Domain: sourceforge.net
Stories and comments across the archive that link to sourceforge.net.
Comments · 31,462
-
Re:Password Safe is the answer
Actually, PasswordSafe is actively maintained on SourceForge: http://passwordsafe.sourceforge.net/
You don't need to trust Schneier's rep, as the sources are available...
As to the Crypto, AES is currently much less reviewed than Blowfish, as it'smuch newer and 3DES, while reliable, is relatively SLOW...
Note: I'm the current project admin. -
PasswordSafe
Actually, Bruce Schneier wrote exactly such an application, and put in on SourceForge a while ago, where it is now currently maintained:
PasswordSafe
Note: I'm the project's current admin.
-
Re:use the check-in numbers
Do you have any other suggestions for this situation. I'd be willing to bet this is the case for close to 50% of code checkins.
On your projects, perhaps. On mine, never. I use continuous integration tools like Anthill and Cruise Control, and anytime a checkin breaks the build, the developers hear about it pronto. This is a little annoying to start, but once you get broken in it's fabulous: what's in CVS is always trustworthy, and if you see a problem you know it's your problem.
If you're just using CVS to pass around files, then you could just email the files around. If you keep the units of work small, clear, and discreet, this works fine.
Another option is to have areas in CVS for things that are half finished; the person to do the last bit of work moves things to their proper place.
With the designer/programmer split, one helpful approach is to make the last step connecting it to the rest of the app. So if it's a web app, you put up the new pages in a way where you can get to them only if you know the URLs. Then only when they're perfect do you add links from other pages.
You can also make features configurable, so that a feature is only visible if certain configuration options are set. This is especially valuable in environments where you have to roll out multiple related servers but need to bring everything live at the same time.
But my favorite approach is to get the necessary people together in one place. E.g., the programmer pairs with the designer, and you get things done in one go. Not only is it faster and more likely to work, but both sides learn a lot more about how the other guy works. -
Re:Bruce Schneier agrees
Two words for windows users: Password Safe. Originally written by Counterpane, Schneier's company. Stick it on a USB pen, and carry it around with you. There are also similar Linux tools that can use the same 3DES-encrypted password database file.
-
Re:Bruce Schneier agrees
Two words for windows users: Password Safe. Originally written by Counterpane, Schneier's company. Stick it on a USB pen, and carry it around with you. There are also similar Linux tools that can use the same 3DES-encrypted password database file.
-
Look for a used Psion
Small, reasonably powered. Mine is a 5MX I wish it was a 5mx pro.
you can fairly often find them on ebay. expansys has them refurbished for... ouch! quite a bit.
and of course the obligatory linux plug:
http://linux-7110.sourceforge.net/
Yes Virginia, it does run linux :) -
Re:Pseudo-Written Password
I have a Treo and I use GNU keyring for this.. It's free and works great..
-
Re:STEGNAOGRAPHY is the answer
I've got a system better than a biometric USB key: I use an app called "Keyring" on my Palm, and store my passwords in that.
-
Re:I'll buy that piece of paper with some chocolat
Isn't a full blown GUI program a bit overkill?
Seems to me that a list of OverlongSuperComplexHardToRemember passwords can easily be stored and read from a simple text file that's been encrypted. Using something like ccrypt (available for Windows with Cygwin) and typing
$ ccrypt -c path/to/secret_password_file | grep slashdotlogin
and entering the requisite password when prompted allows you to read the information from your screen.
A bit simpler, no?
-
Re:eMate 300
How to get a Newton connected to a Linux machine.
http://newtonlink.sourceforge.net/Newton_and_Linux -mini-HOWTO.html
How to get a Newton connected to a Windows machine.
http://www.chuma.org/newton/ncage/
http://www.mug.jhmi.edu/mirrors/InfoAlley/0696/25/ newton.html
http://www.panix.com/~clay/newton/query.cgi?commun ications+comm_software
http://mirrors.unna.org/ftp.bitcon.no/pub/pdacentr al/newton/newtwindows_license.html
Hope some of this helps. -
Re:Bruce Schneier agrees
Yes, it's called 'Password Safe', and was produced by (wait for it!) Bruce Schneider! Sourceforge Site
-
Re:How to generate and remember complex passwords
So you basically have one password. If it's compromised in two versions, it's toast. That's fine for things like NY Times registration, but I wouldn't trust my Bank of America account to it.
