Just detect if CPU performance is above a certain threshold.... Bochs is slow dead slow as is anything else that emulates adequately enough to make this vector of attach relevant even FPU x86 cpus are at 486 performance levels these days.
Until you adjust the base clock so that the software running under bochs thinks it is running at 1GHz while in reality it may be running at 1 instruction per minute. Yes - it's possible to do since Bochs doesn't rely on host system for any hardware, unless you introduce the qemu module for Linux to bring it to near native speeds but someone employing this kind of reverse engineering wouldn't want to do so.
This is possible because Bochs is a 100% software emulated computer. They emulate everything, and even have their own motherboard and video card (VGA) BIOS stacks.
That's actually the opposite of true. Many techniques (http://static.usenix.org/event/woot09/tech/full_papers/paleari.pdf, http://roberto.greyhats.it/pro..., http://honeynet.asu.edu/morphe..., http://www.symantec.com/avcent...) exist to identify the presence of a CPU emulator, because these things aren't (and will likely never be) perfect. Most of those techniques don't even rely on timing attacks. Once you introduce timing attacks (*especially* if there's an external source of time information), all bets are off.
You do realize that Bochs does software emulation of each instruction, and that you can control every aspect of the emulated computer don't you?
If you are running something under Bochs or something like it and don't care about the performance you can actually make it lie to the software underneath about timing so that the software still thinks it is running at the normal rate but in reality it isn't - Bochs after all implements the base system clock not relying on an external source. This is also why Bochs can be used to run x86 software on a non-x86 platform (f.e Sparc, PowerPC, ARM).
Yes, Bochs is dog slow; but it's a matter of how you configure it. And to be truthful, because of how Bochs is implemented I'm sure that it can be made to fool any of those detections.
Sounds like all you need to analyze this, is a "fake" processor.
EG, running this inside something like BOCHS, which has a built in x86 debugger, and runs a lot like a hypervisor. This encryption would need to be able to detect living inside a fully emulated system and simply refuse to operate in order to be safe from this kind of analysis. BOCHs will let you step through exactly what instructions the emulated CPU is actually doing, regardless of the data that is stored in the memory allocated to the emulator's process.
Don't get me wrong-- this makes a nasty bump in the road for career data thieves, but forensic analysis of the encryption is not completely thwarted.
Not to mention that it is extremely hard for a program to detect that it is inside a VM like Bochs unless the VM exposes something that can be detected - e.g a BIOS string, hardware signature, etc. Even then, that's easy for a cracker to fix by modifying the VM to have a different string or hardware signature.
If Google is hacked, Google takes the hit and looks bad.
If your bank gets hacked, you take the hit, the merchant takes the hit, the bank walks away clean.
It is not identity theft (this makes the individual responsible to resolve.) it is fraud (causing the banks and fed to be responsible to clean it up).
Someone needs to sue the bank because they allowed the fraud to happen then called it identity theft so they could wash their hands of it.
Well, not quite. FDIC (e.g government) takes the hit as the bank's insurer. So yes, the bank isn't risking much anything by not implementing strong protections.
This is why government is usually not the solution. However, the FDIC is necessary but perhaps the FDIC should start requiring stronger online protections as part of the insurance program...then again, the FDIC might not care enough....
This is the IoT build, and you would run Visual Studio on another desktop system and upload the programs to the Pi.
Again, compared to existing Pi use-cases where the compiler is on the Pi system itself. So now you can't develop with just a RasberryPi, you have to have another Windows System too.
That too doesn't resolve the Device Driver issue; it also means users have to install and learn how to use the Visual Studios Remote Debugger or learn more advanced (older style) debugging techniques.
All those things are not in the favor of Windows for development of software for a RasberryPi or Pi2 device.
...a project that people are already complaining about not addressing bugs quickly enough is integrating another, potentially dead, project that is not addressing bugs even as fast as it is. Make sense.
Kind of like the HP and Compaq merger 10 years back - two bankrupt companies merging to try to create a healthy company; worked out for a little while and now HP is spinning stuff off again.
