Slashdot Mirror

If you use Trakt to keep track of your shows, make sure to get the development version here until it gets released to the production channel. If you don't use Trakt... you don't know what your missing! - HEX

No a developer called Fneufneu is still working on it. The pull request wasn't finished/merged in time for Eden. https://github.com/xbmc/xbmc/pull/37

http://preyproject.com/
"Prey lets you keep track of your laptop, phone and tablet whenever stolen or missing -- easily and all in one place. It's lightweight, open source software that gives you full and remote control, 24/7. "

Oh and the code is open, so if you want to add a more complicated "bricking" capability you could.
https://github.com/prey

And *nothing* annoys me more than their "Sent from my iFad" appended to e-mail messages. So long, commercial-free e-mail.

I note that you didn't include the "Sent from my Android Phone" (got one of those from my Nephew the other day) and "Sent from my Windows Phone" (get those from at least one of my employer's clients). Both of those platforms have a built-in Sig, too.

But yet, once again, it is Apple that gets singled-out.

Fucktard.

I just tested my brand new out-of-the-box last week android phone (Samsung) that I haven't changed my sig on, and it doesn't send one of those. Neither does my closer-to-AOSP cheapass tablet. Neither do they have an option to enable such a signature. The string you suggest is included by default isn't in the strings table of the default Android email app, and it would be a serious violation of the coding standard if it were elsewhere. Evidence seems to suggest you're just making this shit up.

Fucktard.

https://github.com/Wintervenom/Scripts/blob/master/updaters/update-hosts

The idea I believe is more that userspace is responsible for handling which device(s) are used for transmission and notifying the kernel, rather than being responsible for the sending of packets themselves. If you've got an active/backup bonding setup, it makes sense to perform connectivity checks from userspace which can be flexible and complex, then notify the kernel to switch or remove devices that have lost connectivity.

The libteam daemon that's in development seems to have a round robin mode planned and I'd hope 802.3ad, but I guess we'll have to wait and see how that works. I'm sure it'll still need kernel support for the bonding implementations, it's just the monitoring and management functions that are being extracted.

I have games on 30 stores including Google Play: https://play.google.com/store/apps/developer?id=AllBinary I have my AllBinary Platform with 1.2 million plus lines of code. https://github.com/AllBinary/AllBinary-Platform I have 8+ years of the last 12. I will build a self replicating robot army in 7 years or less. Oddly I do have 2 phone interviews for NC this coming week.

Also I wonder whether phones will allow you to just make a data dump of its storage just by connecting it to USB. My phone just charges when connected, doesn't go into USB drive mode (which afaik still doesn't allow access to the complete storage even, like contacts and so), though I have debug mode on so it does accept certain commands (including installing of apps, and running that app). But if that goes as far as allowing you to do a data dump, I really don't know. And most people will not have debug mode enabled to begin with.

This is where the rooted kernel and recovery comes in. The kernel can be configured so that debug mode is turned on and root shell via ABD is enabled by default before the kernel even boots android. All that is needed is a few lines in one config file in the kernels initramfs. This means by flashing the kernel and custom recovery you can get root access to the device without ever even touching the data partitions.

As for doing a dump purely over USB, I'm not so sure if that's possible. I'm sure there is a way, but it's above my pay grade. What I would typically do is do the dump to an external SDCard (obviously the feds wouldn't use the suspect's card) and then pull that file to the computer using the `ADB pull` command. If the phone doesn't support an external SD, some other methods might have to be employed. You could do `adb pull / c:\suspectsphone` and it would pull the entire file system, as mounted to the local directory on the hard drive.

Keep in mind that the FBI booting the phone up and trying to unlock it are hardly using a clean-room method. That would be the equivalent of booting a PC up on the original hard drive and trying to guess the password. As you've already pointed out, when they do PC forensics, they would *NEVER* let the PC boot up on the original hard drive.

OpenStreetPad

FTFY. Thanks, looks like a great project!