I've given up trying to remember- I have no idea how many passwords I have. Some I use maybe once per yeaer. They're all in http://passwordsafe.sourceforge.net/
So I also have only one password, but I only use it in password safe. And I only use that on my machine (no keyboard loggers). -
Re:Bruce Schneier agrees
All these people are mentioning Password Manager, but I use Keyring for PalmOS (formerly "GNU Keyring"). This way, I can bring the
.PDB database with me in my handheld if I would like to take my passwords on the go, and running the app on a client machine isn't hard since there are a variety of Palm emulators out there for a variety of platforms.
So, you have an app that, by virtue of being on a portable emulated platform, is OS-portable as well. -
Re:widget setWhy are all these JavaScript UI libraries so darn ugly? I'm sorry, but I can't see many people writing rich applications with these. What is needed is something like Mozilla's XUL that runs on all browsers. The file layout can be a pain, but it really is a nice way to build applications using a browser and Javascript. Get AJAX functionality from JPSpan and you are set.
-matthew
-
Re:Bruce Schneier agrees
PasswordSafe is basically a GUI wrapped around an encrypted file such as you describe. Unfortunately, it's Win32 only, but there are a few portable solutions available.
-
Re:Password Safe is the answer
Or pwmanager for the linux users amongst us:
http://passwordmanager.sourceforge.net/
It uses blowfish to encrypt passwords too. -
Re:Object-relation databasesObject-relation databases
There is no such animal. There is such a thing as object/relational technology. Some common examples of this are hibernate and EJB. These are not alternatives to relational databases. Rather, they serve to persist objects to and from relational databases. They are built on top of relational databases. They do not replace relational databases.
Alternatives to relational databases are LDAP databases such as openLDAP, OLAP databases such as Hyperion, and XML databases like exist. None of these technologies will replace the relational database. It's more about using the right tool for the job. Relational databases work best with operational data. OLAP works best for planning and forecasting. Think of LDAP as a distributed hierarchical database.
Various relational database products have proprietary extensions that may confuse you into thinking that they are alternatives to relational databases. For example, there are extensions to SQL Server that make them seem to act more like OLAP or XML databases.
-
Password Safe
Pen and paper may provide you with an airgap from the internet, but it is also not very convenient. I would prefer someone use some sort of a password safe, remember only one very difficult password/phrase and make sure they change that often. http://passwordsafe.sourceforge.net/
-
Re:Bruce Schneier agrees
For Windows, see http://sourceforge.net/projects/passwordsafe originally from Bruce Schneier himself but then released on sourceforge.
-
Keepasshttp://keepass.sourceforge.net/
I can't re-iterate this enough.
A program like this with the database stored on a keydrive is ideal: your passwords can be as long as you like, cryptographically secure, and be different for all sites.
-
Re:Is it true?I had a similar incident where I had to give a presentation.
- I used "Impress Photo Album Creator" OOo macro to import a bunch of images and then save the presentation in a power point format.
- Worked on the presentation with Office XP (better templates and themes).
- I always remove the unique ID and trace features in Office XP Options before I save it.
- The conference room PC had MS Office 2003.When I went to present the thing, I kept receiving an error. I tried the back up copy on my USB drive and in my email with the same results. So While the "people" were waiting, I had to run to another PC, use OOo to save the presentation as a PDF file (and a SWF file as an additional backup), and then come back to make the presentation as a PDF file. The presentation went well, but I think that MS had included some blacklisting features which gives these errors. I know some people who had the same problem except in a large conference room where they had to present with out any projections! At first I thought that it was the fault of the presenter, or using Adaptec while burniing the CD, but when this happened to me, I knew that it is some nut engineer @ MS who wants us to use only MS products.
I learned my lesson. I was able to give my presentation in time, but from now on, I will install OOo at every PC I use.
Just a suggestion for some people who have ~ 100MB presentations, One can also use Power Point Viewer since it loads every slide as you are presenting.
-
Re:Is it true?I had a similar incident where I had to give a presentation.
- I used "Impress Photo Album Creator" OOo macro to import a bunch of images and then save the presentation in a power point format.
