Feeds

* Posts by h4rm0ny

2511 posts • joined 26 Jul 2008

Debian Linux, Android share a bed in upcoming distro

h4rm0ny
Silver badge

Re: word count

Well, you've yet again ignored a direct question as to whether you've actually used Windows ACLs in any significant way, so from here on I'm going to assume it's the same as our conversation on Powershell - you don't have any real experience and are just making assertions. Do you really not feel that it is wrong to make statements about how they're too complex when you don't actually have experience of them?

>>"So does the KISS principle, mam.

I repeat, a vague aphorism that things should be simple doesn't say anything about a specific example. I could write an OS that just had one user and one permission of do anything to a file or process, can't do anything to a file or process. By your logic in this thread so far, that would be a superior OS because it's even simpler. If you want to show that Windows ACLs are too complex for use, you have to show that, not issue platitudes. Given WIndows ACLs are used routinely and effectively, your argument is shot down.

>>A specific example could be XP where you have to run many userland apps as root, otherwise those wouldn't work"

And once again, you jump back thirteen years proving your only interest here is to attack Microsoft, not discuss modern security.

>>>>Windows ACLs are routinely used effectively by sysadmins and programmers every day.

>>I am sure about this, although, a few software developers from my XP experience above seemed not to get it.

Again, you're attacking an empty battlefield. Who exactly do you think you're arguing against with all your attacks on XP? You're the only one here who still cares about XP. But as you concede that Windows ACLs are routinely used effectively by sysadmins, you're accepting that they are not too complex to be used. So why wont you admit that you were wrong to say "ACLs have little practical impact on security". It was a stupid thing to say. Remove ACLs and the entire Windows security model no longer exists. And you think that has little practical impact. It's like saying bricks have little practical impact for houses. How long are you going to argue this point? Or is your intent just to grab the goal posts and sprint down the pitch with them and avoid ever having to concede a point?

>>"Me? Microsoft have and still are doing a much better job in that area than any government would ever be able to: #droidrage, scroogle, "500 Android patents everyone has to pay for", "Linux infringe our 100 patents", hidden APIs, "Get the facts", Java vs J++ and Netscape, to mention just a few. Google haven't done any of that for all those years they operate. Google are demonized because of the privacy concern, which I honestly don't share. (MS do a similar thing, hence their "they read your emails" is hypocritical.) Maybe it's egoistic on my part, say, I use my multiple gmail accounts with IMAP only, so I don't care. If MS threaten Linux community, extort payments for ridiculous patents or impose a Windows Tax, I can't get away from this."

As I said, your motive here isn't to discuss security, but to attack Microsoft. Trying to attack Windows security is just a vehicle for your dislike. This much is obvious as your attacks on Windows security show so little actual knowledge of it and you keep dodging questions as to how much experience you actually have with ACLs.

It's fine for you to dislike Microsoft. But posting misinformation / rubbish doesn't become okay because you dislike the victim. There are people I don't like - but I don't think it's okay to tell people someone on my team is an incompetent programmer just because I don't get on very well with them.

>>"I do keep my technical critique separate from this though"

You don't. So far in this article alone you have applied gross double-standards between Windows and other OSs, you've continuously based your "technical criticisms" on things that were fixed over eight years ago (whilst remarking that flaws in Android will be fixed in future versions), you've gone from ACLs having no importance and traditional UNIX permissions being sufficient in one post, to saying that Linux has ACLs too and touting the advantages of SELinux's extension of UNIX permissions two posts later.

This entire conversation is taking place because someone said they hoped Android on Debian would improve Android's security and you launched into an attack on Windows.

>>"My own attitude is to attack the well-documented attackers (in case of MS, Apple or others). I trust that yours and Miguel de Icaza's to unjustifiably embellish MS is wrong"

Because you feel attacked by Microsoft, does not mean that my arguments are wrong. You have to show that they are and instead you repeatedly dodge or ignore them.

Besides, are you not aware that in this discussion it is you who is the attacker?

0
0
h4rm0ny
Silver badge

Re: word count

>>"Both you and MS, it seems, underestimate the converse of it, i.e., the importance of simplicity In many types of systems (now I am using a rather mathematical term) complexity should be avoided, things better be simple enough to work, otherwise a system might not be efficient."

See, a vague generality saying sometimes simple is better, doesn't say anything about a specific example. And I note that I frequently talk in terms of specifics, and you frequently fall back on unsupported aphorisms like this. Case in point, I said that with Windows ACLs a group can be a member of another group. I don't find that complicated. Nor do the many, many programmers and sysadmins on Windows who deal with ACLs. Are you really trying to make an argument that you do?

