I'm pretty sure it was Microwindows that they came down on. I don't recall the X Window System ever being officially called "X Windows", though, of course, everyone calls it that. Feel free to cite to the contrary ofc.
Of course, he said " people like me who run the XFCE spin". Then you linked to the xfce spin.
And the answer is yes, and gone over in the article- ipv6 ping, newer versions of compilers ( https://gcc.gnu.org/gcc-6/chan... ), new open source codec, and I think the greater Unicode support will affect us in XFCE land.
I will tell you what Fedora version I plan to skip: whatever initially switches us to Wayland. That will be a guaranteed shit-show, and a good call to avoid upgrading for a few months. But 24 is solid methinks.
I dislike systemd and would replace it if it were easy, which it is not. It is not a dealbreaker for me. I feel all the systemd complaints would vanish in an instant if Devuan spun up for real, or if any one solid distro clearly decided to avoid systemd, or at least support those who don't want to deal with it.
I grouse about pulseaudio but stop shy of levying true hate on it. It does some things very well, I just get ticked when it is randomly incompatible, confused, or decides that one entire core is just for it, for some reason. These errors happen, but not that often. I think it is because it is still newish tbh.
GNOME? I despise. I will never willingly use it. But, it's very easy for me to use XFCE (or another desktop) in Fedora. Just like, super easy. So in this case, I have no complaints.
When I come to a slashdot thread about any thing related to RedHat, there's some systemd hate. Quite honestly, it gets old. Yea yea I don't like it either. That doesn't mean that literally every thread about some cool new thing RedHat did, and especially every thread about Fedora, needs to be people bitching about GNOME and systemd. I'll be running Fedora Core 24 within hours or days (I'll check to make sure everyone else running the same nvidia drivers as me is doing ok, then upgrade), and I'd like to hear people talk about the features sometimes, instead of being drowned out by the same no-news fools. Slashdot will make a systemd topic, or a GNOME topic, and you can shit that up. Maybe I'll join you! But gtfo with every linux topic, most especially every Fedora topic, being this same shit.
Well, I guess they decided to target at least one amendment in this shitstorm, and if the 2nd can't be infringed, they'll settle for that old punching bag, the 4th.
> The GOP has unbound delagates which is the same thing as superdelagates.
It is *kind of* like superdelegates. I mean, they aren't bound, but they are (1) elected, usually after pledging to support a candidate and (2) less than 10% of the total vote.
The Democrat version is around 18% of the total vote, and are not elected for the position.
If you want to play on a private server, go ahead. There's plenty of them.
But if you want to play on a full Blizzard server, then you need a whole datacenter tracking MANY players, that's multiple machines, not just one, all interconnected. That's the world of warcraft- millions of players who can communicate instantly, and interact in game instantly. The reason everyone is connecting to these datacenters is because they provide a service you can't repeat locally. It's not about upload bandwidth, it is about latency, and a distributed network is inherently terrible at that. It is very much about processing power, and RAM, and these are serious machines all hooked together doing that to support that many players.
Just think about designing it for a second- if I move my character from X to Y, on the live system my client tells the wow server what I did, which validates it (so I'm not teleport hacking), updates its internal state, figures out which players are close to me, and then sends data needed to draw my character to them. This means that your client doesn't need to know the whole of the world, it just needs the section you can see, etc.
Now try this distributed. Every distributed node needs a constant copy of the world, and all must be in sync. You need a way to figure out how to resolve disputes, and if some of the nodes are compromised you need to find a way to figure that out. You have the same problems that bitcoin does, but you need to do it instantly and simultaneously. It's laughable.
Even if these games were cracked- and effectively, some are, such as the ability to play WoW on a server your friend sets up, trivially- the issue here is that almost all the gameplay is completely online, for real reasons, such as needing to play with people who are not in the same room as you. Yes, yes, your point has some merit- for instance, for the Diablo 3 campaign, or the Starcraft campaign- but overall, its silly, because the multiplayer parts of these games are huge. Hearthstone is just a multiplayer card game, there's basically nothing else. Starcraft is primarily a set of online matches with other players. WoW is entirely online. Etc.
Right now, you can easily create any number of profiles, and you can automate them with scripting if you are a weapons-grade shill. Someone who keeps their site as shillfree as possible has additional tools, such as looking at the IP and browser-sent metadata. Someone who doesn't do that is already helpless before existing tech.
So it doesn't change the game in that department at all, nor does it escalate some fight. This is just to make your life easier. It doesn't make the life of sock puppeteers easier.
You're asking the wrong question. You block everything, default deny. The question is, how long will it take you to turn on just the things you need?
