Toby is the way to go.. tabs and bookmarks: https://www.gettoby.com/

I have noticed that everyone that has expressed deep concern to me about drone spying seems to have little to not a care in the world about digital mass surveillance. Based on this correlation, I wonder if, amusingly, this list may be a great way to identify easy targets for digital identity theft.

Seriously though, when I think of the resulting abuses from the do-not-call registry idea, where for a nominal fee, marketers could get a full list of these active, valued phone numbers, I can't help thinking of the abuses. What does this group of people have in common, and can that be leveraged with political messaging in support of a particular state or federal party?

I'm not going to speculate on how many people will refer to the registry while logging their drone's flight plan with the FAA.

Not to be a nitpicker, but that site looks like a cheesy rip-off of Apple... Why do companies insist on doing this? Be original. Personally, I like the Asus laptops with a Costco return policy. 2 years only, but no hassle.

Look at this picture, particularly the bezel right below the screen, reflecting the keyboard... what is with all that warping????
http://www.system76.com/product_images/serval-8f6a631ac4a249b.png

Addendum (also, this problem is not just bad because of the password hash exposure):
You could argue that brute forcing passwords is not the most common approach. For example, harvesting a million accounts and walking away with the passwords that can be cracked through an efficient "smart dictionary" attack, and abandoning the other ones, is probably bar far the most common harvesting strategy.

It's sort of like putting a club on your car.. It's not that they can't steal your car... but there's an easy to steal one next to yours.

So having a hash+salt with SHA-512, and a secure password? If you have a cryptographically strong password, this is a low severity aspect of the problem. The other issue is being able to use the same dscl subsystem to *change* passwords, under certain circumstances, without using credentials. If you can change the logged-in user's password, su to them, sudo /bin/sh, and then reinstall the old salt/hash into the compromised account, you can effectively root the box without damaging the target user's credentials.

For the record: I really thought that champagne cooler was empty.

In 1997, right after Chips n' Dips had faded away, to be replaced by the enigmatically named http:///..org, all of us free software nerds hung on its every story, comment and poll like it was carved on tablet and flung from a burning bush. A year later I had started at hardware maker VA Research and /. was falling down for lack of machinery, so we rummaged through our returns piles and sent Rob and Jeff some 2u servers to help out. That was for me the beginning of some of the most important friendships in my adult life.

Its hard to explain how important Slashdot was to all of us 10 years ago. Indeed, without it it would be hard to imagine HN, Reddit, Digg, Fark or any of a thousand lesser sites. The editorial perspective of Rob and the other editors of /. is what kept people coming back and for a long time that perspective was Rob's, then Rob and Jeff and a bunch of us (some, like Timothy and samzenpus, still around!), but then Jeff left, now Rob. In some way I see this as a passing of an era in free software.

Throughout, while some have left for those greener shores, slashdot abided even while buffeted by the markets and the de/evolving internet news world, and it has remained a default tab in my and many others' browsers.

I didn't mean this post to be about Slashdot though, but about my friend Rob. I'll only say that while the site will be the lessor for you leaving, I firmly believe that computer science will gain my. While this note reads like an epitaph or the last pages of a book, it is really no more than a thank you note from me and many I know to your for your decade+ of work on the site. So...

Thanks.

Sorry, but Theora is still not as high quality as later codecs. That hasn't changed. But I was very happy to fund this work out of my group.

Hey, the fellows in netops asked me to clarify for you folks here's the story:

1e100.net is a Google-owned domain name used to identify the servers in our network. Following standard industry practice, we make sure each IP address has a corresponding hostname. Starting in October 2009, we started using a single domain name to identify our servers across all Google products, rather than use different product domains such as youtube.com, blogger.com, and google.com. We did this for two reasons: first, to keep things simpler, and second, to proactively improve security by protecting against potential threats such as cross-site scripting attacks. Most typical Internet users will never see 1e100.net, but we picked we picked a Googley name for it just in case (1e100 is scientific notation for 1 googol).

So there you go!

If you head over to LWN, we've already gone back and forth on this a bit. http://lwn.net/Articles/372419/. The short form is that if they don't like how we use the kernel, we're unlikely to be accepted upstream. It's all still released as source code to the world, but the mainline is not interested in most of what we've with to the kernel.

Windows 2000 did this flawlessly in 1999. My powerbook did it flawlessly in 2002.

My Ubuntu 9.10 and Gnome XFCE desktops still cannot do this properly today.

X is needed for many things in enterprise... SPECTRUM, polling, whatever. Great. Run X when you need it, use something that isn't a terrible piece of junk the rest of the time.

It's time to bin X.

-db