2513 posts • joined 26 Jul 2008
>>"Calm down, I have experience up to Windows 7 when helping neighbors and friends."
Right - so after repeated questioning, you finally admit that you don't have any real experience of ACLs on Windows. Unless you're proposing that these neighbours were asking you to pop round and help them set up active directory or design security for the software they're writing. And yet you base arguments on your assertion that ACLs 'compexity' interferes with their usage. Despite countless people using them all the time.
>>"No I didn't try working with Windows ACL"
Yet all your arguments are arguments by assertion, based on your opinions on what is difficult. The best you've come to an objective argument is to say that traditional UNIX permissions are simpler than Windows ACLs, but that doesn't matter because Windows ACLs are not hard to use. They're pretty easy. Not that you'd know because you have no experience with them.
>>"Again my point was that perhaps because Dave Cutler, the key NT architect, had a Unix phobia, had ended up designing something dissimilar from the Unix stuff. Retrospectively, It should have been something more simple, to not end up a big mess for all those years. Should have been expected though, since it contradicted the simplicity approach."
And again, instead of addressing actual specific examples about Windows ACLs and their supposed deficiencies, we off into a psychological assessment of early OS architects (very clever ones who you're insulting, actually). All supposedly explaining why Windows ACLs are bad, but entirely dependent on your own assumption that they are.
>>"I don't care how long ago that was, I care how long that mess have lasted. "Empty battlefield"? This battlefield had been fought viciously over and over for a long time"
The problem isn't whether you care about NT security or not. The problem is that every time someone makes a comment about modern Windows security, you post an attack on ancient versions as if that is undermines what they say. It is irrelevant. No-one is arguing with you on this and no-one cares. Your words don't have any relevance to what I say, but you try to present them as if they do. I don't care. No-one else cares. It's just you.
>>"So, according to you, history doesn't teach? Do you suggest to forget everything that was in history now?"
Well no, learning from history is why the modern Windows security model is pretty good since Vista. It appears to be you who insists that history cannot teach by refusing to acknowledge that Windows is no longer the insecure monster it used to be.
>>"Do you suggest to forget everything that was in history now? Reputation that is marred should easily be whitewashed, you wish? it's not that easy, mam. By definition, it has a long-term memory of all the black ink it has absorbed in the past, contrary to both you and Miguel."
Again, says nothing about modern Windows security and just concedes the point I keep making - your attacks are motivated by your hate of Microsoft, not technical weaknesses. I defend facts, you take that as "whitewashing" and defending an opposing team. You're in this thread to attack Microsoft, not to learn or discuss technical matters: they're just a vehicle to you. And you seem not to consider that wrong presumably because you think you're the Goodies and MS (or myself) are the Baddies, and thus your behaviour is justified by the victim.
>>"No it is not, I mentioned Apple and Mac OSX, which I primarily happen to criticize from the moral point of view"
Doesn't matter if you also hate other non-Linux OSs or companies, the relevance is your hate for MS as well as it's affected (driven) your arguments.
>>"You are marvelous in the art of bouncing opponents' argument to things they were never addressed at, h4rmony! It is "fixed" in the current version, btw"
>>"ACL is proven to be a poor sub for the POSIX permission, because for a decade it failed to do what it was supposed to for the security of the OS!"
As I keep pointing out, I'm telling you about modern Windows security. Up until Vista you didn't have to use them in remotely the same way. They also changed then as well. You don't know what you're talking about and if you were honest, you were accept that (by your own admission) you have no experience of modern usage and should therefore stop arguing with people who have experience of both UNIX and Windows and are informed on this matter.
Pointing out that you condemn one OS based on how things used to be and excuse another based on things that "will be fixed in the future" is not any "marvellous art" on my part. That's just you trying to dodge the fact you're using a double-standard by attacking the other person for calling you out on it. Do you genuinely think double-standards are okay so long as you don't like the person you're condemning with them?
As to it being fixed in the current version, I was only quoting you when you said it was future versions. It's now in the latest releases but it will be a some time before it makes its way out into the real world (i.e. most users) with Android being what it is. Besides, doesn't change that you're using a massive double-standard (again).
>>MS borrowed this idea, good for them! I only regret they didn't it do earlier,
As people keep pointing out to you, you're not comparing like for like. You cannot expect a full OS such as Windows or GNU/Linux or OSX to have a permissions system like Android's "allow this app to send txts", "allow this app to access the Internet". It's an argument that is only matched in its ridiculousness by your other one that "ACLS have little practical relevance to security". Which has been shown false several times but you don't have the decency to admit to that because you see this discussion as a "competition" and your posts as "competing" with mine. (your words).
>>"It's your double standards that block this huge piece of facts from your view. My own double standards have nothing to do with that."
I'm glad you finally admit you have double-standards. Now if we can just get you to admit that double-standards are wrong even if a company you hate is the victim, we can hopefully get you to stop using them. Now point out anywhere in this thread that I have applied a double standard, assessed one company's products by one criteria and the same thing from another company with different. I haven't. It's just more argument by assertion. Well, ad hominem by assertion, really.
>>"Again, it's not the existence of ACL on Windows that was a bad idea, it's the lack of more simple mechanism to fill in the role of POSIX permissions, the history of NT have demonstrated it. It's like, having feet to move, and having a car, bike, or an airplane for a similar purpose, yet an airplane is not a substitute for the human's feet, do you get it now?"
