The stale-bots are even worse than that. The reporter may have responded quickly, and the bug may be acknowledged as real. But if there's simply no activity in the issue for the month following, it will be closed.
I do want to say that HPN-SSH is also well audited; you can see the results of CI tests on the github. We also do fuzz testing, static analysis, extensive code reviews, and functionality testing. We build directly on top of OpenSSH and work with them when we can. We don't touch the authentication code and the parallel ciphers are built directly on top of OpenSSL.
I've been developing it for 20+ years and if you have any specific questions I'd be happy to answer them.
It could safely be used on public internet, all this fearmongering has no basis under it.
Better question is 'does it have any actual improvements in day-to-day operations'? Because it seems like it mostly changes up some ciphering which is already very fast.
Concern about it being less secure is fully justified. I'm the lead developer and have been for the past 20 years. I'm happy to answer any questions you might happen to have.
I remember the last time I really cared to look into this was in the 2000’s, I had these wdtv embedded boxes that had a super anemic cpu that doing local copies with scp was slow as hell from the cipher overhead. I believe at the time it was possible to disable ciphers in scp but it was still slower than smbfs. NFS was to be avoided as wifi was shit then and losing connection meant risking system locking up. This of course was local LAN so I did not really care about encryption.
It's still possible but we only suggest doing it on private known secure networks or when it's data you don't care about. Authentication is still fully encrypted - we just rekey post authentication with a null cipher.
The while loop surrounds the whole thread, which does multiple tasks. The conditional is there to surround some work completing in a reasonable time. That's how I understood, at least.
article specificaly mentions rooms with poor ventilation. if you have proper ventilation, then you don't need this system in the first place, because you will get ouside air UV sterilised by the sun...
I was recently thinking about this... We've been building houses and other structures using plum lines and water levels all the time before afordable optics came in play. This kinda means most of our buildings are actualy polar rather than cartesian. Surely enough given the size of earth the error is quite tiny. But it's funny thinking about how the room i am sitting in right now is shaped like frustum with spherical floor and ceiling, rather than block. Despite what architecture drawing says...
If the floor and ceiling (and walls) were leveled and flattened and brought to plumb with a straightedge scraped in with the three-plate method [1] (Popularized by Whitworth in the 1830s, but the ancients made straight edges and flat plates too), then they were actually not 90 degrees at the corners!
There are very long and narrow wave pools used for research and testing and they are long enough that the surface of the water curves measurably vs extending perfectly straight lines from the center out.
Long bridges, like the Verrazano Narrows in New York City, have plans that account for Earth being a sphere. The towers at either end are not parallel, but tilted apart so that each is aligned with its local gravity.
If you have two buildings 4km apart (about the length of Central Park), that’s about 1/10,000 of an earth circumference so 0.036° change in ‘up’. If the buildings are 300m tall, 300*sin(0.036°) = 0.188m
That’s less than those buildings are probably expected to sway in a strong wind, but probably outside the tolerances for modern construction so theoretically measurable as an average deviation.
After a full month of coordinated, decentralised action, the number of articles about Mr. Woodard was reduced from 335 articles to 20. A full decade of dedicated self-promotion by an individual network has been undone in only a few weeks by our community.
That is a most improper suggestion on this here orange website. It is established etiquette to _imagine what the content of the article might be_, based on the title, and then comment on that, preferably angrily. At _absolute most_ one can read the first paragraph.
And when called out on it reply that the comments are often more interesting than the article which is a) trivially true when you don't read the article and b) probably because bickering in comments is more emotionally satisfying and requires a shorter attention span than reading a rather long article (I'm not immune, seeing as I'm now bickering about the bickering).
Maybe we can just configure webservers to block anyone who requests robots.txt, regular browsers don't do it, but robots do to get list of urls to crawl (while ignoring rules). Just create simple PHP/CGI script that adds client IP addres to iptables once /robots.txt is accessed.
One way to easily bypass is to let external services fetching robots.txt (archive.org, GitHub actions, etc...) to cache it and either expose through separate apis/webhook/manual download to the actual scrape server.
robots txt file size is usually small and would not alert external services.
With soldiers it makes sense to use it explicitly to enforce the "fight" mode as needed. This can range from "occasionally in emergencies" to "all the time".
But militaries have famously not cared about the long term health and well being of their forces past their active use. So any consequence of "long term fight mode" past victory day are just the cost of doing business.
There already was a time when Steam managed to free people from need to use funny pieces of plastic in their lifes... They've done that with CDs, they can do it again with Cards.
This is a very persistent rumor. I forget the details but it comes from a customer support email, not some official statement or promise from Gabe, and even that was originally posted on a long gone forum which you can only find quotes of. Even if there was first hand proof of an official statement, I wouldn't expect it to be upheld. Minecraft's website used to have a line from Notch saying he would make it open-source in the future.
Steam DRM is and has been for decades famously easy to crack. Literally look up steam auto cracker and crack all your games in couple minutes. It is also optional by the way. I much rather have weak but popular steam DRM that makes it less likely devs use much stronger and expensive denuvo DRM.
The real loss was in the inability to sell the 90% of titles I no longer care about owning, but that's already true immediately after purchase.
Steam shutting down and taking your library with it really doesn't change much except you lose that nice delivery platform with good integrations (achievements, workshop mods, multiplayer integration, automatic updates) for games you're active in. For the 90% you were never going to touch again it wouldn't be noticeable, outside the annoying reminder you were never able to resell them. The other 10% just reverts back to "pirate it" which is about here on my scale:
"find that legal physical copy to play with" < "pirate it" < "click button on Steam"
All (most?) Steam games have a very simple DRM that is extremely easy to bypass, and you can find examples on github.
However, a lot of games add their own DRM and/or protection scheme that complicates things.
EDIT: technically there are two distinct component: the actual DRM, called steamstub, and the steamwork library, that does not work without steam but it is not considered drm. Both can be easily bypassed/emulated.
I see, but there is Steam DRM there. So, I guess as the other commenter was alluding to, if Steam goes belly up so does your collection, regardless of the dev studio's intention (Or atleast, locked behind a DRM bypass).
I understood this in terms of Live Service games, but did not consider Steam's ability to shut down their own platform and kill my locally installed single player games with it (Again, I'm seeing its possible and seems easy to bypass usually, but the principle of the matter)
I tried to search if it's possible for a dev studio to release a game on Steam that works without it, by which I mean that if I uninstall Steam, the games keep working; I wasn't able to confirm, but it seems to be theoretically possible...
None of the games I have in my library work like that, but online some people suggest that some games work even without Steam, once installed.
Definitely not all games, and for games that do have it cracking it is in most cases as simple as swapping out a Steam .dll (so very easy). It's primarily there as appeasement for devs who would be reluctant to engage with a platform with no copy protection, or in otherwords is mostly theater.
I haven't tried with too many games since the usecase only comes up rarely, but I know that Downwell and UFO 50 work this way off the top of my head. They come with a Steam dll that will try to launch Steam for the sake of getting achievements and such, but if you delete them or just don't have Steam they launch all the same.
Ok, lets stop being delusional here. I'll tell you how this will actualy work:
Imagine your device sending Google an encrypted query and getting back the exact results it wanted — without you having any way of knowing what that query was or what result they returned. The technique to do that is called Fully Homomorphic Encryption (FHE).
reply