Maintaining packages in this manner is a lot of work. At the end of the day, most contributors only work on a handful of packages and don't consider the possible breakage of other packages. One or two people end up doing all the cleanup work. This happens in the BSD community all the time. For instance, if you look at the recent issues in FreeBSD when PNG was updated or the new debate about X.org 7.7 coming into the tree. FreeBSD's approach to ports is great when you want up-to-date software, but the maturity found in NetBSD's pkg-src or even OpenBSD's model sounds a bit more like what OpenSUSE is looking for.
The sad thing is that this boring job is done for every distribution separately. Imagine how much developer time would be saved if someone could figure out how to make (tested) packaging work across distributions.
Children can break anything. Why not get something that's cheap to replace?
...especially leopards.
Before buying anything find out exactly how easy it is to get hold of and fit a new leopard. Some brands sell leopards online directly to consumers and they pop right out if you know exactly where to press, others need you to disassemble the entire machine and put together a purchase order before they'll even bother to find somebody to talk to who knows the correct order code.
PS: I've been through the mill on this one. I usually replace laptop leopards right after purchase to get rid of the icky local leopard layout.
I like it when the online-ordered leopards pop right out.
If they contribute back to the main trunk, then I think all is well.
The double edged sword of the BSD License. I'm sure they will probably contribute back but unlike the GPL there is nothing legally to compel them to.
How does the GPL legally force people to contribute to the trunk? The source must be released, sure. But that doesn't mean you need to create patches, integrate, or even communicate in any way with the developers working on the trunk.
This fork appears to be open source anyway.
It does not legally force people. But one customer is enough to let the cat out of the bag. So the company might as well.
More important I think is the update path. If upstream introduces a feature, you have to merge, making it very hard to keep up-to-date if you don't push your changes upstream. If OpenBSD is active enough and downstream wants those changes, they will also try to push their changes into OpenBSD -- it just makes things easier. In the case of the Linux kernel, it is just plainly impossible to keep a independent version.
Check out the Collusion plugin from Mozilla if you want to see for yourself who is tracking you and the relationships between them. Has a nice graphical overview.
http://www.mozilla.org/en-US/collusion/
(Un)fortunately the graph is very boring if you already run Ghostery.
When you say "grow your economy" you mean investing from debt (taking more credits). Some countries already have difficulties paying their rates.
As you mentioned Greece as an example -- they have a problem with corruption and tax evasion. That can't be solved by throwing more money at it. Greece is not really comparable to Japan.
You have to distinguish two cases:
a) Collisions of hashes -- two documents have the same hash, and you can alter a document, but it will still have the same hash.
b) The hashing algorithm is insecure (not one-directional) for passwords, i.e. you can reconstruct the original password.
If the algorithm is susceptible to a), as were the attacks you mention, this does not mean anything for the password security! You don't want to create an alternate password that has the same hash as the password you already have. Additionally, you have length limitations with passwords you do not have for collisions.
Of course, susceptibility of hash algorithms to a) and b) is weakly correlated, but just because people understand the algorithm better.
Specifically, what are the drawbacks of storing md5 hashed password? Except for rainbow tables that can be produced for any algorithm and are evaded by salts.
I wouldn't choose MD5 for designing a new system, but I think understanding the difference is important. This has some similarity to using ridiculous key lengths for public-key encryption.
The article is arguing that MD5 and SHA1 are just to fast to compute rainbow-tables once the attacker has the salt, and algorithms that require more computations should be preferred. Should thus PBKDF2 be chosen for hashing documents? No, because a) and b) are different problems with different requirements.
One drawback of BitTorrent is that it is meant for static, large files. RSS integration into bittorrent clients can help, but it's still not a good publishing mechanism. Plus you need quite a few people (or a dedicated seed box) to get it going. For your case it wouldn't be better than pushing to a web server.
The answer also depends on who you want it to view it, and how the access should be. rsync script is probably easiest.
Monocultures are not good --- and not as robust as the mix that was there before. There will be fewer animals living in a forest that is constantly disturbed.
" They'll definitely give domestic political groups a whole new world of dirty tricks to play."
As if they didn't have them before?
The implication is they didn't use them before. The US government is saying now "We're using cyberattacks, and that's cool" (or "We are cyberterrorists" if you prefer escalated language). If the other countries don't respond with an outcry and demand consequences -- like what would happen if the US bombed a factory in another country -- that becomes legitimized.