I take it back about the earlier two - this is the worst argument from you I have heard. You want to bolt on an extra security model to Windows, one that overlaps and conflicts with the existing ACL system - you think it should have both UNIX permissions and ACLs! And you have the gall to argue that this would make things simpler! The reason ACLs on GNU/Linux are fiddly is not because their designers are unintelligent (anything but!), but because they have to work with and around the existing UNIX system. That's not to say ACLs on GNU/Linux aren't usable / shouldn't be used. But it makes it clear that bolting on a super layer of UNIX permissions on Windows would be a terrible, terrible idea. I can't believe you would even suggest such a thing and it shows what knots you're tying yourself up into in trying to maintain your position that this becomes something you have to argue to try and reconcile all your contradictions.
This is astonishingly bad. I would love to see you seriously propose this somewhere with professionals just to see the reaction.
Re: word count
Well, you've yet again ignored a direct question as to whether you've actually used Windows ACLs in any significant way, so from here on I'm going to assume it's the same as our conversation on Powershell - you don't have any real experience and are just making assertions. Do you really not feel that it is wrong to make statements about how they're too complex when you don't actually have experience of them?
>>"So does the KISS principle, mam.
I repeat, a vague aphorism that things should be simple doesn't say anything about a specific example. I could write an OS that just had one user and one permission of do anything to a file or process, can't do anything to a file or process. By your logic in this thread so far, that would be a superior OS because it's even simpler. If you want to show that Windows ACLs are too complex for use, you have to show that, not issue platitudes. Given WIndows ACLs are used routinely and effectively, your argument is shot down.
>>A specific example could be XP where you have to run many userland apps as root, otherwise those wouldn't work"
And once again, you jump back thirteen years proving your only interest here is to attack Microsoft, not discuss modern security.
>>>>Windows ACLs are routinely used effectively by sysadmins and programmers every day.
>>I am sure about this, although, a few software developers from my XP experience above seemed not to get it.
Again, you're attacking an empty battlefield. Who exactly do you think you're arguing against with all your attacks on XP? You're the only one here who still cares about XP. But as you concede that Windows ACLs are routinely used effectively by sysadmins, you're accepting that they are not too complex to be used. So why wont you admit that you were wrong to say "ACLs have little practical impact on security". It was a stupid thing to say. Remove ACLs and the entire Windows security model no longer exists. And you think that has little practical impact. It's like saying bricks have little practical impact for houses. How long are you going to argue this point? Or is your intent just to grab the goal posts and sprint down the pitch with them and avoid ever having to concede a point?
>>"Me? Microsoft have and still are doing a much better job in that area than any government would ever be able to: #droidrage, scroogle, "500 Android patents everyone has to pay for", "Linux infringe our 100 patents", hidden APIs, "Get the facts", Java vs J++ and Netscape, to mention just a few. Google haven't done any of that for all those years they operate. Google are demonized because of the privacy concern, which I honestly don't share. (MS do a similar thing, hence their "they read your emails" is hypocritical.) Maybe it's egoistic on my part, say, I use my multiple gmail accounts with IMAP only, so I don't care. If MS threaten Linux community, extort payments for ridiculous patents or impose a Windows Tax, I can't get away from this."
As I said, your motive here isn't to discuss security, but to attack Microsoft. Trying to attack Windows security is just a vehicle for your dislike. This much is obvious as your attacks on Windows security show so little actual knowledge of it and you keep dodging questions as to how much experience you actually have with ACLs.
It's fine for you to dislike Microsoft. But posting misinformation / rubbish doesn't become okay because you dislike the victim. There are people I don't like - but I don't think it's okay to tell people someone on my team is an incompetent programmer just because I don't get on very well with them.
>>"I do keep my technical critique separate from this though"
You don't. So far in this article alone you have applied gross double-standards between Windows and other OSs, you've continuously based your "technical criticisms" on things that were fixed over eight years ago (whilst remarking that flaws in Android will be fixed in future versions), you've gone from ACLs having no importance and traditional UNIX permissions being sufficient in one post, to saying that Linux has ACLs too and touting the advantages of SELinux's extension of UNIX permissions two posts later.
This entire conversation is taking place because someone said they hoped Android on Debian would improve Android's security and you launched into an attack on Windows.
>>"My own attitude is to attack the well-documented attackers (in case of MS, Apple or others). I trust that yours and Miguel de Icaza's to unjustifiably embellish MS is wrong"
Because you feel attacked by Microsoft, does not mean that my arguments are wrong. You have to show that they are and instead you repeatedly dodge or ignore them.
Besides, are you not aware that in this discussion it is you who is the attacker?
Re: word count
>>"Both you and MS, it seems, underestimate the converse of it, i.e., the importance of simplicity In many types of systems (now I am using a rather mathematical term) complexity should be avoided, things better be simple enough to work, otherwise a system might not be efficient."
See, a vague generality saying sometimes simple is better, doesn't say anything about a specific example. And I note that I frequently talk in terms of specifics, and you frequently fall back on unsupported aphorisms like this. Case in point, I said that with Windows ACLs a group can be a member of another group. I don't find that complicated. Nor do the many, many programmers and sysadmins on Windows who deal with ACLs. Are you really trying to make an argument that you do?