Devuan will at least give you the choice; unlike Debian which is going to be requiring it as of Deb8. (Devuan's goal is to be a seamless upgrade from Deb7).
But it makes the town a better place to live, so more people (and businesses) move there, increasing the number of subscribers and lowering the cost for everyone. Hey, it could happen.
Sure. And a pink elephant could materialize out of thin air. Fortunately, we don't need to guess — the City of Brotherly Love tried municipal WiFi (much cheaper than running actual cables) years ago. By 2008 the system was shut down. Earthlink actually wanted to hand it off to the city's government, but found no interest...
Yes, not only is government competing with private sector illegal — it is also a bad idea.
Except you are not simply talking about government. You are also talking about HOA's and similar communities.
For instance, one of my friend's bought a house in a community 15-20 years back. The CableTV companies didn't want anything to do with the community; so they ran their own lines to everyone's house. It was simply an HOA that did the work and the residents split the costs. Same thing has happened in many communities around the nation only to have the big players (especially the Cable companies) come in and shut it down.
So no, this doesn't necessarily mean goverment run; but it does mean citizen run and organized in some manner - with or without help from their municipal government.
A taxpayer has more say than a customer?? are you kidding? Sure, a taxpayer can vote...once every two years or so, and whatever he wants will be compromised out of the equation long before it's time to vote, and he still has to pay for it. A customer can look at what's on offer and say 'no thanks.' There is no more powerful vote than that of the wallet.
Except in this case where the "voting with your wallet" essentially means sell your home (if you have one) and move elsewhere if you don't like the one or two options available to you; but the problem is no matter where you go you basically will only have those same kind of one or two options (with possibly the same or different entities being your options).
Typically the choice is: Cable Internet (Comcast, Cox, TWC/RoadRunner, Charter, WindStream, and may be a couple smaller players) and either DSL (AT&T, Verizon, and numerous resellers due to Title II status of copper lines over which DLS runs) or Fibre (AT&T uVerse, Verizon FiOS). And all the players mentioned try to keep community broadband services - which run either Ethernet, Fibre, or Coax to your residence themselves - from being an option by claiming "unfair competition" and "contracted rights".
So yes, in this case you actually have a bigger impact by voting in elections - municipal, county, state - than you will ever have with your wallet.
And they serve different purposes and goals, more importantly. The Raspberry Pi is designed to be a general hobbyist platform and OS choice is a good thing there.
True; but so it being able to make the device do what you want. And Windows has too much overhead to really be useful on a Pi or even the Pi2.
Seriously, when is the last time you tried to run Visual Studios on a sub 1GHz system with only 1 GB or even 2 GB of RAM? VS is practically unusable in those environments; yet a compiler is a must for the audience that the Pi and Pi2 are targetted at.
So is device driver development and access to low level hardware in a timely manner. Yet the performance of Windows will not be sufficient for that.
Realize, this is Microsoft trying to soften the bleeding that is happening; but it will probably only show just how badly they meet end-user needs in the environments where the bleeding is occurring.
To Microsoft, it's not about choice. It's about survival and they don't have something that can compete.
Good catch! OLPC lost a lot of developer mindshare IMHO when they started cosying up to Microsoft and changing their hardware to run Windows.
True; however, OLPC never had as big an audience as Rasberry Pi has; so the momentum will likely continue with Windows being an "also ran" that was "late to market" kind of thing.
I find the "communities" better on Google+, but all my friends post there normal stuff on facebook. I find the technical forums (the few that I am a member of) are asking a newbie question (nothing really interesting) like how do I print a number..... when it is facebook, but much more interesting communitie tech posts on google+.
Agreed. I'm on G+ daily, post occassionally (both public and privately), and almost never go on Facebook. G+ just developed better communities and people tend to use the communities instead of blasting everything out to everyone; perhaps because G+ has a higher technical userbase than others, but nonetheless it works well.