And of course, I'm not suggesting that you personally need to do this. But the fact is, there's plenty of machines that operate under this model, which definitely reduces the risk of this potential attack. It doesn't eliminate it, however.
> If you built it out of Intel chips
I do mention this. But firewalls are not always built out of Intel chips, and they are definitely not all built out of the ones with ME built in. Firewalls don't need to even be running x86 stuff normally either- there's a great deal of diversity in these solutions.
> A firewall's rules and logging don't mean squat when the firmware on the hardware under the firewall's processor intercept and forward the packets themselves and don't bother to mention it to their victim.
Again, if this was happening it would have been noticed. There's fully open hardware in the firewall arena. If a hardware firewall exists that secretly passes certain packets from WAN to LAN, that's a serious violation, and possibly even a criminal one. If you are saying that you can't trust the software firewall on your machine because the ME could issue packets raw on the LAN, yes, of course that is an issue. But a software firewall is never good enough alone, as Microsoft proved by shoving packets in and out that ignore admin configured networking.
Again, the ME is a risk- definitely- but there are possible mitigations for an ME bug (or backdoor) that you can take today, and they happen to be the same mitigations you are already doing for all the other potential risks.
> Are you logigng every outgoing packet and watching the logs for it?
Not at the moment, but someone is. I've certainly spent some time watching all the goddamned traffic at times. Most importantly, many high value machines are behind aggressive firewalls that would default deny this, and log it. Someone would have seen it, and even if it was hidden well enough, it would assuredly be blocked from many critical machines, greatly reduces the risk of such a backdoor.
But seriously yes, someone would have seen it long before now.
>How would you differentiate it from any other encrypted connection
It would be the one going to a place that makes no fucking sense. Many machines are hooked to firewalls configured to only allow certain packets- if these guys randomly pooped out some exploit packet, it would have been noticed. In commercially sensitive environments and military environments, the logging can be utterly complete, with anomalies explained.
This really isn't a concern. You may not be looking, but you could. Someone is always looking though, packets can't be hidden. Blessedly.
> We know the feature is there. They ADVERTISE and SELL tools to use it to their corporate customers.
Right, but the advertised feature is not the concern. You can turn it off (fuck, it's usually off, you have to browse forums and shit to turn it on), and you can trivially block all the packets in question. The concern would be that, inside it is a backdoor or bug. That's a valid concern, but not the one about every computer periodically checking into a command and control sever. If you were looking to hide something, it would have some special packet that, if seen, triggers the backdoor.
AMD has the "Platform Security Processor" which is the equivalent of the management engine, with similar restrictions.
It's still a fair bet to go to AMD if you are seeking to reduce your attack profile: if it requires some amount of effort X to own Intel and some equivalent amount of effort Y, with Y~=X, then there are some subset of potential attackers that would be willing to pay X to attack the large fleet of Intels, but not Y for the smaller flet of AMDs.
I don't think you need to really even mention that as a possibility.
What if the RSA key is solved? It's not impossible, after all, and if the keys to so many kingdoms are there... Ok, so lets assume that's effectively impossible. It is a really big key, after all. What if the RSA private key is stolen? What if it is leaked? Now we are relying on Intel's internal security. I'm sure it is top notch, but we are talking about a really valuable number here. When a code update gets signed, there is the possibility of a technical attack on the signing machine, etc. What if the RSA private key is compelled as a release? Perhaps some foreign government makes Intel a deal they can't refuse.
If you can't think of a case when ANY of these could happen, pretend that there is a war. Something that can damage civil infrastructure in this way could definitely help our enemies, be it backdoor or glitch or exploit or whatever.
> How about if the machine, once connected to the net, "phones home", bypassing NAT and most firewalls?
We'd see this. This is not a concern.
> How about if they just send you some packets over the internet?
A possible exploit or backdoor could be triggered this way. The workaround would be a really aggro firewall, but even then you'd have to be sure you were running it on something auditable if this was your concern.
The thing is, yours and the other examples of subsystems are just that- subsystems. They don't represent the same potential for disaster that something inside every intel chip does. If your DVD has an exploit by accident or a backdoor on purpose, the odds are really good that mine doesn't, and vice versa.
And one more thing- Intel could offer to sign their code for them, or offer a version that is minimal, inspectable, and signed. Or they could not have the chips power off after awhile if they can't see the code running. Intel could solve this for them a bunch of ways.
You aren't quite getting it. He wants to run software he trusts and can audit. This used to be possible- you can still run the existing libreboot stuff on older chips. The new chips only run the Intel Mystery Engine code that can't be inspected and could do gods-know-what.
