> Fax machines are actually very convenient

My grandmother was in a US hospital recently, in another state. She was traveling with my parents and fell ill there. Since my grandmother was living with my parents at the time, all of her medical records were back home, and the out-of-state hospital had no way to get her records from the local hospital that produced them, so they called me to drive over to my parentsâ(TM) house to fetch them.

I did that, then called the out-of-state hospital to ask what email address I should send them to, and got absolute cluelessness. The impression I got is that they didnâ(TM)t think they had email.

So they wanted me to fax everything. Fine. I drove half an hour to the office to use the one fax machine whose availability I can even be sure of at 6pm on a Saturday night, and it doesnâ(TM)t work. Canâ(TM)t fax a thing. And why should it? We havenâ(TM)t faxed anything in a decade. It could have died last year, and we wouldnâ(TM)t have known about it.

I eventually figure out that itâ(TM)s unplugged from the phone line ever since the volume of junk faxes exceeded the number of real faxes by 10×. Also, there was that exploit a few months ago where a rogue fax could take over your LAN. Weâ(TM)d just been using this machine as a copier and scanner.

So, I found the phone cord, plugged it in, and it still wonâ(TM)t fax.

Keep in mind that weâ(TM)re something like an hour into this saga by this point, between me traveling to my parents house, then to the office, then fighting with the fax machine.

Convenient? Hah!

I ended up taking pictures of the documents with my camera phone and sending them over iMessage to my mother, who pinched-and-zoomed them on her phone in front of the doctor. As clunky as that is, it actually beat fax for convenience. It was probably more secure, too.

We can do a *lot* better.

> Probably the same guy who put "logout" in tiny text right next to "restart", also in tiny text, in Windows Server 2012, making every logout of production systems a test in fine motor skills ...or Format right next to Eject on the removable media context menu.

One prevents the OS from molesting your data, the other ensures it.

Neither of the OpenSSH exploits you link to is a remote root exploit. When exploited, both only give the attacker the privileges of the authenticated user.

The 2001 exploit only works against accounts with passwords of 2 characters or less, which are trivially brute-forceable anyway. Calling this an "exploit" is like pointing out that a tissue paper door is even weaker if you have a spray bottle with you.

The 2013 exploit is very difficult to take advantage of, and isn't very worrying even so. First, an attacker would need an account's password or SSH key to exploit this in the first place; if your threat model is that you've lost those already, the 2013 exploit doesn't compound your problems. Second, given those credentials, you could already run code as that user, having logged into their account; this exploit only changes the parent process of the code that's run as that user. Third, many OSes default to disabling remote root logins via SSH entirely, and smart admins of the remaining systems disable it themselves with a one-line edit in sshd_config.

Compare Windows, where roughly a decade of user training makes almost every exploit a remote root exploit because of the reflex click on the UAC prompt dialog. When was the last time you said "no" to UAC?

> Fossil was meant to be a 'lite' DVCS

Fossil was meant to support the needs of SQLite, one of the most popular and actively-developed code bases in the world. If Fossil can meet its needs, chances are good that it can meet your project's needs, too. There are very few NetBSD-scale projects out there, compared to the number that are plenty fast under Fossil.

And yes, I'm aware that you could list hundreds of projects at that scale, but I believe I could find millions software projects smaller than that. If you try to argue against this point, you'd be arguing a 0.01% type of position. I'm happy with Fossil going after the other 99.99%.

> Hell, it uses SQLite as its storage backend.

This is a problem how?

The biggest single problem with SQLite from a performance standpoint is that it doesn't have row-level locking, limiting its use in concurrent systems. SQLite has multiple-reader, single-writer concurrency, but multiple writers to a single DB file serialize their writes to a single table. SQLite will let multiple writers can modify separate tables at the same time, but I'm going to assume Fossil has some usage pattern that requires that all commits to hit at least one common table.

According to NetBSD's source-changes mailing list there are only about forty commits per day, so even at that scale, concurrency is simply not an issue.

Projects like NetBSD don't get to be behemoths over night. It takes 40 commits per day for 25 years to make that happen.

SQLite's other big limitation is that it isn't a client-server DBMS, so when you need multiple clients over the network to access the DB, you need some intermediary to provide that access. The naive approach is to use a networked file system, but this is likely to cause problems. But we don't have that problem with Fossil: we have fossil server, which exposes the DB over HTTP. Since a single process is manipulating the central DB, which is a local file to it, there can be no locking problem. If by some small chance two users need to commit at the same time, fossil server will serialize the commits.

