I don't know if you have ever done software development, but you are the one switching up the issue. The original bug is fixed. It is lo longer possible to run a service, intending it to be owned by 0day, and have the system run it as root. There is no way to argue that bug still exists. It is closed, as it should be. NOW, someone can open a NEW bug stating that they can't run a service owned by 0day. That bug has minimal priority, and NO severity. It affects NOBODY. Some troll wants to insist "Oh my God!!! I can't do what nobody on the planet wants to do!" Nobody with any understanding of Linux gives a FUCK that a few trolls are complaining about this. All that is left for you to decide is if you want to be a troll, or a guy with a clue.
Ok. You still aren't getting it. Yes, it is a NEW bug. "Cannot create a service owned by user starting with a digit". Now,what would you assign for severity and prioriy of said bug?
Unless you realize that brides don't shop for wedding dresses with their grooms and are trying to tell me it is easy to see I'm not gay you should probably stick to following the advice of your high school writing teacher and only write about subjects with which you have experience.
We don't disagree. To take it a step further one can use a hex editor to create *invalid* user names. I am the one pointing out that the tool used may or may not allow certain names. It is the trolls trying to say that if you can create the user name with a tool it is by definition valid. As you said, and I have been saying, the issue is much ado about nothing.
If you can tell me a single reason why you have to have a service owner by a user with a name beginning with a digit than you have an argument that the fix is bad. Given that there is NO reason for it, and NO distribution even tries to do this then you have an argument. Sure they *could* allow it, but there is no need or benefit to it. They made a good decision. You might prefer that they support the leading digit option, but not doing so is NOT a major issue,or an issue at all really.
That is good that you have those distros at your disposal. Now, go through them and find all the ones that have services owned by users that have a digit as the first character, or any character for that matter. Count them and write the number on a piece of paper. That number is the severity of the issue.
All of the ones about whom I was writing, which is why I used quotes around the word:^) It is probably fair to say that it was more than half. The power of suggestion is quite effective in such subjective matters.
You forgot the restriction that it has to be a "one off" item. There are techniques to make device tamper proof. If you open them they will never work again, etc.
It is a reference to when CDs first came out and people were still making the switch from analog taped to digital. Many "audiophiles" who didn't understand the new technology were taken advantage of when they were convinced they could purchase special high priced markers and Mark the edge of the CD to "reduce the noise from bouncing ambient light" and improve the sound quality. It was later claimed the same effect could be achieved with a regular Sharpie (which was true since the effect was LITERALLY nil) and all of us who understood the technology laughed and cried, sometimes simultaneously.
You created the straw man, but I already showed why you are wrong. By using the Echo there is no new device to detect. You seem to have missed that point entirely in your misguided zeal to prove my factually correct OP wrong.
You would be wrong. In fact it is trivially easy to build a device that knows what Wi-Fi devices are in range and reports the presence of any new ones. Care to try again?
There are many already in place, no bug scan will find it, and all the infrastructure for remote monitoring is already there. There are numerous advantages over your "just plant a bug" approach.
To say that anything can be hacked if you have physical access is taking things too far. It greatly increases the odds, but there are countermeasures that can be employed. It is even possible to make a device that literally canot be hacked, even by state actors, so long as it is a "one off" implementation. As always, security isn't a product so much as a set of procedures and processes, and what is important is the security landscape. Should a typical user be worried? Probably not. Should a user with a jilted ex that has skills be? Depends on the ex. Should Trump have one in his office? I'm going to go with no.
Slashdot Mirror
There are multiple avenues I'd like to explore.
I feel the researchers only scratched the surface here. I was hoping to delve deeper.
Finally, a pickup line for the upcoming dermatologist convention!
I believe Slashdot had an example today of their unethical behavior. You should check it out!I
Saying "Monsanto isn't evil" can only being up a debate about the definition of evil. However, saying they are not unethical would be absurd.
