They're late comers to this party: We already have community repos. Chocolatey and BoxStarter. Why would we need OneGet?

It's Internet Explorer vs Netscape all over again :)

Let's change that up slightly, to use 3715 bits out of the 7104 available, approximately 50%:

• E-mail address = 40 bytes
• Social Security Number binary encoded - 9 digits = 29 bits.
• Health Insurance Provider Name - 16 alphanumeric characters = 12 bytes
• Health Plan ID - Encoded 6 bits per symbol 8 symbols = 48 bits.
• ZIP CODE of City of birth = 15 bits
• GPS Latitude and Longitude of current primary workplace (two 32-bit floats) = 64 bits
• Employer company name - 16 alphanumeric characters (encoded 6 bits per character) = 12 bytes
• Driver's License Number - 10 digits = 32 bits.
• Driver's license State (number from 00 to 49)= 6 bits
• Driver's license Expiration date (Number of days Since Jan 1, 1970) = 15 bits
• Current vehicle license plate 9 alphanumeric characters (encoded 6 bits per character) = 54 bits
• Current vehicle VIN number 17 alphanumeric characters (encoded 6 bits per character) = 102 bits
• Job Title - 16 alphanumeric characters = 12 bytes
• Annual Income in US Dollars - 1 to 14 digits = 47 bits
• Mother's maiden name (max: 20 characters) = 15 bytes
• Date of birth = 15 bits
• Telephone number with area code - 10 digits = 34 bits
• Full name - Encoded using 6 bits per character, Uppercase alphabetic characters, digits, spaces, field separator, and NULs only 50 characters = 37 bytes
• ZIP CODE of Previous residence = 15 bits
• Date moved into current residence = 15 bits
• ZIP CODE of Current residence = 15 bits
• GPS Latitude and Longitude of current residence (two 32-bit floats) = 64 bits
• Street name and house number of current resident Address (6 bits per character ) = max 20 bytes
• Apartment number or suite number = max 20 bytes
• Bank1 - Account number = 29 bits
• Bank1 - Routing number 12 digits = 37 bits
• Bank2 - Account number = 29 bits
• Bank2 - Routing number 12 digits = 37 bits
• Credit card 1 - primary account number - 12 digits = 37 bits
• Credit card 1 - CVV number - 3 digits = 10 bits
• Credit card 1 - Track 1 data 79 alphanumeric characters = 60 bytes
• Credit card 1 - Track 2 data 40 digits = 17 bytes
• Credit card 2 - primary account number - 12 digits = 37 bits
• Credit card 2 - CVV number - 3 digits = 10 bits
• Credit card 2 - Track 1 data 79 alphanumeric characters = 60 bytes
• Credit card 2 - Track 2 data 40 digits = 17 bytes
• Credit card 3 - primary account number - 12 digits = 37 bits
• Credit card 3 - CVV number - 3 digits = 10 bits
• Credit card 3 - Track 1 data 79 alphanumeric characters = 60 bytes
• Credit card 3 - Track 2 data 40 digits = 17 bytes

No... that was just Theo's excuse. He called OpenSSL's memory allocation strategy an "exploit mitigation countermeasure."

Actually, that was just a side effect, and what OpenSSL does that "counteracted" the defense is extremely common in software and software libraries.

It's also generally a good idea as far as performance is concerned ---- and with a library such as SSL which needs to process network traffic (HTTPS, for example); adequate performance is pretty darned important.

They run the plate and get the vehicle description. If it matches, odds are its not stolen or switched plates. If it doesn't match, they boot it or tow it.

Towing requires time and dispatch of the proper equipment. They'll probably just find the VIN somewhere else or break in in some manner.

If it's switched plates and they boot it, the boot can likely be removed in about 2 minutes by picking the lock then using a standard ratchet + spark plug socket. Clamps could also be taken off pretty quickly with a hand drill and a $1.00 grinding wheel or a hammer and chisel to cut through some spot welds in the design of these things, but the city authorities might try and bring up some bullshit about "damage" to city property that had to be done by the owner in order to expeditiously recover the essential use of their vehicle.