Windows ACLs are routinely used effectively by sysadmins and programmers every day. "Sometimes simpler is better" platitudes don't connect with the reality here.
Besides, weren't you touting SELinux earlier? Is SELinux not just Linux's way of adding more sophistication to UNIX permissions? Ergo, SELinux fulfills a need. Why is it okay for Linux to fulfill that need but not okay for Windows to fulfill that need?
>>"That is the specific tasks in specific environments. *nix systems got various types of acl management tools"
I know. Which supports my point that ACLs are relevant. So why are you insisting that ACLs have "little practical relevance to security" (your exact words). It remains a silly thing to say.
>>"MS lacks however, a simplified version of acl unlike the POSIX permissions"
And that is not a problem. Right-click on a file on Windows (Vista onwards). Select properties and open the security tab. Pick a user from the list and change the Modify permission for them. Congratulations - you just used Windows ACLs. Was it difficult? No.
Click on "Special Permissions". Change something more sophisticated, such as clicking on Auditing->Add and select "Read". Congratulations, you just added an ACE (Access Control Entry) that will log whenever that file is read by anyone. Easy, wasn't it? And naturally you can do this with files, directory hierarchies, set the criteria to be file modification, appended to and other things.
Of course typically you might do this from the command line - it's very easy to copy an ACL from one object to another for example. I don't find it difficult. Nor do millions of other people. Nor, in fact, would you, if you actually took the time to learn it.
But you haven't have you? You keep ignoring my questions but have the decency to answer this one, will you? When was the last time you properly used ACLs on Windows? This is another conversation like the Powershell one isn't it, where after many posts insisting on its inferiority you finally admitted you'd never even used it. So go on, have you ever actually sat down and learnt Windows ACLs. You haven't have you? I can tell this because you're confidently asserting that they're over-complicated when in fact they're very easy to learn and use. Easier than trying to juggle permissions for large numbers of users and services with options of user/group/world and the awkward fudge of setuid bits.
>>"you also can't hear me criticizing Microsoft for the fact that you cannot control the apps permissions either"
I replied to that earlier, as did mephistro. We both made the same point that the Android permissions system (can txt, can use the Internet connection, etc.) is not appropriate for a full blown desktop OS such as GNU/Linux, OSX, Windows, et al. And as you're fully aware, Windows 8 does have this, this being the version of Windows that is seeking to be a common platform for desktop and mobile devices. Arguing that full-blown desktop OS's such as these should base their security model around Android's is a very silly argument. I'd love to see you propose that on the Debian forums.
>>"So, once again let's see how many years have passed since the original release of NT and NTFS before MS had any security. 2006-1993=13 years until Vista and it's 16 years before the arrival of Windows 7"
And yet again, you go back to the 1990s to try and score points against Microsoft, still blind to the fact that the football-team mentality is a game that only you are playing. When I talk about modern Windows security models and explicitly state I'm talking about Vista onwards, and you respond with childish comments about what a pity it was Windows didn't have better security in the 1990s, all you are doing is showing you have no interest in modern security comparisons, only in attacking a company. Though I should have realized that seeing as you were the one who raised Windows in this discussion in the first place just so you could attack it.
Here's a hint: when someone makes a comment about Android security and you launch into a bizarre attack on Windows, you're doing the exact same thing many governments do routinely when they try to deflect criticism onto some demonized outside group. It doesn't help clean up a mess at home! Your attitude is exactly the one that would rather attack others than improve things and we in the Open Source community really could do without your attitude, thanks.
Re: word count
>>"ACL was too complex for practical security use and hence was a bad substitute for the POSIX file permissions."
ACLs on Windows are used routinely by programmers and sysadmins alike, daily. I don't even use Windows as a development platform and don't administer it and I understand their usage. So either we're all atypical geniuses or you're wrong. There's no way you can support a position of ACLs on windows being impractical, when they are commonly used.
You also don't understand complexity in practice. A lot of things you can do with Windows ACLs are much more complex to do with traditional UNIX permissions even though the latter is a simpler system. To illustrate, traditional UNIX permissions don't have nested / hierarchical groups. That makes the UNIX system simpler. However, it makes managing access privileges more complicated. If a new member of the programming team should have access to certain technical areas, common office tasks (such as printer access), permission to log in to certain servers, et al., you can structure it so that the programmers group is a member of the printers group, the group that has access to those servers and so on and so forth. They leave, you just remove them from the programmers group and everything is taken care of. And that's a very simple example - hierarchical group memberships are great. Extra functionality can make a system less complex in practice.
You're seriously going to argue that something like being able to make a group a member of another group is too difficult for people to use or that it's not helpful?
>>"Go ahead pick up that jaw recalculating all the number of years it took from the initial release of NTFS ACLs in 1993 up until the post-Vista era when (according to you) the security got straightened out. If you can measure the "practical relevance" to be tangible or with a positive sign, that would be ignorant"
I don't even understand what you're saying here, let alone how it shows "ACLs have little practical relevance to security" which was the thing you claimed.
>>"To every one of my word, you'll produce another 3, just can't compete with that typing agility and thus am giving up"
Giving up on what? "Competing" in what? I'm not "competing" in anything. You came into a thread about Android and Debian and started posting inaccurate attacks on Windows. And then when challenged on it, you start making bizarre comments about my writing more than you. Debate or don't debate, just don't repeatedly make passive aggressive attacks about 'oh, I can't possibly compete with you' or 'clearly you're a winner'. They contribute nothing.