> It's a lovely DVCS otherwise.

I agree. The vast majority of the users of Git today could run just as well on Fossil.

> Why take away git's biggest advantage?

Because "clone now takes a few minutes instead of 12+ hours, checkout takes 30 seconds instead of 2-3 hours, and status takes 4-5 seconds instead of 10 minutes."

That is problem is not unique to Git. JÃrg Sonnenberger tried importing the NetBSD repository into Fossil, and "the rebuild step which (re)creates the internal meta data cache took 10h on a fast machine." There are ways to make Fossil skip the rebuild on clone, which results in a suboptimal DB, but it still takes hours to clone. NetBSD's project history goes back something like a quarter century; it's going to take time to pull and organize all that.

DVCSes are great when you can afford their associated costs â" namely, the very advantages you refer to â" but for very large repos, those costs can be very high.

Do you really need every single version going back a quarter century? And if you do, do you need it 5 minutes after the initial clone?

One idea that's come up on the Fossil mailing list is to do a shallow clone initially, then trickle the back history in over time. I'd like a DVCS that gave me the past 30 days of history at the tip of every open branch, then over the next day or so back-filled the rest.

I mostly agree with you, but to me, the major problem with PowerShell is that it's basically a REPL for a C#-like programming language. If I wanted to write C#, I'd launch Visual Studio.

Take the GetChildItem and error message reportage you brought up. The fact that "dir" is implemented in terms of GetChildItem and it's easy to discover that accidentally is a *good thing*, the same sort of thing that so many of us geeks used to praise Smalltalk for. The real downside here is that PowerShell errors are basically stack traces, and successful returns are full-on .NET objects, which turns shell use into a kind of software development activity.

All of that would be fine if what I was trying to do is write durable software. The thing about Unix-style interactive shell use, though, is that it's ephemeral. I'm not after a durable, clean, long-lived solution. I just need a command I can type in a second or so, and as soon as that command has successfully executed, I can forget it.

I think PowerShell is great *technology* but a bad user experience.

The Unix community said, "Look, the shell is a great programming environment, you can whip ad hoc things up quickly and easily," so Microsoft said, "Hey, we know how to build programming tools. We've got this great .NET thing sitting right here...let's make a shell out of that!" The problem is that C# was designed to be written down into *.cs files, saved into a version control system, and compiled to executables. It is not particularly well-suited to interactive, one-off, ad hoc shell commands.

That already exists, released a year ago:

https://msdn.microsoft.com/en-...

That feature is based on Xamarin technology, a company they wholly bought out about 6 months ago.

This does mean you have to use a .NET language to target iOS, but I'll take C# over Objective C any day, and F# vs Swift is pretty much a toss-up.

Sorry, misinformation.

Apparently the few free weapons offered through the CFA are loans only.

Still, ~$600 for a used M1 Garand vs $1,700 for a bare-bones Springfield Armory M1A is a pretty good deal.

The tail end of this thread gives current information on availability and such: http://forums.thecmp.org/showt...

As for the M1911s, it looks like that's gotten stuck in a political mire again. Oh, well.

> The CMP doesn't give guns away for free

It does, but only to qualified applicants. In this case, it means one gun, and only to those in a CMP-affiliated club, most of which are youth-oriented. Many high-school ROTC programs are affiliated with the CMP, for example.

The sales to other citizens of the US are how they fund themselves these days, since the US spun CMP out as a private corporation under Bill Clinton. When I said "government-sponsored," I was referring to the fact that the guns CMP sells and donates come from US military arsenals. Prior to 1996, the CMP was administered by the US Army, and thus needed no additional source of funding.

Consequently, you could make the argument that Bill Clinton wanted to disarm poor urban youths. The financially well-off, after all, have no particular need for the CFA; we can buy new-production M1As.

> Last I looked, they had nothing left

They've got an ecommerce site up: http://marksmanship.org/sales....

I'm sure a large part of the restriction on supply is that so much of what they were offering is simply gone now. The US Army hasn't used the M1 Garand since the early 1960s.

Last year, there were 10,000 M1911s offered through the CFA, though predictably, those were snapped up right quick.

If this program were continued logically from its past behavior, they'd be offering Vietnam-era M16s now, complete with NFA tax stamp. I'm no expert, but as far as I can tell, that would be perfectly legal, though politically toxic.

