Privacy

India To Add Facial Authentication For Its Aadhaar Card Security (reuters.com) 19

India will build facial recognition into its national identity card in addition to fingerprints after a series of breaches in the world's biggest biometric identification programme, the government said on Monday. From a report: A local newspaper reported this month that access to the "Aadhaar" database which has identity details of more than 1 billion citizens was being sold for just $8 on social media. The Unique Identification Authority of India (UIDAI), which issues the identity cards, said it would add face recognition software as an additional layer of security from July. Card holders will be required to match their photographs with that stored in the data base for authentication in addition to fingerprints and iris scans, the agency said in a statement.
Government

Will Facial Recognition in China Lead To Total Surveillance? (washingtonpost.com) 122

schwit1 shares a new Washington Post article about China's police and security state -- including the facial recognition cameras allow access to apartment buildings. "If I am carrying shopping bags in both hands, I just have to look ahead and the door swings open," one 40-year-old woman tells the Post. "And my 5-year-old daughter can just look up at the camera and get in. It's good for kids because they often lose their keys." But for the police, the cameras that replaced the residents' old entry cards serve quite a different purpose. Now they can see who's coming and going, and by combining artificial intelligence with a huge national bank of photos, the system in this pilot project should enable police to identify what one police report, shared with The Washington Post, called the "bad guys" who once might have slipped by... Banks, airports, hotels and even public toilets are all trying to verify people's identities by analyzing their faces. But the police and security state have been the most enthusiastic about embracing this new technology.

The pilot in Chongqing forms one tiny part of an ambitious plan, known as "Xue Liang," which can be translated as "Sharp Eyes." The intent is to connect the security cameras that already scan roads, shopping malls and transport hubs with private cameras on compounds and buildings, and integrate them into one nationwide surveillance and data-sharing platform... At the back end, these efforts merge with a vast database of information on every citizen, a "Police Cloud" that aims to scoop up such data as criminal and medical records, travel bookings, online purchase and even social media comments -- and link it to everyone's identity card and face.

Programming

Erroneous 'Spam' Flag Affected 102 npm Packages (npmjs.org) 84

There was some trouble last weekend at the world's largest package repository. An anonymous reader quotes the official npm blog: On Saturday, January 6, 2018, we incorrectly removed the user floatdrop and blocked the discovery and download of all 102 of their packages on the public npm Registry. Some of those packages were highly depended on, such as require-from-string, and removal disrupted many users' installations... Within 60 seconds, it became clear that floatdrop was not a spammer -- and that their packages were in heavy use in the npm ecosystem. The staffer notified colleagues and we re-activated the user and began restoring the packages to circulation immediately. Most of the packages were restored quickly, because the restoration was a matter of unsetting the deleted tombstones in our database, while also restoring package data tarballs and package metadata documents. However, during the time between discovery and restoration, other npm users published a number of new packages that used the names of deleted packages. We locked this down once we discovered it, but cleaning up the overpublished packages and inspecting their contents took additional time...

In cases where the npm staff accepts a user's request to delete a package, we publish a replacement package by the same name -- a security placeholder. This both alerts those who had depended on it that the original package is no longer available and prevents others from publishing new code using that package name. At the time of Saturday's incident, however, we did not have a policy to publish placeholders for packages that were deleted if they were spam. This made it possible for other users to publish new versions of eleven of the removed packages. After a thorough examination of the replacement packages' contents, we have confirmed that none was malicious or harmful. Ten were exact replacements of the code that had just been removed, while the eleventh contained strings of text from the Bible -- and its publisher immediately contacted npm to advise us of its publication.