Re: Double standards
>>"According to my experience, the one who usually talks more about someone else's application of double standards is either doing just the same or worse. I remember how (our) media in Russia was appealing to the American custom of finding a speck in the imaginative Russian eye through their own log about things in Chechnya. Those speck and log are now exchanged, while the Russian log is substituted by a huge baobab trunk, thanks to the idiotic and hysterical anti-Ukrainian, anti-American and anti-Western propaganda"
All I asked was how you justified condemning Windows security based on things that haven't been true since before Vista whilst defending Android flaws with 'they'll be fixed in a future version'. As far as I can work out from your post, the justification is that Russia used to put out propaganda about the USA.
I'm also deeply unconvinced by your argument that if someone points out hypocrisy it means they're likely a worse hypocrite. Ad hominem too, as it happens.
Re: Who invented permissions transparency?
"You will be able to with SELinux soon."
So when attacking Windows security you base arguments on pre-Vista versions and insist that's relevant, when defending Android you reference versions from the future and consider that fine. So one final question - are you actually aware that you keep applying double standards and if so what rationalization do you use to justify double standards?
Re: word count
>>"Anyhow, I did a wc analysis on our comments"
:D Which just shows what I keep telling you - that you're less interested in factual discussion and more interested in coming up with any criteria you can to "win" an argument. Btw, I've been a touch-typist since I was nineteen and can hit 65 words per minute relatively easily. Sometimes higher. I trust you'll have the intellectual honesty to divide both our results by our typing speeds as I doubt you've ever been a secretary. ;)
>>"Yes, it was disagreeing with your idea how Windows ACLs are superior to the Unix permission system in the context of security"
It was a post talking about the history of Windows in the days of NT. If you can't recognize that the Windows security model changed significantly with Vista then you can't understand there's no contradiction. And one more time - making an Appeal To Authority argument with some off-the-cuff forum post as your authority is beyond silly. Also, what context other than security would one compare Windows ACLs and UNIX permissions, anyway?
>>"Paul tried to explain that this advantage has had very little practical relevance to security"
ACLs have little practical relevance to security? That is jaw droppingly ignorant. Also, I don't know who this poster is that you regard as such an authority on matters, but they didn't say that at all for what it's worth.
>>"You're really a winner and I surrender!"
Yeah, sarcasm. We'll add that to the list of dodgy counter-arguments along with your posts being shorter than mine and this random forum user "disagrees" with me, shall we?
Re: Who invented permissions transparency?
>>"It is supposed to be so very relevant for some lawyers, at least Microsoft and Apple lawyers. Have you heard about software patents?"
Well we are not lawyers, we're people discussing integration of Debian and Android. When we're holding a competition Bestest Software Company Ever, then your random and unprovoked tangents about Microsoft may be relevant. But not 'till then.
And yes, we've all heard of software patents. It may astonish you to know that I was part of a campaign to get them rejected by the EU some years back. (A successful campaign, as it happens). Hardly of any relevance to a discussion of Android in Debian, is it? It's just a tangent on a tangent on a tangent, all spawned by your random introduction of Microsoft into this discussion.
And though it's already been said by more than one person it obviously needs repeating again - you're not comparing like for like anyway.
>>This paper has a nice list of things MS claim to have come first and hence demand licensing earning a few billion bucks total some people have surmised
Tangent on a tangent on a tangent on a tangent. It's obvious that your main interest here is to use the article as a launching point for attacks on Microsoft. I don't know much about the Android patents but I would say that if they weren't valid, or even contestable, that you wouldn't get giants like Samsung (a company not unknown for challenging *cough*rounded corners*cough* patents) rolling over without complaint.
>>"As far as GNU/Linux and *BSD are concerned, this Android model is inferior to their own model"
Which is what I wrote. As well as Windows included with GNU/Linux and BSD. If you're going to try and argue that Android's security model is as capable as any of these, you're going to have one HELL of a job.
>>"i.e., having mostly free software packaged in the secure repositories by maintainers"
Oh, you missed the point. That's not part of the security model - that's just the way the ecosystem leans. You're now arguing that GNU/Linux is more secure because the userbase is less likely to install malware on it. By all means say that. Has no bearing on anything I wrote.
>>"Windows was brought up as a comparison to Android to show that security is not a nightmare.
It was brought up because you always bring up Windows even when the topic has nothing to do with it. And the above is a post-fact attempt to justify it that doesn't even stand up. How does modern Windows (Vista onwards) show Android security "is not a nightmare"? By comparison? Windows has a much more capable and robust security model than Android. By the amount of malware extant? Yes - that's a great like for like comparison: the world's most popular x86 desktop OS vs. a mobile OS that is locked down by default. Your various attacks on Windows don't show anything about Android security, they're just your usual attacks.
>>"I didn't invite your superfluously prolific off-topic either."
You don't get to complain that someone is "off-topic" if their post is a direct reply to your own off-topic post, instead you ask yourself if you should have used an article for pushing your own agenda in the first place. Furthermore, any factual inaccuracy is an invitation to anyone to read it to correct it.
