Posts by asdf

Re: Which has more stupidity?

>Just because it may be internet-capable doesn't mean you actually have to connect it.

Keep thinking companies will let that stop them from data mining you. You are already getting data mined if you have a newish car and you take it into the dealer (through both black box and often GPS/Navigation system). It won't be long until your shit will be connected to data networks whether you like it or not (at least in the US). Guess its time to get to work on those Faraday cages.

Re: Humble pie for the LibreSSL folks

>Wasn't this project started because of the lack of trust in OpenSSL?

I think if you compare the number of CVEs between OpenSSL and LibreSSL it will answer your question. There are significantly more CVEs that affect OpenSSL only than affect LibreSSL only even at this point. This even though LibreSSL is forced into using OpenSSL's often broken design and sad sack API to maintain drop in compatible.

Re: Tool

Also on that link I give above it was more for the quote than the analysis of the author. He blames BSD way too much for the problem and implies them caring about POSIX (or indeed stability and not constantly breaking APIs) is passe and holding progress back when the truth is Red Hat went out of its way to make sure as many frameworks the FOSS desktop environments would come to depend on, would be near impossible to port to other OS as possible to the point of ripping up and throwing way frameworks that did get ported like HAL. There was definitely a need for some of what Red Hat did but Red Hat completely did it the wrong way (for anybody but their shareholders) which was predictable and its on the rest of the commercial *nix community (who actually do most of the FOSS development) for going along with it. Some may make their bones on Linux and enjoy it now but lets see how they like it as Red Hat starts being able to dictate more and more in the ecosystem with fewer and fewer viable alternatives. Forking is only as viable as your resources and your user base.

Re: Tool

People complain systemd breaks the Unix philosophy but not at the highest level. It does serve one purpose to eat other FOSS and force a hard dependency on Linux. FOSS as always has ways of fighting back such as the *BSDs but in large part it becomes like the block chain in bitcoin in which the path the majority take ends up dominating. With Red Hat throwing a massive amount of money (that they now have and will continue to have) and dev time at the problem its looking grim long term for POSIX especially what with commercial UNIX dying.

Re: Tool

The key to everything was when udev gained a hard dependency on systemd. That was Poettering's master stroke and one way too many people didn't realize until much too late. kdbus will be the double tap to the head. Such an arrogant sh*t head little prick he is as well.

Re: Tool

>"about to turn its back on POSIX."

>@asdf Can you please share a reference?

"Many of my previous projects (including PulseAudio and Avahi) have been written to be portable. Being relieved from the chains that the requirement for portability puts on you is quite liberating. While ensuring portability when working on high-level applications is not necessarily a difficult job it becomes increasingly more difficult if the stuff you work on is a system component (which systemd, PulseAudio and Avahi are).

In fact, the way I see things the Linux API has been taking the role of the POSIX API and Linux is the focal point of all Free Software development. Due to that I can only recommend developers to try to hack with only Linux in mind and experience the freedom and the opportunities this offers you. So, get yourself a copy of The Linux Programming Interface, ignore everything it says about POSIX compatibility and hack away your amazing Linux software. It's quite relieving!"

-- Lennart Poettering (very influential idiot over at Red Hat, the company that just happens to be riding record profits as they strategically pre-empt many other's work over the last two decades by turning GNU/Linux into a Windows like hairball that just happens to causes more and more FOSS to be Linux only, thus causing a profit snowball for Red Hat).

https://lwn.net/Articles/430598/

Re: FreeBSD

>Re: FreeBSD

>Also runs very well in a VM for those critical services, DNS/DHCP etc.

If they are really critical you might think of moving those to OpenBSD (though admittedly VMWare support of OpenBSD sucks balls, but VBox supports it well even if it as whole sucks balls). A bit more secure and stable at the cost of perhaps a small bit of performance at least in the server role bare metal. IMHO always the first choice for anything internet facing.

Re: Tool

> Mint has it's own issues

Yeah like almost all the rest of the GNU/Linux world its about to turn its back on POSIX. If your are a windows user switching away no worries you will love it as its turning into the hairball you know and love. If you actually care about POSIX, *BSD and the proprietary Unix(s) medium term will be the only game in town.

