The concern for me is has been the accounts of far more directly-relevant behaviour, such as (iirc):

  * repeated phone calls to someone from different phone numbers

  * leering

  * breaking the ground rules for an event, and justifying it on the basis that he's personally exempt from any rules

  * singling out a teenage girl attending one of his talks (as in "oh wow, a GIRL")

  * single her out again while telling his questionable 'EMACS virgins' joke

  * saying in an interview that he didn't know any women who have contributed to GCC, when there had been at least 4

Personally, I think this is a good thing, and I'm glad that he's made the decision to step aside (even if under pressure) rather than fight bitterly and see the community divide along these lines.

It also seems like a good opportunity for him to pass the torch and see what happens, or at least take a long hiatus to get some caring advice and to sort himself out, like Linus did last year. The FSF will eventually need to become an institution that can carry on its mission without him, and this will be a good test of that. If things go off the rails, he can pen another manifesto and I'm sure a bunch of us will read it.

Installing known-vulnerable old versions of legitimate software can be just as bad as installing custom malware.

Nowadays, it's arguably a best-practice when designing a new protocol or storage format to simply make all checksums cryptographically strong unless there's a reason not to. I think that might be where the confusion is coming from.

Comments URL: https://news.ycombinator.com/item?id=12879116

Points: 1

# Comments: 0

http://pmprb-cepmb.gc.ca/about-us/frequently-asked-questions

Right now, "convert a.jpg b.png" passes the strings "a.jpg" and "b.png" to ImageMagick's convert command, but that command is free to open whatever files it wants, since there's no distinction between strings vs resources such as filenames, network sockets, etc.

You can do this with pipes in simple cases, and bash has some support for this, but it's very primitive and the syntax is cumbersome.

The owner of this website (www.fas.org) has banned the autonomous system number (ASN) your IP address is in (6939) from accessing this website.

Even if you have a strong passphrase, there's some probability of leaking some number of bits of it via side-channels every time it's entered (e.g. surveillance cameras, fingerprints on the screen, shoulder surfing, vulnerable code, TEMPEST, etc). Plus, people often keep a backup copy of their passphrases (unique, strong passphrases are hard to remember), so there's also a cumulative risk of the backup leaking over time, as well.

Long-term confidentiality is just surprisingly hard in the real world.

I've heard that early versions of this system basically inserted barriers between suicidal people---who are already overwhelmed---and their support networks.

Considering Facebook's poor track record when it comes to handling vulnerable populations (nym policy, location support in Messenger, etc.), I'd strongly discourage anyone from using this reporting system without a complete understanding of what it actually does.

Heed should also be paid to the effect of having more than one of these systems being triggered at the same time. The last thing I need when I'm feeling overwhelmed is a dozen apps on my phone suddenly changing their behavior.

Low-value elections don't necessarily need secret ballots, but it's important for high-value elections, like selecting the POTUS.

Have you read "Reflections on Trusting Trust"?

If you're shipping binary packages, you need to build them in a clean chrooted environment anyway (such as pbuilder/sbuilder/docker or a VM) or you're going to end up with binaries that depend on the latest glibc point release that happens to be installed on your system.