>>"Yes, you gave a very informative comment on it stating exactly the same, however it has been rebuffed by Paul Crawford pretty well the and you even agreed with him"
It was a funny and accurate post so certainly I agreed with it. That you think it contradicts my own posts in that thread says more on your understanding than it does that post.
And really, an Appeal to Authority argument with random forum opinions as the authority? : /
I'm perfectly willing to defend silly attacks all day long if you want. But let's recognize that it's you that keeps driving the discussion off away from Debian and Android to satisfy your seeming obsession with Windows.
Re: Who invented permissions transparency?
>>"Both Blackberry and WP 8 followed it after Android. Unfortunately, this model have never occurred to Microsoft for the last couple decades, users would have been much safer if it did."
Who came up with something first is only really relevant to those with a football mentality wanting to show one company is more valid than another, but for what it's worth, this is not comparing like for like. Android was designed as a mobile OS and it's apps overwhelmingly are self-contained. Windows and GNU/Linux are full OSs and it's not really been appropriate to have the same sort of permissions structure. Do we really imagine that a simple structure of "Can access Internet", "Can Send Txt Message", et al. would have worked for UNIX / GNU Linux / Windows / OSX? (Or any other full-blown traditional OS). MS have only introduced this now when it's appropriate with Windows 8 as they broaden the OS to be mobile-device friendly. Also, this is an article about Debian and Android - bringing up Windows just so that you can make some (ill-founded) digs at it is off-topic.
>>"1) apps run under separate uid's"
That's a concession to the UNIX security model. It's not inherently better than proper ACLs and is not a panacea as evidenced by the many security flaws Android has had. From what I have heard, there is a tendency to regard the sandboxing of apps in Android as a strong security measure. It is, but it is also one of the things that means just adding Android support (e.g. Dalvik) directly to GNU/Linux is a very bad idea, because on GNU/Linux you don't have that sandboxing. That's why an approach like the one in this article (Android is essentially a VM in Debian) is a lot more secure than adding the relevant APIs or kernel modules straight into GNU/Linux would be.
>>"no, it's not. fine grained permissions How fine do you want those grains to be? Have you heard about SELinux on the latest android"
We've had this discussion the last time you launched in on this. It would be nice to have a full ACL system that is much more capable such as the one in Windows (Vista onwards). Android is not remotely as capable. To avoid the usual derailment that happens when you pop up in a Linux article and use it as a platform to take pot-shots at Windows, I'll just link to the last time we discussed ACLs on Windows vs. GNU/Linux here. And as Android is less capable* than GNU/Linux, the discussion is doubly true. It's wrong to tout Android as if it's more secure by design. In fact, it's that attitude that leads to poor security: over-reliance on the sandbox model is why you end up with apps leaking data to each other and magnifies the consequences massively when a bug in some Android kernel module punctures the sandbox. And as I wrote - reliance on the sandbox model is the primary reason why you can't (or shouldn't) just drop naked Android support to GNU/Linux.
*Note, when I say that Android security is less capable, that's not a dig, per se, it's less capable because it's more focused. This does not mean there is a problem in its own context, it means it would become one if you, e.g. used it as a model for a full-blown OS as eulampios seems to want to do when they hold it up as superior to the security models on these.
I have no idea why you got the thumbs down here, other than that there are some very partisan and not very bright people around here who leap on anything they think is a criticism.
Anyway, as best as I can answer your very reasonable question (I welcome corrections), this is just Android in a VM with shared file system / directories (not sure if it's all or just parts of the file system). In the video, you see that he swaps between the Android and Debian environments and at one point he actually stops "Android" and then restarts it.
Furthermore, if this depends on MicroXwin, that's closed source. (Not sure if it does or not). Anyway, I hope that answers your question - it's Android in a VM so far as I can see. Handy if you're using ARM Debian and want to watch YouTube or want to use Android apps, so pretty handy. But it's not integration of GNU/Linux and Android in any deep way.
Re: Could this happen with LibreSSL too?
>>"This is a highly entertaining read which should answer that"
Wow. That was an extremely informative read. Funny too. I had no idea how bad things were with OpenSSL. But it also convinces me that LibreSSL is the one to back as it sounds like it is in very excellent hands!
followed two months later by:
Exodus: Hey, NSA. We heard that Tails vuln you were depending got found and fixed. Would you like to buy this other one we have?
>>""hacking" seems to be in the list of categories that are filtered. What the fuck? How is information about hardware and software considered so harmful that it cannot touch the minds of our precious little children?"
One of the signs of an authoritarian society is that things move from a state of permitted unless forbidden, to forbidden unless permitted. It's a direct consequence of a society becoming about fear and control, rather than curiosity and freedom.
>>"As with Goonalytics, scripts must be run."
I've occasionally blocked googleanalytics at the router level. I found about a third of the sites I visited became unusable as they were waiting on googleanalytics to respond.
Re: " have never understood this apps criticism."
>>Analogy :- "You cooked a meal, but it never turned out how you or your dinner guests wanted. However this microwave substitute goo is just fine because both you and your guests actually don't know or care what is actually required as long as you can slurp it down with a spoon - until you come to the porcelain throne of your expectations"
That analogy should be taken outside and shot, to put it out of its misery and ours.
Re: Probably not so much the form factor
I have never understood this apps criticism. I have a Surface 2 (and had a Surface RT before that) and in all my time with Windows RT, I've installed probably half a dozen apps on those devices (an SSH client, a code editor being the main things). It does nearly everything I need already - it comes with Office, email clients, full featured web browser.