- Worked on the presentation with Office XP (better templates and themes).
- I always remove the unique ID and trace features in Office XP Options before I save it.
- The conference room PC had MS Office 2003.When I went to present the thing, I kept receiving an error. I tried the back up copy on my USB drive and in my email with the same results. So While the "people" were waiting, I had to run to another PC, use OOo to save the presentation as a PDF file (and a SWF file as an additional backup), and then come back to make the presentation as a PDF file. The presentation went well, but I think that MS had included some blacklisting features which gives these errors. I know some people who had the same problem except in a large conference room where they had to present with out any projections! At first I thought that it was the fault of the presenter, or using Adaptec while burniing the CD, but when this happened to me, I knew that it is some nut engineer @ MS who wants us to use only MS products.
I learned my lesson. I was able to give my presentation in time, but from now on, I will install OOo at every PC I use.
Just a suggestion for some people who have ~ 100MB presentations, One can also use Power Point Viewer since it loads every slide as you are presenting.
-
Re:typo
sounds like you guys need this: http://unxutils.sourceforge.net/
-
sometimes all you need is simple object store
.. like MAOS
-
Ask and ye shall receiveAnd behold there was a Great Light, and He saw that it was good.
Of course you do not want to blindly eval() source from client-side javascript. Duh.
The Python JSON parser I linked to is very small, very fast, and handles None/null and true/True for you.
I did, however, have to edit the parser. I've found that client-side javascript does not like single quoted values when eval'ing a json string, so I modified the Py-JSON parser to change all values to double quotes.
JSON is vastly superior for this task than XML parsing.
-
Re:Google isn't writing in Javascript
> what a pain in the ass to reverse engineer..
I recently used a tool I developed (http://libgmail.sourceforge.net/googlemaps/de_obf _helper.py) on the Gmail code. An example result of it being run on the Google Maps code can be seen here: (http://libgmail.sourceforge.net/googlemaps/maps.j s.html)
It's pretty rough and not exactly fast, but I've found it better than nothing. (The "Javascript Shell" bookmarklet is also indispensible for reverse engineering.)
--Phil. -
Re:Google isn't writing in Javascript
> what a pain in the ass to reverse engineer..
I recently used a tool I developed (http://libgmail.sourceforge.net/googlemaps/de_obf _helper.py) on the Gmail code. An example result of it being run on the Google Maps code can be seen here: (http://libgmail.sourceforge.net/googlemaps/maps.j s.html)
It's pretty rough and not exactly fast, but I've found it better than nothing. (The "Javascript Shell" bookmarklet is also indispensible for reverse engineering.)
--Phil. -
As a developer...... it has been great for some of my sites.
We've been able to add a "Live Search" to This food and nutrition database search that is extremely responsive (Swish++ used on the back end to conduct searches).
We've also used it over at celebrity flicker for when visitors add tags to celebrity images, bookmark images to their account, and add comments to the discussion. It allowed us to make an interface that did not break the back button functionality while doing significant activity on the current page.
The guys over at JPSPAN are to be commended for their work on an easy to use library that works well with PHP.
-
Re:Internet Darwinism
100%- Simply treat them ALL as phishes. There is NO legit reason why my bank (or whatever) would be emailing me, asking me to click a link in the email.
Besides, I don't have an account with any of those companies, so I know they are all false.
;-)100% correct. Even for companies I do have an account with, no reason there would ever be a link in an email I need to click. I do have one credit card set up to send me an email when the monthly statement is ready, but when I view that statement, I'll sure use my bookmark, not a link in the email.
Of course most phishing attempts are from companies I have no association with, so that's easy to catch. And 100% of phishing emails I get are filtered by SpamBayes.
-
Re:Choosing language
Client-Side scripting has always been in JavaScript or languages that look exactly like JavaScript
Or Java.
And a few niche browsers had alternatives (e.g. http://grail.sourceforge.net/ allowed client-side Python scripts), but none of them ever got anything approaching critical mass. -
this is good, and here's more material
For me, the crux of the usefulness and eventual adoption and finally complete embracing of AJAX lies in the article's paragraph:
Some of the buzz surrounding AJAX has been generated by Web designers as well as programmers. AJAX?s flexibility is invigorating for Web designers because JavaScript can control any aspect of any images or type on a page. Fonts can grow or shrink. Tables can add or lose lines. Colors can change. Although none of these capabilities are new to programmers accustomed to building client applications -- or, for that matter, Java applets -- they are novelties to Web designers who would otherwise be forced to rely on Macromedia (Profile, Products, Articles) Flash.
