Pottering doesn't work for MSFT, he works for the 3 letter agencies. Considering that MSFT would probably be a step up on the trust scale. Where does Pottering get his money? Red Hat...okay so where does RH get THEIR money? NSA,DoD, FBI,CIA, DoJ, something like 85% of their income is from.Gov institutions, most in the Intelligence community.
The trouble is Android's permission model is crap. If an app has a feature that requires a permission the app may need at any point in the future, it has to be approved by the user at install time, and the app cannot control how the permissions are described or even explain to the user why it needs that permission. And lots of innocuous permissions are bundled up together non-granularly with scary dangerous (or dangerous-sounding) ones, so the app only needs EraseBunnyDrawing permissions but to get that it has to request KillFamily permissions, which doesn't actually mean kill *your* family, it means kill a process family, but all the user sees is "Permission to kill family members without warning" and OH GOD WHY DOES AN APP ABOUT DRAWING FLUFFY BUNNIES REQUIRE MY FAMILY TO DIE?! THIS APP SUCKS!!!!!!1111!!!!!oneoneonetyone1!!!
And then the story hits TechCrunch, where it's summarized so that it sounds like there have been actual deaths of family members, and then the mainstream press and the Today show start calling the app developer asking "Why are you a horrible person whose app killed little Stacey's favorite uncle??:(:(:("
And all because Google can't get security UI right.
Read Google service configuration.
Modify system settings.
Full network access.
I've bolded the last three because there's no reason for them.
Sure there is. If Uber is doing anything that can't (or for some reason they they don't want to) be handled over HTTP, the app will need full network access. (I don't know what the Uber app uses it for, but apparently WhatsApp uses it for IM communications with other app users.) "Modify system settings" is apparently (per the linked explanation from WhatsApp) the only way to get permission to read system settings. "Read Google service configuration" (again, per previous link) is used for interacting with Google services like Maps, which you can easily imagine why Uber's app would want to do.
The researcher found Uber was SENDING ALL OF THIS BACK TO UBER'S SERVERS.
Sorry for yelling, but it's an important point.
NO HE DID NOT.
Sorry for yelling, but it's an important point.
Go back and read the original GironSec blog post where he even acknowledges explicitly what he (inexcusably, IMHO) failed to do -- that others did after him and surprise! found nothing especially amiss -- before he wrote an inflammatory blog post based on supposition, conjecture and ignorance of context.
This just doesn't pass the sniff test, because right after the guy calls Scott Lowe out by name, he signs off as:
> Gregory Perry
> Chief Executive Officer
> GoVirtual Education
>
> "VMware Training Products & Services"
So I'm seeing a chain of thought like this:
"I'm a bit player in the VMware training market. I need to get my name out there somehow if I want to expand. Maybe if I can make somebody big like Scott Lowe look like an idiot... Hmmm, he's been pushing OpenBSD lately, and I bet Theo still remembers me. Maybe if I concoct a story that Lowe is complicit in some kind of subversion of OpenBSD, Theo will want to get to the bottom of it so he'll tell people about it -- and then no matter what, people will just remember that Lowe was rumored to be doing something shady."
Also, as another poster noted, government NDAs regarding something like this (which would be considered classified info) never "expire" (until the info is declassified, and then only to that extent). So this guy is either lying, or violating federal law, by making this claim. He doesn't even know that EOUSA is a parallel division of Justice, not "the parent of the FBI", so my bet is on "lying".
The IRS could have built their own website 15 years ago if they wanted, but one feels that they've gotten so cozy with HR Block, Turbotax, Legions of CPAs, etc... that they didn't want to rock the boat.
Actually, back inthe day, the IRS wanted to do exactly that, but the entire tax industry screamed "unfair competition" and threatened to sue. Ultimately the IRS agreed to not do its own tax software, but only if the industry collectively would provide free online filing to a certain increasing percentage of Americans each year.
A free hunk of wood or metal found laying around outside is just as good for these purposes as a wrench of any type. Plus most people have a tire iron in their trunk, that's basically "free" since it costs you nothing to dig out and apply vigorously.
I didn't say there's no waste in property taxes. I said property taxes have to exist (or some other, more-unfair scheme does). And interestingly property taxes where I live are divided up approximately the same way.