They're now implementing a 24-hour cooldown on republication of any deleted package names -- and are also updating their review process. "As a general rule, the npm Registry is and ought to be immutable, just like other package registries such as RubyGems and crates.io... However, there are legitimate cases for removing a package once it has been published. In a typical week, most of the npm support team's work is devoted to handling user requests for package deletion, which is more common than you might expect. Many people publish test packages then ask to have them deprecated or deleted. There also is a steady flow of requests to remove packages that contain contain private code that users have published inadvertently or inappropriately."
Businesses

Pandora CEO Roger Lynch Wants To Create the Podcast Genome Project (variety.com) 19

Janko Roettgers, reporting for Variety: Pandora's new CEO Roger Lynch has big plans for podcasts: Lynch told Variety on the sidelines of CES in Las Vegas Thursday that he wants to create "the equivalent of the podcast genome project" as the company plans to add many more podcasts to its catalog. Lynch, who joined Pandora as president and CEO in September, said that the company is working on a deep integration of podcasts that will allow users of the service to easily browse and discover new shows. Describing these efforts as a kind of podcast genome project is a nod to Pandora's Music Genome Project -- a massive database of dozens of musical attributes for every single song in the company's music library that is being used to compile stations and aid discovery. Pandora is also looking to offer podcasters monetization options that will be superior to the current state of podcast advertising. Currently, many podcasters still rely on ads that they read themselves on air, Lynch said. "It is not the most effective advertising model."
Government

Snowden Joins Outcry Against World's Biggest Biometric Database (bloomberg.com) 36

Former U.S. intelligence-contractor-turned whistleblower Edward Snowden joined critics of India's digital ID program as the nation's top court is due to decide on its legality. From a report: Snowden on Tuesday tweeted in support of an Indian journalist who faces police charges after she reported that personal details of over a billion citizens enrolled in the program could be illegally accessed for just $8 paid through a digital wallet. Named Aadhaar, the program is backed by the world's biggest biometric database, which its operator Unique Identification Authority of India, or UIDAI, says wasn't breached. Snowden tweeted, "The journalists exposing the Aadhaar breach deserve an award, not an investigation. If the government were truly concerned for justice, they would be reforming the policies that destroyed the privacy of a billion Indians. Want to arrest those responsible? They are called @UIDAI."
Intel

Linus Torvalds Says Intel Needs To Admit It Has Issues With CPUs (itwire.com) 271

troublemaker_23 shares an article from ITWire: Linux creator Linus Torvalds has had some harsh words for Intel in the course of a discussion about patches for two bugs that were found to affect most of the company's processors... Torvalds was clearly unimpressed by Intel's bid to play down the crisis through its media statements, saying: "I think somebody inside of Intel needs to really take a long hard look at their CPUs, and actually admit that they have issues instead of writing PR blurbs that say that everything works as designed... Or is Intel basically saying 'we are committed to selling you shit forever and ever, and never fixing anything'?" he asked. "Because if that's the case, maybe we should start looking towards the ARM64 people more."
Elsewhere Linus told ZDNet that "there's no one number" for the performance drop users will experience after patches. "It will depend on your hardware and on your load. I think 5 percent for a load with a noticeable kernel component (e.g. a database) is roughly in the right ballpark. But if you do micro-benchmarks that really try to stress it, you might see double-digit performance degradation. A number of loads will spend almost all their time in user space, and not see much of an impact at all."
Security

Personal Data of a Billion Indians Sold Online For $8, Report Claims (theguardian.com) 74

Michael Safi, reporting for The Guardian: The personal information of more than a billion Indians stored in the world's largest biometric database can be bought online for less than $8, according to an investigation by an Indian newspaper. The reported breach is the latest in a series of alleged leaks from the Aadhaar database, which has been collecting the photographs, thumbprints, retina scans and other identifying details of every Indian citizen. The report in the Chandigarh-based Tribune newspaper claimed that software is also being sold online that can generate fake Aadhaar cards, an identity document that is required to access a growing number of government services including free meals and subsidised grain. The Unique Identification Authority of India (UIDAI), which administers the Aadhaar system, said it appeared the newspaper had accessed only limited details through a search facility that had been made available to government officials.
Bug

'Kernel Memory Leaking' Intel Processor Design Flaw Forces Linux, Windows Redesign (theregister.co.uk) 416

According to The Register, "A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug." From the report: Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in this month's Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December. Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features -- specifically, PCID -- to reduce the performance hit. Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated -- the flaw is in the Intel x86 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or buy a new processor without the design blunder. Details of the vulnerability within Intel's silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft's Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but comments in the source code have been redacted to obfuscate the issue. The report goes on to share some details of the flaw that have surfaced. "It is understood the bug is present in modern Intel processors produced in the past decade," reports The Register. "It allows normal user programs -- from database applications to JavaScript in web browsers -- to discern to some extent the contents of protected kernel memory. The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI."
IBM

