Quote from: kmfkewm on September 06, 2012, 05:22 amjust looked it up, seems Ubuntu does have apache compiled as position independent since version 9.04 so that is a big plus. Hopefully SR server has a 64 bit processor to take advantage of that.Position independent..Is that the thing where programs get shoved around to random sections of memory?Quote from: wizdom on September 06, 2012, 04:00 amOpen source. Licenses. Rules. WTF? We sell fucking drugs here. There are hacked websites and programs and stolen shit galore!I think what's going on here is that a lot of people who should know better, get gradually lulled into a false sense of security with the relative normality of using an Ebay like e-commence site to buy illegal drugs. In the eyes of the law in most places, this makes you a criminal no matter how the contraband was obtained. It isn't different, it just seems even more stupid that transactions like these are illegal and this sometimes makes people relax for, perhaps thinking that because this feels more normal, legalization is around the corner. Perhaps that is so, but it is still so that the DEA want to throw you in prison right now regardless of what happens in the future!--Somebody mentioned here (but it disappeared)QuoteWhen the auditors are happy that the code is not malicious, they could sign the archive with their PGP keys. The signature file would be distributed on a part of the site that the vendor doesn't control. Buyers could check the downloaded archive against the signature....That LouisCyphre could have obtained auditing, got the auditors to then sign the package as legitimate, and you'd be able to check if the package had changed in the same way you verify a PGP signature or SHA-1 hash when you download a program from the developers. Seems to me that's a reasonable question.I mean it's not perfect as a solution, total open source is better still, but at least it would have begun to address vendor concerns about their operational security. That is why I have trouble believing LouisCyphre acted out of naivety, we have been talking to him about security and little else for months now, it's hard to believe this is something he'd overlook, something he wouldn't even address explicitly as an issue. Selling software to big drug dealers and not expecting that any checks might be necessary. You don't *need* to be paranoid to find that hugely weird. That's why I came to the conclusion I did. The shoe fits.