Though, thinking about it more, G+ by design is community oriented. Blasting out to the everyone doesn't really stuff very far; while sending it to one or more communities does - that is, unless you're a big celeb and have lots and lots of followers, but that's just not typical in G+.
I imagine corporations will fight back legally if/when their employees start getting hacked by the FBI.
Why would a corporation care?
One word: Liability.
Corporations would very much care because of liability concerns - both domestically to the US and foreign to other countries. It's already becoming enough of an issue that companies are taking to hosting data regionally instead of centrally just from a legal liability perspective.
For instance, suppose there was conversation going on regarding what to disclose to the US government over the operations of a foreign subsidiary between the execs and their lawyers? Regardless of the topic, matter-at-hand, or end result that is protected conversation regardless of medium, and the existence of the VPN would mean they expected it to be carried out in private.
And you can certainly bet the lawfirms will fight it too.
Java. It has the broadest popularity in industry, isn't tied to any one company (e.g. Microsoft), can be developed using a wide variety of host operating systems (Windows, Mac, Linux), lends itself well to teaching O.O. design and has a wealth of free tools. It's also what the majority of universities use in their intro level courses. (Though that's changing.)
Java is a bad language to teach programming with. It's a good language to show off some theory with, but that's really about it.
It's also one of the reasons why Android doesn't have as good of performance as it could have.
A decade ago, I would have used JavaScript or VBScript to start teaching - in part because of Windows Scripting Host; but now, I'd use Python as an intro to get students going; then transition them to C and C++, Pascal/Delphi, and others.
The VB compiler is written in VB. C compilers are written in C. Why isn't Python written in Python? But maybe you know more than the people who know it the best, the core developers!
The VB Compiler is most likely written in C, C++, or C#, and not VB. In part, because there are many things that one must actually drop to a lower level language like C/C++ to do in order to even implement some of the functionality of VB. So it's a mix - some portions are definitely written in VB, but the majority and certainly the core are not. This, of course, applies to VB and not BASIC in general since those lower levels would have been written in other languages (namely Assembly) and would have changed over time; where as VB came after the advent of C; even then its lower levels may still have been written in Assembly for some time due to performance needs.
Likewise, Python is written in a mixed-mode, with C covering some of the core functionalities to "bootstrap" the language and provide high performance in certain areas; with most everything else written in Python itself.
Sure you want to get sued by Microsoft over the use of some of the keywords and their related patent filings.
Even the agreement that MS signed with Novell didn't cover VB, only C# and what they published to EMCA and ISO. Everything else was still open for lawsuit. Of course, even that agreement has now expired, and Miguel's new company doesn't have a new agreement either.
The problem is that there are a lot of people that are like "well, you had 20% more candidates of group X, so why are you not hiring 20% more people from that group"? Failing to realize that just because you have 20% more candidates from that group doesn't necessarily mean that they are (a) qualified, or (b) would fit in.
And honestly, no company should compromise its hiring standards just to try to fit a certain percentage. Some may like it, but it's not good for the company - both in terms of performance, and employee moral. People that get hired because the company needs to fit a certain profile (racial, etc) quickly get known for that, and that one thing ends up getting attributed to them as why they were hired in the first place.
Simply put - you have to find the right people (regardless of race, sex, etc) for the position, and hold them all to the same standards.
MS still holds a lot of Android patents. They can easily do an Apple and forbid use of them, which will completely paralyze Android.
What you mean all those patents that the Chinese outted and nearly the entire tech world found to be not relevant save about as many as you can count on your hands? Yeah, that's really going to stop Android...
He says it does not break the UNIX philosophy because everything is in the same code base purposely ignoring that it does not do one thing and do it well. He was creating a strawman.
The problem is that by putting things in the same code base, it encourages them to be inter-dependent to the exclusion of all else - which is exactly what everyone that doesn't like systemd complains about.
Separate repositories encourage being stable APIs that everyone has to work against; thus encouraging more things that can be switched out with each other, as well as standards, etc.