Who cares! Yes, obviously, this is crap. But these arbitration clauses are becoming OMNIPRESENT. The faster this happens, the faster we can fix it through judicial or legislative means. Right now the belief seems to be that arbitration clauses are present to prevent malicious legal nonsense, but it is becoming more and more clear that they are a way to get away with bad behavior without the courts being able to help. I seriously doubt that, long term, the legal system will be ok with a set of private laws that exist solely to fuck customers. So sure, dive in, go ahead, make everything have it. It just hastens the inevitable point when this kind of shit hits a tipping point of nonsense.
If you want this now, you can have it. Simply have more than one profile, and tell the browser to start with a new instance using the new profile. This lets you make shortcuts / launchers / whatever that can be entirely separate, even if using the same browser.
For instance, I have two launchers for pale moon, one for general browsing, and another for email:
The first is the default with the "-new-instance" flag: palemoon %u -new-instance The second specifies a different profile: palemoon -profile "/home/cfalcon/.moonchild productions/email_only" -new-instance
You can make as many of these as you like, and the action of "making a new profile" is just mkdir, and then point it to the new directory. You can also set a different theme in each profile, allowing you to know at a glance what is what.
Chrome has a similar feature: google-chrome --profile-directory=(whatever)
The topic of the article is probably a way to make this easier. The method will definitely be less secure to some degree, but as long as they don't remove the existing standard way of doing things, it will improve privacy for people who can't be arsed to set it up the current way.
My point mostly is, they wouldn't be posting on slashdot. If you don't care about ads, then you see them everywhere and lie to yourself that they don't matter. If you do care about ads, then you have ublock origin (or some other adblock program). The people in transition shouldn't take very long to pupate from the former to the latter. You google anything about blocking ads, and a link to an adblocker or discussion thereof is on the first page. Transition time: less than two minutes.
Slashdot Mirror
I'm pretty sure it was Microwindows that they came down on. I don't recall the X Window System ever being officially called "X Windows", though, of course, everyone calls it that. Feel free to cite to the contrary ofc.
No, the headline is correct. "Machines" is plural noun, pairs with plural verb "are".
"One in three" is as singular as .333 is as singular as one thousand- not at all.
Of course, he said " people like me who run the XFCE spin". Then you linked to the xfce spin.
And the answer is yes, and gone over in the article- ipv6 ping, newer versions of compilers ( https://gcc.gnu.org/gcc-6/chan... ), new open source codec, and I think the greater Unicode support will affect us in XFCE land.
I will tell you what Fedora version I plan to skip: whatever initially switches us to Wayland. That will be a guaranteed shit-show, and a good call to avoid upgrading for a few months. But 24 is solid methinks.
This also pisses me off.
I dislike systemd and would replace it if it were easy, which it is not. It is not a dealbreaker for me. I feel all the systemd complaints would vanish in an instant if Devuan spun up for real, or if any one solid distro clearly decided to avoid systemd, or at least support those who don't want to deal with it.
I grouse about pulseaudio but stop shy of levying true hate on it. It does some things very well, I just get ticked when it is randomly incompatible, confused, or decides that one entire core is just for it, for some reason. These errors happen, but not that often. I think it is because it is still newish tbh.
GNOME? I despise. I will never willingly use it. But, it's very easy for me to use XFCE (or another desktop) in Fedora. Just like, super easy. So in this case, I have no complaints.
When I come to a slashdot thread about any thing related to RedHat, there's some systemd hate. Quite honestly, it gets old. Yea yea I don't like it either. That doesn't mean that literally every thread about some cool new thing RedHat did, and especially every thread about Fedora, needs to be people bitching about GNOME and systemd. I'll be running Fedora Core 24 within hours or days (I'll check to make sure everyone else running the same nvidia drivers as me is doing ok, then upgrade), and I'd like to hear people talk about the features sometimes, instead of being drowned out by the same no-news fools. Slashdot will make a systemd topic, or a GNOME topic, and you can shit that up. Maybe I'll join you! But gtfo with every linux topic, most especially every Fedora topic, being this same shit.
Well, I guess they decided to target at least one amendment in this shitstorm, and if the 2nd can't be infringed, they'll settle for that old punching bag, the 4th.
> The GOP has unbound delagates which is the same thing as superdelagates.
It is *kind of* like superdelegates. I mean, they aren't bound, but they are (1) elected, usually after pledging to support a candidate and (2) less than 10% of the total vote.
The Democrat version is around 18% of the total vote, and are not elected for the position.
If you want to play on a private server, go ahead. There's plenty of them.
