No, he's implying ad servers need to start acting like a responsible industry. They pollute the web with malware and make a lot of sites unreadable with adblocking, owing to the moving, flashing and sometimes audible garbage that cover some sites.
If a simple text article with a few associated photos causes my computer's fan to wheeze and slows it to a crawl, and the ads keep breaking my concentration, AND they pose a security threat that (over the years) has gone from significant to huge, then their business model is just attempting to use you as a pair of eyes with a wallet attached. FUCK THEM.
Website operators like Ars Technica and Slashdot should be researching ways to deliver ads that are safe and sane -- there is no justification for a friggin' advertisement to be otherwise. Its just too bad the advertisers don't trust the content creators to serve the ads themselves. So what we get is a cycle of mistrust and negligence that puts their readers at risk of attack. Its sicko.
Security by isolation is one way to solve that problem. With a hypervisor designed for strong security instead of primarily for conveniece as is usually the case, users can safely allocate their tasks and data to different domains. For instance, 'Work' and 'Personal' could be two domains that have network access, whereas 'Vault' would hold the most sensitive info (like certain keys and passwords) and have no networking. An 'Untrusted' domain is used for most of the general web surfing-- reading articles, watching video streams, etc. On Qubes, there is also a TorVM package that facilitates the creation of anonymous domains.
So, whatever "happens in Vegas stays in Vegas". Qubes even assigns high-risk hardware, like NICs, to their own unprivileged domains.
The nice thing about this setup is that the window manager resides in the privileged domain and both the WM and its graphics stack are isolated from attacks originating in the VM domains. Further, each domain is assigned a border-color when its created so you can always get an idea of what is running in which context by glancing at the desktop. A compromised browser in 'Untrusted', for instance, could put up a window asking for admin access to the privileged domain, but the red border (and [untrusted] marker in the title) would give it away.
Copy/paste and file copy between domains are also protected; they are integrated into the UI so as to require a confirmation step so the privileged domain knows the user really intends to perform the action.
A word of caution: Most hypervisors were made primarily for the convenience of managing multiple systems on a single piece of hardware. If you want strong security around that Windows install you should think about running it in Qubes; version 2 just came out of beta.
One other thing-- There are media corporations that have regional monopolies in the broadcast spectrum (I believe ClearChannel is an example) and/or they heavily owned by Wall St. banks. These conglomerates should be broken up.
Street corner is a euphemism. It really means 'any public park or throughway'. -- I have to explain this?
You are basically wanting to transition from free market management of resources to something else, without specifying what it is.
Haa haa!!! I got myself a true Randroid response! So concentrating the power of mass media into a tiny number of hands who aren't even accountable to a vote is deemed "market management of resources". OK, then, you give the market a bad name.
The "something else" would be a cap on donations to politicians and campaign spending. Anything more should be considered bribery with mandatory jail time. Notice that monetary amounts are what's regulated, not the content of speech.
Your physical ability to stand on the street corner as long as possible so your political opponent can't have it is not a sound basis for a system of government.
All this tells me is you're worried that the wealthy are outnumbered.
The wealthy will remain perfectly Free to shout from the street corner like everyone else. Giving huge sums of money to OTHER people for political speech is poisoning the political process.
The public does not owe the wealthy large chunks of spectrum, airtime or even billboard space just because they have a lot of money on offer.
I also agree TBBT has blackface or 'coon show' qualities.
And it seems like the more scientific / theoretical the character's field is, the more antisocial they are. The closer they are to engineering, the more socially redeeming qualities and access to romantic partners they have. I mean, they made Sheldon downright asexual.
The show is an exercise in anti-intellectualism, and there are no countervailing examples in TV fiction AFAIK. (And, no, I would not consider the scientists who make the heros strong and weapon-encrusted as intellectual even though there are scads of Bond/Q characters.)
Its very typical in FOSS to think UI design goes no further than the 'doorknob' level. That's a big part of the problem right there. Y'all don't get it.
I do 'like' KDE. But as a SuSE and Xandros veteran, I can say that the more finely you tune the surface looks to Windows, the more the user will later feel dismay when they should have their curiosity piqued instead. The default KDE look isn't too bad in that regard.
The irony here is that KDE also lets you get closer to OS X look and behavior than Gnome will. Unity, however, comes pretty close in its default config.
