Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Sandstorm (Score 1) 132

I run an instance of Sandstorm, which is software you can install on a Linux server that lets you run other apps. Some features:

* One-click installs of any of 47 apps, like WeKan (similar to Trello) and Davros (similar to Dropbox) and Etherpad (which you probably already know about) and Piwik (similar to Google Analytics).

* Total self-hostability, with auto-configured free HTTPS certificates and dynamic DNS if you want.

* Security sandboxing of the apps against each other and away from the Internet, so malicious apps can't leak your data back to the app's author.

* A way to "share" an instance of any app, like on Google Docs.

* Total open source-ness.

Admittedly, I'm one of its authors too. So feel free to take this with a grain of salt. But I do use it every single day.

Also if your friends don't want to self-host, but want to use the same apps as you, the company runs a hosting service.

Submission + - Software Freedom Conservancy asks for supporters

paroneayea writes: Software Freedom Conservancy has is asking people to join as supporters to save both their basic work and GPL enforcement. Conservancy is the steward of projects like it, Samba, Wine, BusyBox, QEMU, Inkscape, Selenium, and many more. Conservancy also does much work around GPL enforcement and needs 2,500 members to join in order to save copyleft compliance work. You can join as a member here.

Submission + - Sandstorm now uses PGP and Keybase to authenticate server-side apps (

paulproteus writes: As of this week, Sandstorm now provides a cryptographic chain of trust that connects the app package you’re installing to the app publisher’s online accounts.

When you use Sandstorm to install a server app like the EtherCalc spreadsheet tool, Sandstorm lets you see that the app was made by the same Audrey Tang that owns audreyt on Github and au on Keybase, verified with PGP and Keybase. Frankly, it's the most usable PGP implementation I've ever seen. It's all open source and you can run it on your own box.

Comment Share the source, and make it easy to install (Score 2) 47

Hi anonymous person,

Getting more eyeballs on your code is a marketing problem. So:

* Give us here a link to your code, and

* Make it easy to run your code.

* Then, you can try to reach people who care about that problem domain and tell them to use your code.

To make it easy to run the app, I suggest you create a package for Sandstorm, which is an open source project that makes web apps easy & secure to run. I work on the project, so feel free to decide I'm biased! But do take a look at and see how easy it is.

You can reach me (for packaging help) at and find our packaging tutorial here:

Best of luck!

Submission + - Is curl|bash insecure? thinks not ( 2

taikedz writes: I can see several flaws in these arguments, so much so that where I previously dismissed the curl|bash offer as non-indicative of Sandstorm's security otherwise, I am now not so sure.

What do you think? From the article:

Sandstorm is a security product, so we want to address that head-on.

When you install software on Linux, no matter what package manager you use, you are giving that software permission to act as you. Most package managers will even execute scripts from the package at install time – as root. So in reality, although curl|bash looks scary, it’s really just laying bare the reality that applies to every popular package manager out there: anything you install can pwn you.

Realistically, downloading and installing software while relying on HTTPS for integrity is a widely-used practice. The web sites for Firefox, Rust, Google Chrome, and many others offer an HTTPS download as the primary installation mechanism.

Submission + - Open source web apps, installed with one click (

paulproteus writes: Sandstorm is an open source project whose mission is to bring open source and indie web apps to a wider audience. Most web apps exist in the software-as-a-service model, where the app author runs a hosting service. But for open source web apps, the developers aren’t a big corporation with resources to run servers for you, so you typically arrange your own hosting.

To make open source web apps viable, installing apps on a server needs to be so easy that everyone can do it, so today we launched a new, open source server app marketplace. You can use it to install any app packaged for Sandstorm, either on your own Sandstorm install or, also new today, on Sandstorm hosting.

Comment Re:Back doors & binaries (Score 1) 359

Only problem having the source code does not mean you can actually understand it. A lot of open source code is obfuscated, sometimes I'm wondering if its deliberate

The GPL handles this by requesting the "preferred form for modification." Consider reading the GPL sometime; it's a really well-written document that considers a lot of these issues.