...but did they have to pick the worst possible shades of purple for the wallpaper? It's not a "light" pastel wallpaper, it's not a bright, energetic wallpaper or a deeply-, richly-colored wallpaper. It'a wallpaper that looks like it's sat in a corner fading in the sun for a year or two, at least on my screen.
One of the things I like about Windows 7/Vista is the more aesthetically-pleasing colors in the default theme compared to XP. Hell, half the reason I first installed compiz + emerald years ago was because the themes I saw in screenshots looked bright and inviting as opposed to the themes included with Ubuntu. (OK, and because the desktop cube and wobbly windows are AWESOME SQUARED.)
I have suffered similar frustrations to tux0r, most recently in trying to tweak the parameters of my xorg.conf so I could make my CRT look nicer (timings and such make a huge difference as to whether something like 1400x1050 looks good or like crap on a 17" monitor). So, xorg.conf exists, but it's barebones -- so unlike every "hard-to-use" Linux distribution I've used previously, I have to go through the extra step of generating the xorg.conf file and then editing it. How hard would it be for Ubuntu to auto-detect the hardware and then SAVE that config where it's actually tweakable?
I get the sudo thing, but there is still software out there that assumes the root account exists and has a password (I forget what it was but just recently I was installing something that made that asumption).
And finally, tux0r's point wasn't that it took hours and hours to find out about generating xorg.conf. It was that it took hours and hours to find the answers to many problems that he should not have had to deal with.
Ubuntu is very good at getting you to "good enough to use", but very bad (and getting worse) at allowing you to go past that to "works as well as it possibly can". Some of this is probably GNOME's fault, but the Ubuntu devs often seem to be of the same mindset as the GNOME team, which may be why the Kubuntu folks are starting to chafe -- I've tried Kubuntu more than once (most recently after the gdm "the old themer is dead, the new themer is yet to come" fiasco) and it does often seem to be an afterthought to Canonical.
When you pay property tax, it isn't yours anymore. You rent it.
Ridiculous. Somebody has to pay for the services that maintain your rights as a property owner -- things like police, fire, courts, etc. Property ownership does not exist in a vacuum, and somebody has to pay for those most basic social services. Thus, property tax.
Your argument is as ludicrous as suggesting that you don't own your car because you have to pay to put gas in it.
This is true, but since my Debian systems typically run headless and I access them by command-line only, I can't speak for how friendly anything but Ubuntu is when using it desktop-wise.
So for desktop Linux, how does a developer get a Free app into Ubuntu's repository? And not all genres can be served well by free software. For these genres, how does a developer make a paid and non-free app available?
Ubuntu has certain non-free packages available already -- various drivers, Flash and Adobe Reader come to mind. There's a whole Ubuntu/Debian "non-free" repository for those and others.
As for how an app gets into the repo in the first place, the developer community has a review process for adding apps. There's also nothing stopping you from packaging any app you please and just providing the package on your website -- when you download a.deb, Ubuntu knows what to do with it and gives you a nice GUI installer (GDebi) when you double-click it.
> What the hell are you talking about with dependencies on a Mac?
> They're built into the app.
That is certainly the propaganda.
It doesn't always work out that way.
You keep saying that, and keep failing to substantiate it with even one example. I don't own a modern (post-MacOS 7) Mac, and even I'm pretty sure you're full of it.
I would assume they will need to test against these varying OS versions and "tweaks" to ensure that they will indeed run in different end-user environments, and if so, that means developers now have to test against a myriad of targets.
No you don't. You code against the latest version of the OS since all iPhones get the upgrade when it comes out. This is unlike with Android phones where they could be running 1.5, 1.6, 2.0, 2.1, etc.
First off, the GP poster (jedidiah) who used the phrase "app store" put scare quotes around it, because he wasn't talking about the Apple App Store. He was talking about the equivalent for Android devices.
Second, even when talking about the iPhone/iPod touch, you're wrong. Apple charges for certain upgrades and many people using iPods simply don't buy them. iPhone users don't have to pay but may not bother anyway.