As this looks like advertishment to me, I will post about my own UNIX web terminal emulator. Its C, executable only 100kb for the executable with everything contained, and many of the goodies from GateOne (multiple sessions, session attached to user, not browser window...) It also even has colaborative terminal, where two users can attach to the same terminal. All AGPLv3. https://github.com/davidmoreno/onion/tree/master/examples/oterm

I believe that github's major source of revenue is hosting private repositories and I can guarantee that I would never trust someone who sat on this kind of vulnerability to keep my private code private, regardless of if this specific vulnerability was fixed or not.

Not exactly - he was suspended while they investigated the incident, not when he reported the bug. As they explained on their blog yesterday, their standard procedure is to suspend accounts that get into this kind of thing until they investigate the incident to see if there was anything malicious happening. They determined there wasn't so they reactivated his account. I'd say GitHub handled the situation excellently.

At least the message was understood loud and clear... It took a couple of hours and a commit to Rails was made to change the default: https://github.com/rails/rails/commit/641a4f62405cc2765424320932902ed8076b5d38

He did that and, being rails devs, they blew him off...

https://github.com/rails/rails/issues/5228

Just because it is open source is no reason to go about it in a childish manner.

When dealing with children..

All kidding aside, I this was just the right amount of childish for the situation. I loved it!

fxn commented 3 days ago

There was a proposal about changing that flag in #4062 and the consensus is the pros of the default configuration outweigh the pros of the alternative.

Thanks!

Apparently GitHub's own admin isn't "pro" enough...

What does this have to do with Linux? The vulnerability was in Rails - and I must say, the attitude of the Rails developers of "We don't have to make the defaults restrictive - let the user secure their app" is a poor one.

Oh, the linked commit is not the only funny one - after this guy's initial report was blown off by the Rails team - https://github.com/rails/rails/issues/5239

Let me add the development of the "Open Ministry" is also open. We welcome all interested developers and pull requests! You can find the source code at https://github.com/avoinministerio/avoinministerio . The tech stack is currently simple Ruby on Rails hosted on Heroku, with few associated tools like MailChimp. At the moment the developers hang out at Flowdock channel https://flowdock.com/, you'll certainly get an invitation by request.

As the service has been just launched we just squash bugs and keep service up and running, and hopefully we'll survive the Slashdot effect (which surely will be toned down by Finnish only website). On the (open) roadmap there are things like

• o higher engagement with users by following ideas and discussions, and perhaps
• o multi-lingual site (though the nature of online discussions usually work out better in one main language).

Join us, help us! Hack the law!

I read that and before realising it was Poe's law, I grabbed an audio CD, popped it into iTunes, ripped it to WAV, turned the WAV into FLAC, then turned the FLAC back into WAV, and checked the SHA1 on the two WAV files. See https://gist.github.com/1934901

For the benefit of audiophiles everywhere, I can confirm that "lossless means that what you put in exactly matches what you put out". ;-)

Capsicum also debuted, like, years ago.

And appears to be stale:

The website hasn't been updated since 2010.

The latest GitHub code is from 2010.

The "Documentation and Publications" are from 2009 and 2010

So stale it got imported into the base system and kernel newest release of FreeBSD.

Besides, they've proven the system works, what else is really needed? It will take time to change userland utilities to use it, and only at that point will there perhaps be a need to add more capabilities for use cases that may not have been thought of. As it is, I'd be hard pressed to think of a program more complicated than a web browser (network, disk, IPC, and UI access all needed in varying degrees).

Capsicum also debuted, like, years ago.

And appears to be stale:

The website hasn't been updated since 2010.

The latest GitHub code is from 2010.

The "Documentation and Publications" are from 2009 and 2010

I know, I know, why do that when you can dedicate an entire system to an oracle database instead. Eventually you just can't bludgeon your problems to death with hardware anymore and need more subtle solutions.

My last demo (Which you can find at https://github.com/FlyingRhenquest/fr_demo) is still pretty rough around the edges but was mostly to allow me to play with Cppunit and boost::thread. My C++ socket server makes for a weightier process, but probably scales better since it uses threads instead of forking off a new process for each request. You can always fork if you want to, at least on Linux -- it just copies the thread you're currently in. So you can exec off a new process if you want to. I should probably be using boost::asio instead but that seems like a lot of extra complexity just to get the bits I need.