What makes Unity a better OSX than heavily tweaked KDE is at being Windows-like is that Canonical actually does pay close attention to how well these cutesy graphical details line up with the vertical integrations they provide (and with each other). Xandros (around versions 3/4) could probably lay claim to an equivalent level of excellence, except that was achieved with a bunch of proprietary components.
As soon as they scratch the thinnest surface they will get very confused. In my experience, configuring KDE like Windows results in rejection after an initial period of brief comfort.
Removing Dash/shopping and adding Classicmenu makes for a system that's easy to navigate.
Having people text-search for everything all at once--when all they want is that banking or other occasional tool they run occasionally (what's the name?)--and getting tons of cruft in the results just isn't working.
Sites like Salon and The Guardian broke the Snowden story, and they keep running with it. There is a very long list of left-leaning sites that keep the issue highly visible, including HuffPo, DKos, Raw Story, TruthOut, DemocracyNow! and I dare even list Ars Technica in that group. Yes, there are Obama-worshippers who try to paint anti-NSA info and sentiment as fifth-column betrayal, but overall if you sample the comments in places like DKos and DU, you'll see some skirmishes over the issue of party loyalty (and accusations of racism) with the anti-NSA crowd handily coming out on top.
As for the lack of protest, lets just say the story was still developing in the fall and its been one heck of a winter.
Slashdot seems to be asleep when it comes to new security products, especially when its a Phil Zimmerman venture and the phone only costs about what an iPhone does.
I have toyed with the idea of installing CoreBoot on my Thinkpad as a way to enhance security. The Noveena doesn't appear to have a BIOS, however, and there is little mention about firmware in their pitch... I'm more concerned about this than who designed the motherboard traces.
I'm not much of a hacker, but I do love the overall concept here. Hopefully they will divulge more details as the time progresses.
OTOH, the drive's IOPS are arguably much more important to how much better a system can perform; SATA-1 doesn't look so limited in this respect. Sequential throughput makes a noticeable difference for more specific applications.
Imagine you're a 7th grader who has become intrigued by computers. If that kid tries programming on "Linux" and creates her first couple of apps using whatever tools and libraries she can grasp at the start-- then what will happen??
1. She becomes a web developer. OK, fine... but don't expect desktop apps from her. In fact, don't even expect "Linux" to enter her mind when she thinks of users.
2. She gains a yen for all the *nix plumbing and becomes a system-level tinkerer, writing some KDE or Gnome apps as a way to fill some acute voids in a way that fits into her elite usage patterns. Again, don't expect *good* apps from her. She is interested mainly in cool new ways to arrange the plumbing and impressing only her hacker friends.
3. She STOPS coding when those first tentative steps toward her big ideas ended up having zero chance of running on her uncle's or her classmate's "Linux" systems; copying her code to those other systems resulted in a flop. What's more, she wasn't able to describe to those people ways of troubleshooting the problems that prevented the apps from running, getting puzzling descriptions back from them that she didn't recognize.
3. a) She discovers Windows and Mac systems have the consistency she needs to show-off to her non-technical friends and family, and since those are the people she's trying to impress early on (instead of impressing hackers) her personal development as a coder gains a healthy appreciation for the non-techies' point of view and she becomes a good app developer.
TL;DR; The Linux distro eco system cannot "grow" good app developers. It just cannot. Its too chaotic for the right kind of nurturing of talent to take place.
I think Shuttleworth has been inching away from the distro culture and this is part of the reason why Canonical is frequently criticized; they have needs for future releases of Ubuntu that the non-forked 'plumbing' projects aren't meeting. And then there is ElementaryOS, which seems to have a fully realized platform philosophy that doesn't include "Linux compatibility" (whatever that means) in its future; They plan to diverge increasingly in the future for the sake of internal consistency and usability. I wish them both great luck, and advise Canonical to commit to diverging the way ElementaryOS has, because the pack they're associated with now are just pretenders.
The apps don't materialize because serious app developers (instead of the system tinkerers in FOSS who like to imagine themselves as good apps developers) with passion and committment to their ideas try out "Linux" and experience the following:
1. Scant control of hardware features (even getting the screen to turn off can be a challenge) and the controls that exist suck, because the proper level of vertical integration isn't there.