>maybe a sign that todays spotty yoofs need to learn maths as well as how to claim benefits

I rip on millennials more than most on here but much of why they are claiming benefits has to do with the Baby Boomer leadership. Grandson I need you to sacrifice so me and Grandma don't have too.

not quite

>Obviously it's not the sort of thing that many will admit to - even if they do it - but I've never heard of anyone re-programming the radio

Its actually not that hard to do and I did it to increase the power output on my 2.4ghz router from 49mW to 249mW or whatever. Of course all I did was get a binary blob someone else modified from the internet that the firmware would load at run time. I only did this for a few hours though because i quickly learned it gave me no advantage reception wise and as I found out later actually usually causes problems because the hardware doesn't handle it effectively (outside its design range).

Re: Does it matter?

As an aside could the FCC just do what is done with mobile phones today and force the manufacturers to have two firm wares. An antenna firmware they can lock down very tight with cryptography or whatever that only the manufacturer would be able to update and then a general firmware (on phone would be the the custom rom) that can be overwritten if so desired?

Re: Does it matter?

>Status quo - who cares really?

Anybody with a brain. Open source firmware is the only secure firmware for most home routers as all the major manufacturers have massive security fails (and with low margins not much interest in fixing them). It is also some of the only firmware that is regularly updated with security fixes. Getting in the way of open source firmware is the surest way the FCC could gimp internet security.

Re: I was born honest...

>But I'm tempted to become a criminal.

Kidding or not it comes down to if you already have money and if you have powerful connections and where you live. If you don't and you get caught say in the US you might wind up in pound you in the butt prison where gang tattoos mean everything.

Re: Updates

Funny I thought the conversation was about security of the various handsets and not your personal opinion about phones. There is much not to like about Apple but the fact remains they are the only handset maker making any kind of profit on phones today so they are obviously doing something right (and its not all marketing even if the majority, their competitors spend plenty on marketing as well).

Re: Updates

Also (bah missed edit period) yes iOS has some vulnerabilities (plus Apple's security record and practices are a mixed bag) as well but the fact that they have a very successful patching system (most handsets supported are kept up to date at a remarkably high level) plus a much better full disk encryption solution means Android (as shipped in vast majority of handsets) has some work to do.

Re: Updates

>This Android scareware FUD that is going around at the moment, this is Apple money. Apple have their own problems. Apple device security if you look at it without bias, is actually inferior to Android

Ok let me know when iOS allows an attacker to root your boot locked (non jailbroken) phone without user intervention with an MMS. That is an entirely different class of shit security more of the Windows XP worm kind. Last I heard its still not completely fixed and in all forms is still certainly a vulnerability on the majority of Android phones out there.

Re: Updates

> It most definitely is NOT FreeBSD.

Nope but FreeBSD most definitely will support your Apple hardware long after Apple stops (will keep those iTunes updates coming to the end of time though) and a strong argument could be made better even while Apple supports it.

Re: Freeman Dyson

>Freeman Dyson - this man is a REAL scientist!

Not anymore. I heard him speak and though a very very interesting man (like if you had the most interesting grandfather ever) its obvious he has lost a step or two to age. His talking about nuclear power right after WW2 was really interesting to me. His thesis was the move to concentrate power into a very small area as was necessary for the Navy (an early pioneer) affected the direction of the whole nuclear industry and was what help give nuclear power such a bad reputation and limited its growth today (paraphrasing here and might have remembered incorrectly). Just in general listening to him talk about the technologies emerging in 1940s and 50s (space race, nuclear, computing) was very interesting from a historical perspective but pretty sure I wouldn't trust his climate science chops today.

Re: wrong

>And this is on the assumption that a dodgy app from an unofficial place is somehow worse than a dodgy app from an official place

I think their assumption is you are still less likely to get dodgy apps from Google play (who do some checking) than the Chinese app store specials. The thing is like I say as far as I know F-Droid has never served up straight up malware (unlike Google) and with all app source available and neck beards who use it if they did it would only live for a few hours more than likely. Now the one type of semi dodgy app on F-Droid is apps like Newsblur whose client is open source but who knows (can check privacy statement but those change) what they do with the server side information they collect on you (stories you read, how long, when, etc).

Re: Another day, and more Android malware...

Honestly its not the malware you have to install that scares me as much as blatant platform weaknesses like a baddy being able to get root on your phone by sending a simple MMS requiring no user intervention (actually requires nerd intervention to prevent by default). But I will agree Android does seem a lot more vulnerable to drive by stuff than it should be so airplane mode only might have merit.