However, for the case of Stuxnet this is a bad analogy -- it's more like if the US managed to replace the parts in a delivery with bad/broken parts that delayed progress -- not intruding sovereignity and requiring some incompetence of the other side along the way. And they have actually done this before. So it's not such a big change.
Why would anyone place critical hardware on the internet? I'm going to assume by now that Iran has figured out that the US is trying to sabotage their equipment. You would think that Iran would take any sensitive equipment offline and avoid applying any patches from foreign sources.
Have you been sleeping during the past coverage of Stuxnet, and the analysis by researchers? Stuxnet was introduced using infected USB sticks.
THOMAS may only allow 1 bill at a time, but there are only so many bills before Congress. Download them one at a time and make an external database. Host that site yourself.
It would be nice to see a git-tree of legislations (revision history, diffs, who wrote what line when). I'm not expecting governments to do that, but it might be insightful and interesting.
The point is, people knew Andromeda was coming towards us at x km/s. But that is only the tangential component (towards us). It might have also flown at x km/s to the right at the same time, going 45 past us.
Now people observed the speed of Andromeda on the sky (a painstaking measurement). As it turns out, Andromeda will not miss our Galaxy. That was kind of expected from the masses of galaxies in our local group -- Andromeda and the Milky Way have the same mass and are much larger than all the others, so they should attract each other most.
I'd like to know where this black hole came from. Was there some random star floating through space, which died, and then it started gobbling up everything? Including our galaxy (which will eventually fall in). Or maybe the superblackhole was a previous galaxy from ~25 billion years ago that fell into itself?
To my knowledge it is currently unknown how those massive black holes (millions of solar masses) form originally. We know they form very early in the universe (1Gyrs after the big bang, our universe is ~14Gyrs old). Do they come from many stars? Were stars in those early times extremely massive? Is there some way of growing black holes very fast? Those are open questions in Astrophysics... you are welcome to join in:)
What makes a black hole dormant? Lack of gamma ray jets... ?
Lack of gas and dust streaming in. The disk + torus the infalling gas produces while accreting produces all the radiation we see from black holes in active galactic nuclei (AGN). Another side effect are the jets that you can see in radio frequencies (although not in all AGN.
As for the EU: I agree with the other poster they'll just pass ACTA later as some other form (probably through the unelected politburo or apparatchiks).
What a bunch of bullshit. If the Netherlands put criteria into their constitutions that prohibit ACTA-like legislations, it will be impossible to introduce it, unless you have a large majority to retract the amendment to the constitution. http://www.bbc.com/news/technology-13886440
Look how the EU overruled the French Assembly's banning of GM foods within its juris diction.
That's not what happened. France asked the EU to also apply their ban EU-wide, which was declined, as most other states allow it and there is no evidence was provided that that particular food being harmful. GM is prohibited or restricted in plenty of European countries. In fact, https://en.wikipedia.org/wiki/Regulation_of_the_release_of_genetic_modified_organisms#Europe starts with "The European Union (EU) has possibly the most stringent GMO regulations in the world.", a thorn in the eyes of the US. If there had been evidence of harm, it would have stood a chance of being prohibited EU-wide.
The EU countries agreed that ACTA was a good idea, now they (or some) realise it isn't, so they have to find a way to retract from their agreement. But if you come together, agree and shake hands, and later change your mind, you better have a process to re-negotiate.
That is true on the one side inside the EU, but also if the EU now finds that they want to decline ACTA, they have to retract their signature they gave to the other countries in the world (again, process needed).
EU countries are doing better than those countries around the world that agreed to ACTA, as they managed to get a discussion going and get momentum of their citizens. It very much looks like ACTA is going to be declined, because our politicians (state and EU level) see and react to what the citizens want.
The 25 nations are not even states anymore. They are EU provinces. They have less power than a US state. Sad, sad times for our European cousins.
Do US states have their own army? Do they have diplomatic relations with foreign countries? Do they sign trade agreements with foreign countries? What happens if one US state doesn't implement or follow the legislation given by the federation?
US states are more like the counties in Germany than countries. EU legislation (actually directives) rarely does more than summarize common laws between countries, and then it is voted for by those countries, not some foreign entity.