I've seen what Google has done with AJAX (e.g., Google suggest), and it's stuff I never imagined could be so repsonsive in a web context. For me it starts to make programming fun again, and web programming an acceptable form of application development.
When browsers and web first emerged I could see the writing on the wall, but I wasn't happy about it. Browser application writing from the programming perspective was probably the single most giant leap backwards in technology for me (not including technologies introduced by Microsoft)....: you mean, all the years I've spent honing skills writing applications no longer apply? You mean I no longer have "state" as a tool for maintaining sanity in my application???? Hwaahhh??? I have to do what to change the web page???
While there have been some technologies (ASP, JSP, etc) to help with these issues, none have addressed the responsiveness issue with the web page round trip message loop. AJAX comes close. Now all I have to do is learn it.
For a great example of the responsive nature of this (I've referenced this before), go to Google Personal Home, set up your own home page, and play... Configure your modules by dragging them around... open and close your g-mail previews. This all starts looking alot like programs actually running locally on your own machine. (I'm assuming all are familiar with and have played similarly with Google Maps.)
Additionally, here are some very good resources to learn more about AJAX:
- Very Dynamic Web Interfaces
- XMLHttpRequest Introduction
- An example
- Using the XML HTTP Request object
- Dynamic HTML and XML
- XMLHttpRequest API madness
- Sarissa
- JavaScript: The World's Most Misunderstood Programming Language
- What kind of language is XSLT?
That's it, I'm done.
-
this is good, and here's more material
For me, the crux of the usefulness and eventual adoption and finally complete embracing of AJAX lies in the article's paragraph:
Some of the buzz surrounding AJAX has been generated by Web designers as well as programmers. AJAX?s flexibility is invigorating for Web designers because JavaScript can control any aspect of any images or type on a page. Fonts can grow or shrink. Tables can add or lose lines. Colors can change. Although none of these capabilities are new to programmers accustomed to building client applications -- or, for that matter, Java applets -- they are novelties to Web designers who would otherwise be forced to rely on Macromedia (Profile, Products, Articles) Flash.
I've seen what Google has done with AJAX (e.g., Google suggest), and it's stuff I never imagined could be so repsonsive in a web context. For me it starts to make programming fun again, and web programming an acceptable form of application development.
When browsers and web first emerged I could see the writing on the wall, but I wasn't happy about it. Browser application writing from the programming perspective was probably the single most giant leap backwards in technology for me (not including technologies introduced by Microsoft)....: you mean, all the years I've spent honing skills writing applications no longer apply? You mean I no longer have "state" as a tool for maintaining sanity in my application???? Hwaahhh??? I have to do what to change the web page???
While there have been some technologies (ASP, JSP, etc) to help with these issues, none have addressed the responsiveness issue with the web page round trip message loop. AJAX comes close. Now all I have to do is learn it.
For a great example of the responsive nature of this (I've referenced this before), go to Google Personal Home, set up your own home page, and play... Configure your modules by dragging them around... open and close your g-mail previews. This all starts looking alot like programs actually running locally on your own machine. (I'm assuming all are familiar with and have played similarly with Google Maps.)
Additionally, here are some very good resources to learn more about AJAX:
- Very Dynamic Web Interfaces
- XMLHttpRequest Introduction
- An example
- Using the XML HTTP Request object
- Dynamic HTML and XML
- XMLHttpRequest API madness
- Sarissa
- JavaScript: The World's Most Misunderstood Programming Language
- What kind of language is XSLT?
That's it, I'm done.
-
Two useful diagnostic utilities
xlsfonts will list fonts available under the old X11 fonts system, and fc-list will list fonts available to Fontconfig.
xfontsel also has a fontconfig equivalent: gtk2fontsel. -
Re:Will they open up the APIs?
Like others have said, they've already opened up an API using XML Web services. Both for their TerraService product and their MapPoint product.