2. Myriad desktop environments and administration applets that make the thought of guiding users through tech support a nightmare. This is the most obvious reason why "Linux" is not a desktop platform, because most non-techie users of said distros wouldn't even be able to recognize most other distros (or the same distro with a different DE).
3. Myriad combinations of support libraries; even the common ones are bundled together with versions of each other that create a unique and unsupportable platform 'landscape' for each distro.
4. Distro culture itself: 'Thou art a creepy skank if you sell apps and/or offer direct downloads of a product.' Invoking Yum and Apt are almost like genuflecting before entering a pew. Only its a cult, not a religion, because strong dynamic relationships with people outside the repository are frowned upon.
How do you trust these proxies not to be run by state intelligence organizations?
1. The attackers can't be omnipresent at all times
2. Doing a MITM against all randomly-located HTTPS links is probably impossible to do without being discovered.
3. Some orgs like Torproject have an.onion address. Then you don't have to worry about MITM as long as your original copy of Tor was OK. If you're worried about Tor or other program being tampered with, try using one or more Linux Live CDs: Boot, update then install Tor or other secure proxy, then download keys and certs... leverage the built-in keys of the Linux distros.
Really, for anyone planning this type of attack, consistency is a HUGE problem and you only have to be slightly crafty to be reasonably sure about the keys you're getting. The only other thing to increase your certainty is to get key fingerprints from these people in person.
It ought to start by making certs and keys first-class GUI objects, starting with file browsers. Seriously, people should not see a blank square when they are copying or otherwise manipulating a key.
Further, there should be write-once devices that allow us to add keys and other identity info without worrying an attack will subvert that data.
Slashdot Mirror
Happily, the author is not connected to the ad industry: https://abine.com/donottrackme...
correction: 'with adblocking' should be 'without adblocking'
No, he's implying ad servers need to start acting like a responsible industry. They pollute the web with malware and make a lot of sites unreadable with adblocking, owing to the moving, flashing and sometimes audible garbage that cover some sites.
If a simple text article with a few associated photos causes my computer's fan to wheeze and slows it to a crawl, and the ads keep breaking my concentration, AND they pose a security threat that (over the years) has gone from significant to huge, then their business model is just attempting to use you as a pair of eyes with a wallet attached. FUCK THEM.
Website operators like Ars Technica and Slashdot should be researching ways to deliver ads that are safe and sane -- there is no justification for a friggin' advertisement to be otherwise. Its just too bad the advertisers don't trust the content creators to serve the ads themselves. So what we get is a cycle of mistrust and negligence that puts their readers at risk of attack. Its sicko.
Security by isolation is one way to solve that problem. With a hypervisor designed for strong security instead of primarily for conveniece as is usually the case, users can safely allocate their tasks and data to different domains. For instance, 'Work' and 'Personal' could be two domains that have network access, whereas 'Vault' would hold the most sensitive info (like certain keys and passwords) and have no networking. An 'Untrusted' domain is used for most of the general web surfing-- reading articles, watching video streams, etc. On Qubes, there is also a TorVM package that facilitates the creation of anonymous domains.
So, whatever "happens in Vegas stays in Vegas". Qubes even assigns high-risk hardware, like NICs, to their own unprivileged domains.
The nice thing about this setup is that the window manager resides in the privileged domain and both the WM and its graphics stack are isolated from attacks originating in the VM domains. Further, each domain is assigned a border-color when its created so you can always get an idea of what is running in which context by glancing at the desktop. A compromised browser in 'Untrusted', for instance, could put up a window asking for admin access to the privileged domain, but the red border (and [untrusted] marker in the title) would give it away.
Copy/paste and file copy between domains are also protected; they are integrated into the UI so as to require a confirmation step so the privileged domain knows the user really intends to perform the action.
A word of caution: Most hypervisors were made primarily for the convenience of managing multiple systems on a single piece of hardware. If you want strong security around that Windows install you should think about running it in Qubes; version 2 just came out of beta.
https://addons.mozilla.org/en-...
Nor is the company that makes it attached to the ad industry, unlike ghostery.
Use 'DoNotTrackMe' addon. The company that makes it is run by Moxie Marlinspike and has no connection to the ad industry.