Blockchain Brings Business Boom To IBM, Oracle, and Microsoft (fortune.com) 94

An anonymous reader quotes Fortune's new report on blockchain: Demand for the technology, best known for supporting bitcoin, is growing so much that it will be one of the largest users of capacity next year at about 60 data centers that IBM rents out to other companies around the globe. IBM was one of the first big companies to see blockchain's promise, contributing code to an open-source effort and encouraging startups to try the technology on its cloud for free. That a 106-year-old company like IBM is going all in on blockchain shows just how far the digital ledger has come since its early days underpinning bitcoin drug deals on the dark web. The market for blockchain-related products and services will reach $7.7 billion in 2022, up from $242 million last year, according to researcher Markets & Markets.

That's creating new opportunities for some of the old warships of the technology world, companies like IBM and Microsoft Corp. that are making the transition to cloud services. And products that had gone out of vogue, such as databases sold by Oracle Corp., are becoming sexy again... In October, Oracle announced the formation of Oracle Blockchain Cloud Service, which helps customers extend existing applications like enterprise-resource management systems. A month earlier, rival SAP SE said clients in industries like manufacturing and supply chain were testing its cloud service. And on Nov. 20, Microsoft expanded its partnership with consortium R3 to make it easier for financial institutions to deploy blockchains in its Azure cloud. Big Blue, meanwhile, has been one of key companies behind the Hyperledger consortium, a nonprofit open-source project that aims to create efficient standards for commercial use of blockchain technology.

A Juniper Research survey found six in 10 larger corporations are considering blockchain, according to the article, which adds that blockchain "is increasingly being tested or used by companies such as Wal-Mart Stores Inc. and Visa Inc. to streamline supply chain, speed up payments and store records."

And because of blockchain's popularity, the CEO of WinterGreen Research predicts that 55% of large companies with over 1,000 employees will use the cloud rather than their own data centers within five years -- up from 17% today.
Security

300,000 Users Exposed In Ancestry.com Data Leak (threatpost.com) 43

Dangerous_Minds shares a report from ThreatPost: Ancestry.com said it closed portions of its community-driven genealogy site RootsWeb as it investigated a leaky server that exposed 300,000 passwords, email addresses and usernames to the public internet. In a statement issued over the weekend, Chief Information Security Officer of Ancestry.com Tony Blackham said a file containing the user data was publicly exposed on a RootsWeb server. On Wednesday, Ancestry.com told Threatpost it believed the data was exposed on November 2015. The data resided on RootsWeb's infrastructure, and is not linked to Ancestry.com's site and services. Ancestry.com said RootsWeb has "millions" of members who use the site to share family trees, post user-contributed databases and host thousands of messaging boards. The company said RootsWeb doesn't host sensitive information such as credit card data or social security numbers. It added, there are no indications data exposed to the public internet has been accessed by a malicious third party. The company declined to specify how and why the data was stored insecurely on the server. "Approximately 55,000 of these were used both on RootsWeb and one of the Ancestry sites, and the vast majority of those were from free trial or currently unused accounts. Additionally, we found that about 7,000 of those password and email address combinations matched credentials for active Ancestry customers," Blackham wrote.
Twitter

A Reporter Built a Bot To Find Nazi Sock Puppet Accounts. Twitter Banned the Bot and Kept the Nazis (nytimes.com) 648