Gotta say I really like Cppunit. I feel like I'm abusing it making it test multi-threaded things but it just keeps working beautifully. It's not at all difficult to set up a suite of unit tests to run. If you do it the way I did, most of the work is just linking the new object into your unit test executable in the makefile.

I also like boost's threads, or more specifically their mutexes. scoped_lock is teh sexieh! C and C++ scope handling in general is just really nice.

And if you want to use Piccolo2D from Processing, there is a GPLv3 or later licensed library for Processing

https://github.com/heuermh/piccolo2d-processing

I agree: diagnosis is only one (arguably less important) area where mobile technologies are going to benefit us. I think the real opportunity lies in transforming the way patients live with their illnesses after diagnosis. More generally, mobile technologies have the potential to dramatically improve the quality of our health by empowering patients to be more engaged in their care. I think the current focus on just collecting data for the purpose of diagnosis is misguided. What we really need to be focusing on is how to engage patients. Patients need to own and control their data, they need to have their data presented in timely, convenient, and actionable formats, and they need to be empowered to work with their doctors (and other care providers) through ongoing collaboration (not patriarchal episodic care). This is the primary focus of the group I work with at the MIT Media Lab. We are working to build an open-source platform for patient-centered care research, and recently completed an event where we invited students, health professionals, and innovators from industry to build prototypes of patient-empowering solutions. You can see a brief video summarizing the event and projects here: http://newmed.media.mit.edu/blog/jom/2012/02/23/health-and-wellness-innovation-2012-intro-video. Smartphones are indeed going to help start a boom in DIY medicine, but not just by becoming pocket-diagnosis machines. Rather, our phones are going to help us take control of our health.

the major reason none of the web servers support multiplexed fastcgi is that none of the fastcgi servers support it (ie PHP etc).

that said, there is a third party module for nginx to provide multiplexed fastcgi.. ie comes with demo fastcgi servers to test with.

https://github.com/rsms/afcgi

I agree. There are several very good WebGL-abstracting graphics libraries for Javascript, such as three.js (and some others). You can use Javascript and CSS to place (and style) all of your buttons and widgets, as well. For data visualization, you might consider d3.js. I'm currently working on integrating both three.js rendering and d3 visualization in a GWT app, and it's mindblowing how slick some of the Javascript libraries are. I deeply regret having avoided Javascript for so long, because ... I'm really starting to like it.

three.js: http://mrdoob.github.com/three.js/
d3: http://mbostock.github.com/d3/

d3 examples: http://mbostock.github.com/d3/ex/ (nearly all are amazing.)

I agree. There are several very good WebGL-abstracting graphics libraries for Javascript, such as three.js (and some others). You can use Javascript and CSS to place (and style) all of your buttons and widgets, as well. For data visualization, you might consider d3.js. I'm currently working on integrating both three.js rendering and d3 visualization in a GWT app, and it's mindblowing how slick some of the Javascript libraries are. I deeply regret having avoided Javascript for so long, because ... I'm really starting to like it.

three.js: http://mrdoob.github.com/three.js/
d3: http://mbostock.github.com/d3/

d3 examples: http://mbostock.github.com/d3/ex/ (nearly all are amazing.)

I agree. There are several very good WebGL-abstracting graphics libraries for Javascript, such as three.js (and some others). You can use Javascript and CSS to place (and style) all of your buttons and widgets, as well. For data visualization, you might consider d3.js. I'm currently working on integrating both three.js rendering and d3 visualization in a GWT app, and it's mindblowing how slick some of the Javascript libraries are. I deeply regret having avoided Javascript for so long, because ... I'm really starting to like it.

three.js: http://mrdoob.github.com/three.js/
d3: http://mbostock.github.com/d3/

d3 examples: http://mbostock.github.com/d3/ex/ (nearly all are amazing.)

Done and done. Although I do wish that this process was built into the applications themselves, installing plugins to Keepass and Chrome does seem like a bit of a stretch for the average user.

