esseye's comments

esseye · on Nov 20, 2015

It is exactly as privileged as going to the website http://192.168.100.1 and clicking HW/FW versions, which proudly displays the complete serial for you. There is no authentication of any sort and it is not encrypted at any point.

esseye · on Oct 23, 2015

I don't know if you understand the scope and intent of their authority if you're implying this is not clearly inside of it. They exist to make sure that people retain reasonable access to communications. That includes stepping in when government agencies would seek to limit them in a way which harms the people. This is a clear instance of just that. There is absolutely no way you can conclude the rates are reasonable/justified. At $2+/minute, they could maintain an arsenal of prepaid cellphones with unlimited time.

They've used this authority for a very long time, and the most basic instances of this are municipalities trying to enact regulations that prohibit people from putting up antennas required for otherwise lawful radio communications.

It is still the responsibility of the prison to maintain and provide access to the phones as long as inmates are guaranteed that right. There's no question of who's accountable there. The prison and department of justice/corrections/etc depending on what type of facility.

esseye · on July 7, 2015

This is what happens when people confuse something which reduces complexity, to something which can move complexity. It's important to note that it can move complexity, if you can set up the container host environment in such a way to allow it. At which point the complexity normally associated with the OS management/systems administrator can largely be moved into build process/software developer complexity.

The number of tools which one would suggest you use along with Docker are a reflection of this, and are additional layers to try to provide further movement of host complexity up into a software controllable level (Consul, etcd, yada yada).

The whole ecosystem plays well with "cloud" hosts, because their systems people have taken the appropriate steps in creating that host architecture and complexity (which is not gone) for you.

As someone else stated well, it is the modern static linking. I have no idea why people would ever have done "build, test, build, deploy" - that sort of insanity should have been obviously wrong. However, "build, test, deploy" does not depend on static-ness of everything related to build, but compatibility of environment between "test" and "deploy". Those who invested not enough time in making sure these environments were always in sync I think have found a way to wipe the slate clean and use this to catch up to that requirement.

esseye · on June 18, 2015

Much like 4th page retractions on stories in newspapers, headlines will always win out in terms of the influence on the readers.

That said, the author of KeePass responded to all the discussions here over on the project forum at SourceForge.

Since a lot of people aren't willing to even visit SF anymore, his notable responses were:

The header validation was fixed as of 2.20 in 2012

The singleton safety he was aware of, and it was only instanced prior to any threading of the application, so there could never be a thread safety issue. He has fixed this anyhow as the performance impact was minimal as of 2.30

The installers available via SF mirroring are signed by the author, so SF can not ever mess with them. They have no concerns about SF doing anything to their project.

esseye · on June 17, 2015

Given the discussion expressed in this chain and the fact that this is a reasonably small open source project. How many times could a solution have been submitted to the project for this and other noticed issues in the time it was discussed?

I'm sure the author would be very happy to see a sudden influx of contributions to the project, and we'd all have a better product in the end too.

Seems odd the spirit of open source in this respect tends to be more about pointing out the failures of the author than to collectively improve the actual product.

breischl · on June 17, 2015

That's a fair point. If this was on Github I might take that to heart and submit a PR. Since it's hosted on Sourceforge, which I don't have an account on and don't want to given their recent behavior, I'm not going to.