Yair Rosenberg, writing for the New York Times: I asked my own Twitter followers whether it might be possible to create a bot that would reply to these impostors and expose their true nature to any users they tried to fool. Neal Chandra, a talented developer in San Francisco whom I've never met, replied, "I can try to throw something together this evening." And so, after a week of testing, Impostor Buster was born. Using a crowdsourced database of impersonator accounts, carefully curated by us to avoid any false positives, the bot patrolled Twitter and interjected whenever impostors tried to insinuate themselves into a discussion (Editor's note: the link may be paywalled). Within days, our golem for the digital age had become a runaway success, garnering thousands of followers and numerous press write-ups. Most important, we received countless thank-yous from alerted would-be victims. The impersonator trolls seethed. Some tried changing their user names to evade the bot (it didn't work). Others simply reverted to their openly neo-Nazi personas. A few even tried to impersonate the bot, which was vastly preferable from our perspective and rather amusing. Twitter sided with the Nazis. In April, the service suspended Impostor Buster without explanation and reinstated it only after being contacted by the ADL's cyber-hate team. Over the next few months, we fine-tuned the bot to reduce its tweets and avoid tripping any of Twitter's alarms. As the trolls continued to report the bot to no avail, we thought the problem was resolved. But we were wrong. This month, Twitter suspended the bot again, and this time refused to revive it.
Software

FBI Software For Analyzing Fingerprints Contains Russian-Made Code, Whistleblowers Say (buzzfeed.com) 174

schwit1 shares an exclusive report via BuzzFeed: The fingerprint-analysis software used by the FBI and more than 18,000 other U.S. law enforcement agencies contains code created by a Russian firm with close ties to the Kremlin, according to documents and two whistleblowers. The allegations raise concerns that Russian hackers could gain backdoor access to sensitive biometric information on millions of Americans, or even compromise wider national security and law enforcement computer systems. The Russian code was inserted into the fingerprint-analysis software by a French company, said the two whistleblowers, who are former employees of that company. The firm -- then a subsidiary of the massive Paris-based conglomerate Safran -- deliberately concealed from the FBI the fact that it had purchased the Russian code in a secret deal, they said. The Russian company whose code ended up in the FBI's fingerprint-analysis software has Kremlin connections that should raise similar national security concerns, said the whistleblowers, both French nationals who worked in Russia. The Russian company, Papillon AO, boasts in its own publications about its close cooperation with various Russian ministries as well as the Federal Security Service -- the intelligence agency known as the FSB that is a successor of the Soviet-era KGB and has been implicated in other hacks of U.S. targets.

Cybersecurity experts said the danger of using the Russian-made code couldn't be assessed without examining the code itself. But "the fact that there were connections to the FSB would make me nervous to use this software," said Tim Evans, who worked as director of operational policy for the National Security Agency's elite cyberintelligence unit known as Tailored Access Operations and now helps run the cybersecurity firm Adlumin. The FBI's overhaul of its fingerprint-recognition technology, unveiled in 2011, was part of a larger initiative known as Next Generation Identification to expand the bureau's use of biometrics, including face- and iris-recognition technology. The TSA also relies on the FBI fingerprint database.

China

Facial Recognition Algorithms -- Plus 1.8 Billion Photos -- Leads to 567 Arrests in China (scmp.com) 168

"Our machines can very easily recognise you among at least 2 billion people in a matter of seconds," says the chief executive and co-founder of Yitu. The South China Morning Post reports: Yitu's Dragonfly Eye generic portrait platform already has 1.8 billion photographs to work with: those logged in the national database and you, if you have visited China recently... 320 million of the photos have come from China's borders, including ports and airports, where pictures are taken of everyone who enters and leaves the country. According to Yitu, its platform is also in service with more than 20 provincial public security departments, and is used as part of more than 150 municipal public security systems across the country, and Dragonfly Eye has already proved its worth. On its very first day of operation on the Shanghai Metro, in January, the system identified a wanted man when he entered a station. After matching his face against the database, Dragonfly Eye sent his photo to a policeman, who made an arrest. In the following three months, 567 suspected lawbreakers were caught on the city's underground network. The system has also been hooked up to security cameras at various events; at the Qingdao International Beer Festival, for example, 22 wanted people were apprehended.

Whole cities in which the algorithms are working say they have seen a decrease in crime. According to Yitu, which says it gets its figures directly from the local authorities, since the system has been implemented, pickpocketing on Xiamen's city buses has fallen by 30 per cent; 500 criminal cases have been resolved by AI in Suzhou since June 2015; and police arrested nine suspects identified by algorithms during the 2016 G20 summit in Hangzhou. Dragonfly Eye has even identified the skull of a victim five years after his murder, in Zhejiang province.