If you look at the site, it is obvious that this is neither Tetris nor an implementation of Tetris. It is just a part of the game that when given the current layout in certain encoding, the current user input and some other state variables can tell you what is the next state. All of this is meaningless unless you know what should you do with this state information. Crucially, included is neither the drivers to read user input or the method to render the game board for display.

So yes, this is one part of an implementation of a Tetris. But then again, any given block of code less than 140 characters in length from any full implementation has also a claim for being a part of an implementation of "Tetris". So I therefore proclaim that I have beaten them by my even shorter "implementation", which simply consists of the letter u (a part of crucial JavaScript keywords like "function" and "return") for it has an equally valid claim for an "implementation" of "Tetris" as this function, in some perverted regard ;).

You'll love the non-restrictive EULA.

Yes, black markets do benefit from digital cash, regardless of whether the cash is Bitcoin-like or issued by a central authority.

Sorry, I don't get this at all. How would a centralized currency survive if it's heavily utilized for ends that are against the dominant power's policy? Plus, assuming you can do away with it by hiding the issuer from legal powers, then how am I going to trust the issuer without an enforcer? You never replied to this dilemma, which is the reason why distributed trust is not only better, but a necessity. Even if you can't trust anyone, you can trust everyone.

I agree that the focus shall not be the black market. The discussion progressed that way because you claim that scalability issues will get in the way of Bitcoin's success even in the black market case. It could be right (I doubt it though), but that doesn't mean Bitcoin is a bad design, its design is by necessity: inverse commons against tragedy of the anticommons. You can still use regulated money if you think there is a risk of fraud and theft (I don't think it applies to the Bitcoin case, those regulations are for legal businesses, which can be regulated either way, and illegal ones cannot be regulated anyway). The regulations that apply to this context are regulations against entities that function against the dominant power, so it's a matter of political opinion than practical risk/fraud scenarios.

As much as I like the regular internet, I feel safer because there is Freenet. Cases are similar in this context.

you see Bitcoin as a digital cash in Chaum's terms. Technically it isn't.

Then explain the difference, because neither the original Bitcoin paper mentions Chaum's work (or any previous work on digital cash) nor does the Bitcoin Wiki's page on scalability. People keep saying that Chaum's result does not apply to Bitcoin, but nobody seems to be able to say why that is the case.

I already agreed with you that Bitcoin suffers from an analogous problem. On the other hand, Bitcoin only resembles Chaum's digital cash, it's not a derivative of it. It doesn't use blind signatures for starters, which is the foundation of DigiCash. Without blind signatures, DigiCash is just like any other electronic money. So the difference is immense.

Now, I don't want to sound like an expert, so please correct me if I make a mistake. The problem is analogous because both systems require a trail of all transactions. Also, in both cases there is a "change" problem, that practically multiplies the number of coins by two in every cycle. Bitcoin's solution to this is the ability to merge input transactions. So if you need to transfer 10 BTC, and you have 10 different inputs with 1 BTC each, you can combine those inputs to create a transaction with a single output, in effect reducing the number of tokens 10-fold, assuming there is some sort of block chain pruning in place (there is no such system for Bitcoin yet). In most cases you will still need a change address. Although the change address is always a new "token" (I suppose in Chaum's scheme it has to be), in Bitcoin it can be an already existing one, so you can economize there as well, but there is no incentive to do that currently.

Since you've been telling a better cash is possible with Chaum's scheme, I'd like to remind you that it is actually a 90's era thing, and there are already a multitude of such systems in place. I suggest you take a look at the OpenTransactions library, which implements almost everything that is possible in the digital cash tradition, and AFAIK allows inter-issuer-processor networks:

https://github.com/FellowTraveler/Open-Transactions/wiki

Except that the predefined money supply is a terrible idea for economic reasons.

That's a matter of opinion. It's a dominant opinion, but it's not a consensus among economists. Most economists I know don't object to either idea. Actually, since Bitcoin is not and will never be legal tender, the arguments against it on these grounds are actually similar to the ideas against Esperanto.

for Booktype is here: https://github.com/sourcefabric/Booktype

There is something of a slope of what FLOSS in an organization is, from Richard Stallman, who is a purist, all the way to companies which will use (but not contribute) Apache/BSD source in their code, or run a GPL application.

