Indeed. I should have been more explicit in my message: the wad of cash and the brass knuckles were colorful examples, but the real threat comes from peer pressure within the family, even more so because it is most often implicit.
(There is a scene in an Astérix comic book: the village must vote between its current (male) chief and a woman; the Druid explains the secret ballot procedure, the woman candidate proposes a show of hand, and then a show of hand to decide if the actual vote will be by a show of hand; all the women raise their hand for the show of hand, and when the men want to raise theirs for the secret ballot, a dark look from their wives stops them. It loses a lot of its funny if you think about the actual reality of domestic abuse that is being parodied and that usually goes the other way around, but I think it illustrate how important and tricky the secret ballot is.)
You are completely missing the point. All the cryptography and the blockchains and the secure protocols in the world can not detect if someone is standing behind the computer with a wad of cash (vote buying) or brass knuckles (coercion) and checking that you are voting right.
One of the core features of the secret ballot is the voting booth, where the voter is alone to do the final choice, with official oversight.
Of course, the privacy of the voting booth is not perfect, it is weakened by all sorts of features, from absentee voting to tolerating children in the booth with their parent. But it is still the norm for most voters and is way more solid than a situation where the norm would be to vote from home.
Vote-by-mail, or any system where there is no voting booth with official overseer, lacks anonymity.
Voters need the right of keeping their vote secret, but that is not enough. If voters can show who they voted for, they can be intimidated or otherwise induced into voting for someone in particular. They can of course say who they voted for, but they cannot be allowed to prove it to someone else.
That is what the voting booth is for. With generalized vote-by-mail, we would see much more vote buying and small-scale intimidation such as “vote for my stepbrother if you want to keep your job”.
I am surprised that so few people make that connection when the issue arises.
Yes, just typing, and in a matter of seconds. Just typing: no seeing what you type, no knowing the keyboard layout, no knowing the user interface running, nothing except keys blindly. As was already pointed out by numerous persons before you posted your duplicated comment, this would work on lusers computers left to the default values. A rather costly attack (requires hardware and physical presence) that can only work generically on the most worthless of targets. Not really worrying. (Of course, for targeted attack, that is another story entirely.)
Well, I suppose I shall expect still half a dozen of similar comments from self-styled geeks that are so proud to know the default keyboard shortcut for running a command on the only OS and desktop environment they know.
But “most OSes have” is not commutative: for most OSes, there may be a key, but there is no single key common to all OSes and user environment. So basically, without feedback, you can expect to take over microsoft's gaming environment, nothing more. There are bigger security holes in it.
Well, they need their car to be indestructible and make sure that guns and violence do not work inside them. No need to sedate the occupants, it is called “temporal grace”. I guess the next Volvo cars will all be blue and boxish.
There is another point to consider: at the beginning, there was a lot to do, including easy stuff. You only had to know well a subject and be the first to write the article. Nowadays, almost everything is already written. To make a significant contribution, you would have to be an expert on an obscure topic.
I do not see the word “albedo” in this article. This is worrying. A lot of ecologist militant consider solar and wind energy as free energy just there for the taking. This is mostly true, but not entirely true.
Covering a large area of land with solar panels (even assuming they are thermal panels, not too fragile and with not too much fabrication byproducts) would change the albedo of that area, i.e. the proportion of solar light that is reflected by the ground. This will in turn change the climate of the area, and if the area is large enough, change the climate of the whole planet by changing the trade winds. It is entirely possible that in this particular instance the change would be for the good, but it is very hard to predict.
The same applies to large farms of wind turbines: they capture energy from the wind, and therefore weaken prevailing winds. Any large-scale localized change to elements of the climate has very complex consequences.
My user experience is that they threw something that worked for something that does not always (systemd does not work for me; failures to handle NFS mounts, etc, many little crap that does not matter that much expect: it worked before, correcting them was ununderstandably painy).
Basically, you found a bug in systemd, or possibly a bug in your distribution's use of systemd caused by a misfeature in systemd. That happens, especially with new versions that present major evolutions. Software can not be bug-free out of the box, it needs thousands, millions of users to explore all the corner cases. You had the correct reflex: you fixed the bug. Well done (no sarcasm intended)! But did you also report the bug upstream, so that the next person will find it less ununderstandably painful?
Unfortunately, that is not what some people do. Some people find a bug in systemd, or just hear rumors that there are bugs in systemd that may affect them, and so they decide to stick th SySV init. Fine. But they also demand support for their choice. They demand that new versions of distributions allow using SySV init, they demand that new versions of unrelated software, like KDE in this topic, work without systemd.
I will now be addressing these people: you, from now on, does not mean yeupou but these people.