The company's CEO says it's impossible for police to patrol large cities like Shanghai (population: 24,000,000) without using technology.

And one Chinese bank is already testing facial-recognition algorithms hoping to develop ATMs that let customers withdraw money just by showing their faces.
Science

The Science That's Never Been Cited (nature.com) 91

An anonymous reader quotes a report from Nature: One widely repeated estimate, reported in a controversial article in Science in 1990, suggests that more than half of all academic articles remain uncited five years after their publication. Scientists genuinely fret about this issue, says Jevin West, an information scientist at the University of Washington in Seattle who studies large-scale patterns in research literature. After all, citations are widely recognized as a standard measure of academic influence: a marker that work not only has been read, but also has proved useful to later studies. Researchers worry that high rates of uncitedness point to a heap of useless or irrelevant research. In reality, uncited research isn't always useless. What's more, there isn't really that much of it, says Vincent Lariviere, an information scientist at the University of Montreal in Canada.

To get a better handle on this dark and forgotten corner of published research, Nature dug into the figures to find out how many papers actually do go uncited (explore the full data set and methods). It is impossible to know for sure, because citation databases are incomplete. But it's clear that, at least for the core group of 12,000 or so journals in the Web of Science -- a large database owned by Clarivate Analytics in Philadelphia, Pennsylvania -- zero-citation papers are much less prevalent than is widely believed. Web of Science records suggest that fewer than 10% of scientific articles are likely to remain uncited. But the true figure is probably even lower, because large numbers of papers that the database records as uncited have actually been cited somewhere by someone.
"The new figures [...] suggest that in most disciplines, the proportion of papers attracting zero citations levels off between five and ten year after publication, although the proportion is different in each discipline," the report adds. "Of all biomedical-sciences papers published in 2006, just 4% are uncited today; in chemistry, that number is 8% and in physics, it is closer to 11%. In engineering and technology, the uncitedness rate of the 2006 cohort of Web of Science-indexed papers is 24%, much higher than in the natural sciences."
Databases

Searchable Database of 1.4 Billion Stolen Credentials Found On Dark Web (itworldcanada.com) 72

YVRGeek shares a report from IT World Canada: A security vendor has discovered a huge list of easily searchable stolen credentials in cleartext on the dark web, which it fears could lead to a new wave of cyber attacks. Julio Casal, co-founder of identity threat intelligence provider 4iQ, which has offices in California and Spain, said in a Dec. 8 blog his firm found the database of 1.4 billion username and password pairs while scanning the dark web for stolen, leaked or lost data. He said the company has verified at least a group of credentials are legitimate. What is alarming is the file is what he calls "an aggregated, interactive database that allows for fast (one second response) searches and new breach imports." For example, searching for "admin," "administrator" and "root" returned 226,631 passwords of admin users in a few seconds. As a result, the database can help attackers automate account hijacking or account takeover. The dump file was 41GB in size and was found on December 5th in an underground community forum. The total amount of credentials is 1,400,553,869.
Security

A Popular Virtual Keyboard App Leaks 31 Million Users' Personal Data (zdnet.com) 65

Zack Whittaker, writing for ZDNet: Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app's developer failed to secure the database's server. The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world. But the server wasn't protected with a password, allowing anyone to access the company's database of user records, totaling more than 577 gigabytes of sensitive data. The database appears to only contain records on the app's Android users.
Republicans

Valuable Republican Donor Database Breached -- By Other Republicans (politico.com) 73

Politico reports: Staffers for Senate Republicans' campaign arm seized information on more than 200,000 donors from the House GOP campaign committee over several months this year by breaking into its computer system, three sources with knowledge of the breach told Politico... Multiple NRSC staffers, who previously worked for the NRCC, used old database login information to gain access to House Republicans' donor lists this year. The donor list that was breached is among the NRCC's most valuable assets, containing not only basic contact information like email addresses and phone numbers but personal information that could be used to entice donors to fork over cash -- information on top issues and key states of interest to different people, the names of family members, and summaries of past donation history... Donor lists like these are of such value to party committees that they can use them as collateral to obtain loans worth millions of dollars when they need cash just before major elections...

