

I personally know someone who was involved in this case, and even the judge realized the crown was stretching a lot of information. The crown refused to give on even the most trivial matters. You can find more information here: http://freebyron.org and all the notes on the trial here: https://github.com/colah/ByronTrialNotes/blob/master/days.md

A lot of things in your house are "bomb making materials." Just because his hobby dealt with (perfectly legal) rockets, doesn't mean he did anything wrong. Do you have a couple ounces of gasoline? Put it in a bug sprayer and point it up in the air, and you just created a bomb. Do you have bleach and hydrogen peroxide (as most homes do)? Then you can make a bomb. None of the materials he possessed were actually explosive. I believe as far as they got was "it will burn if you apply enough heat." Well, so does my desk. Not sure that counts as a dangerous weapon. All the logs of conversations regarding these materials point at the fact that this was indeed only for a hobby.

The materials he held had nothing to do with testing the security of the G-20. They were not hidden, he openly talked about them, as would anyone who had nothing to hide. As a security expert and concerned citizen, he wanted to inform both the people in charge that they were doing a poor job of security, and the tax payers that they were paying a ton of money for something that wasn't even very safe. In the process, he lost his home, and his wife.

and they use it long ago... and what did those companies do to improve *bsd systems? it goes from very little to not enough
even google contributed more than ixsystems.com, a top *bsd user!!
Netapp products make money from *bsd, but yet they are very, very low in that list

BSD have this fault, companies take the code, but contribute very little back and only look back to take yet more code

Password Gorilla is what I chose - after comparing *lots* of passwordmanagers. I wanted a filemanager that be: - free & open source - offline (--> exit Lastpass) - cross platform (I looked at Linux, OSX, Windows and Android, cause that is what my family uses) - not dependent on Mono (--> exit Keepass). Password Gorilla stores passwords in an encrypted file: the password database. Every user has his own file(s). I have a copy of my file on my smartphone, I synch the files regularly. Read all about it and get it here: https://github.com/zdia/gorilla/wiki/ I like it, it does what I want, but to be honest, the GUI looks a bit simple and the syncing of files (across in my case 2 PC's and a phone) is not automized, although I you could write a script for that. It lacks the slick interface of some other passwordmanagers.

https://github.com/aiaio/mortimer

The password sharing functionality looks really interesting. I gave it a spin a few months back, but it had an annoying bug at the time (move a password out of a folder to the root level and it can disappear from the UI). I'm guessing a competent Ruby dev with a few spare hours could fork it on GitHub, fix it up and make it work real nice.

More information about it here:
http://www.alexanderinteractive.com/blog/2009/02/mortimer-a-rails-password-manager/
http://www.alexanderinteractive.com/blog/2009/08/mortimer-password-manager-redesigned-v1-2/

lol we can look at something like github, which has mainly new projects. That has Ruby as the #2 language for projects.

Predicting that a language will become popular in the future is tenuous at best. Ruby doesn't deal with multi-threading as well as some other languages. Will it matter? I don't know, but lack of a compiler isn't the only thing involved in a language's popularity.

Another option is to use a Shim or a Poly Fill as a transitional to HTML5. It's a bit of a pain, but it helps abstract out the browser support a bit.