It's not a windows only thing either. Check out GMap, a GTK# based map program that runs under linux and windows. It uses the terraservice to overlay "satellite" data onto road data. -
Re:Why exactly..
One of the problems with your approach is that many of the big media standards are not open. We still haven't seen a large move to OGG. If you want to make your end-all media player, it's going to cost money to get the codecs. http://ffmpeg.sourceforge.net/
-
Re:Why exactly..
We should follow the Firefox paradigm and produce a much better Media Player for Windows under GPL or BSD-like license and support it as hard as we can
Some would say that Media Player Classic fits the bill :) -
Re:Wow...
Has google built an API to access these maps and to plot points on them, or have the developers of each of these hacks reverse-engineered the Google maps interface and figured out how to place stuff on them?
It would be the latter-- reverse engineering of the maps and Javascript Google uses to drive them.
Details at:
http://libgmail.sourceforge.net/googlemaps.html -
Re:The GPL isn't all that
First off, it's the "GNU GENERAL PUBLIC LICENSE", not the "Gnu Protective License". This mistake casts doubt on your knowledge of the subjects which you are discussing.
Aside from the fact that ext2 doesn't need to be defragmented in the first place ( https://www.redhat.com/archives/fedora-list/2003-D ecember/msg04120.html ) - which makes yours an understandable mistake, considering that you are used to working with a system as horribly untidy as Windows - there are indeed tools for doing just that ( http://e2fsprogs.sourceforge.net/ext2.html ).
Second, you need only make code changes available if the binaries are distributed - your lawyers are obviously not doing their job properly. Perhaps you hired divorce lawyers instead of ones trained in IP law? ( http://www.gnu.org/licenses/gpl.txt ) Aside from the fact that you don't have to in the first place, sharing your alterations with those who provided you the original source is still nothing more than a nice thing to do - If you put your changes in, and your competition does the same, then who comes out ahead?
If your lawyers were competent, they would realize that the GPL does not require that program output - such as a program compiled by GCC - be open sourced. ( http://www.gnu.org/licenses/gpl.txt ) It would appear that you are getting your information on linux and open source from Microsoft's propaganda campaign. Do you feel stupid for expecting the truth about linux from a competing vendor?
Microsoft's "Shared Source" license is one of the most draconian pieces of trash I'ce ever seen, and the GPL is Linux's strength. As for your mistaken claim that no companies use linux, I would like to cite some examples:
IBM and their linux initiative
Sony chose linux as the OS of choice for the PS2 AND PS3
Pixar uses Linux for it's rendering clusters
Chrysler is using Linux to simulate vehicle crashs
Linksys routers run Linux
Should I continue to cite examples from the endless string of major companies that rely on linux for matters critical to their very survival?
You, my good man, are both misinformed and completely lacking in a desire to learn the truth. -
Re:Oh No!
As long as they don't delay the next Vega Strike just to add unstable 'holes, I don't give a damn.
Well actually, I wouldn't mind that *wonders whether to make feature request*.
-
Re:Kinda stupid Ipod/Itunes question
There are other products which can support the iPod, depending on the OS you use. Not sure on the Mac but with regards Windows:
* With the normal iPods, there are various freeware apps including a good plugin for Winamp that let you control / update the iPod. Link for that here.
* With the iPod shuffle, you can download a small freeware app which allows you to just drag and drop MP3 / AAC files onto the player and run the app to rebuild the database on it - nice and easy :) Link for that here.
So no real need for iTunes unless you want to buy / convert music. -
Tripwire
Actually you can get this functionality already in a long standing Unix utility called Tripwire.
http://www.tripwire.com/
http://sourceforge.net/projects/tripwire/
There is even a Mac OS X version now it seems:
http://www.macguru.net/~frodo/Tripwire-osx.html
Of course you'd probably then want an OS that implements some form of relevant Mandatory Access Control / POSIX.1e (e.g. LIDS for Linux, Trusted Solaris, or Argus Pitbull (Linux/Solaris)) to help prevent the intruder from interfering with Tripwire itself. -
Re:What about a dual-mouse driverYes, I am going down the multiple mice route myself. I am using a nifty windows project called cpnmouse.
