Btw, the article you linked says it's actually md5(md5(password)+salt).
From Debian 7 release notes:
"Therefore, browsers built upon the webkit, qtwebkit and khtml engines are included in Wheezy, but not covered by security support. These browsers should not be used against untrusted websites. For general web browser use we recommend browsers building on the Mozilla xulrunner engine (Iceweasel and Iceape) or Chromium."
Maybe they are selling 2 TB drives as 1 TB drives that keep a history of old data and then profit from the recovery services?
Openjdk has its own browser plugin.
Are there any open source facebook clients? Pidgin uses XMPP for facebook chat but it doesn't support "multi chat" and more importantly it does not let me read messages that I missed when I was offline.
https://pagekite.net/ seems to be 36 EUR for one year.
CUPS-PDF is a hack. It requires the print server to be able to write files to your home directory.
At least in Debian the "print to file" option has offered PDF support for ages.
The largest practical advantage is auditing in the case where you have multiple administrators.
At least here (sonera.fi) the contract explicitly allows servers for "regular home usage".
Afaik hurd-i386 has never been an official port. The only official non-Linux ports are kfreebsd-i386 and kfreebsd-amd64. -- http://www.debian.org/ports/
When you sign an image you actually just first calculate a hash of the image and then sign that hash. It is easy to send the hash to the TPM. The key does not need to exit the TPM at any point.
It would be nice if ssh could enforce this and refuse to connect if you try to break the policy.
* ROOT account: No logins, create another account which can only be locally logon to, which can sudo. Password 16 chars, potentially automatically rotating. Possibly also having 2 factor authentication. You can trivially create this step by even creating a PHP Script as the shell
The only advantage of this is that it is harder to guess the username?
* Watch logins: More than 2-5 failed logins, shut the system down immediately using "magic" SYSRQ, wrong username? Instantly
Sounds like a nice way to disable your system remotely
* Full disk encryption, on top of which potentially using a bit obscure filesystem to make it that much harder to break. The required data should have 2nd level encryption unless doing that creates a potential attack vector on the first level encryption
How does the machine boot after a power outage?
Fortunately gcc has support for the expected style (using the -gnatyy flag).
procedure hello is
hello.adb:1:06: (style) bad casing of "Ada" declared at ada.ads:16
hello.adb:1:10: (style) bad casing of "Text_IO" declared at a-textio.ads:48
hello.adb:2:05: (style) bad casing of "Ada" declared at ada.ads:16
hello.adb:2:09: (style) bad casing of "Text_IO" declared at a-textio.ads:48
hello.adb:6:05: (style) bad indentation
hello.adb:6:05: (style) bad casing of "Put_Line" declared at a-textio.ads:263