One other thing-- There are media corporations that have regional monopolies in the broadcast spectrum (I believe ClearChannel is an example) and/or they heavily owned by Wall St. banks. These conglomerates should be broken up.
Street corner is a euphemism. It really means 'any public park or throughway'. -- I have to explain this?
You are basically wanting to transition from free market management of resources to something else, without specifying what it is.
Haa haa!!! I got myself a true Randroid response! So concentrating the power of mass media into a tiny number of hands who aren't even accountable to a vote is deemed "market management of resources". OK, then, you give the market a bad name.
The "something else" would be a cap on donations to politicians and campaign spending. Anything more should be considered bribery with mandatory jail time. Notice that monetary amounts are what's regulated, not the content of speech.
Your physical ability to stand on the street corner as long as possible so your political opponent can't have it is not a sound basis for a system of government.
All this tells me is you're worried that the wealthy are outnumbered.
The wealthy will remain perfectly Free to shout from the street corner like everyone else. Giving huge sums of money to OTHER people for political speech is poisoning the political process.
The public does not owe the wealthy large chunks of spectrum, airtime or even billboard space just because they have a lot of money on offer.
I also agree TBBT has blackface or 'coon show' qualities.
And it seems like the more scientific / theoretical the character's field is, the more antisocial they are. The closer they are to engineering, the more socially redeeming qualities and access to romantic partners they have. I mean, they made Sheldon downright asexual.
The show is an exercise in anti-intellectualism, and there are no countervailing examples in TV fiction AFAIK. (And, no, I would not consider the scientists who make the heros strong and weapon-encrusted as intellectual even though there are scads of Bond/Q characters.)
If the ISPs slow down P2P traffic enough, then it won't matter.
But if the connections are going to be slower anyway, just remember NOT to use I2P/Snark. Cuz... anonymous torrents are baaaad....
Its very typical in FOSS to think UI design goes no further than the 'doorknob' level. That's a big part of the problem right there. Y'all don't get it.
I do 'like' KDE. But as a SuSE and Xandros veteran, I can say that the more finely you tune the surface looks to Windows, the more the user will later feel dismay when they should have their curiosity piqued instead. The default KDE look isn't too bad in that regard.
The irony here is that KDE also lets you get closer to OS X look and behavior than Gnome will. Unity, however, comes pretty close in its default config.
What makes Unity a better OSX than heavily tweaked KDE is at being Windows-like is that Canonical actually does pay close attention to how well these cutesy graphical details line up with the vertical integrations they provide (and with each other). Xandros (around versions 3/4) could probably lay claim to an equivalent level of excellence, except that was achieved with a bunch of proprietary components.
As soon as they scratch the thinnest surface they will get very confused. In my experience, configuring KDE like Windows results in rejection after an initial period of brief comfort.
Ubunu has an excellent HCL. Check your computer model in the HCL to see if its supported. Then consider purchasing support from Canonical.
Removing Dash/shopping and adding Classicmenu makes for a system that's easy to navigate.
Having people text-search for everything all at once--when all they want is that banking or other occasional tool they run occasionally (what's the name?)--and getting tons of cruft in the results just isn't working.
Sites like Salon and The Guardian broke the Snowden story, and they keep running with it. There is a very long list of left-leaning sites that keep the issue highly visible, including HuffPo, DKos, Raw Story, TruthOut, DemocracyNow! and I dare even list Ars Technica in that group. Yes, there are Obama-worshippers who try to paint anti-NSA info and sentiment as fifth-column betrayal, but overall if you sample the comments in places like DKos and DU, you'll see some skirmishes over the issue of party loyalty (and accusations of racism) with the anti-NSA crowd handily coming out on top.
As for the lack of protest, lets just say the story was still developing in the fall and its been one heck of a winter.
Slashdot seems to be asleep when it comes to new security products, especially when its a Phil Zimmerman venture and the phone only costs about what an iPhone does.
I have toyed with the idea of installing CoreBoot on my Thinkpad as a way to enhance security. The Noveena doesn't appear to have a BIOS, however, and there is little mention about firmware in their pitch... I'm more concerned about this than who designed the motherboard traces.
I'm not much of a hacker, but I do love the overall concept here. Hopefully they will divulge more details as the time progresses.