Since Iran support/sponsors terrorists and has enough nuclear material to make an estimated five nuclear weapons (although the material may be slightly too crude to weaponize at the moment),
I'd bet the malware was developed either in Israel or the USA...probably Israel with USA support. This could create problems but I think this is a good move.
I think you should work on your premise there. I don't know which terrorists you speak of. The US and Isreal support terrorists ("freedom fighters") when it is in their interest. Both have large amounts of nuclear weapons. Aren't you applying double standards here? How do you know Iran are the evil guys here (just because they are being portrayed as such in the media)? Iranian leadership is whacky, but it isn't warmongering.
Why is the assassination of Iranian nuke scientists - assuming that they were working on a nuclear missile program - a bad idea from the POV of the Israelis, assuming that the idea was theirs?
Even under that POV, it is a bad idea if you want Iran to open their nuclear production sites. If you first ask for access for the IAEA, get documents and visits to sites, then the names on the papers get leaked from the UN to Isreal to Mossad and people get murdered -- how should Iran proceed under this threat? Should they just continue providing access indefinitely? Until they prove their innocence (something that is understood to be impossible in any western legal system)?
Assassinations destroy trust. Only in a very short-sighted view can they be seen as a good thing. (Same applies for torture)
Slashdot Mirror
Maintaining packages in this manner is a lot of work. At the end of the day, most contributors only work on a handful of packages and don't consider the possible breakage of other packages. One or two people end up doing all the cleanup work. This happens in the BSD community all the time. For instance, if you look at the recent issues in FreeBSD when PNG was updated or the new debate about X.org 7.7 coming into the tree. FreeBSD's approach to ports is great when you want up-to-date software, but the maturity found in NetBSD's pkg-src or even OpenBSD's model sounds a bit more like what OpenSUSE is looking for.
The sad thing is that this boring job is done for every distribution separately. Imagine how much developer time would be saved if someone could figure out how to make (tested) packaging work across distributions.
Children can break anything. Why not get something that's cheap to replace?
...especially leopards.
Before buying anything find out exactly how easy it is to get hold of and fit a new leopard. Some brands sell leopards online directly to consumers and they pop right out if you know exactly where to press, others need you to disassemble the entire machine and put together a purchase order before they'll even bother to find somebody to talk to who knows the correct order code.
PS: I've been through the mill on this one. I usually replace laptop leopards right after purchase to get rid of the icky local leopard layout.
I like it when the online-ordered leopards pop right out.
https://userscripts.org/scripts/show/128626
https://xkcd.com/1031/
If they contribute back to the main trunk, then I think all is well.
The double edged sword of the BSD License. I'm sure they will probably contribute back but unlike the GPL there is nothing legally to compel them to.
How does the GPL legally force people to contribute to the trunk? The source must be released, sure. But that doesn't mean you need to create patches, integrate, or even communicate in any way with the developers working on the trunk.
This fork appears to be open source anyway.
It does not legally force people. But one customer is enough to let the cat out of the bag. So the company might as well.
More important I think is the update path. If upstream introduces a feature, you have to merge, making it very hard to keep up-to-date if you don't push your changes upstream. If OpenBSD is active enough and downstream wants those changes, they will also try to push their changes into OpenBSD -- it just makes things easier. In the case of the Linux kernel, it is just plainly impossible to keep a independent version.
Check out the Collusion plugin from Mozilla if you want to see for yourself who is tracking you and the relationships between them. Has a nice graphical overview.
http://www.mozilla.org/en-US/collusion/
(Un)fortunately the graph is very boring if you already run Ghostery.
When you say "grow your economy" you mean investing from debt (taking more credits). Some countries already have difficulties paying their rates.
As you mentioned Greece as an example -- they have a problem with corruption and tax evasion. That can't be solved by throwing more money at it. Greece is not really comparable to Japan.
You have to distinguish two cases:
a) Collisions of hashes -- two documents have the same hash, and you can alter a document, but it will still have the same hash.
b) The hashing algorithm is insecure (not one-directional) for passwords, i.e. you can reconstruct the original password.
If the algorithm is susceptible to a), as were the attacks you mention, this does not mean anything for the password security! You don't want to create an alternate password that has the same hash as the password you already have. Additionally, you have length limitations with passwords you do not have for collisions.