But if you want to play on a full Blizzard server, then you need a whole datacenter tracking MANY players, that's multiple machines, not just one, all interconnected. That's the world of warcraft- millions of players who can communicate instantly, and interact in game instantly. The reason everyone is connecting to these datacenters is because they provide a service you can't repeat locally. It's not about upload bandwidth, it is about latency, and a distributed network is inherently terrible at that. It is very much about processing power, and RAM, and these are serious machines all hooked together doing that to support that many players.
Just think about designing it for a second- if I move my character from X to Y, on the live system my client tells the wow server what I did, which validates it (so I'm not teleport hacking), updates its internal state, figures out which players are close to me, and then sends data needed to draw my character to them. This means that your client doesn't need to know the whole of the world, it just needs the section you can see, etc.
Now try this distributed. Every distributed node needs a constant copy of the world, and all must be in sync. You need a way to figure out how to resolve disputes, and if some of the nodes are compromised you need to find a way to figure that out. You have the same problems that bitcoin does, but you need to do it instantly and simultaneously. It's laughable.
Even if these games were cracked- and effectively, some are, such as the ability to play WoW on a server your friend sets up, trivially- the issue here is that almost all the gameplay is completely online, for real reasons, such as needing to play with people who are not in the same room as you. Yes, yes, your point has some merit- for instance, for the Diablo 3 campaign, or the Starcraft campaign- but overall, its silly, because the multiplayer parts of these games are huge. Hearthstone is just a multiplayer card game, there's basically nothing else. Starcraft is primarily a set of online matches with other players. WoW is entirely online. Etc.
Right now, you can easily create any number of profiles, and you can automate them with scripting if you are a weapons-grade shill. Someone who keeps their site as shillfree as possible has additional tools, such as looking at the IP and browser-sent metadata. Someone who doesn't do that is already helpless before existing tech.
So it doesn't change the game in that department at all, nor does it escalate some fight. This is just to make your life easier. It doesn't make the life of sock puppeteers easier.
> Again, how would you know what to block?
You're asking the wrong question. You block everything, default deny. The question is, how long will it take you to turn on just the things you need?
And of course, I'm not suggesting that you personally need to do this. But the fact is, there's plenty of machines that operate under this model, which definitely reduces the risk of this potential attack. It doesn't eliminate it, however.
> If you built it out of Intel chips
I do mention this. But firewalls are not always built out of Intel chips, and they are definitely not all built out of the ones with ME built in. Firewalls don't need to even be running x86 stuff normally either- there's a great deal of diversity in these solutions.
> A firewall's rules and logging don't mean squat when the firmware on the hardware under the firewall's processor intercept and forward the packets themselves and don't bother to mention it to their victim.
Again, if this was happening it would have been noticed. There's fully open hardware in the firewall arena. If a hardware firewall exists that secretly passes certain packets from WAN to LAN, that's a serious violation, and possibly even a criminal one. If you are saying that you can't trust the software firewall on your machine because the ME could issue packets raw on the LAN, yes, of course that is an issue. But a software firewall is never good enough alone, as Microsoft proved by shoving packets in and out that ignore admin configured networking.
Again, the ME is a risk- definitely- but there are possible mitigations for an ME bug (or backdoor) that you can take today, and they happen to be the same mitigations you are already doing for all the other potential risks.
> ORLY?
YARLY
> Are you logigng every outgoing packet and watching the logs for it?
Not at the moment, but someone is. I've certainly spent some time watching all the goddamned traffic at times. Most importantly, many high value machines are behind aggressive firewalls that would default deny this, and log it. Someone would have seen it, and even if it was hidden well enough, it would assuredly be blocked from many critical machines, greatly reduces the risk of such a backdoor.
But seriously yes, someone would have seen it long before now.
>How would you differentiate it from any other encrypted connection
It would be the one going to a place that makes no fucking sense. Many machines are hooked to firewalls configured to only allow certain packets- if these guys randomly pooped out some exploit packet, it would have been noticed. In commercially sensitive environments and military environments, the logging can be utterly complete, with anomalies explained.
This really isn't a concern. You may not be looking, but you could. Someone is always looking though, packets can't be hidden. Blessedly.
> We know the feature is there. They ADVERTISE and SELL tools to use it to their corporate customers.
Right, but the advertised feature is not the concern. You can turn it off (fuck, it's usually off, you have to browse forums and shit to turn it on), and you can trivially block all the packets in question. The concern would be that, inside it is a backdoor or bug. That's a valid concern, but not the one about every computer periodically checking into a command and control sever. If you were looking to hide something, it would have some special packet that, if seen, triggers the backdoor.
AMD has the "Platform Security Processor" which is the equivalent of the management engine, with similar restrictions.