I've used FLOSS associated with my job for a long time. From the mid 1990s on this was as a Unix Systems Administrator. I've installed Linux (and back then, FreeBSD also) servers at companies since the mid 1990s. I've installed open source software like Apache, BIND for DNS, and Tomcat. Various mail packages like sendmail, exim, qmail. Some of the comments mention small companies, but I've installed and/or maintained open source tools in everywhere from small startups to Fortune 50 companies.

Also, over the past year I have learned the Android API better, and Android is, of course, an open source platform. My entire development process for Android is very open source based. I do development on an Ubuntu Linux desktop with the open source IDE Eclipse. I also often include Apache code in my code, or sometimes LGPL, or sometimes even GPL code. I even released Android open source - I was building a spreadsheet, got pre-2007 Microsoft Excel (.xls) loading OK, but hit a snag with Excel 2007/2010 (.xlsx), so I open sourced what I had so far ( https://github.com/dennis-sheil/android-spreadsheet ) and will do some more work on it if I have the time.

I released several of my own Android apps over the past year. You're talking about making money on this - I made over $15 in ad views yesterday. Not enough to earn a living, but an extra couple of hundred dollars a month does not hurt. Some independent Android developers have put up blogs, like Droid Blog, or Kreci, or others, they've been doing it longer than me and are making thousands a month, not hundreds.

Plenty of people have written advice on how to push for open source solutions at a company. Just suggesting often it isn't going to do the trick, you have to package it in a certain way, get buy-in from the stakeholders and so forth. You might not always succeed, but sometimes you will.

Understand the Javascript language, because it is a simple, yet powerfull language on its own. So, before digging deeper into libraries and tools, take some time to read the javascript garden, which will give you the dirty parts: http://bonsaiden.github.com/JavaScript-Garden/ And, as previous posters already said, the Crockford site which will give you good insight into good practices and useful patterns: http://www.crockford.com/

https://github.com/kripken/emscripten

w/ emscripten, if you can output llvm from your language, you can run it in javascript.
Emscripten author claims 2-3x of optimised C.

Indeed, this sounds like it makes a lot of sense. I recalled a Python to JavaScript compiler ("Pyjamas"), googled for it, and found an entire GitHub page of links to such compilers. It includes compilers for Python, Ruby, C#, C, and more. Heck, there's even one for Perl!

The only problem is I haven't tried any of these, so I have no idea how good they are. On the other hand, I have used some pretty bad language converters. (Many of which I wrote on the spot, but still...)

I just converted it to ePub by downloading the zip file from github, then running:

unzip ~/Downloads/lydiapintscher-Open-Advice-*.zip
cd lydiapintscher-Open-Advice-*
latex2html -html_version 4.0,latin1,unicode -split 0 -show_section_number -local_icons -no_navigation Open-Advice

I then loaded the resulting html into calibre to convert to ePub format and upload to my eBook reader.

Python doesn't care whether you're using tabs or spaces, so long as you use a consistent amount of it to denote blocks. The problem is that some editors don't show you the difference. Nobody complains about semicolon requirements in C code because an editor shows you where all the semicolons are in a given piece of code. I feel whitespace should be just as easy to follow. If someone's indented a block wrong or mixed in some tabs, that should be just as easy to spot - even if you're using a language without any whitespace restrictions at all.

My solution is to use ethan-wspace which automatically highlights tabs in source code (along with lots of other little whitespace problems) and lets me clean them up trivially with the touch of a button and without breaking the file. It not only keeps my Python code functioning, but does wonders for keeping junk whitespaces changes out of source control.

Here is a super secret link to it from the hyper secret search tool called google, it took 3 seconds to get it.

https://github.com/kmuto/latex2epub

there is a world outside of apt-get

Although I appreciate snide as much as anyone, you might notice that the hyper secret search tool called google has no idea what you are talking about:
https://www.google.com/search?q=tex2epub

Here is a super secret link to it from the hyper secret search tool called google, it took 3 seconds to get it.

https://github.com/kmuto/latex2epub

there is a world outside of apt-get

> I haven't found anything I could do in Windows or in Ubuntu I can't do on a Mac.