First of all, you can not demand anything: you are users of Libre Software, probably gratis. You take it or leave it. You can make suggestions, express wishes, preferably politely, but in the end, you take what is offered and hopefully say “thank you”. Or you leave it, switch to proprietary commercial software, become a paying customer and find out that unless you are a major paying customer you still can not make demands, they will just be more unctuous about it.
There are a lot of bugs in systemd, there is no doubt about it. Most young software have a lot of bugs, and systemd is still very young. Or you can consider it as a new version of the software called “init system” that is a full rewrite: full rewrites also have a lot of bugs. But full rewrites are necessary in the lifetime of software, otherwise they are stuck with antiquated design flaws. As a full rewrite, systemd has a much better design than SySV init. This is not saying much: SySV init is made of a bunch of shell scripts; anything would be a better design. A better design means that in the long run, it will have much less bugs, much more features.
In the meantime, there are bugs. If one affects you, it is bad luck, because a new version is not released as stable unless it works for most people. Bad luck happens, we can only make the best of it.
If it is urgent, you can stick to the old version, the one that did work for you, of course. But that is only a temporary solution. Sticking to an old version of one software possibly implies the same for any software that depends on it. With a core component such as the system monitoring infrastructure, that will eventually mean everything, including the hardware. That is not sustainable.
As a user of gratis Libre Software, you are supposed to give back to the community. The first and foremost way to do that is to help fixing bugs. So if there a bug in systemd that forces you to temporarily stick to an older version, you are expected to file a good bug report. Otherwise, the bug may never get fixed. And if it takes too much time to your taste, then you install a virtual machine, you fire up your text editor and your compiler and you get to work fixing it yourself.
People who only whine and insult and never give back to the community only deserve to be mocked or ignored. People who help, as much as their means allow however small that is, deserve to be helped back.
There is a basic principle that drives the evolution of Libre Software, or at least the majority of it that is developed by a community:
Developers have the final say.
Developers make technical decisions based on technical merits and usability decisions based on their own use of the software, because they usually use their own software. They do not kowtow to the whims of a client or a commercial director.
Arguably, systemd itself is developed under the aegis of a single company, not a community. But KDE is undoubtedly a community project, and so are Debian and the other distributions that chose to switch to systemd. They did so not because they were compelled nor because Lennart Poettering brainwashed them them, but because, from the height of their technical expertise, they consider that systemd makes their task easier while respecting, or possibly even furthering, their usability goals.
As for the anti-systemd crowd Well, I know a few that develop and promote radically different system monitoring architectures, and they have valid arguments against systemd. As for the others, show us the code.
Once again, I did not propose to replace the broken CA system by anything resembling.ssh/known_hosts, that makes more than half your long messages irrelevant.
Absolutely not. My argument is that the TLS authentication architecture is broken beyond repair.
The SSH authentication system does not scale, but it is sound, and it could be made to scale without changing the base principle. The TLS authentication can not be repaired without changing it from the core.
Sorry, but it does not work. People who manage SSH servers know what a private key is, they treat it as a precious file and keep it when, for example, restoring from a hardware failure. Only when the key is compromised do they change it. If they are really serious about it will even distribute the fingerprint along with other necessary information when opening new accounts. You can verify it carefully, and then it is once and for all in the known_hosts file.
People who manage HTTPS sites, on the other hand, do not know what a private key is, or act like it. Websites change their keys every other day, have dozens of AJAX servers all with different keys, and sometimes even have different keys for different servers acting as round-robin for the same domain name. Checking all of them manually utterly impractical. And browsers do not even have an interface to manage that easily. Worse: IIRC, browsers do not even have an interface to check certificates for AJAX requests, they just fail silently.
Slashdot Mirror
Sorry, go back to high school: “increase [...] by 330 percent” means 4.3 faster.
Rounding 3.3 to three would have been acceptable.
People should stop using variation percentages outside the range -50% – +100%, i.e. ÷2 – ×2. They always get it wrong.
And why does /. eats U+2212 MINUS SIGN?
Indeed. I should have been more explicit in my message: the wad of cash and the brass knuckles were colorful examples, but the real threat comes from peer pressure within the family, even more so because it is most often implicit.
(There is a scene in an Astérix comic book: the village must vote between its current (male) chief and a woman; the Druid explains the secret ballot procedure, the woman candidate proposes a show of hand, and then a show of hand to decide if the actual vote will be by a show of hand; all the women raise their hand for the show of hand, and when the men want to raise theirs for the secret ballot, a dark look from their wives stops them. It loses a lot of its funny if you think about the actual reality of domestic abuse that is being parodied and that usually goes the other way around, but I think it illustrate how important and tricky the secret ballot is.)