Submission + - free dynamic DNS for Sandstorm users (

paulproteus writes: Sandstorm is open source server software that makes it easy to install web apps like Ethercalc or Let’s Chat. But that’s not much use if your server doesn’t have a name, and setting up DNS correctly for a server can be a complicated, fiddly process.

I've been working on, a free dynamic DNS service for Sandstorm users, and it's now ready. It now takes 120 seconds to go from an empty Linux virtual machine to a working personal server, DNS and all. I'm hopeful to get Slashdot's feedback!

Comment File a take-down notice (Score 3, Insightful) 180

YouTube has a standard DMCA complaints procedure. I recommend that Yoon Mi-rae and the label follow that process, partly because it actually works which is great in this case, and partly to give Sony a taste of their own medicine.

Here is the link:

(Note that I have a bunch of experience with the take-down process, including participating in an EFF lawsuit ~10 years ago; see .)

Submission + - Thirteen open source workshops at colleges in 2013 ( 1

paulproteus writes: Three years ago, Slashdot covered a "How To Get Involved In Open Source" workshop I helped run at the University of Pennsylvania. I'm part of the team that put that together, and in 2013, we ran 13 events, 7 of which were organized by women in CS groups. There's still no shortage of students that want to get involved, so read how we're going to run even more in 2014!

The Windows Flaw That Cracks Amazon Web Services 114

Nerval's Lobster writes "Developer and editor Jeff Cogswell decided to poke around the security of Amazon Web Services, and found a potential loophole that could theoretically allow anyone — a developer, an unscrupulous Amazon employee, the NSA — to access and copy data volumes stored on the system, using a slightly modified version of the popular 'chntwp' password tool. In this article, he breaks down how he did it, and suggests some ways for those who use cloud-hosting services to keep their data a little more secure in the future. 'The key here, of course, is that an unscrupulous employee might be able to make a copy of any existing Windows volume, and go to work on it without the customer ever knowing that it happened,' he writes. 'Now let's be clear: I'm not accusing anyone of having done this; in fact, I doubt anybody has, considering I was unable to find a working copy of chntpw until I modified it.' It's a security concern, and one that's particularly insidious to patch."

Comment This is w/r/t CPython, not random code in Python (Score 5, Informative) 187

The Slashdot summary is confusing, as is the headline. Reading the article, it is clear that it is about the code that powers the official Python interpreter, AKA CPython, AKA /usr/bin/python. When I clicked the link, I thought Coverity had surveyed the entire world of open source Python code and discovered that Python programmers as a whole publish higher quality code than people who e.g. program in Ruby. That's not what the article's about.

It'd be great if the headline in Slashdot were to be fixed to say, "Python interpreter has fewer code defects compared to other open source C programs, says Coverity."


Ask Slashdot: Tags and Tagging, What Is the Best Way Forward? 142

siliconbits writes "The debate about tagging has been going for nearly a decade. Slashdot has covered it a number of times. But it seems that nobody has yet to come up with a foolproof solution to tagging. Even luminaries like Engadget, The Verge, Gizmodo and Slashdot all have different tagging schemes. Commontag, a venture launched in 2009 to tackle tagging, has proved to be all but a failure despite the backing of heavyweights like Freebase, Yahoo and Zemanta. Even Google gave up and purchased Freebase in July 2010. Somehow I remain convinced that a unified, semantically-based solution, using a mix of folksonomy and taxonomy, is the Graal of tagging. I'd like to hear from fellow Slashdotters as to how they tackle the issue of creating and maintaining a tagging solution, regardless of the platform and the technologies being used in the backend." A good time to note: there may be no pretty way to get at them, but finding stories with a particular tag on Slashdot is simple, at least one at a time: Just fill in a tag you'd like to explore after "", as in ""

Slashdot Top Deals

It's later than you think, the joint Russian-American space mission has already begun.