I'd have a hard time finding it. It'd require me to read the car manual to check on the location of it.

The police know where the manufacturers put the number, which include some additional locations outside and beneath the vehicle which can be read with a flashlight or optically scanned.

But they are all less convenient for the officer than looking down at the dash, or forcing entry to read it off the door frame or pop the hood to read one of the plates off the engine block, major vehicle components, or one of the other dozens of locations where extra hidden VIN plates are placed.

46.2-1074 https://leg1.state.va.us/cgi-b...

Perhaps because, in the USA, don't you physically change the licence plate every year?

No.... the plate is easily removable, and someone could steal it or swap an incorrect or forged plate there, but every year or 2 years you get a new special little sticker to attach to a corner your plate to show the new registration expiration date.

They'll just break out the drill if you make it too hard to pick quickly. Or the screwdriver. It's amazing what a long-handled flat-bladed screwdriver will do to your average pin/wafer tumbler lock...

I suggest the use of a lever tumbler lock design with some defense of the lock surface using hard plate steel containing tungsten-carbide chips, randomization of placement, and false drill points where an entering drill will pierce a pressurized bladder triggering separate re-locking mechanisms to prevent the car from being started or the door from being opened.

Keep your VIN number covered up.

Obstructing VIN = Violation of the law, possible Ticket.

Sufficient probable cause for police to force entry into the vehicle to investigate.

Suspicion of car theft, may result in you being detained.

"Any person who, individually or in association with one or more others, knowingly removes, changes, alters, or conceals any motor number, serial, or other identification number, decal or device affixed to a motor vehicle, trailer, semitrailer or motor vehicle part as required by federal law without the consent of the Department, shall be guilty of a Class 6 felony."

The problem is lost keys. There has to be a mechanism for an automotive dealer or manufacturer to replace lost keys, and it has to function without the original key.

No there doesn't.... they can have a frickin' lock control module mated to the keys which must be physically removed and replaced with a new unit paired to new keys, like various manufacturers have been doing with the immobilizer chips since the 2000s.

The "recovery" mechanism should involved forced entry.

Alternatively... a backup traditional lock on the trunk or a door that can be picked by a qualified locksmith but requires such skill that no ordinary thief could achieve it.

The only reason for needing to know if the police are nearby is if one is a criminal and/or thinking of doing something criminal.

False. This is nothing more than an assumption or your opinion stated as if it were a fact. Someone might want to do something that is perfectly legal, but may be perceived as suspicious or likely to draw ire of the police.

They might also want to know when police are operating nearby so they know to pull out their camera phone and look for something interesting.

They might also like to know what areas police are frequenting, so they can stick to those areas for their protection against thugs, or avoid those areas for protection against vigilante police thugs.

Whatever

Yes, there is also a 5th amendment issue; your bank's debt obligation to you in the form of your bank balance is property, not a thing which may be necessary to be seized in order to investigate a crime; the only reason to want to take someone's $$$ from a bank is to cause harm; hardship, intimidation, and coercion:

nor shall any person be subject for the same offense to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law

If pwncloud.com wasn't registered by one of those folks just parking domains who probably picked up the domain to try and sell it for $20,000 or so, it would be a cool name for a fork of Owncloud.

I guess in theory, it could also be the name a pentesting service could call their product if they specialize in pentesting services running on cloud-based infrastructure.

Not getting updates for features is perfectly fine. What is a problem is not getting security fixes, and having the security team of Canonical not caring at all about that.

I don't know about you, but if I maintain software; i'm shipping the security fixes and other bug fixes with the combined update. You don't get to pick and choose "security updates but no feature enhancements"

I'm a big fan of how Firefox and others don't have separate major releases nowadays. And no "maintaining old branches"

I vote the software author should provide an update to the Debian package though. The "update" should generate PROMINENT WARNINGS for the user that their software is out of date, that the debian packages are no longer being maintained, and FOLLOW THE FOLLOWING INSTRUCTIONS to switch from a .DEB managed installation to a .TAR.GZ managed installation.