Well in this case, get some education before you post in ignorance. No it doesn't require a lot of code changes for applications to work. Why would you say that? Did you even bother to read the interview? Daemons don't require any changes either, though you can compile your daemon to use libsystemd to do backwards-compatible socket registration. In other words a daemon can be configured to use socket registration if it runs under systemd, but it will fall back to normal sockets without. So no backwards compatibility is lost.
Systemd requires only 3 parts to run: the init process, udev, and journald (which can write to syslog still) for early boot debugging. NOTHING else is required. And none of this pushes *any* special requirements on applications. Pottering himself says he has no idea where this notion that Gnome depends on systemd comes from. It should work fine on ConsoleKit. The problem could be that the Gnome devs haven't been maintaining the ConsoleKit code.
Yes ConsoleKit stopped being "maintained". This is why project like Devuan have put their weight behind people doing things like ConsoleKit2.
There's no reason why Samba would benefit from being dependent on systemd. OpenRC provides the same functionality as systemd's init process, and smbd and nmbd are already long-running daemons, additional instances of which are managed by the initial daemon. Tools like daemontools (or, you know, init) already exist to start (and if necessary, restart) long-running daemons.
SaMBa is used in far too many places to really want to take on systemd as a dependency. It's used on everything from traditional Unix systems (HP-UX, AIX, Solaris) to Apple's MacOS, Linux, and embedded devices running Linux or a BSD. It would make zero sense for them to require systemd as a result.
This is also one of the issues that many, including myself, take with systemd since it now makes it harder to write portable software - one of the reasons many devs went to Linux from Windows.
Slashdot Mirror
Just detect if CPU performance is above a certain threshold.... Bochs is slow dead slow as is anything else that emulates adequately enough to make this vector of attach relevant even FPU x86 cpus are at 486 performance levels these days.
Until you adjust the base clock so that the software running under bochs thinks it is running at 1GHz while in reality it may be running at 1 instruction per minute. Yes - it's possible to do since Bochs doesn't rely on host system for any hardware, unless you introduce the qemu module for Linux to bring it to near native speeds but someone employing this kind of reverse engineering wouldn't want to do so.
This is possible because Bochs is a 100% software emulated computer. They emulate everything, and even have their own motherboard and video card (VGA) BIOS stacks.
That's actually the opposite of true. Many techniques (http://static.usenix.org/event/woot09/tech/full_papers/paleari.pdf, http://roberto.greyhats.it/pro..., http://honeynet.asu.edu/morphe..., http://www.symantec.com/avcent...) exist to identify the presence of a CPU emulator, because these things aren't (and will likely never be) perfect. Most of those techniques don't even rely on timing attacks. Once you introduce timing attacks (*especially* if there's an external source of time information), all bets are off.
You do realize that Bochs does software emulation of each instruction, and that you can control every aspect of the emulated computer don't you?
If you are running something under Bochs or something like it and don't care about the performance you can actually make it lie to the software underneath about timing so that the software still thinks it is running at the normal rate but in reality it isn't - Bochs after all implements the base system clock not relying on an external source. This is also why Bochs can be used to run x86 software on a non-x86 platform (f.e Sparc, PowerPC, ARM).
Yes, Bochs is dog slow; but it's a matter of how you configure it. And to be truthful, because of how Bochs is implemented I'm sure that it can be made to fool any of those detections.
Sounds like all you need to analyze this, is a "fake" processor.
EG, running this inside something like BOCHS, which has a built in x86 debugger, and runs a lot like a hypervisor. This encryption would need to be able to detect living inside a fully emulated system and simply refuse to operate in order to be safe from this kind of analysis. BOCHs will let you step through exactly what instructions the emulated CPU is actually doing, regardless of the data that is stored in the memory allocated to the emulator's process.
Don't get me wrong-- this makes a nasty bump in the road for career data thieves, but forensic analysis of the encryption is not completely thwarted.
