selenamarie's comments

We're working on exceptions support, which would allow specific domains to be looked up via DNS instead of DoH. In that case, mirroring a blackhole list to the exceptions support would result in what you want (I mean, if I understand what you're asking).

For now, we recommend having an enterprise policy for the browser configured. That is the best indication we have that the browser configuration is managed and this kind of issue might occur. We're also open to recommendations from admins on other things that might clue us in that we're in this situation. Finally, we're discussing the possibility of establishing a network standard that signals more strongly that "name shadowing" is occurring... like maybe there's some DNS response that can be configured locally that we can look to proactively and then disable DoH.

A subdomain that doesn't resolve is handled properly -- meaning DoH is then disabled.

I'm working on our DoH implementation. I'm guessing this is a split-horizon set up with a domain that resolves both internally and externally. If you are willing, we're very interested in these situations and coming up with heuristics to detect and disable DoH proactively. We're also looking into standards changes that could make these configurations more reliably detectable at the application level. I'm selena at mozilla.com.

Uplift to us is bringing the patches into mozilla-central pref'd off so that Tor developers can just pref features on, rather than re-merge patches for each major and dot release. We also add tend to add tests.

We didn't ban your account, Ryan.

It's just periodically getting slammed. It comes back after a little bit.

No, it's using twilio. The code is open source - as mentioned downthread. https://github.com/bigboringsystem/

I know some of the women who have volunteered to teach and they love this program. The kids come away with working software and produce something that they can immediately see the value of.

There's a great quote in http://computinged.wordpress.com/2010/05/11/playing-the-card... about relevance of instruction:

"Students abandon classes that they perceive as being irrelevant to them."

App Camp is obviously relevant and is targeting an age group that is vulnerable to permanently dropping out of math and computer-related education.

Here's the dropbox link, since speakerdeck appears to be stalled processing the pdf: https://www.dropbox.com/s/vc2oheabr5s1x11/schema%20liberatio...

I'm speaking for myself and what I think, rather than on behalf or Postgres or any company. I assume you are also referring to the possibility of a private fork.

What I've seen in the Postgres community is a group of developers that takes an aggressive stance against companies "taking advantage" of the developer community. Companies that invest both time and money in development get far more attention for their patches than companies that try to either throw code over the fence, or do "drive by" development projects.

Tom deciding to take this job indicates to me that it is because Salesforce is making a significant investment in open source Postgres.

For a little more context on why this might matter: http://www.wired.com/wiredenterprise/2012/10/salesforce-orac...

I find the continued personal attacks on Val to be disgusting and an embarrassment to people in the hacker and security communities. I no longer consider myself to be part of those communities, but once was.

My hope is that people see these statements for what they are: disgusting personal attacks.

If you're interested in TAI's position on discussing sex in technical conferences and how that (in general) impacts women's participation:

http://adainitiative.org/2012/09/when-sex-and-porn-are-on-to... (This post predates the BSides incident by 5 months.)

And, about BSides:

http://adainitiative.org/2013/02/keeping-it-on-topic-the-pro...

http://adainitiative.org/2013/03/clarification-on-the-ada-in...

In one case, a large service provider is specifically providing that kind of database access to their customers.

And to be fair: http://www.shodanhq.com/search?q=mysql

FYI, I created a wiki page to capture all the different config options you might be interested in between the various installers: http://wiki.postgresql.org/wiki/Installers/Mac_OS_X

Yes. http://www.postgresql.org/docs/9.2/static/upgrading.html , second paragraph:

PostgreSQL major versions are represented by the first two digit groups of the version number, e.g., 8.4. PostgreSQL minor versions are represented by the third group of version digits, e.g., 8.4.2 is the second minor release of 8.4. Minor releases never change the internal storage format and are always compatible with earlier and later minor releases of the same major version number, e.g., 8.4.2 is compatible with 8.4, 8.4.1 and 8.4.6. To update between compatible versions, you simply replace the executables while the server is down and restart the server. The data directory remains unchanged — minor upgrades are that simple.

Generally the committer writes the commit message. There is occassionally discussion of specific wording ahead of time.

No, pg_hba.conf is not sufficient. I'll work on adding that to the FAQ.

We've now posted a general announcement about the availability of packages on April 4, 2013: http://www.postgresql.org/message-id/CAN1EF+x0dmwMFuJGWuXMiR... and http://www.postgresql.org/about/news/1454/

As stated in the announcement and Tom's email to -hackers, the reasons for advanced notifications are as follows:

* People watching for vulnerabilities and contributors are going to notice that we've stopped automatic updates -- it's better for our project to just tell them all why

* Upgrading relational databases is often not trivial -- we want to give our users time to schedule an upgrade rather than just dropping an important update suddenly