I just bought a few optical/usb mini mice from ebuyer (2 quid each) to make myself a 3DOF trackball. I am using a marble mouse shell and was hoping I could put in the mice guts inside... that's going to take a bit of thinking, eventhough the mice are "mini", the optical bits inside are quite big. Good news is that the mice have no problem detecting the black dots on the ball.
I first tried the trackball as a 2DOF device and I can see it working quite well with 3DOF (when I'm done with the glue gun
;). The way you manipulate the ball in a trackball is quite different from a space ball: you keep rotating the ball until you're done. From what I gather, the spaceball acts more like a joystick (push - wait - stop pushing).
This is for a medical application, so I don't care much for the 3 translations, just the 3 rotations (and as I say, I did get away with 2).With 3 rotations though, you can do something quite cool.
Glue a little disk on the ball for your index finger to rest on and you get something in between a joy and knob: the index finger gently controls the axis of rotation while your other fingers do the rotation around the locked axis. If this were a professional bit of kit, you could have a ball with a few evenly spaced dips and your finger would rest in one of the dip (you would then reset the rotation axis with the main mouse). -
Tux Racer?
That "tech demo" looks a lot like Tux Racer.
-
Re:Repeat after me: QuickTime is NOT a codec!
i suggest Media Player Classic
-
Re:Prospective Node-op Concerns"You are responsible for what passes through your system, end of story"
Frankly i do not understand how Tor is in any way better than Mute or Ants.
Tor network reached 100 servers recently. it means that there are 100 IP addresses which are needed to be blocked to shutdown the whole network.
i must say that Websense blocks about 10K websites related to proxy severs. Websense blocks lists of Proxys, commercial proxys like anonymizer and open source projects like HTTPTunnel. What prevents any government or ISP to block 100 IPs ? The following screenshot was taken a couple of minutes ago http://larytet.sourceforge.net/betaTesting/websen
s e_Tor.PNGi truly do not understand all the fuss about the application. With all respect to EFF, i think it was wrong to choose one application among may be 10 others. I will put it bluntly - i think EFF makes mistake encouraging this or that specific project.
-
Re:The defunct Freedom Network had a good idea" Zero Knowledge systems made their anonymizng network pseudonymous instead of truly anonymous"
Identification server in the Rodi network solves the same problem. Publisher (seed) in Rodi should establish relationships with bouncers. Private and public keys can be used to recognize trusted publishers. Bouncer adds routing rule manually according to explicit request from the publisher. see also http://larytet.sourceforge.net/userManual.shtml#h
o wdoesitbesecure -
Podcasting does not require an iPod
How much more mac does there need to be in the world? Back in the good ol' days we used to call this sort of thing archiving (! The wiki page doesn't even contain the word, so I must really be extinct by now). Pretty soon we'll just get pod-ears (tm) and then we will never have to listen to another moment of unscheduled audio... EVER!
Streamripper is a great way to archive your own content if your broadcaster of choice can't afford to serve what you want on demand. -
Re:What about the jerks?"That's the price of freedom: preserving it comes at a cost,"
not neccessary. Bouncers do not always come together with spam. see http://larytet.sourceforge.net/rodiAnonymity.shtm
l -
Re:Surprises?
"If I want RAID, it would be for the redundancy and spanning multiple drives, not speed."
For spanning multiple drives I think you want LVM.
That wont do much for redundancy, tho. With LVM spanning multiple disks, the loss of any single disk means the loss of all data on all disks. If you value your data at all, sw raid-5 is a good way to make sure it doesnt all get lost from a single failure. Oh, and for anyone looking to set up a linux software raid, evms is the tool to use - its much easier then the old mess of config files and command line tools. -
no need to guessWhy guess when translation is available. If you don't parle Google Toolbar Translation, you can go here: http://www.translation-guide.com/free_online_tran
s lators.php?from=Norwegian&to=EnglishWhile not perfect it backs your mindre as small.
If that's not good enough try deductive reasoning, such as:
- K/sec is good, therefore "storre et bedre" is something like "bigger is better".
- "mindre" is not "storre" and must mean something different. "CPU last" is most likely CPU load, read all about it here: bonnie docs.
What's clear to me is that ordinary SCSI kicks SATA ass, software or hardware. If you want to be cheap, buy used equipment from ebay or pricewatch. Works for me.