Not to mention that it is extremely hard for a program to detect that it is inside a VM like Bochs unless the VM exposes something that can be detected - e.g a BIOS string, hardware signature, etc. Even then, that's easy for a cracker to fix by modifying the VM to have a different string or hardware signature.
Your bank may have less secure login methods than gmail, but Google doesn't have access to your bank account.
Google Wallet - they very well may.
If Google is hacked, Google takes the hit and looks bad. If your bank gets hacked, you take the hit, the merchant takes the hit, the bank walks away clean.
It is not identity theft (this makes the individual responsible to resolve.) it is fraud (causing the banks and fed to be responsible to clean it up). Someone needs to sue the bank because they allowed the fraud to happen then called it identity theft so they could wash their hands of it.
Well, not quite. FDIC (e.g government) takes the hit as the bank's insurer. So yes, the bank isn't risking much anything by not implementing strong protections.
This is why government is usually not the solution. However, the FDIC is necessary but perhaps the FDIC should start requiring stronger online protections as part of the insurance program...then again, the FDIC might not care enough....
This is the IoT build, and you would run Visual Studio on another desktop system and upload the programs to the Pi.
Again, compared to existing Pi use-cases where the compiler is on the Pi system itself. So now you can't develop with just a RasberryPi, you have to have another Windows System too.
That too doesn't resolve the Device Driver issue; it also means users have to install and learn how to use the Visual Studios Remote Debugger or learn more advanced (older style) debugging techniques.
All those things are not in the favor of Windows for development of software for a RasberryPi or Pi2 device.
...a project that people are already complaining about not addressing bugs quickly enough is integrating another, potentially dead, project that is not addressing bugs even as fast as it is. Make sense.
Kind of like the HP and Compaq merger 10 years back - two bankrupt companies merging to try to create a healthy company; worked out for a little while and now HP is spinning stuff off again.
Devuan will at least give you the choice; unlike Debian which is going to be requiring it as of Deb8. (Devuan's goal is to be a seamless upgrade from Deb7).
Sure. And a pink elephant could materialize out of thin air. Fortunately, we don't need to guess — the City of Brotherly Love tried municipal WiFi (much cheaper than running actual cables) years ago. By 2008 the system was shut down. Earthlink actually wanted to hand it off to the city's government, but found no interest...
Seattle's municipal WiFi went dark in 2012. Other examples abound.
Yes, not only is government competing with private sector illegal — it is also a bad idea.
Except you are not simply talking about government. You are also talking about HOA's and similar communities.
For instance, one of my friend's bought a house in a community 15-20 years back. The CableTV companies didn't want anything to do with the community; so they ran their own lines to everyone's house. It was simply an HOA that did the work and the residents split the costs. Same thing has happened in many communities around the nation only to have the big players (especially the Cable companies) come in and shut it down.
So no, this doesn't necessarily mean goverment run; but it does mean citizen run and organized in some manner - with or without help from their municipal government.
A taxpayer has more say than a customer?? are you kidding? Sure, a taxpayer can vote...once every two years or so, and whatever he wants will be compromised out of the equation long before it's time to vote, and he still has to pay for it. A customer can look at what's on offer and say 'no thanks.' There is no more powerful vote than that of the wallet.
Except in this case where the "voting with your wallet" essentially means sell your home (if you have one) and move elsewhere if you don't like the one or two options available to you; but the problem is no matter where you go you basically will only have those same kind of one or two options (with possibly the same or different entities being your options).
Typically the choice is: Cable Internet (Comcast, Cox, TWC/RoadRunner, Charter, WindStream, and may be a couple smaller players) and either DSL (AT&T, Verizon, and numerous resellers due to Title II status of copper lines over which DLS runs) or Fibre (AT&T uVerse, Verizon FiOS). And all the players mentioned try to keep community broadband services - which run either Ethernet, Fibre, or Coax to your residence themselves - from being an option by claiming "unfair competition" and "contracted rights".
So yes, in this case you actually have a bigger impact by voting in elections - municipal, county, state - than you will ever have with your wallet.