Windows ACLs are routinely used effectively by sysadmins and programmers every day. "Sometimes simpler is better" platitudes don't connect with the reality here.

Besides, weren't you touting SELinux earlier? Is SELinux not just Linux's way of adding more sophistication to UNIX permissions? Ergo, SELinux fulfills a need. Why is it okay for Linux to fulfill that need but not okay for Windows to fulfill that need?

>>"That is the specific tasks in specific environments. *nix systems got various types of acl management tools"

I know. Which supports my point that ACLs are relevant. So why are you insisting that ACLs have "little practical relevance to security" (your exact words). It remains a silly thing to say.

>>"MS lacks however, a simplified version of acl unlike the POSIX permissions"

And that is not a problem. Right-click on a file on Windows (Vista onwards). Select properties and open the security tab. Pick a user from the list and change the Modify permission for them. Congratulations - you just used Windows ACLs. Was it difficult? No.

Click on "Special Permissions". Change something more sophisticated, such as clicking on Auditing->Add and select "Read". Congratulations, you just added an ACE (Access Control Entry) that will log whenever that file is read by anyone. Easy, wasn't it? And naturally you can do this with files, directory hierarchies, set the criteria to be file modification, appended to and other things.

Of course typically you might do this from the command line - it's very easy to copy an ACL from one object to another for example. I don't find it difficult. Nor do millions of other people. Nor, in fact, would you, if you actually took the time to learn it.

But you haven't have you? You keep ignoring my questions but have the decency to answer this one, will you? When was the last time you properly used ACLs on Windows? This is another conversation like the Powershell one isn't it, where after many posts insisting on its inferiority you finally admitted you'd never even used it. So go on, have you ever actually sat down and learnt Windows ACLs. You haven't have you? I can tell this because you're confidently asserting that they're over-complicated when in fact they're very easy to learn and use. Easier than trying to juggle permissions for large numbers of users and services with options of user/group/world and the awkward fudge of setuid bits.

>>"you also can't hear me criticizing Microsoft for the fact that you cannot control the apps permissions either"

I replied to that earlier, as did mephistro. We both made the same point that the Android permissions system (can txt, can use the Internet connection, etc.) is not appropriate for a full blown desktop OS such as GNU/Linux, OSX, Windows, et al. And as you're fully aware, Windows 8 does have this, this being the version of Windows that is seeking to be a common platform for desktop and mobile devices. Arguing that full-blown desktop OS's such as these should base their security model around Android's is a very silly argument. I'd love to see you propose that on the Debian forums.

>>"So, once again let's see how many years have passed since the original release of NT and NTFS before MS had any security. 2006-1993=13 years until Vista and it's 16 years before the arrival of Windows 7"

And yet again, you go back to the 1990s to try and score points against Microsoft, still blind to the fact that the football-team mentality is a game that only you are playing. When I talk about modern Windows security models and explicitly state I'm talking about Vista onwards, and you respond with childish comments about what a pity it was Windows didn't have better security in the 1990s, all you are doing is showing you have no interest in modern security comparisons, only in attacking a company. Though I should have realized that seeing as you were the one who raised Windows in this discussion in the first place just so you could attack it.

Here's a hint: when someone makes a comment about Android security and you launch into a bizarre attack on Windows, you're doing the exact same thing many governments do routinely when they try to deflect criticism onto some demonized outside group. It doesn't help clean up a mess at home! Your attitude is exactly the one that would rather attack others than improve things and we in the Open Source community really could do without your attitude, thanks.

0
0
h4rm0ny
Silver badge

Re: word count

>>"ACL was too complex for practical security use and hence was a bad substitute for the POSIX file permissions."

ACLs on Windows are used routinely by programmers and sysadmins alike, daily. I don't even use Windows as a development platform and don't administer it and I understand their usage. So either we're all atypical geniuses or you're wrong. There's no way you can support a position of ACLs on windows being impractical, when they are commonly used.

You also don't understand complexity in practice. A lot of things you can do with Windows ACLs are much more complex to do with traditional UNIX permissions even though the latter is a simpler system. To illustrate, traditional UNIX permissions don't have nested / hierarchical groups. That makes the UNIX system simpler. However, it makes managing access privileges more complicated. If a new member of the programming team should have access to certain technical areas, common office tasks (such as printer access), permission to log in to certain servers, et al., you can structure it so that the programmers group is a member of the printers group, the group that has access to those servers and so on and so forth. They leave, you just remove them from the programmers group and everything is taken care of. And that's a very simple example - hierarchical group memberships are great. Extra functionality can make a system less complex in practice.

You're seriously going to argue that something like being able to make a group a member of another group is too difficult for people to use or that it's not helpful?