Of course, susceptibility of hash algorithms to a) and b) is weakly correlated, but just because people understand the algorithm better.
Specifically, what are the drawbacks of storing md5 hashed password? Except for rainbow tables that can be produced for any algorithm and are evaded by salts.
I wouldn't choose MD5 for designing a new system, but I think understanding the difference is important. This has some similarity to using ridiculous key lengths for public-key encryption.
The article is arguing that MD5 and SHA1 are just to fast to compute rainbow-tables once the attacker has the salt, and algorithms that require more computations should be preferred. Should thus PBKDF2 be chosen for hashing documents? No, because a) and b) are different problems with different requirements.
pam has always been a mystery to me. Similar to where in Linux the code is that handles switching between TTYs (Ctrl-Alt-Fn).
Way to school Microsoft on their own technology!
Perhaps those are the fruits of the Novell/Microsoft collaboration dedicated to enhanced interoperability ...
One drawback of BitTorrent is that it is meant for static, large files. RSS integration into bittorrent clients can help, but it's still not a good publishing mechanism. Plus you need quite a few people (or a dedicated seed box) to get it going. For your case it wouldn't be better than pushing to a web server.
The answer also depends on who you want it to view it, and how the access should be. rsync script is probably easiest.
Monocultures are not good --- and not as robust as the mix that was there before. There will be fewer animals living in a forest that is constantly disturbed.
" They'll definitely give domestic political groups a whole new world of dirty tricks to play."
As if they didn't have them before?
The implication is they didn't use them before. The US government is saying now "We're using cyberattacks, and that's cool" (or "We are cyberterrorists" if you prefer escalated language). If the other countries don't respond with an outcry and demand consequences -- like what would happen if the US bombed a factory in another country -- that becomes legitimized.
However, for the case of Stuxnet this is a bad analogy -- it's more like if the US managed to replace the parts in a delivery with bad/broken parts that delayed progress -- not intruding sovereignity and requiring some incompetence of the other side along the way. And they have actually done this before.
So it's not such a big change.
(Child) pornography on the internet is a arousal addiction -- you always need new different ( http://www.ted.com/talks/zimchallenge.html ).
This demand is met by some supply, which makes children (somewhere) suffer. But /. cannot even accept child pornography is a problem.
Why would anyone place critical hardware on the internet? I'm going to assume by now that Iran has figured out that the US is trying to sabotage their equipment. You would think that Iran would take any sensitive equipment offline and avoid applying any patches from foreign sources.
Have you been sleeping during the past coverage of Stuxnet, and the analysis by researchers? Stuxnet was introduced using infected USB sticks.
We have this discussion every now and then on slashdot, but if you think about it for a while, it is pretty obvious why it wouldn't work.
Justice is not a set of instructions. That law is interpreted by humans and can change in practice over time is a good thing.
THOMAS may only allow 1 bill at a time, but there are only so many bills before Congress. Download them one at a time and make an external database. Host that site yourself.
It would be nice to see a git-tree of legislations (revision history, diffs, who wrote what line when). I'm not expecting governments to do that, but it might be insightful and interesting.
The sec in parsec refers to a angle on the circle (what is the radius when one arc second is 1 AU?).
The point is, people knew Andromeda was coming towards us at x km/s. But that is only the tangential component (towards us). It might have also flown at x km/s to the right at the same time, going 45 past us.
Now people observed the speed of Andromeda on the sky (a painstaking measurement). As it turns out, Andromeda will not miss our Galaxy. That was kind of expected from the masses of galaxies in our local group -- Andromeda and the Milky Way have the same mass and are much larger than all the others, so they should attract each other most.
Anyone want to start taking bets as to when a copy of uTorrent or Transmission will deem you as a part of the botnet?
Don't forget that folding@home is also basically a big botnet.
So is Skype. Which shows that peer-to-peer will not be outlawed.
Just what we need -- more plastic in the ocean! Now everybody can do it.
Shouldn't that read NOAA instead of NASA at the end of the article?
I'd like to know where this black hole came from. Was there some random star floating through space, which died, and then it started gobbling up everything? Including our galaxy (which will eventually fall in). Or maybe the superblackhole was a previous galaxy from ~25 billion years ago that fell into itself?