And they serve different purposes and goals, more importantly. The Raspberry Pi is designed to be a general hobbyist platform and OS choice is a good thing there.
True; but so it being able to make the device do what you want. And Windows has too much overhead to really be useful on a Pi or even the Pi2.
Seriously, when is the last time you tried to run Visual Studios on a sub 1GHz system with only 1 GB or even 2 GB of RAM? VS is practically unusable in those environments; yet a compiler is a must for the audience that the Pi and Pi2 are targetted at.
So is device driver development and access to low level hardware in a timely manner. Yet the performance of Windows will not be sufficient for that.
Realize, this is Microsoft trying to soften the bleeding that is happening; but it will probably only show just how badly they meet end-user needs in the environments where the bleeding is occurring.
To Microsoft, it's not about choice. It's about survival and they don't have something that can compete.
Good catch! OLPC lost a lot of developer mindshare IMHO when they started cosying up to Microsoft and changing their hardware to run Windows.
True; however, OLPC never had as big an audience as Rasberry Pi has; so the momentum will likely continue with Windows being an "also ran" that was "late to market" kind of thing.
I find the "communities" better on Google+, but all my friends post there normal stuff on facebook. I find the technical forums (the few that I am a member of) are asking a newbie question (nothing really interesting) like how do I print a number..... when it is facebook, but much more interesting communitie tech posts on google+.
Agreed. I'm on G+ daily, post occassionally (both public and privately), and almost never go on Facebook. G+ just developed better communities and people tend to use the communities instead of blasting everything out to everyone; perhaps because G+ has a higher technical userbase than others, but nonetheless it works well.
Though, thinking about it more, G+ by design is community oriented. Blasting out to the everyone doesn't really stuff very far; while sending it to one or more communities does - that is, unless you're a big celeb and have lots and lots of followers, but that's just not typical in G+.
Why would a corporation care?
One word: Liability.
Corporations would very much care because of liability concerns - both domestically to the US and foreign to other countries. It's already becoming enough of an issue that companies are taking to hosting data regionally instead of centrally just from a legal liability perspective.
For instance, suppose there was conversation going on regarding what to disclose to the US government over the operations of a foreign subsidiary between the execs and their lawyers? Regardless of the topic, matter-at-hand, or end result that is protected conversation regardless of medium, and the existence of the VPN would mean they expected it to be carried out in private.
And you can certainly bet the lawfirms will fight it too.
Java. It has the broadest popularity in industry, isn't tied to any one company (e.g. Microsoft), can be developed using a wide variety of host operating systems (Windows, Mac, Linux), lends itself well to teaching O.O. design and has a wealth of free tools. It's also what the majority of universities use in their intro level courses. (Though that's changing.)
Java is a bad language to teach programming with. It's a good language to show off some theory with, but that's really about it.
It's also one of the reasons why Android doesn't have as good of performance as it could have.
A decade ago, I would have used JavaScript or VBScript to start teaching - in part because of Windows Scripting Host; but now, I'd use Python as an intro to get students going; then transition them to C and C++, Pascal/Delphi, and others.
The VB compiler is written in VB. C compilers are written in C. Why isn't Python written in Python? But maybe you know more than the people who know it the best, the core developers!
The VB Compiler is most likely written in C, C++, or C#, and not VB. In part, because there are many things that one must actually drop to a lower level language like C/C++ to do in order to even implement some of the functionality of VB. So it's a mix - some portions are definitely written in VB, but the majority and certainly the core are not. This, of course, applies to VB and not BASIC in general since those lower levels would have been written in other languages (namely Assembly) and would have changed over time; where as VB came after the advent of C; even then its lower levels may still have been written in Assembly for some time due to performance needs.
Likewise, Python is written in a mixed-mode, with C covering some of the core functionalities to "bootstrap" the language and provide high performance in certain areas; with most everything else written in Python itself.
"...VB is MS only." No it's not.
http://www.mono-project.com/do...