You are completely missing the point. All the cryptography and the blockchains and the secure protocols in the world can not detect if someone is standing behind the computer with a wad of cash (vote buying) or brass knuckles (coercion) and checking that you are voting right.
One of the core features of the secret ballot is the voting booth, where the voter is alone to do the final choice, with official oversight.
Of course, the privacy of the voting booth is not perfect, it is weakened by all sorts of features, from absentee voting to tolerating children in the booth with their parent. But it is still the norm for most voters and is way more solid than a situation where the norm would be to vote from home.
Puritanians*: always ten years ahead of their twenty-years lag.
* Because we need a name for the nameless and demonymless country between Canada and Mexico; “United States of Puritania” it is.
Vote-by-mail, or any system where there is no voting booth with official overseer, lacks anonymity.
Voters need the right of keeping their vote secret, but that is not enough. If voters can show who they voted for, they can be intimidated or otherwise induced into voting for someone in particular. They can of course say who they voted for, but they cannot be allowed to prove it to someone else.
That is what the voting booth is for. With generalized vote-by-mail, we would see much more vote buying and small-scale intimidation such as “vote for my stepbrother if you want to keep your job”.
I am surprised that so few people make that connection when the issue arises.
Two mistakes in your message:
“Don't need to know the keyboard layout”: how do you type the ‘m’ in “cmd” on an AZERTY keyboard?
“Arbitrary code”: no, only code that is already present on the computer. Typing binaries with just the keyboard and generic software is tricky.
Yes, just typing, and in a matter of seconds. Just typing: no seeing what you type, no knowing the keyboard layout, no knowing the user interface running, nothing except keys blindly. As was already pointed out by numerous persons before you posted your duplicated comment, this would work on lusers computers left to the default values. A rather costly attack (requires hardware and physical presence) that can only work generically on the most worthless of targets. Not really worrying. (Of course, for targeted attack, that is another story entirely.)
Well, I suppose I shall expect still half a dozen of similar comments from self-styled geeks that are so proud to know the default keyboard shortcut for running a command on the only OS and desktop environment they know.
But “most OSes have” is not commutative: for most OSes, there may be a key, but there is no single key common to all OSes and user environment. So basically, without feedback, you can expect to take over microsoft's gaming environment, nothing more. There are bigger security holes in it.
Read the other replies before posting the same thing.
So it works in certain cases with a lot of assumptions. Exactly what I was saying.
What's a “start button”? :-
And to wonkey_monkey: what would “òcmd” achieve? “ò” is the character that XTerm generates with win-R.
To achieve anything, you need either feedback (“see through a window”) or strong assumptions about the user interface currently running.
“It would take a matter of seconds for the attacker's code to load a rootkit, malware or additional network access.”
Really? With just keystrokes and mouse moves? With no feedback about where the keystrokes and clicks end up?
For a particular target, a way can probably be devised, but it will most likely be slow and visible. And not work with the next target.
Injecting keys is clearly a security flaw with severe consequences, but over-hyping it is unproductive.
Someone should teach the IRS never to use variation percentages outside the -50% – +100% range.
And unsurprisingly, they got it wrong: “1,026 up from 254 from a year earlier”, that makes roughly ×4, i.e. +300%; +400% is ×5.
Well, it could just be just the journalist that sucks at maths. At the very least, he did not check the figures.
Well, they need their car to be indestructible and make sure that guns and violence do not work inside them. No need to sedate the occupants, it is called “temporal grace”. I guess the next Volvo cars will all be blue and boxish.
There is another point to consider: at the beginning, there was a lot to do, including easy stuff. You only had to know well a subject and be the first to write the article. Nowadays, almost everything is already written. To make a significant contribution, you would have to be an expert on an obscure topic.
I do not see the word “albedo” in this article. This is worrying. A lot of ecologist militant consider solar and wind energy as free energy just there for the taking. This is mostly true, but not entirely true.
Covering a large area of land with solar panels (even assuming they are thermal panels, not too fragile and with not too much fabrication byproducts) would change the albedo of that area, i.e. the proportion of solar light that is reflected by the ground. This will in turn change the climate of the area, and if the area is large enough, change the climate of the whole planet by changing the trade winds. It is entirely possible that in this particular instance the change would be for the good, but it is very hard to predict.
The same applies to large farms of wind turbines: they capture energy from the wind, and therefore weaken prevailing winds. Any large-scale localized change to elements of the climate has very complex consequences.
Do not confuse “point of view” and “troll”.
My user experience is that they threw something that worked for something that does not always (systemd does not work for me; failures to handle NFS mounts, etc, many little crap that does not matter that much expect: it worked before, correcting them was ununderstandably painy).