Apps evolved because mobile devices didn't have screen real-estate or properly functional browsers. Windows RT has that. Unless you have a burning need to play the latest games (I'm not a gamer) then I genuinely don't see any serious lack.
Re: Learning curves and walled gardens
>>"and don't need/want to make yet another effort to learn something else"
I just don't see the "effort". If I'm going to be using a device frequently, it's worth an hour of learning how to get the most out of it. What honestly is difficult anyway? Press the windows button and you're on the Start Screen, swipe from the left and you cycle through the running programs, swipe from the right and you get settings and options. Drag down from the top to close something or move it to the side. In some apps, you can get extra controls by swiping up.
That's four sides of a screen and a button. Who couldn't learn that in ten minutes? In return for which I get a bunch of things that are advantages to me.
Re: I'd still tack "alledgedly" before any attribution to a missile strike
Inability to explain yourself =/= Intelligence.
Re: Age of consent
>>"The law should not outlaw depictions of acts which are legal to perform for the participants."
Why shouldn't you have different legal ages for different things? When I was sixteen I may have been able to make an informed decision on whether I wanted to sleep with someone else in my class, but that does not mean I would have been in a good place to make long-term life impacting decisions about whether to do pornographic modelling.
Also, as has been pointed out, paedophilia is not the same as underage sex. What I wrote, I wrote about paedophilia. Posting comments about actions at the age of seventeen is a long way from actually challenging what I wrote. If you want to argue about depictions of acts that have no relation to actual children, go and reply to someone else. The post that you are challenging was written to skeland who argued that paedophilia isn't a disorder.
Re: for some definition of paedophile...
>>"Paedophilia is a mental disorder and you first must become a paedophile and only then you might want to start seeing CP, not the other way round. So, preventing you from seeing CP pictures means nothing if you are not a paedophile and will do nothing to stop from you being a paedophile if you are one already"
Do you have any medical background to make such a claim? Because there are many areas where repeated exposure stimulates interest and habitualizes that interest. Similarly that normalization of something increases someone's likelihood of engaging in such activity.
Re: for some definition of paedophile...
>>"The Sexual Offences Act 2003 widened the definition of "child" to include anyone under 18 - rather than the previous "under 16"
Maybe, but I referred several times in my post which you quote to prebubescents. Paedophilia, which is the word I used, describes sexual attraction to those who have not gone through puberty, generally aged 11 or less. You can check that definition on Wikipedia if you need to. Despite some people interested in big headlines trying to use it for any old underaged sex, much like the US definition of "terrorist" gets applied to occupying armies like the Islamic State, it still has a proper meaning.
Re: for some definition of paedophile...
"Is paedophilia in the strictest sense something that should be against the law? As long as it doesn't involve the abuse of children, why would it ever be deemed illegal?"
You've entirely shifted the goalposts from what you argued and what I challenged. You attempted to argue that someone sexually attracted to prepubescents may not have psychological problems and you tried to draw an equivalence to bondage games between consenting adults. I pointed out that they were stupid. Now you quote me and respond whether paedophillia "in the strictest sense" should be criminalized. What you write here in no way counters what I said nor supports your original attempt to normalize paedophillia. Attempts plural, actually, given your other attempts.
"Exactly the same arguments used to be trotted out about homosexuality: "I think sex with a guy is gross, so there should be a law against it." It makes just as much sense in that situation as it does here."
No it does not because adults can consent. That has already been pointed out to you but you prefer to ignore that sexual interest from an adult to a child is harmful to the child. That doesn't depend on any repugnance I or others feel or which you may not share. It doesn't depend on any religious belief that homosexuality will damn someone's soul. It depends on one very simple principle - protecting children.
You see, you blend your topics - apparently under the impression it's not noticed. One strain of your argument is that if it's just drawings of children then no children are actually harmed. And then there's this whole other strain where you repeatedly attempt to segue from that into normalization of paedophilia, that perhaps it isn't a serious psychological disorder, that who is someone to say that it is wrong. As shown there are clear reasons why it is and it's neither a good analogy to talk about BDSM nor about homosexuality.
And I think both homosexual people and BDSM crowd who have long had to struggle to convince outsiders that paedophilia isn't a part of their scene don't particularly want you trying to re-associate that.
Re: for some definition of paedophile...
>>"Maybe yes, maybe no. Lots of perfectly healthy people out there enjoy very healthy sex lives involving violence, such as flogging and queening and the like. Doesn't make them "bad" people."
Congratulations - you just associated BDSM with paedophilia. And a million kinky people who'd been trying to disassociate their interests from real world abuse and harming of children place their faces in their palms once more.
Whether some people express their sexual interest in unusual ways or no, it doesn't link that interest to sexual attraction to prepubescents. Very different things.
Aside from "how" being a very qualitatively different thing from "to what", there's the clear and obvious difference that sex between adults can be consensual. Regardless of how odd particular practices may appear to some. Children can never be consenting. Sexual interference with a child is harmful to the child.
So I don't think the BDSM scene will particularly like the comparison.
>>That's not even going into the fetishes enjoyed widely in the Japanese community involving women that look suspiciously like little girls.
If the Japanese do it, it's normal. Fantastic argument! *nods slowly*
Re: for some definition of paedophile...