"The individuals on these lists are guaranteed money," said a Republican fundraiser. "They will give. These are not your regular D.C. PAC list"... The list has helped the NRCC raise over $77 million this year to defend the House in 2018... Though the House and Senate campaign arms share the similar goal of electing Republican candidates and often coordinate strategy in certain states, they operate on distinct tracks and compete for money from small and large donors.

Long-time Slashdot reader SethJohnson says the data breach "is the result of poor deprovisioning policies within the House Republican Campaign Committee -- allowing staff logins to persist after a person has left the organization."

NRCC officials who learned of the breach "are really pissed," one source told the site.
Mozilla

Mozilla Releases Open Source Speech Recognition Model, Massive Voice Dataset (mozilla.org) 58

Mozilla's VP of Technology Strategy, Sean White, writes: I'm excited to announce the initial release of Mozilla's open source speech recognition model that has an accuracy approaching what humans can perceive when listening to the same recordings... There are only a few commercial quality speech recognition services available, dominated by a small number of large companies. This reduces user choice and available features for startups, researchers or even larger companies that want to speech-enable their products and services. This is why we started DeepSpeech as an open source project.

Together with a community of likeminded developers, companies and researchers, we have applied sophisticated machine learning techniques and a variety of innovations to build a speech-to-text engine that has a word error rate of just 6.5% on LibriSpeech's test-clean dataset. vIn our initial release today, we have included pre-built packages for Python, NodeJS and a command-line binary that developers can use right away to experiment with speech recognition.

The announcement also touts the release of nearly 400,000 recordings -- downloadable by anyone -- as the first offering from Project Common Voice, "the world's second largest publicly available voice dataset." It launched in July "to make it easy for people to donate their voices to a publicly available database, and in doing so build a voice dataset that everyone can use to train new voice-enabled applications." And while they've started with English-language recordings, "we are working hard to ensure that Common Voice will support voice donations in multiple languages beginning in the first half of 2018."

"We at Mozilla believe technology should be open and accessible to all, and that includes voice... As the web expands beyond the 2D page, into the myriad ways where we connect to the Internet through new means like VR, AR, Speech, and languages, we'll continue our mission to ensure the Internet is a global public resource, open and accessible to all."
Businesses

Amazon: Heat From Data Centers Will Be Used as a Furnace (vox.com) 52

Vox reports on Amazon's recent push for "corporate sustainability": It plans to have 15 rooftop solar systems, with a total capacity of around 41 MW, deployed atop fulfillment centers by the end of this year, with plans to have 50 such systems installed by 2020. Amazon was the lead corporate purchaser of green energy in 2016. That year, it also announced its largest wind energy project to date, the 253 MW Amazon Wind Farm Texas. Overall, the company says, it has "announced or commenced construction on wind and solar projects that will generate a total of 3.6 million megawatt hours (MWh) of renewable energy annually."
But here's the most interesting part. GeekWire reports: Amazon is moving ahead with a unique plan to use heat generated from data centers in the nearby Westin Building to warm some of its new buildings downtown. The system transfers the heat from the data centers via water piped underground to the Amazon buildings. The water is then returned to the Westin Building once it's cooled down to help cool the data centers. The setup will be unusual. "Certainly there are other people using waste heat from server farms but you don't hear a lot about tying it in with buildings across the street from each other," said Seattle City Councilmember Mike O'Brien.
Censorship

Hitler Quote Controversy In the BSD Community 500

New submitter Seven Spirals writes: Recently, the FreeBSD folks have removed Fortune with a fairly predictable far right 4chan condemnation. Then last weekend saw a lively debate on NetBSD's current-users mailing list about the inclusion of Hitler quotes in the Fortune database with dozens of posts falling on the left and right. The quotes themselves are fairly tame material probably intended as cautionary. However, the controversy and the reaction of BSD users has been real and very diverse. So far, the result has been to pull Fortune out of FreeBSD and to relocate the quotes into the "offensive" database in NetBSD's case.

Slashdot Top Deals