To my knowledge it is currently unknown how those massive black holes (millions of solar masses) form originally. We know they form very early in the universe (1Gyrs after the big bang, our universe is ~14Gyrs old). Do they come from many stars? Were stars in those early times extremely massive? Is there some way of growing black holes very fast? ... you are welcome to join in :)
Those are open questions in Astrophysics
We know that merging galaxies should combine their black holes but also grow them (more gas infall) -- but nobody knows how two black holes merge ( https://en.wikipedia.org/wiki/Binary_black_hole#The_final-parsec_problem ).
What makes a black hole dormant? Lack of gamma ray jets... ?
Lack of gas and dust streaming in. The disk + torus the infalling gas produces while accreting produces all the radiation we see from black holes in active galactic nuclei (AGN). Another side effect are the jets that you can see in radio frequencies (although not in all AGN.
There is actually a gas cloud falling in in these decades, so we might see our black hole light up. http://www.nature.com/nature/journal/v481/n7379/abs/nature10652.html
Link (in there) doesn't work anymore, and I can't find it.
As for the EU: I agree with the other poster they'll just pass ACTA later as some other form (probably through the unelected politburo or apparatchiks).
What a bunch of bullshit. If the Netherlands put criteria into their constitutions that prohibit ACTA-like legislations, it will be impossible to introduce it, unless you have a large majority to retract the amendment to the constitution. http://www.bbc.com/news/technology-13886440
Look how the EU overruled the French Assembly's banning of GM foods within its juris diction.
That's not what happened. France asked the EU to also apply their ban EU-wide, which was declined, as most other states allow it and there is no evidence was provided that that particular food being harmful. GM is prohibited or restricted in plenty of European countries. In fact, https://en.wikipedia.org/wiki/Regulation_of_the_release_of_genetic_modified_organisms#Europe starts with "The European Union (EU) has possibly the most stringent GMO regulations in the world.", a thorn in the eyes of the US.
If there had been evidence of harm, it would have stood a chance of being prohibited EU-wide.
The EU countries agreed that ACTA was a good idea, now they (or some) realise it isn't, so they have to find a way to retract from their agreement. But if you come together, agree and shake hands, and later change your mind, you better have a process to re-negotiate.
That is true on the one side inside the EU, but also if the EU now finds that they want to decline ACTA, they have to retract their signature they gave to the other countries in the world (again, process needed).
EU countries are doing better than those countries around the world that agreed to ACTA, as they managed to get a discussion going and get momentum of their citizens. It very much looks like ACTA is going to be declined, because our politicians (state and EU level) see and react to what the citizens want.
The 25 nations are not even states anymore. They are EU provinces. They have less power than a US state. Sad, sad times for our European cousins.
Do US states have their own army? Do they have diplomatic relations with foreign countries? Do they sign trade agreements with foreign countries? What happens if one US state doesn't implement or follow the legislation given by the federation?
US states are more like the counties in Germany than countries. EU legislation (actually directives) rarely does more than summarize common laws between countries, and then it is voted for by those countries, not some foreign entity.
Since Iran support/sponsors terrorists and has enough nuclear material to make an estimated five nuclear weapons (although the material may be slightly too crude to weaponize at the moment),
I'd bet the malware was developed either in Israel or the USA...probably Israel with USA support. This could create problems but I think this is a good move.
I think you should work on your premise there. I don't know which terrorists you speak of. The US and Isreal support terrorists ("freedom fighters") when it is in their interest. Both have large amounts of nuclear weapons. Aren't you applying double standards here? How do you know Iran are the evil guys here (just because they are being portrayed as such in the media)? Iranian leadership is whacky, but it isn't warmongering.
Why is the assassination of Iranian nuke scientists - assuming that they were working on a nuclear missile program - a bad idea from the POV of the Israelis, assuming that the idea was theirs?
Even under that POV, it is a bad idea if you want Iran to open their nuclear production sites. If you first ask for access for the IAEA, get documents and visits to sites, then the names on the papers get leaked from the UN to Isreal to Mossad and people get murdered -- how should Iran proceed under this threat? Should they just continue providing access indefinitely? Until they prove their innocence (something that is understood to be impossible in any western legal system)?
Assassinations destroy trust. Only in a very short-sighted view can they be seen as a good thing. (Same applies for torture)