>>" many of the people that got off before were let off due to technicalities or "lack of evidence" rather than being cleared of being a nonce and most of them had a browser history chocked full of questionable material."
Not to say that this isn't the case, but the obvious question is how would you know this? Are you an officer involved? Seems unlikely. Therefore the above is presumably just conjecture?
Re: Police declined to explain how they "snared" the suspects
I'm getting so cynical by this point that I suspect the way it really happened was this:
Cameron picks up phone: "Chief inspector, we're getting pilloried in the media. I want you to arrest a huge number of paedophiles so we look good."
Chief Inspector: "Righty-ho. I'll get a list of the ones we reckon we have enough evidence on."
Cameron: "Oh, don't worry about whether you can get convictions. The plebs will have forgotten about it by the time it actually gets that far. Just make sure the arrest count is high"
Probably I'm just too cynical but given the crap I've seen pulled by the government over the last few years, I'm finding it hard to trust their intent that much. I think they're even willing to exploit paedophillia as a political tool these days.
Re: Once a trouble maker always...
>>"360,000 lines of Visual Basic is what's being reported"
That's the only response I can think to make.
Re: Once a trouble maker always...
>>"Human counting is also potentially unreliable, as seen in many corrupted nations. Even in Australia we've had paper votes go missing... It can be accidental or intentional, just like with electronic systems"
It's possible in both systems, but electronic voting massively lowers the difficulty of pulling off successful election fraud. In cases such as this, the outcome could be determined by a single programmer or a handful of officials. Whereas with our normal elections (e.g. UK General Election), you're needing to subvert many hundreds of polling stations and staff and counters across the country.
Re: Once a trouble maker always...
I feel I should have written a response that was a bit less adversarial and actually detailed what was wrong with it, but it's too late to edit that now. I was set off by the comment "only a fool would allow the source out". So here is a more detailed response.
>>What a beat-up. Basic security principles state that you don't give the enemy anything at all
Firstly, hiding the source from the public is treating the public as the enemy. It's voting code. We NEED to be able to verify it and reject it if it is not good enough. No closed body will ever be sufficient to replace public viewing of the code.
Secondly, the above is wrong. It is useful if potential attackers do not have access to the source code, but not vital. There are many major Open Source projects vital to security and the code is exposed. The principle is that knowledge of the code does not allow one to compromise it. ANY reliance on obscurity is a flaw. Especially when we are guarding against internal threats from the vendor who, by definition, the code is not obscured to.
>>"So, this guy wants to check out the code to see how it works, maybe if it has any security vulnerabilities? That's exactly what we don't want to happen."
That's exactly what we DO want to happen because the more qualified people who look through the code, the greater our chance of identifying all vulnerabilities and fixing them.
>>"Remember, the AEC computer systems are connected to the Internet. It would be easy (yes there are precendents) to create a trojan that was attached to an e-mail that would be attractive to an AEC employee or contractor. Once activated, it would be easy for it to link into a vulnerability in the software, taking commands through an apparently benign web site"
If this is true then the software is not fit for purpose and hiding evidence of that is no kind of mitigation.
There are massive risks with electronic voting because it is so easy for a small group in the right place to invisibly determine the results. Personally, I favour human counting - in elections trust is more important than speed, whatever the media would like. However, IF one is to have electronic counting, I would expect as a minimum the machines to not be accessible over the Internet or be deployed in such a way that an operator could infect one by getting an email.
This is why only a fool would allow the source code out.
If half of what you say is true, the company behind this system should be sued until not even Wikipedia remembers who they are.
@ Fluffy Bunny
I initially took your post to be humour, but I now think you may be serious. I hope you have no connection to computer security in your professional life.
Regardless of whether there are reasons why viewing this particular code could lead to risk, we shouldn't be in this position in the first place - election code has to be able to survive public review because public review is the only way we can trust the election results.
Here's an interesting fact - we don't know who won the 2008 Mayor of London election. We know that Boris Johnson got the job, but we don't know that he was actually elected. The Open Rights Group were monitoring the software and hardware used to count votes and concluded there wasn't sufficient evidence for them to actually audit the process. They also noted that the number of error messages, bugs and system freezes indicated "poor quality software".
I repeat - it is entirely possible that Boris Johnson did not win the mayor of London elections and we cannot determine the truth. He could have been elected by an error. Or better, it is factually accurate to say that a programmer somewhere or other technical person in the process may have decided who became mayor of London. We cannot tell.
All of this is because that code was not up for public review.
Re: Is their a list ?
>>"I confess I hadn't heard of most of them, but there was no great surprise about the ones I had heard of. David Davis, of course, and – yet again – Caroline Lucas is a national hero."
If the Greens would drop their unsupportable opposition to Nuclear Power, I'd cheerfully vote for them just to put civil liberties pressure on the big three.
(Well, big two now, since the Lib Dems formed a coalition with the Tories and probably destroyed their own support base).
Re: is that where the Bing R&D guys went?
Even if you have a better product, it still takes a long time to dislodge an established dominant player. And I think Bing and Google search are only comparable, not that one is better than the other particularly.
Date of birth
Actually, never mind passwords. I'd just be happy if I could persuade such institutions as banks and others from thinking my date of birth is some magical secret that confirms my identity.