Although it wouldn't work as a straight tax shelter, I vaguely recall speculation when he first announced the foundation that it was intended to provide him cover to liquidate his stake in Microsoft. If I recall correctly, the foundation's initial endowment was a ginormous grant of Microsoft stock from one Mr. W. Gates. The intent was for them to liquidate it and use the proceeds. Now, the market would panic if Bill himself dumped billions of Microsoft stock all at once, but if a charitable foundation does it, the price is more likely to maintain since it's not a sign of trouble at the top. Then while the Foundation is liquidating billions, that would provide cover (and price support) for Bill to dump a few hundred mill' of his own here and there.
For this to make any sense financially, we have to posit that Gates would suffer more loss in price collapse from directly dumping his stock than giving away a huge chunk of it to cover liquidating the rest. I don't know if that's true, but it didn't seem like a completely-out-to-lunch idea.
* The QuickTake 100 was in no way limited to just 8 photos (that was the limit at maximum resolution). I had a QuickTake 150 and it had a reasonable capacity. The 200 took SmartMedia cards, so capacity was basically unlimited as it is now.
* They compare the PowerPC to Intel, as though the PowerPC represented an expensive migration from Intel processors, but forget that Macs were coming from the m68k universe, not x86 -- they were already Intel-incompatible. PowerPC Macs could run 68K Mac software, so this was the natural choice at the time.
* Their criticism of OS 9's multitasking is a tad unfair unless OS 9 was particularly worse at multitasking than OS 8. I used MacOS from System 6.1 all the way to 8 and from 7.x on it worked fine for me.
There are a couple of managers I let make themselves look very, very bad in a conference call with a customer not long ago.
Basically we had two teams that worked closely together to serve a certain class of user requests. Team A was the team generally so tasked, and Team B (my team) was the admin team that backed them up in case of problems. Note that our duties as sysadmins were NOT to serve user requests, but to fix broken things and set up new things. Basically if it didn't involve server hardware or OS issues, it wasn't our job.
One of our guys, way, way back in the days before Team A existed and this stuff was our job, wrote himself a set of scripts to automate these tasks. When Team A was created, he handed them over, strictly out of a desire to be helpful and with absolutely no commitment to maintain them or guarantee that they even worked, with the understanding that Team A was responsible for doing things manually if needed. But over time and with high turnover, the stipulations were forgotten and Team A came to believe that if the scripts didn't work or they didn't have the appropriate script for the task, they were to refer the user request to us.
As it happened, this was becoming an issue right as a lot of our team were moving on to a new contract. So I stood up and said "hey guys, we don't have the bodies any more to do your jobs too". Team A's management got passive-aggressive -- they'd wait till the ticket clock was about to expire, then refer the tickets to us so we had to fill the request or provide a reason why we weren't able to in time. Ultimately I demanded and got a conference call in which Team A's management admitted (after it being made clear that the scripts were not an officially-sanctioned tool and did not absolve them of manual effort if needed) that they actually had no idea what was involved in serving these requests, so they couldn't do them manually.
Oh, by the way, Manager A, the customer's CISO is on this call. Oops.
Honestly, though, there was no good solution. We could just keep referring tickets forever, and both teams would look bad; I could do what I did, and piss off Team A; or I could have let them dump their work on our team, which then would have major impact on us and the customer. Ultimately option 2 had the advantage of both protecting my team and conforming to the documented procedures.
And it only makes sense nowadays to have a couple larger servers hosting a bunch of virtual machines for mundane things. They would be wise to do that no matter what OS they run, and that more than anything is why you can cut down on the number of physical machines that are installed.
So much this. The latest virtual-desktop stuff from VMware is pretty spiffy. It really is now possible to run both useful virtual servers and useful virtual desktops, and at the same time simplify all the support infrastructure (backups, AV, server/desktop config control, etc.) considerably. A couple of 5U PowerEdge servers running vSphere can probably do everything a 230-student school needs quite handily.
It also would be nice in this instance especially as it would allow students to flip effortlessly back and forth between a Linux-desktop VM and a Windows-desktop VM -- because let's face it, Office and Windows are not going away anytime soon, and students need to be at least minimally conversant with them if they're going to survive in the modern computing world.
Slashdot Mirror
RFC1925 applies here. Specifically section 3.
5-digit UID? Newbie.
QuickDraw was the original graphics toolkit built into the Mac system software from its birth, so that's at least back to 1984.
