I have a sourceforge project. All I did was pull down the repo to another location and run a diff on my working repo and the one I pulled down. There were no unexpected differences. I'm struggling to see why this is so hard to understand. It's simple to figure out if your project has changed in an unexpected way. It also easy to overwrite the repository on the sourceforge server with a clean one if you are suspicious.

Seriously, an attack this public will not catch out many projects. And I fail to see how someone would be able to "prove" that a project stole code when it's been made so public that SF was compromised. Just that fact would cast a huge amount of doubt over that sort of claim. Especially when one of the developers hands over an untainted version from their home machine for inspection.

Um...each developer will have a working copy on their local machine. This is most likely to be the last known good version. A quick diff will show up the changes that they've recently made and they can verify that the differences are valid. It's really not that complicated.

If someone wants to go through the trouble of hacking the version control to the point it can propagate to the developers machine, stop them from reverting changes that may have been pulled down just before the repositories were locked down, I'm pretty sure they'd be smart enough to break into sourceforge without making such a big mess and alerting everyone. We can go around with increasingly unlikely scenarios forever but the fact is, a quick check is all that's realistically required.

It's simple for the devs, now alerted to a potential compromise, to just branch the repo and do a quick diff between the last known good revision and the one on the server. I doubt a big public attack is going to compromise many projects and those it does manage to compromise are probably mismanaged anyway.

Is it heavy alcohol use or the sudden halt of alcohol use in people who are physically addicted? The article linked indicates that it's more likely to be the latter.

Don't worry, it's not very long :)

I'm always surprised that google hasn't just listened and given us http://simple.google.com./ It'd get rid of any whining and allow them to clutter the front page as much as they like.

It's not a monopoly. There are many private health providers in the UK. You may buy medical insurance if you like, or just pay up when you want treatment. The NHS is available for everyone (provided you're eligible) and if people want extra, the only reason they can't is if they can't afford it. It's kind of like the US system except you still get good care if you don't have the funds and they don't hand you a clip board for your insurance details when you walk into a hospital.

In case that direct link redirects to the main page (it did for me), the html page that has a link to the PDF is here.

The company I work for does exactly this. However, my contract says that work created in the course of my employment belongs to them, so it's ALWAYS a good idea to get written permission to either give back to OSS projects tweaked* or open source anything written on company time, premises or equipment. A quick email can avoid misunderstandings and even legal arguments later.

* If I understand correctly (and please, correct me if I'm wrong), open source projects used and edited internally and never released, don't actually need to be fed back to the OSS project it belongs to. We generally do offer work done back to the original authors though!

Jabber was renamed XMPP. XMPP is what facebook uses for chat.

I'm pretty sure someone could wait outside a store for someone who looks down on their luck and then pay them to go get a phone. Pressuring a person to give up a stranger is a bit useless, especially if the payee is a drug addict and wouldn't recognise their own mother.

Sure, it's a lead but will more than likely go nowhere if the criminal is even just smart enough to have the presence of mind *not* to get their mate to go get the phone.

A Mathematicians Lament. I really wish more teachers would read this essay.

Good point. As a programmer with very little taught maths (British high school level) I have to say I keep trying to improve myself and my maths skills so that I can write better code and design better systems. Maybe I'll try a bit of physics to help me along.

Except stats showing how many voters turned up and didn't vote for anyone. Politicians don't like missed votes and every spoiled ballot was a potential vote for them. They take the number of spoiled ballots seriously because the person who spoilt it isn't apathetic and is therefore a potential vote next time around. Any politician wants to make sure that vote is for them and not their opposition.

If you don't know who to vote for always get down to the polling station regardless. High voter turnout is a powerful reminder that the public still exist and have the job of deciding elections.

After hating knetworkmanager, the newer plasmoid seems to work very nicely. I use it when I take my laptop out and about and have never had an issue finding and connecting to networks. Encryption is dealt with just fine now.

YMMV though as I'm not out and about all that often, just often enough to see that it's working for me.