Re: Password Entropy
Your joke icon is inappropriate though you may not realize this! I've done checks on databases of some large services and found a significant number of hashes matching "correct horse battery staple". There are idiots who either don't get the comic at all, or find it hilarious to amuse themselves by setting this as their personal password.
Sad but true.
Re: At least...
>>You have very low standards.
Oooh, is it time again for someone on the Internet to crow about how a woman is below their sexual standards again? I guess it is.
Care to share a photo of yourself taken by a police photographer shortly after arrest. Thanks! :)
Re: a netbook by any other name would stink as much
>>"I thought commentards thought Netbooks are amazingly awesome - or do they cease being so when MS bring out 'Netbook v2'?"
Actually, I dislike them regardless. An underpowered device is no good to me.
>>"Unless they are also counting every Office365 and visualstudio.com that uses Azure as the backend."
Which they're obviously not or the number would be a very great deal higher than 42,000.
Microsoft jumps chasm in bus...
Decides in response to passenger screams to stop half-way across.
You can't have democracy...
...without information. When government distorts public perception through trickery, that's an attack on the public.
Re: King Canute
>>"Sorry, I think I zoned out at "fun" being used in the same sentence with "clothes", in a shopping context"
You spend a few hours drifting around town with your friends, chatting and having fun and trying out new looks and getting their opinions, spending a bit of time having a coffee together. You like hanging out with your friends, don't you?
Re: Booksellers do deserve protection
>>"I'm sure some rabid free marketeers will be along to vote down in their droves, but I do think book sellers are a class of shop that we should be doing more to protect."
Online selling, however, has done more to protect niche publishing. There are perhaps many books that would be out of print or perhaps never printed at all, if they had to go the traditional route of printing enough to be present in many bookshops in the hope they'd be found by the few who want them. Books are ultimately what needs protection, no?
>>"Drive the small bookshops out of existence, and there will be many people, I suspect, who will not be at all happy that the only way to get hold of, for example, The Carnivorous Lamb, is to give your name and address to a large corporation and trust they'll never hand over records as part of the next moral panic."
Tracking, I agree, is a valid concern.
Re: Money isn't everything, @ h4rm0ny
>>"If the government is fixing the price so that all shops have roughly the same price then there will be no need to go round lots of different shops looking for a better deal effectively taking price out of the equation"
Actually, I was thinking about finding what I want, not saving money. Sitting on the sofa looking through products for the one I want is a lot more time efficient than visiting lots of different shops. I also have extra information available in the form of reviews.
If I want to go shopping as a form of social activity, that I do with friends and I do with clothes. For movies, books, electronics, I do that online. The less mainstream something is, the more efficient that becomes.
Re: And that's cuttin' me own throat!
>>"Greengrocer B sells his apples at 1 penny a pound, absorbing the loss, to try to drive greengrocer A out of business, and then when he is the only player left in the market, he can charge whatever he likes for apples."
Your analogy only works if Amazon are actually selling at a loss. I don't believe they are and am interested in any evidence that this is the case. To do so would be anti-competitive. But if they're still making a product then they're not abusing their position (at least because of selling more cheaply), they're just undercutting their competitors. Which is what you're meant to do.
>>"Or does the law mandate that the publisher must sell to each vendor at the same price (wouldn't that encourage a cartel and be against EU competition law)"
Question - how would mandating all vendors get to pay the same costs encourage a cartel? I would have thought the opposite. I.e. if a dominant player can't leverage their position to get better deals than smaller players, isn't that good for the smaller players?
Re: Money isn't everything,
>>"Only the autistic think a free market will solve all of life's problems. In the US we are racing to the bottom thanks to the free market"
I'm not sure autism inclines one to any particular political leaning.
>>It sounds like the French value their culture and leisure time more than making a buck, which is kinda refreshing!
This isn't "the French", it's the French Government - a different thing. Clearly if "the French" didn't want to use Amazon in place of local retailers, then the Government would not have to institute such a law to try and stop them. I'm also unclear as to how impeding Amazon is an indicator of the French valuing their culture and leisure time. Using Amazon typically saves time over going round lots of different shops.
Re: King Canute
Being able to try stuff out before you buy is good. But honestly, when it comes to customer service, Amazon are about the best I've ever dealt with. I can request a callback and my phone has rung almost immediately. I used the wrong address for a delivery once and they took care of everything. And the rare returns I've just peeled the provided return sticker off and placed it on the package and back it's gone. As easier (or easier) than taking it back to a shop.
I'm sure there are some bad stories out there, but in my years of using Amazon, their customer service has been extraordinary.
(No, I don't work for them!)
That's what this sounds like. We now have the technology for near-instant communication long-distance, the infrastructure to transports goods cheaply and quickly... We're even seeing P2P delivery start to emerge with some services that just use local people to deliver the last few miles for a small cut.
Basically, when it's Steam Engine Time, steam engines will appear. Our cities are going to look quite different in the near future with so much of our shopping being done online. Clothes will probably be the last to go because it's fun and necessary to try them on and see how they look. It's also a social activity in the way that buying a TV isn't. (You can't go out with your friends and buy TVs on a regular basis or you're going to have a lot of TVs).
No, preferably die.
We don't want him to enjoy his last moments.
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- 14 antivirus apps found to have security problems
- Feature Scotland's BIG question: Will independence cost me my broadband?
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great