Pottering doesn't work for MSFT, he works for the 3 letter agencies. Considering that MSFT would probably be a step up on the trust scale. Where does Pottering get his money? Red Hat...okay so where does RH get THEIR money? NSA,DoD, FBI,CIA, DoJ, something like 85% of their income is from .Gov institutions, most in the Intelligence community.
[citation needed]
The trouble is Android's permission model is crap. If an app has a feature that requires a permission the app may need at any point in the future, it has to be approved by the user at install time, and the app cannot control how the permissions are described or even explain to the user why it needs that permission. And lots of innocuous permissions are bundled up together non-granularly with scary dangerous (or dangerous-sounding) ones, so the app only needs EraseBunnyDrawing permissions but to get that it has to request KillFamily permissions, which doesn't actually mean kill *your* family, it means kill a process family, but all the user sees is "Permission to kill family members without warning" and OH GOD WHY DOES AN APP ABOUT DRAWING FLUFFY BUNNIES REQUIRE MY FAMILY TO DIE?! THIS APP SUCKS!!!!!!1111!!!!!oneoneonetyone1!!!
And then the story hits TechCrunch, where it's summarized so that it sounds like there have been actual deaths of family members, and then the mainstream press and the Today show start calling the app developer asking "Why are you a horrible person whose app killed little Stacey's favorite uncle?? :( :( :("
And all because Google can't get security UI right.
Read Google service configuration.
Modify system settings.
Full network access.
I've bolded the last three because there's no reason for them.
Sure there is. If Uber is doing anything that can't (or for some reason they they don't want to) be handled over HTTP, the app will need full network access. (I don't know what the Uber app uses it for, but apparently WhatsApp uses it for IM communications with other app users.) "Modify system settings" is apparently (per the linked explanation from WhatsApp) the only way to get permission to read system settings. "Read Google service configuration" (again, per previous link) is used for interacting with Google services like Maps, which you can easily imagine why Uber's app would want to do.
The researcher found Uber was SENDING ALL OF THIS BACK TO UBER'S SERVERS.
Sorry for yelling, but it's an important point.
NO HE DID NOT.
Sorry for yelling, but it's an important point.
Go back and read the original GironSec blog post where he even acknowledges explicitly what he (inexcusably, IMHO) failed to do -- that others did after him and surprise! found nothing especially amiss -- before he wrote an inflammatory blog post based on supposition, conjecture and ignorance of context.
> Gregory Perry
> Chief Executive Officer
> GoVirtual Education
>
> "VMware Training Products & Services"
So I'm seeing a chain of thought like this:
"I'm a bit player in the VMware training market. I need to get my name out there somehow if I want to expand. Maybe if I can make somebody big like Scott Lowe look like an idiot... Hmmm, he's been pushing OpenBSD lately, and I bet Theo still remembers me. Maybe if I concoct a story that Lowe is complicit in some kind of subversion of OpenBSD, Theo will want to get to the bottom of it so he'll tell people about it -- and then no matter what, people will just remember that Lowe was rumored to be doing something shady."
Also, as another poster noted, government NDAs regarding something like this (which would be considered classified info) never "expire" (until the info is declassified, and then only to that extent). So this guy is either lying, or violating federal law, by making this claim. He doesn't even know that EOUSA is a parallel division of Justice, not "the parent of the FBI", so my bet is on "lying".
The IRS could have built their own website 15 years ago if they wanted, but one feels that they've gotten so cozy with HR Block, Turbotax, Legions of CPAs, etc... that they didn't want to rock the boat.
Actually, back inthe day, the IRS wanted to do exactly that, but the entire tax industry screamed "unfair competition" and threatened to sue. Ultimately the IRS agreed to not do its own tax software, but only if the industry collectively would provide free online filing to a certain increasing percentage of Americans each year.
Perhaps we should have hired the Israelis.
One of the subcontractors was Kollsman AG, a subsidiary of Israeli firm Elbit, that makes their border cameras.
A free hunk of wood or metal found laying around outside is just as good for these purposes as a wrench of any type. Plus most people have a tire iron in their trunk, that's basically "free" since it costs you nothing to dig out and apply vigorously.