> the stories I see on the news are 'unarmed black man shot by cops.'

Part of that is because the media doesn't wait for the trial to start reporting "facts", which is how we get Trayvon Martin, a poor "unarmed" black boy shot by a white man. Then months later, we find out that the kid /was/ armed...with a sidewalk. It's still assault with a deadly weapon, so George Zimmerman walked free. But not after the media and anti gunners roasted him for a year and a half. How does that guy put his life back together?

As for poor crazy white guys getting off easy, we shoot 'em in this state: https://en.wikipedia.org/wiki/...

Sad.

> it is promoting arming black people using some kind of charity.... it will strike fear in the heart of NRA supporters.

There actually is a US government-sponsored nonprofit offering free guns to qualified citizens. It is called the Civilian Marksmanship Program. (http://thecmp.org) It's 113 years old this year. They don't restrict their giveaways by race. As for the NRA, I've never heard anything but positive noises from them about the program. So much for the NRA only supporting armed white guys.

> The asymmetric enforcement of second amendment rights is the core of NRA and its followers mission.

Point me to the position paper on their web site saying that.

I've been to NRA meetings. Down here in the southwest, we don't get so many "black" people at them, but we do get plenty of brown people. (Hispanics and Native Americans.) The table at the last event I attended was 50/50 Hispanic and white. As far as I can tell, the only color the NRA cares about is green.

> with fingers on the trigger can walk into departmental stores

NRA is against that.

It's their second rule of gun safety: keep your finger off the trigger until ready to shoot. You'll get kicked out of any well run event if you violate it. (http://training.nra.org/nra-gun-safety-rules.aspx)

> pick arguments with police officers,

1st amendment.

> insult the police

I see that regularly here on Slashdot, often highly rated.

> terrorize play grounds with impunity.

That's called brandishing, and it's illegal in all 50 states.

Plus there's the 1000 foot rule around school playgrounds. It's a federal felony if you carry inside that border and don't qualify for one of the few exceptions. And if you do qualify, you're obeying the law.

> black Americans are also citizens with full second amendment rights.

Damn straight. There is no human right restricted to only some citizens.

> if they exercise it, they will be shot by police without a second thought

[citation needed]

Oh, I'm sure you can find cases of legally armed black people getting shot by the cops, but if you actually go looking, you'll find Americans of all brown shades (including that shade we call "white") getting shot by cops without proper justification.

> if I fear for my life I have the right to kill" is accepted as a valid defense for police officers.

Wrong. There are 4 or 5 tests a defendant must pass in order to avoid a charge of manslaughter or murder, depending on where you are in the US. An imminent threat of grievous bodily harm or death is only one of them. Miss any of the 3 or 4 others and your case falls apart.

Andrew Branca (a constitutional law professor and 2nd Amendment expert) summarizes it nicely here: https://lawofselfdefense.com/t...

> This ad brings out the hypocrisy of the NRA followers

This NRA member wants Americans of all shades and creeds to exercise their 2nd Amendment right.

Better trim that broad brush down a bit.

> That is why NRA is acting swiftly.

The NRA is acting swiftly because this "ad" puts words in their mouth that you'll never read in their publications, nor hear in their leadership's speeches. It's basically a lie.

Follow the thread back to HBI's first post. ("Idiots") He's the one who brought up the hosts file. I've just been trying to explain the real world consequences of doing that, in order to puncture the idea.

His other vague notion ("shadow DNS") explains nothing. Who would administer it? What protocol would it use, and how does that solve anything.

All we've got here are handwavings on par with third rate 1980s cyberpunk novels.

So, no ChromeBooks, tablets, or smartphones allowed on your darknet, then? No IoT, unless you're willing to blow the BoM cost, power draw, or physical size budget?

Who manages this monster file, anyway? Some central authority, perhaps? Nope, that gets is right back into the same paper canoe.

How often do you sync? With DNS, new info propagates effectively instantly, barring caching. Do that with your system, though, and the whole planet has to resync just because Joe Babatunde of Nigeria decided to re-IP his CounterStrike server. Even with rsync, you just increased the load time of every page on the Internet by at least 10x. Congrats on setting back all the progress we've made on the World Wide Wait by 2 decades.

Keep in mind that you're trying to replace a protocol that fits into a single UDP packet, for the most part.

Go read RFC 1034, the standard that introduced DNS. HOSTS.TXT predates TCP/IP, and thus the primacy of Unix on the early Internet.

Go Google "blockchain analysis."