It's still a fair bet to go to AMD if you are seeking to reduce your attack profile: if it requires some amount of effort X to own Intel and some equivalent amount of effort Y, with Y~=X, then there are some subset of potential attackers that would be willing to pay X to attack the large fleet of Intels, but not Y for the smaller flet of AMDs.
I don't think you need to really even mention that as a possibility.
What if the RSA key is solved? It's not impossible, after all, and if the keys to so many kingdoms are there...
Ok, so lets assume that's effectively impossible. It is a really big key, after all.
What if the RSA private key is stolen? What if it is leaked? Now we are relying on Intel's internal security. I'm sure it is top notch, but we are talking about a really valuable number here. When a code update gets signed, there is the possibility of a technical attack on the signing machine, etc.
What if the RSA private key is compelled as a release? Perhaps some foreign government makes Intel a deal they can't refuse.
If you can't think of a case when ANY of these could happen, pretend that there is a war. Something that can damage civil infrastructure in this way could definitely help our enemies, be it backdoor or glitch or exploit or whatever.
Why so fragile?
> How about if the machine, once connected to the net, "phones home", bypassing NAT and most firewalls?
We'd see this. This is not a concern.
> How about if they just send you some packets over the internet?
A possible exploit or backdoor could be triggered this way. The workaround would be a really aggro firewall, but even then you'd have to be sure you were running it on something auditable if this was your concern.
The thing is, yours and the other examples of subsystems are just that- subsystems. They don't represent the same potential for disaster that something inside every intel chip does. If your DVD has an exploit by accident or a backdoor on purpose, the odds are really good that mine doesn't, and vice versa.
And one more thing- Intel could offer to sign their code for them, or offer a version that is minimal, inspectable, and signed. Or they could not have the chips power off after awhile if they can't see the code running. Intel could solve this for them a bunch of ways.
You aren't quite getting it. He wants to run software he trusts and can audit. This used to be possible- you can still run the existing libreboot stuff on older chips. The new chips only run the Intel Mystery Engine code that can't be inspected and could do gods-know-what.
Who cares! Yes, obviously, this is crap. But these arbitration clauses are becoming OMNIPRESENT. The faster this happens, the faster we can fix it through judicial or legislative means. Right now the belief seems to be that arbitration clauses are present to prevent malicious legal nonsense, but it is becoming more and more clear that they are a way to get away with bad behavior without the courts being able to help. I seriously doubt that, long term, the legal system will be ok with a set of private laws that exist solely to fuck customers. So sure, dive in, go ahead, make everything have it. It just hastens the inevitable point when this kind of shit hits a tipping point of nonsense.
> I guess it doesn't turn into the correct acroynm
If you say "ip-me", then it is an acronym. If you say I-P-M-I then it is an initialism. Which is it?
> It actually makes sense not to have such an emoji, because it creates a dilemma
Cool, but there's a bomb emoji, and a pistol emoji. Apple is just being a little bitch.
Also, language is plenty unclear about stuff anyway.
No, it will not.
If you want this now, you can have it. Simply have more than one profile, and tell the browser to start with a new instance using the new profile. This lets you make shortcuts / launchers / whatever that can be entirely separate, even if using the same browser.
For instance, I have two launchers for pale moon, one for general browsing, and another for email:
The first is the default with the "-new-instance" flag:
palemoon %u -new-instance
The second specifies a different profile:
palemoon -profile "/home/cfalcon/.moonchild productions/email_only" -new-instance
You can make as many of these as you like, and the action of "making a new profile" is just mkdir, and then point it to the new directory. You can also set a different theme in each profile, allowing you to know at a glance what is what.
Chrome has a similar feature:
google-chrome --profile-directory=(whatever)
And firefox even has a profile manager:
https://developer.mozilla.org/...
The topic of the article is probably a way to make this easier. The method will definitely be less secure to some degree, but as long as they don't remove the existing standard way of doing things, it will improve privacy for people who can't be arsed to set it up the current way.
> happy friday from the cows guy
> YOU ARE ALL COWS AND ALWAYS
The only time I have seen any cow noises on slashdot is when YOU say them.
Conclusion: You are secretly a cow!
Do I win a prize?
Is it milk?
If the numbers are accurate, it could have something to do with the space being searched. I don't understand either.
My point mostly is, they wouldn't be posting on slashdot. If you don't care about ads, then you see them everywhere and lie to yourself that they don't matter. If you do care about ads, then you have ublock origin (or some other adblock program). The people in transition shouldn't take very long to pupate from the former to the latter. You google anything about blocking ads, and a link to an adblocker or discussion thereof is on the first page. Transition time: less than two minutes.