Reliable file sharing.

I quite easily share files between OSX and Ubuntu. And though I haven't installed them yet I'm getting ready to install both Ubuntu 10.04 and 11.10 to triple-boot my Mac. When I do I'll be using the same partition for users in all OSes.

Media playback. You end up falling back to "Linux tools" in order to get a reasonably complete solution.

Apple's Final Cut Pro, which is the video industry's leading video editing software burns Blu-Ray disks. What's that? A video of of someone burning a Blu-Ray movie with Final Cut Pro 7? However you can still run Linux tools on a Mac. OSX includes X11. With Fink you can install software that uses the Debian tools dpkg and apt-get. Or Mac Ports to install .rpm packages. Then there's Homebrew for those who Mac Port drives to drinking.

Keeping your crayon inside the lines (like office software) is not the problem.

AH, you're right. The problem is people not knowing the truth, or not admitting to it. Fact is is a Mac can run Linux, OSX, and Windows software. Which is within what I said above, "I haven't found anything I could do in Windows or in Ubuntu I can't do on a Mac."

Falcon

I think it would be a good idea that the book will be avaliable in epub format, to read it in most e-readers.

As noted above, the sources are available so you can compile it to epub:
http://github.com/lydiapintscher/Open-Advice

That is the spirit of Open Source, I suppose! Upstream provides the source, you compile it as you see fit.

They publish the source .tex files at http://github.com/lydiapintscher/Open-Advice , so it's rather open.

At least, for some values of "hacks" and some values of "gets their phone".

Here, for example, how to get root on Android using generic Linux kernel vulnerability.

That's really odd. If you're willing to spend a bit of time on this and have a machine on which performance noticeably dropped from one Firefox release to another, would you be willing to use http://harthur.github.com/mozregression/ to find when exactly that drop happened? That would be incredibly useful!

[...] but let's say the Stuxnet code was published [...]

Most of it was decompiled and published here. You can find all the binaries online if you're really interested. Hiding the results is just security by obscurity. The Dutch scientist didn't perform some magic trick that nobody else can do. Doesn't make it any less scary though.

They wrote a php to c++ source code transformer - https://github.com/facebook/hiphop-php

Someone has already beaten every one else to the punch.

However, you need Ice Cream Sandwich and you will need access to a disassembler. Also, you cannot use this exploit for "one-click" root access as the only program that is in the Android stack that runs setuid root, is run-as. That command is statically linked so you will still need adb access so that you can disassemble the program to find it's exit call.

So there is still a fair amount of work left to be done to make this an exploit that can be used in the "wild" for Android devices. However, as a fair note. A little crowd sourcing to compile a list of offsets for different devices could greatly speed up the process. I'm actually curious if Google will patch this in there kernel.

Give me 300,000 $ venture capital and 4 months time. It's not that much to ask.

I will deliver a bootable installer medium (cdrom, usb, whatever) that let's you choose your options from gnome3/ kde4 down to tailored desktop systems like the one I set up for me.

It will be easier to use than any current windows, linux or bsd installer available (mac os excluded, because it has the privilege to be only used on selected hardware). Tailored systems for everyone, on cheap hardware.

All it needs is a GUI. Seriously, the code is there: custom os, custom kernel. As I said, all it needs is a GUI.

I dare you.

Give me 300,000 $ venture capital and 4 months time. It's not that much to ask.

I will deliver a bootable installer medium (cdrom, usb, whatever) that let's you choose your options from gnome3/ kde4 down to tailored desktop systems like the one I set up for me.

It will be easier to use than any current windows, linux or bsd installer available (mac os excluded, because it has the privilege to be only used on selected hardware). Tailored systems for everyone, on cheap hardware.

All it needs is a GUI. Seriously, the code is there: custom os, custom kernel. As I said, all it needs is a GUI.

I dare you.