Sure you want to get sued by Microsoft over the use of some of the keywords and their related patent filings.
Even the agreement that MS signed with Novell didn't cover VB, only C# and what they published to EMCA and ISO. Everything else was still open for lawsuit. Of course, even that agreement has now expired, and Miguel's new company doesn't have a new agreement either.
So good luck there.
How does one get diaper mixed in with their brain cells by accident?
One of the team members forgot to wash their hands after changing their kiddo's diaper.
Inadvertently, they might have spread Hand-Foot-Mouth to the entire team...
They're CANDIDATES. No "at the expense of".
The problem is that there are a lot of people that are like "well, you had 20% more candidates of group X, so why are you not hiring 20% more people from that group"? Failing to realize that just because you have 20% more candidates from that group doesn't necessarily mean that they are (a) qualified, or (b) would fit in.
And honestly, no company should compromise its hiring standards just to try to fit a certain percentage. Some may like it, but it's not good for the company - both in terms of performance, and employee moral. People that get hired because the company needs to fit a certain profile (racial, etc) quickly get known for that, and that one thing ends up getting attributed to them as why they were hired in the first place.
Simply put - you have to find the right people (regardless of race, sex, etc) for the position, and hold them all to the same standards.
Microsoft says there's no evidence these flaws have been successfully exploited.
I mean the whole point of doing these types of investigations is to try and prevent exploits from getting out into the wild.
Exactly; which is contrary to Microsoft's position that they don't fix something unless there is an exploit in the wild...
MS still holds a lot of Android patents. They can easily do an Apple and forbid use of them, which will completely paralyze Android.
What you mean all those patents that the Chinese outted and nearly the entire tech world found to be not relevant save about as many as you can count on your hands? Yeah, that's really going to stop Android...
He says it does not break the UNIX philosophy because everything is in the same code base purposely ignoring that it does not do one thing and do it well. He was creating a strawman.
The problem is that by putting things in the same code base, it encourages them to be inter-dependent to the exclusion of all else - which is exactly what everyone that doesn't like systemd complains about.
Separate repositories encourage being stable APIs that everyone has to work against; thus encouraging more things that can be switched out with each other, as well as standards, etc.
There's a reason behind it.
Well in this case, get some education before you post in ignorance. No it doesn't require a lot of code changes for applications to work. Why would you say that? Did you even bother to read the interview? Daemons don't require any changes either, though you can compile your daemon to use libsystemd to do backwards-compatible socket registration. In other words a daemon can be configured to use socket registration if it runs under systemd, but it will fall back to normal sockets without. So no backwards compatibility is lost.
Systemd requires only 3 parts to run: the init process, udev, and journald (which can write to syslog still) for early boot debugging. NOTHING else is required. And none of this pushes *any* special requirements on applications. Pottering himself says he has no idea where this notion that Gnome depends on systemd comes from. It should work fine on ConsoleKit. The problem could be that the Gnome devs haven't been maintaining the ConsoleKit code.
Yes ConsoleKit stopped being "maintained". This is why project like Devuan have put their weight behind people doing things like ConsoleKit2.
* Samba, yes, because it's a daemon.
There's no reason why Samba would benefit from being dependent on systemd. OpenRC provides the same functionality as systemd's init process, and smbd and nmbd are already long-running daemons, additional instances of which are managed by the initial daemon. Tools like daemontools (or, you know, init) already exist to start (and if necessary, restart) long-running daemons.
SaMBa is used in far too many places to really want to take on systemd as a dependency. It's used on everything from traditional Unix systems (HP-UX, AIX, Solaris) to Apple's MacOS, Linux, and embedded devices running Linux or a BSD. It would make zero sense for them to require systemd as a result.
This is also one of the issues that many, including myself, take with systemd since it now makes it harder to write portable software - one of the reasons many devs went to Linux from Windows.
"they" is plural. Using it to refer to a single person is grammatically wrong.
And using it to cover the singular is never written in the singuar - it's still written in the plural thereby grammatically correct.