Also, your mSATA slot is SATA-2 @3Gbps, not SATA-1. I don't think you could notice any difference in IOPS between 3Gbps and 6Gbps SATA links.
OTOH, the drive's IOPS are arguably much more important to how much better a system can perform; SATA-1 doesn't look so limited in this respect. Sequential throughput makes a noticeable difference for more specific applications.
Here's a thought experiment:
Imagine you're a 7th grader who has become intrigued by computers. If that kid tries programming on "Linux" and creates her first couple of apps using whatever tools and libraries she can grasp at the start-- then what will happen??
1. She becomes a web developer. OK, fine... but don't expect desktop apps from her. In fact, don't even expect "Linux" to enter her mind when she thinks of users.
2. She gains a yen for all the *nix plumbing and becomes a system-level tinkerer, writing some KDE or Gnome apps as a way to fill some acute voids in a way that fits into her elite usage patterns. Again, don't expect *good* apps from her. She is interested mainly in cool new ways to arrange the plumbing and impressing only her hacker friends.
3. She STOPS coding when those first tentative steps toward her big ideas ended up having zero chance of running on her uncle's or her classmate's "Linux" systems; copying her code to those other systems resulted in a flop. What's more, she wasn't able to describe to those people ways of troubleshooting the problems that prevented the apps from running, getting puzzling descriptions back from them that she didn't recognize.
3. a) She discovers Windows and Mac systems have the consistency she needs to show-off to her non-technical friends and family, and since those are the people she's trying to impress early on (instead of impressing hackers) her personal development as a coder gains a healthy appreciation for the non-techies' point of view and she becomes a good app developer.
TL;DR; The Linux distro eco system cannot "grow" good app developers. It just cannot. Its too chaotic for the right kind of nurturing of talent to take place.
I think Shuttleworth has been inching away from the distro culture and this is part of the reason why Canonical is frequently criticized; they have needs for future releases of Ubuntu that the non-forked 'plumbing' projects aren't meeting. And then there is ElementaryOS, which seems to have a fully realized platform philosophy that doesn't include "Linux compatibility" (whatever that means) in its future; They plan to diverge increasingly in the future for the sake of internal consistency and usability. I wish them both great luck, and advise Canonical to commit to diverging the way ElementaryOS has, because the pack they're associated with now are just pretenders.
The apps don't materialize because serious app developers (instead of the system tinkerers in FOSS who like to imagine themselves as good apps developers) with passion and committment to their ideas try out "Linux" and experience the following:
1. Scant control of hardware features (even getting the screen to turn off can be a challenge) and the controls that exist suck, because the proper level of vertical integration isn't there.
2. Myriad desktop environments and administration applets that make the thought of guiding users through tech support a nightmare. This is the most obvious reason why "Linux" is not a desktop platform, because most non-techie users of said distros wouldn't even be able to recognize most other distros (or the same distro with a different DE).
3. Myriad combinations of support libraries; even the common ones are bundled together with versions of each other that create a unique and unsupportable platform 'landscape' for each distro.
4. Distro culture itself: 'Thou art a creepy skank if you sell apps and/or offer direct downloads of a product.' Invoking Yum and Apt are almost like genuflecting before entering a pew. Only its a cult, not a religion, because strong dynamic relationships with people outside the repository are frowned upon.
How do you trust these proxies not to be run by state intelligence organizations?
1. The attackers can't be omnipresent at all times
2. Doing a MITM against all randomly-located HTTPS links is probably impossible to do without being discovered.
3. Some orgs like Torproject have an .onion address. Then you don't have to worry about MITM as long as your original copy of Tor was OK. If you're worried about Tor or other program being tampered with, try using one or more Linux Live CDs: Boot, update then install Tor or other secure proxy, then download keys and certs... leverage the built-in keys of the Linux distros.
Really, for anyone planning this type of attack, consistency is a HUGE problem and you only have to be slightly crafty to be reasonably sure about the keys you're getting. The only other thing to increase your certainty is to get key fingerprints from these people in person.
It ought to start by making certs and keys first-class GUI objects, starting with file browsers. Seriously, people should not see a blank square when they are copying or otherwise manipulating a key.
Further, there should be write-once devices that allow us to add keys and other identity info without worrying an attack will subvert that data.