Basically, you found a bug in systemd, or possibly a bug in your distribution's use of systemd caused by a misfeature in systemd. That happens, especially with new versions that present major evolutions. Software can not be bug-free out of the box, it needs thousands, millions of users to explore all the corner cases. You had the correct reflex: you fixed the bug. Well done (no sarcasm intended)! But did you also report the bug upstream, so that the next person will find it less ununderstandably painful?
Unfortunately, that is not what some people do. Some people find a bug in systemd, or just hear rumors that there are bugs in systemd that may affect them, and so they decide to stick th SySV init. Fine. But they also demand support for their choice. They demand that new versions of distributions allow using SySV init, they demand that new versions of unrelated software, like KDE in this topic, work without systemd.
I will now be addressing these people: you, from now on, does not mean yeupou but these people.
First of all, you can not demand anything: you are users of Libre Software, probably gratis. You take it or leave it. You can make suggestions, express wishes, preferably politely, but in the end, you take what is offered and hopefully say “thank you”. Or you leave it, switch to proprietary commercial software, become a paying customer and find out that unless you are a major paying customer you still can not make demands, they will just be more unctuous about it.
There are a lot of bugs in systemd, there is no doubt about it. Most young software have a lot of bugs, and systemd is still very young. Or you can consider it as a new version of the software called “init system” that is a full rewrite: full rewrites also have a lot of bugs. But full rewrites are necessary in the lifetime of software, otherwise they are stuck with antiquated design flaws. As a full rewrite, systemd has a much better design than SySV init. This is not saying much: SySV init is made of a bunch of shell scripts; anything would be a better design. A better design means that in the long run, it will have much less bugs, much more features.
In the meantime, there are bugs. If one affects you, it is bad luck, because a new version is not released as stable unless it works for most people. Bad luck happens, we can only make the best of it.
If it is urgent, you can stick to the old version, the one that did work for you, of course. But that is only a temporary solution. Sticking to an old version of one software possibly implies the same for any software that depends on it. With a core component such as the system monitoring infrastructure, that will eventually mean everything, including the hardware. That is not sustainable.
As a user of gratis Libre Software, you are supposed to give back to the community. The first and foremost way to do that is to help fixing bugs. So if there a bug in systemd that forces you to temporarily stick to an older version, you are expected to file a good bug report. Otherwise, the bug may never get fixed. And if it takes too much time to your taste, then you install a virtual machine, you fire up your text editor and your compiler and you get to work fixing it yourself.
People who only whine and insult and never give back to the community only deserve to be mocked or ignored. People who help, as much as their means allow however small that is, deserve to be helped back.
There is a basic principle that drives the evolution of Libre Software, or at least the majority of it that is developed by a community:
Developers have the final say.
Developers make technical decisions based on technical merits and usability decisions based on their own use of the software, because they usually use their own software. They do not kowtow to the whims of a client or a commercial director.
Arguably, systemd itself is developed under the aegis of a single company, not a community. But KDE is undoubtedly a community project, and so are Debian and the other distributions that chose to switch to systemd. They did so not because they were compelled nor because Lennart Poettering brainwashed them them, but because, from the height of their technical expertise, they consider that systemd makes their task easier while respecting, or possibly even furthering, their usability goals.
As for the anti-systemd crowd Well, I know a few that develop and promote radically different system monitoring architectures, and they have valid arguments against systemd. As for the others, show us the code.
The Senate Intelligence Committee has published its report: it did not find any trace of intelligence in the US senate.
Why would the Middleman do that? The HEYDAR can already tap into the police networks and cameras directly.
$1m? A tenth of cent? That is not much. $1M would have been more worrying.
Once again, I did not propose to replace the broken CA system by anything resembling .ssh/known_hosts, that makes more than half your long messages irrelevant.
Absolutely not. My argument is that the TLS authentication architecture is broken beyond repair.
The SSH authentication system does not scale, but it is sound, and it could be made to scale without changing the base principle. The TLS authentication can not be repaired without changing it from the core.
Sorry, but it does not work. People who manage SSH servers know what a private key is, they treat it as a precious file and keep it when, for example, restoring from a hardware failure. Only when the key is compromised do they change it. If they are really serious about it will even distribute the fingerprint along with other necessary information when opening new accounts. You can verify it carefully, and then it is once and for all in the known_hosts file.
People who manage HTTPS sites, on the other hand, do not know what a private key is, or act like it. Websites change their keys every other day, have dozens of AJAX servers all with different keys, and sometimes even have different keys for different servers acting as round-robin for the same domain name. Checking all of them manually utterly impractical. And browsers do not even have an interface to manage that easily. Worse: IIRC, browsers do not even have an interface to check certificates for AJAX requests, they just fail silently.