I didn't say there's no waste in property taxes. I said property taxes have to exist (or some other, more-unfair scheme does). And interestingly property taxes where I live are divided up approximately the same way.
...but did they have to pick the worst possible shades of purple for the wallpaper? It's not a "light" pastel wallpaper, it's not a bright, energetic wallpaper or a deeply-, richly-colored wallpaper. It'a wallpaper that looks like it's sat in a corner fading in the sun for a year or two, at least on my screen.
One of the things I like about Windows 7/Vista is the more aesthetically-pleasing colors in the default theme compared to XP. Hell, half the reason I first installed compiz + emerald years ago was because the themes I saw in screenshots looked bright and inviting as opposed to the themes included with Ubuntu. (OK, and because the desktop cube and wobbly windows are AWESOME SQUARED.)
I have suffered similar frustrations to tux0r, most recently in trying to tweak the parameters of my xorg.conf so I could make my CRT look nicer (timings and such make a huge difference as to whether something like 1400x1050 looks good or like crap on a 17" monitor). So, xorg.conf exists, but it's barebones -- so unlike every "hard-to-use" Linux distribution I've used previously, I have to go through the extra step of generating the xorg.conf file and then editing it. How hard would it be for Ubuntu to auto-detect the hardware and then SAVE that config where it's actually tweakable?
I get the sudo thing, but there is still software out there that assumes the root account exists and has a password (I forget what it was but just recently I was installing something that made that asumption).
And finally, tux0r's point wasn't that it took hours and hours to find out about generating xorg.conf. It was that it took hours and hours to find the answers to many problems that he should not have had to deal with.
Ubuntu is very good at getting you to "good enough to use", but very bad (and getting worse) at allowing you to go past that to "works as well as it possibly can". Some of this is probably GNOME's fault, but the Ubuntu devs often seem to be of the same mindset as the GNOME team, which may be why the Kubuntu folks are starting to chafe -- I've tried Kubuntu more than once (most recently after the gdm "the old themer is dead, the new themer is yet to come" fiasco) and it does often seem to be an afterthought to Canonical.
When you pay property tax, it isn't yours anymore. You rent it.
Ridiculous. Somebody has to pay for the services that maintain your rights as a property owner -- things like police, fire, courts, etc. Property ownership does not exist in a vacuum, and somebody has to pay for those most basic social services. Thus, property tax.
Your argument is as ludicrous as suggesting that you don't own your car because you have to pay to put gas in it.
If he had read enough decent sci-fi, he'd call himself "Nick Haflinger". The similarity is striking.
This is true, but since my Debian systems typically run headless and I access them by command-line only, I can't speak for how friendly anything but Ubuntu is when using it desktop-wise.
So for desktop Linux, how does a developer get a Free app into Ubuntu's repository? And not all genres can be served well by free software. For these genres, how does a developer make a paid and non-free app available?
Ubuntu has certain non-free packages available already -- various drivers, Flash and Adobe Reader come to mind. There's a whole Ubuntu/Debian "non-free" repository for those and others.
As for how an app gets into the repo in the first place, the developer community has a review process for adding apps. There's also nothing stopping you from packaging any app you please and just providing the package on your website -- when you download a .deb, Ubuntu knows what to do with it and gives you a nice GUI installer (GDebi) when you double-click it.
> What the hell are you talking about with dependencies on a Mac? > They're built into the app.
That is certainly the propaganda.
It doesn't always work out that way.
You keep saying that, and keep failing to substantiate it with even one example. I don't own a modern (post-MacOS 7) Mac, and even I'm pretty sure you're full of it.
I would assume they will need to test against these varying OS versions and "tweaks" to ensure that they will indeed run in different end-user environments, and if so, that means developers now have to test against a myriad of targets.
No you don't. You code against the latest version of the OS since all iPhones get the upgrade when it comes out. This is unlike with Android phones where they could be running 1.5, 1.6, 2.0, 2.1, etc.
First off, the GP poster (jedidiah) who used the phrase "app store" put scare quotes around it, because he wasn't talking about the Apple App Store. He was talking about the equivalent for Android devices.
Second, even when talking about the iPhone/iPod touch, you're wrong. Apple charges for certain upgrades and many people using iPods simply don't buy them. iPhone users don't have to pay but may not bother anyway.