I don't know if you have ever done software development, but you are the one switching up the issue. The original bug is fixed. It is lo longer possible to run a service, intending it to be owned by 0day, and have the system run it as root. There is no way to argue that bug still exists. It is closed, as it should be. NOW, someone can open a NEW bug stating that they can't run a service owned by 0day. That bug has minimal priority, and NO severity. It affects NOBODY. Some troll wants to insist "Oh my God!!! I can't do what nobody on the planet wants to do!" Nobody with any understanding of Linux gives a FUCK that a few trolls are complaining about this. All that is left for you to decide is if you want to be a troll, or a guy with a clue.
Ok. You still aren't getting it. Yes, it is a NEW bug. "Cannot create a service owned by user starting with a digit". Now,what would you assign for severity and prioriy of said bug?
If he speaks good English at least one of you doesn't speak English well.
Unless you realize that brides don't shop for wedding dresses with their grooms and are trying to tell me it is easy to see I'm not gay you should probably stick to following the advice of your high school writing teacher and only write about subjects with which you have experience.
There is LITERALLY only 1 black.
We don't disagree. To take it a step further one can use a hex editor to create *invalid* user names. I am the one pointing out that the tool used may or may not allow certain names. It is the trolls trying to say that if you can create the user name with a tool it is by definition valid. As you said, and I have been saying, the issue is much ado about nothing.
If you can tell me a single reason why you have to have a service owner by a user with a name beginning with a digit than you have an argument that the fix is bad. Given that there is NO reason for it, and NO distribution even tries to do this then you have an argument. Sure they *could* allow it, but there is no need or benefit to it. They made a good decision. You might prefer that they support the leading digit option, but not doing so is NOT a major issue,or an issue at all really.
It is already fixed. I am starting to think you aren't a troll, but just really have no idea what the situition is ATM.
You forgot the black and blue, and screams of living with Windows.
Well to be fair, the statement was not factually incorrect, just completely misleading. Maybe naughtynaughty is the login of one DJT?
That is good that you have those distros at your disposal. Now, go through them and find all the ones that have services owned by users that have a digit as the first character, or any character for that matter. Count them and write the number on a piece of paper. That number is the severity of the issue.
All of the ones about whom I was writing, which is why I used quotes around the word :^) It is probably fair to say that it was more than half. The power of suggestion is quite effective in such subjective matters.
You forgot the restriction that it has to be a "one off" item. There are techniques to make device tamper proof. If you open them they will never work again, etc.
It is a reference to when CDs first came out and people were still making the switch from analog taped to digital. Many "audiophiles" who didn't understand the new technology were taken advantage of when they were convinced they could purchase special high priced markers and Mark the edge of the CD to "reduce the noise from bouncing ambient light" and improve the sound quality. It was later claimed the same effect could be achieved with a regular Sharpie (which was true since the effect was LITERALLY nil) and all of us who understood the technology laughed and cried, sometimes simultaneously.
You created the straw man, but I already showed why you are wrong. By using the Echo there is no new device to detect. You seem to have missed that point entirely in your misguided zeal to prove my factually correct OP wrong.
Try 2: Fail. The same applies to any device that radiates energy, including heat. Care to try a third time? (It is 2017 now, BTW)
You would be wrong. In fact it is trivially easy to build a device that knows what Wi-Fi devices are in range and reports the presence of any new ones. Care to try again?
There are many already in place, no bug scan will find it, and all the infrastructure for remote monitoring is already there. There are numerous advantages over your "just plant a bug" approach.
To say that anything can be hacked if you have physical access is taking things too far. It greatly increases the odds, but there are countermeasures that can be employed. It is even possible to make a device that literally canot be hacked, even by state actors, so long as it is a "one off" implementation. As always, security isn't a product so much as a set of procedures and processes, and what is important is the security landscape. Should a typical user be worried? Probably not. Should a user with a jilted ex that has skills be? Depends on the ex. Should Trump have one in his office? I'm going to go with no.
Now you can too!