Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Build timestamps mess this up (Score 1) 130

Why would a lot of code need to be "fixed" just because someone anally retentive wants deterministic builds? If they truly care they can LD_PRELOAD fake date/time libs.

The reason for deterministic builds is to allow those of us who want to use binaries from our distros for convenience sake verify that the binary is actually built from the source it claims to be from. It only takes a few people actually doing it to confirm things are good for all of us.

Basically it lets the lazy masses gain the same level of confidence in what they're running as those who compile everything from source.

I thought this problem was solved a long time ago by the bitcoin developers w/ gitian.

Bitcoin solved it as far as they needed for their own purposes, this project aims to solve it sufficiently to be generally applicable across the entire Debian operating system. The goal is that the entire Debian binary package repository could be audited by anyone who cares to do it. Obviously if it's generic enough to cover all of Debian the same techniques should be usable pretty much across the entire computing world.

Comment Re: Build timestamps mess this up (Score 1) 130

I know this is Slashdot and all, but you really should RTFA. Again that's covered and a variety of solutions are offered, but you are basically right in that doing this right requires that those things all be the same where they're used.

The tricky part here is determining in which cases those sorts of macros are actually required and thus must be worked around versus where they can be replaced with something else to achieve the same goal (replacing time/datestamped builds with git commit IDs for example) versus where they were just pointless (embedding the hostname of the build machine in to the binary for example).

Comment Re:Build timestamps mess this up (Score 4, Informative) 130

Pages 6 and 7 of the PDF linked cover time-related issues and basically agree, anything that builds time/date in to the binary is a problem that needs to be fixed.

Git revision on the other hand is a recommended solution, since it points at a specific state of the code and will always be the same if the code is unchanged.

Comment Re:This seems like a job for Virtual Box (Score 4, Insightful) 130

On the otherhand I don't quite understand why, if one can compile the source, one needs to worry about untrusted binaries. Perhaps the intent here is for some master agency to watch for tinkered binaries or to post it's own Checksums apart from Debian. Then everyone has two sources for validated checksums.

Almost right, except without the master agency. This isn't for the incredibly paranoid types who would already be compiling from source. This is for the rest of us, the lazy people who would rather "apt-get install foo" and just assume the distro's doing things right. If the builds are reproducible then eventually someone's going to verify them. If no variations are discovered, the rest of us lazy masses can be a lot more confident that we're not running anything unexpected.

Comment Re: Uninstall would be nice (Score 1) 80

Or at least disable. Some of these apps don't even let you disable them. I know that doesn't actually free up any space if you just disable, but uninstalling doesn't help so much either because these preinstalled apps are on the /system partition, and removing them doesn't give you any more space on your /data partition.

Actually it can, sometimes. The copy in /system is undeletable to a normal Android system, but that also means it can't be updated. Where do the updates for these apps go? /data of course.

That said I'm pretty sure stock Android allows you to remove updates for those apps and regain that space, but I'm not 100% sure since I haven't run a stock Android system in years.

Comment Re: Uninstall would be nice (Score 1) 80

"easy". "need to know what you're doing".

Does not compute.

Riding a bicycle is easy, but you still need to know what you're doing.
Driving a car is easy, but you still need to know what you're doing.
etc, etc.

There are plenty of things we do every day that are really easy once you know what you're doing, but can be incredibly intimidating to someone who's never done it.

Comment Simple... (Score 1) 373

This one's really easy. Don't buy a car where the core system is internet connected unless you're confident in its security.

The Fiat/Chrysler hack was insane, the result of a total disregard for security.

The Tesla "hack" barely deserves being called that as it requires physical access to the car's data bus to work. Pretty much every car on the market these days is "vulnerable" to that, but it's stupid to worry about because that's like saying your brake system is "vulnerable" to being cut.

Likewise with the Corvette.

I wish the fucking stupid media would stop publicizing any of these that require installing extra hardware in to the car as if they actually mattered.

Comment Re:More practical.... (Score 1) 90

"Most common 1000 words" is great for making a point.

Far more practical would be using a vocabulary that almost all 10-year-old native speakers can read and that a vast majority of non-native speakers who have spent the last few years living in a English-speaking environment (that is, an environment that pretty much forces you to learn to speak and read English at a basic level in order to survive).

I would expect this to be far more than 1000 words.

I believe the idea is based on the Simple English Wikipedia which suggests sticking to the same top 1000 common words where possible. Now your same point may apply there, I can't find an actual justification for the recommended limit other than the basic thought that "it's simpler", but it's not unprecedented.

Comment Re:But... but? (Score 2) 172

LOL ... who the hell still has access to usenet feeds?

Usenet is alive and well with some nice automated tools that handle all the processing of downloads and even download things for you. Search "NZB" and have fun. I just tell my home server what I want to watch and it handles the rest for me.

Comment Re:linux hard to install and use for desktop users (Score 3, Informative) 187

I have to strongly disagree. I've been using Linux-based OSes intermittently since around the time 2.2 was released and have run some of my machines exclusively on Debian or its derivatives since 2004. It used to be a pain to deal with, particularly multimedia and WiFi drivers, but these days it's almost guaranteed that more will work out of the box on Ubuntu than does on a fresh Windows install.

My current laptop is 100% functional on Ubuntu 12.04 or newer with no messing around required. WiFi works, GPU works, SD reader works, etc. My home-built desktop requires a slightly newer distro to support accelerated graphics out of the box and still depends on binary drivers to get useful 3D performance thanks to its Geforce 970 graphics, but otherwise is also fully supported. Both of those require a pile of drivers to work fully even on the latest beta versions of Windows, some of which are very hard to find thanks to OEM-only components where the vendors don't provide standalone downloads. The closest I got in either case to going out of my way for Linux compatibility is choosing nVidia graphics over AMD, but in both cases I'd have done the same even for a Windows-only box because they simply had the better offerings.

I haven't been required to even go as far as dropping to the command line or editing a config file to get something working in years. The last time I had to do anything like that was back when VDPAU was a new thing and I was trying to get a XBMC running with hardware video decoding and HDMI audio output on a fairly new nVidia graphics card. nVidia's ALSA support was pretty flaky at the time so every kernel update required recompiling a few things to get sound back.

I still do tend to use consoles and config files to set things up the way I like them because I know what I'm doing and can get it done faster, but it's in no way required. If I was setting up a new PC for my grandmother I'd probably use Ubuntu rather than Windows because she could do everything on the internet exactly the same as she currently does but wouldn't be able to fuck it up by clicking on every stupid popup she gets.

Comment Re:Not me (Score -1, Flamebait) 172

I am still using XP (32 bit)

And this is where anyone who knows anything should stop caring what you have to say.

Congratulations, you're still using an OS with known security problems that will never be fixed because it's been unsupported for over a year, after the end of support was dragged on much longer than originally intended because corporate users are terrible at planning ahead.

Also still using a 32 bit OS means that either your computer is an ancient piece of trash with <4GB RAM or you're intentionally using an OS that can never utilize your hardware.

May all your PUSHes be POPped.