Although it wouldn't work as a straight tax shelter, I vaguely recall speculation when he first announced the foundation that it was intended to provide him cover to liquidate his stake in Microsoft. If I recall correctly, the foundation's initial endowment was a ginormous grant of Microsoft stock from one Mr. W. Gates. The intent was for them to liquidate it and use the proceeds. Now, the market would panic if Bill himself dumped billions of Microsoft stock all at once, but if a charitable foundation does it, the price is more likely to maintain since it's not a sign of trouble at the top. Then while the Foundation is liquidating billions, that would provide cover (and price support) for Bill to dump a few hundred mill' of his own here and there.
For this to make any sense financially, we have to posit that Gates would suffer more loss in price collapse from directly dumping his stock than giving away a huge chunk of it to cover liquidating the rest. I don't know if that's true, but it didn't seem like a completely-out-to-lunch idea.
* The QuickTake 100 was in no way limited to just 8 photos (that was the limit at maximum resolution). I had a QuickTake 150 and it had a reasonable capacity. The 200 took SmartMedia cards, so capacity was basically unlimited as it is now.
* They compare the PowerPC to Intel, as though the PowerPC represented an expensive migration from Intel processors, but forget that Macs were coming from the m68k universe, not x86 -- they were already Intel-incompatible. PowerPC Macs could run 68K Mac software, so this was the natural choice at the time.
* Their criticism of OS 9's multitasking is a tad unfair unless OS 9 was particularly worse at multitasking than OS 8. I used MacOS from System 6.1 all the way to 8 and from 7.x on it worked fine for me.
As far as I can see, if your interest in overthrowing the government is purely recreational, you're not covered by this law.
Basically we had two teams that worked closely together to serve a certain class of user requests. Team A was the team generally so tasked, and Team B (my team) was the admin team that backed them up in case of problems. Note that our duties as sysadmins were NOT to serve user requests, but to fix broken things and set up new things. Basically if it didn't involve server hardware or OS issues, it wasn't our job.
One of our guys, way, way back in the days before Team A existed and this stuff was our job, wrote himself a set of scripts to automate these tasks. When Team A was created, he handed them over, strictly out of a desire to be helpful and with absolutely no commitment to maintain them or guarantee that they even worked, with the understanding that Team A was responsible for doing things manually if needed. But over time and with high turnover, the stipulations were forgotten and Team A came to believe that if the scripts didn't work or they didn't have the appropriate script for the task, they were to refer the user request to us.
As it happened, this was becoming an issue right as a lot of our team were moving on to a new contract. So I stood up and said "hey guys, we don't have the bodies any more to do your jobs too". Team A's management got passive-aggressive -- they'd wait till the ticket clock was about to expire, then refer the tickets to us so we had to fill the request or provide a reason why we weren't able to in time. Ultimately I demanded and got a conference call in which Team A's management admitted (after it being made clear that the scripts were not an officially-sanctioned tool and did not absolve them of manual effort if needed) that they actually had no idea what was involved in serving these requests, so they couldn't do them manually.
Oh, by the way, Manager A, the customer's CISO is on this call. Oops.
Honestly, though, there was no good solution. We could just keep referring tickets forever, and both teams would look bad; I could do what I did, and piss off Team A; or I could have let them dump their work on our team, which then would have major impact on us and the customer. Ultimately option 2 had the advantage of both protecting my team and conforming to the documented procedures.
And it only makes sense nowadays to have a couple larger servers hosting a bunch of virtual machines for mundane things. They would be wise to do that no matter what OS they run, and that more than anything is why you can cut down on the number of physical machines that are installed.
So much this. The latest virtual-desktop stuff from VMware is pretty spiffy. It really is now possible to run both useful virtual servers and useful virtual desktops, and at the same time simplify all the support infrastructure (backups, AV, server/desktop config control, etc.) considerably. A couple of 5U PowerEdge servers running vSphere can probably do everything a 230-student school needs quite handily.
It also would be nice in this instance especially as it would allow students to flip effortlessly back and forth between a Linux-desktop VM and a Windows-desktop VM -- because let's face it, Office and Windows are not going away anytime soon, and students need to be at least minimally conversant with them if they're going to survive in the modern computing world.