That's an interesting point. It's easy to mount an ISO in VirtualBox, but I don't see a way to mount any sort of "virtual USB flash drive". I wonder what's the easiest[1] way to install an OS in a VM if you don't have an ISO.
Even more interesting is EasyOS's official install instructions[2] seem to tell you to download a live CD ISO for an old version, and move from there to the latest version. I guess they're not completely free of needing ISOs just yet.
[1] Obviously excluding things like virt-install. I'm talking about live booting an interactive OS or installer.
> I wonder what's the easiest[1] way to install an OS in a VM if you don't have an ISO
I can't recall seeing any generic disk image alternatives to ISO's. It's generally download a virtual disk image (e.g Vagrant), and if the image is not in the right format convert it before attaching.
The only other work flow I use is to netboot with iPXE [0]. All it needs is a http(s) endpoint for the initrd/kernel and away you go, but there is a bit of investment in setting up the initial boot environment.
>curl is installed in some ten billion installations to date and we are doing everything we can to be responsible and professional to make sure curl can and will be installed in many more places going forward.
If you want to sell ten billion cakes and beyond, you better do your market research and listen to customer feedback
Sure, it’s free and the author can manage it however they want. But the reason they choose not to is because it’s still falls into the enterprise software envelope even if it doesn’t command an enterprise level price tag.
Just because something is released for free it doesn’t mean the developers don’t take their own software seriously. And there’s absolutely nothing wrong with them doing so either (even if you personally would like your software to have all sorts of unexpected behaviours and side effects).
Open-source projects still have to sell themselves to get users (marketing/"devrel"). curl's author definitely makes money from curl: https://curl.se/support.html
I'm not 100% sure why you're being downvoted. While the choice of the word "sell" kind of feels at odds with FOSS, it's honestly not an inaccurate verb.
Everything is an attention game, if people stopped using curl, then it would stop getting donations, and the author(s) would probably have to stop working on it as much. They aren't being "greedy" or anything, but they do have some level of incentive just to have a reasonable living working on curl.
Yes! In the end, ASIO is just a COM interface ("iasiodrv.h") + some structs, constants and typedefs in "asio.h". All the actual code in the .c files are just helpers. I definitely think it would be possible to take just the specifications and build an alternative SDK as long as you avoid the ASIO trademark. So far, nobody dared to do that, though. At least, I'm not aware of anything.
On the other hand, people did do that with the VST2 SDK a while ago. I'm pretty sure Steinberg knows about it but they probably don't want to risk a court case (which could set a clear precedent) and the bad publicity.
I once had to squeeze CPython down for embedding into a mobile app. I ran our workload under strace so I could include only the needed parts of the stdlib, and ended up with just under 3MB zipped. That's probably about the theoretical size limit.
Real hardware is finicky and complex. It would be very slow to virtualize every hardware device in a system to a level not distinguishable to software. If you do shoot for complete accuracy (e.g. projects like 86Box), you take at least a ~100x performance hit, and also lose out on useful features like dragging files into/out of the VM.
For anyone interested in this, read through the Dolphin emulator reports [0].
Specifically, look for examples of bugs they've fixed, and why they were triggered.
At this point, they're essentially all of the "X software depended on a quirk of Y feature, to do (whatever), because the developers chose to do it that way." For that one specific piece of software, and nowhere else.
And that's for a game console with highly standardized hardware and libraries. The general purpose computer has a bit larger mutation surface. :-)
Or, to crib from another sibling poster,
"You have a million places to make sure your virtualization looks like the actual artifact. Of those, 100 are used by everything, 1,000 are used by many things, and 10,000 are used by a few things. The remainder may be used by some piece of software out there, somewhere."
"You have a year to build a working product. Are you going to implement and equally test all million things?"
... Or even against MD5, IIRC, which is why you are still kind of able to use HMAC-MD5. You probably still shouldn’t, but I don’t know of any other symmetric authenticator that is as short and requires neither vast tables of constants nor 64-bit operations for an implementation. (For all the recent lightweight crypto work, the only cipher I can reasonably see myself implementing on an oldish ATMega without disgust is the NSA’s Speck, with all the accompanying caveats, and there isn’t a single hash of a comparable complexity at all.)
I never wrote shattered is a preimage attack. What I wrote is exactly correct. There are multiple preimage attacks, neither of which I referenced.
A first preimage is where one searches for h(m1)=h(m2). A second preimage attack is where, given m1, find m2 such that h(m1)=h(m2).
It's best not to give the incorrect impression when discussing something exact. As with any crypto, the construction is either valid or not, but it is actually the use of the construction that determines real world correctness.
For example, if SHA-1 is used over input where there is known data in specific positions, that is quite different to SHA-1 over unknown data. In pratice, the first is often the case.
Does anyone have an up-to-date user CSS that hides the top tabs and moves the toolbar up into the dead space? I used to have a snippet that worked, but it broke a few dozen versions ago.
I was a web developer in a previous life. You can write basic standard code and Firefox/Chrome/even old Edge works fine, but Safari has a million little things that are buggy or don't work, or break at random in new versions. I wasted so much time hacking random bits of code to support iPhone. In 2021 now that IE is finally dead, I'm sure Apple is singlehandedly keeping BrowserStack in business.
The first one that comes to mind is the <input> select method doesn't work[1], although MDN claims it does. It works _sometimes_, for reasons I couldn't discern. I'm not sure about you, but I wouldn't call selecting text a fancy or bleeding edge feature.
Naive question: did EVGA actually suffer any financial losses from this? If I was shipping millions of dollars of product, I wouldn't let it out of my sight without some sort of insurance.
Not naive. I work for a logistics company and every shipment is insured. Standard amount of cargo insurance is $100k for a full truckload but that goes up for more valuable items. So the question of losses boils down to the amount of insurance on the shipment and also of course the length of time required to process a claim…it could take a long time to get the cash.
This is irrelevant for the Rust interpreter written in Python. The interpreter will likely already be precompiled into bytecode when you run it on a Rust program.
Even more interesting is EasyOS's official install instructions[2] seem to tell you to download a live CD ISO for an old version, and move from there to the latest version. I guess they're not completely free of needing ISOs just yet.
[1] Obviously excluding things like virt-install. I'm talking about live booting an interactive OS or installer.
[2] https://easyos.org/install/easy-frugal-installation.html, search for "Easy live-CD"