I don't think you are quipped to understand my reasons. Sorry, KISS is for advanced players only. And no, experience does not make you an advanced player, what you learn from experience may or may not make you one. Hence I will not waste time on this and you get the satisfaction to cry "But you do not have any actual arguments!" loudly. I do not really care.
Yes, probably. Although that may work as well, because then it will become completely clear what a fuckup he is and systemd may make its way out of most distros again. (Hey, I can hope!)
This is one of the things that drives me nuts about IPv6 proponents. They go all crazy defensive if you criticize anything about their protocol, even when the criticism is fair. I haven't seen anything from you that isn't fair and I have seen the opposite from jd.
Thanks.
It's a fact that IPv6 is much more complicated than IPv4.I would have just made a new protocol that corrected IPv4's mistakes, addresses would be 64bit long and used CIDR notation. Broadcast would have been kept since it's stupid simple to use the last address, with all FF's for the MAC. DHCP would still exist and would be the main way for a dynamic addresses would be assigned Dhcpv6 has a cool feature, a router can request to get a routable subnet.
IPv6 has two main mistakes. Trying to do too much for the layer it is in the network stack, and not learning from past mistakes.
Indeed. Beginners mistakes. Brooks calls this "The Second System Effect". We are seeing a lot of that on the IT world.
They should basically just have extended the address range and kept everything essentially as it is with IPv4, as IPv4 is not broken.
The thing about Poettering is apparently that he has not acquired any experience in all these years and still only qualifies as an amateur. It is pretty surprising how somebody can be that resistant to learning. So, no, not "self defeating", just accurate in describing his capabilities, if not his history.
And basically in the same way as it does now, with a several-year hype by the clueless, and then failing when no reasonable hardware and software has materialized. Same thing this time, and possible next time in 15-20 years.
They are basically impossible to do in this form. You can never control for all the factors that also have an influence. What you can find is that people eating organic food get less cancer. What you cannot find is whether the organic food causes that, unless you do a double-blind study, where one group gets real organic food and the other gets fake organic foods. Then you do that for 50 years or so and you get meaningful results if your groups are large enough, i.e. at least 100 people each. Good luck with setting something like that up and running it. But anything less does not give meaningful results.
Very likely they are also more health-aware and hence get more exercise, drink less alcohol and smoke less. It is quite possible the "purity label"-food has no effect at all.
The hallmark of utter amateurs. All great engineers stand on the shoulders of giants. These here crawl in the mud while congratulating themselves how great they are.
Alternatively, I can still just give the finger to IPv6 and block it completely and be rid of the complexity it brings. Yes, I have several static IPv4 addresses.
The code tries to do too much and fails to make use of built-in fall-out protection, deliberately. That's just stupid. The guy has been told, and he still thinks it's a good idea. He really believes his shit does not stink. Ergo, the guy is stupid, as well as an asshole.
All classical beginner's mistakes. This guy is not a beginner, but still makes bad beginner's mistakes. Because of his unlimited arrogance, he does not learn. Classical Dunning-Kruger sufferer. Now how anybody ever thought using code from this person was a good idea is beyond me.
We can also expect this stuff to go bad exceptionally fast when Poettering loses interest, as the code is too complex and to badly documented to be maintainable.
If I get a choice at all, it is clear: I do not want any of his code running on my systems if I can at all help it.
Depending on the defaults, I either rip this crap out after installation or do not install it in the first place. My employer does the same as a matter of policy. Has not caused any problems so far and probably prevented a ton of them. Usually the problems with systemd start right after installation for me, as I do have a network-setup that is not quite standard. The only other system that has these problems is Windows, and it has it to a lesser degree these days.
> If you supply tech that makes it easier to got to war, you become complicit.
You're about three million years too late if you're trying to prevent people from starting wars because they don't have the tech.
Do you have a reading comprehension problem? Here is a hint "make it easier" is something pretty different from "make it possible". I stopped reading there as you clearly have nothing worthwhile to say.
This is pretty easy to do with the right resources. If you cannot see that, then you have no place in this discussion. You basically need an SOC with integrated Ethernet PHY. Of course, you need the naked chip and you need to program it in that form, and you need to be able to bond it. Still within reach of a university chip lab with some industry connections for example.
The claim was inside the PCB. The Ethernet socket lacks the connections for this attack. You can do others via the Ethernet socket though, especially if the ever-vulnerable Intel remote management engine is present. Still can be found easily via industrial x-ray. Nobody has that at home, but students, for example, may be able to access one at their university.
Possibly. There would be very strong economic incentives to lie, as such a backdoor would basically compromise anything "cloud", and may cost them hundreds of billions. That is not small money and may pose an existential risk. Of course, it is also possible the story is false.
I fear that at this time there is no way to really find out. If true, the compromised hardware will already have been removed and destroyed very quietly. If false, how do you prove that?
The one thing I can say is that the attack would be technologically possible. Besides the miniaturization and hiding in the signal-filter (and creating the new BIOS code), I could probably do this myself with a few weeks of work. Intercepting and manipulating an SPI connection is not hard.
Lets assume the story is true. It is quite possible Bloomberg does not have the hardware and the witnesses may not be able to get to any either at this time. Of course, the story could also be false, but this is not the way to show that.
Slashdot Mirror
I don't think you are quipped to understand my reasons. Sorry, KISS is for advanced players only. And no, experience does not make you an advanced player, what you learn from experience may or may not make you one. Hence I will not waste time on this and you get the satisfaction to cry "But you do not have any actual arguments!" loudly. I do not really care.
Yes, probably. Although that may work as well, because then it will become completely clear what a fuckup he is and systemd may make its way out of most distros again. (Hey, I can hope!)
This is one of the things that drives me nuts about IPv6 proponents. They go all crazy defensive if you criticize anything about their protocol, even when the criticism is fair. I haven't seen anything from you that isn't fair and I have seen the opposite from jd.
Thanks.
It's a fact that IPv6 is much more complicated than IPv4.I would have just made a new protocol that corrected IPv4's mistakes, addresses would be 64bit long and used CIDR notation. Broadcast would have been kept since it's stupid simple to use the last address, with all FF's for the MAC. DHCP would still exist and would be the main way for a dynamic addresses would be assigned Dhcpv6 has a cool feature, a router can request to get a routable subnet.
IPv6 has two main mistakes. Trying to do too much for the layer it is in the network stack, and not learning from past mistakes.
Indeed. Beginners mistakes. Brooks calls this "The Second System Effect". We are seeing a lot of that on the IT world.
They should basically just have extended the address range and kept everything essentially as it is with IPv4, as IPv4 is not broken.
My apologies. I will instead call him an utter incompetent then. Better?
Fascinating. That is probably the most stupid thing I have heard in some time with regards to security.
I think it strongly implies something very specific. But good to know, so I will continue to ignore Docker.
I was commenting on demonstrated skill-level, not employment history. I am well aware were he works.
The thing about Poettering is apparently that he has not acquired any experience in all these years and still only qualifies as an amateur. It is pretty surprising how somebody can be that resistant to learning. So, no, not "self defeating", just accurate in describing his capabilities, if not his history.
Indeed. Maybe they will even sack Poettering. If so, they will do a ton of good.
And basically in the same way as it does now, with a several-year hype by the clueless, and then failing when no reasonable hardware and software has materialized. Same thing this time, and possible next time in 15-20 years.
Only the utterly dumb equal "newer" with "better"...
If that is your level of insight, I should probably give you the finger as well....
They are basically impossible to do in this form. You can never control for all the factors that also have an influence. What you can find is that people eating organic food get less cancer. What you cannot find is whether the organic food causes that, unless you do a double-blind study, where one group gets real organic food and the other gets fake organic foods. Then you do that for 50 years or so and you get meaningful results if your groups are large enough, i.e. at least 100 people each. Good luck with setting something like that up and running it. But anything less does not give meaningful results.
Very likely they are also more health-aware and hence get more exercise, drink less alcohol and smoke less. It is quite possible the "purity label"-food has no effect at all.
The hallmark of utter amateurs. All great engineers stand on the shoulders of giants. These here crawl in the mud while congratulating themselves how great they are.
Alternatively, I can still just give the finger to IPv6 and block it completely and be rid of the complexity it brings. Yes, I have several static IPv4 addresses.
I am currently still with Debian and just rip out the cancer. When that stops working, I will move to Devuan.
Fascinating. Hardcoded defaults like that are a catastrophe in the making and are only done by complete and utter amateurs with no experience.
Because the designer is a smart moron that does not learn and never grasped why KISS is so essential to all good engineering. An amateur at work.
The code tries to do too much and fails to make use of built-in fall-out protection, deliberately. That's just stupid. The guy has been told, and he still thinks it's a good idea. He really believes his shit does not stink. Ergo, the guy is stupid, as well as an asshole.
All classical beginner's mistakes. This guy is not a beginner, but still makes bad beginner's mistakes. Because of his unlimited arrogance, he does not learn. Classical Dunning-Kruger sufferer. Now how anybody ever thought using code from this person was a good idea is beyond me.
We can also expect this stuff to go bad exceptionally fast when Poettering loses interest, as the code is too complex and to badly documented to be maintainable.
If I get a choice at all, it is clear: I do not want any of his code running on my systems if I can at all help it.
Depending on the defaults, I either rip this crap out after installation or do not install it in the first place. My employer does the same as a matter of policy. Has not caused any problems so far and probably prevented a ton of them. Usually the problems with systemd start right after installation for me, as I do have a network-setup that is not quite standard. The only other system that has these problems is Windows, and it has it to a lesser degree these days.
> If you supply tech that makes it easier to got to war, you become complicit.
You're about three million years too late if you're trying to prevent people from starting wars because they don't have the tech.
Do you have a reading comprehension problem? Here is a hint "make it easier" is something pretty different from "make it possible". I stopped reading there as you clearly have nothing worthwhile to say.
This is pretty easy to do with the right resources. If you cannot see that, then you have no place in this discussion. You basically need an SOC with integrated Ethernet PHY. Of course, you need the naked chip and you need to program it in that form, and you need to be able to bond it. Still within reach of a university chip lab with some industry connections for example.
The claim was inside the PCB. The Ethernet socket lacks the connections for this attack. You can do others via the Ethernet socket though, especially if the ever-vulnerable Intel remote management engine is present. Still can be found easily via industrial x-ray. Nobody has that at home, but students, for example, may be able to access one at their university.
Possibly. There would be very strong economic incentives to lie, as such a backdoor would basically compromise anything "cloud", and may cost them hundreds of billions. That is not small money and may pose an existential risk. Of course, it is also possible the story is false.
I fear that at this time there is no way to really find out. If true, the compromised hardware will already have been removed and destroyed very quietly. If false, how do you prove that?
The one thing I can say is that the attack would be technologically possible. Besides the miniaturization and hiding in the signal-filter (and creating the new BIOS code), I could probably do this myself with a few weeks of work. Intercepting and manipulating an SPI connection is not hard.
Lets assume the story is true. It is quite possible Bloomberg does not have the hardware and the witnesses may not be able to get to any either at this time. Of course, the story could also be false, but this is not the way to show that.