>>"Go ahead pick up that jaw recalculating all the number of years it took from the initial release of NTFS ACLs in 1993 up until the post-Vista era when (according to you) the security got straightened out. If you can measure the "practical relevance" to be tangible or with a positive sign, that would be ignorant"

I don't even understand what you're saying here, let alone how it shows "ACLs have little practical relevance to security" which was the thing you claimed.

>>"To every one of my word, you'll produce another 3, just can't compete with that typing agility and thus am giving up"

Giving up on what? "Competing" in what? I'm not "competing" in anything. You came into a thread about Android and Debian and started posting inaccurate attacks on Windows. And then when challenged on it, you start making bizarre comments about my writing more than you. Debate or don't debate, just don't repeatedly make passive aggressive attacks about 'oh, I can't possibly compete with you' or 'clearly you're a winner'. They contribute nothing.

1
0
h4rm0ny
Silver badge
Paris Hilton

Re: Double standards

>>"According to my experience, the one who usually talks more about someone else's application of double standards is either doing just the same or worse. I remember how (our) media in Russia was appealing to the American custom of finding a speck in the imaginative Russian eye through their own log about things in Chechnya. Those speck and log are now exchanged, while the Russian log is substituted by a huge baobab trunk, thanks to the idiotic and hysterical anti-Ukrainian, anti-American and anti-Western propaganda"

All I asked was how you justified condemning Windows security based on things that haven't been true since before Vista whilst defending Android flaws with 'they'll be fixed in a future version'. As far as I can work out from your post, the justification is that Russia used to put out propaganda about the USA.

I'm also deeply unconvinced by your argument that if someone points out hypocrisy it means they're likely a worse hypocrite. Ad hominem too, as it happens.

1
0
h4rm0ny
Silver badge

Re: Who invented permissions transparency?

"You will be able to with SELinux soon."

So when attacking Windows security you base arguments on pre-Vista versions and insist that's relevant, when defending Android you reference versions from the future and consider that fine. So one final question - are you actually aware that you keep applying double standards and if so what rationalization do you use to justify double standards?

2
0
h4rm0ny
Silver badge

Re: word count

>>"Anyhow, I did a wc analysis on our comments"

:D Which just shows what I keep telling you - that you're less interested in factual discussion and more interested in coming up with any criteria you can to "win" an argument. Btw, I've been a touch-typist since I was nineteen and can hit 65 words per minute relatively easily. Sometimes higher. I trust you'll have the intellectual honesty to divide both our results by our typing speeds as I doubt you've ever been a secretary. ;)

>>"Yes, it was disagreeing with your idea how Windows ACLs are superior to the Unix permission system in the context of security"

It was a post talking about the history of Windows in the days of NT. If you can't recognize that the Windows security model changed significantly with Vista then you can't understand there's no contradiction. And one more time - making an Appeal To Authority argument with some off-the-cuff forum post as your authority is beyond silly. Also, what context other than security would one compare Windows ACLs and UNIX permissions, anyway?

>>"Paul tried to explain that this advantage has had very little practical relevance to security"

ACLs have little practical relevance to security? That is jaw droppingly ignorant. Also, I don't know who this poster is that you regard as such an authority on matters, but they didn't say that at all for what it's worth.

>>"You're really a winner and I surrender!"

Yeah, sarcasm. We'll add that to the list of dodgy counter-arguments along with your posts being shorter than mine and this random forum user "disagrees" with me, shall we?

2
0
h4rm0ny
Silver badge

Re: Who invented permissions transparency?

>>"It is supposed to be so very relevant for some lawyers, at least Microsoft and Apple lawyers. Have you heard about software patents?"

Well we are not lawyers, we're people discussing integration of Debian and Android. When we're holding a competition Bestest Software Company Ever, then your random and unprovoked tangents about Microsoft may be relevant. But not 'till then.

And yes, we've all heard of software patents. It may astonish you to know that I was part of a campaign to get them rejected by the EU some years back. (A successful campaign, as it happens). Hardly of any relevance to a discussion of Android in Debian, is it? It's just a tangent on a tangent on a tangent, all spawned by your random introduction of Microsoft into this discussion.

And though it's already been said by more than one person it obviously needs repeating again - you're not comparing like for like anyway.

>>This paper has a nice list of things MS claim to have come first and hence demand licensing earning a few billion bucks total some people have surmised

Tangent on a tangent on a tangent on a tangent. It's obvious that your main interest here is to use the article as a launching point for attacks on Microsoft. I don't know much about the Android patents but I would say that if they weren't valid, or even contestable, that you wouldn't get giants like Samsung (a company not unknown for challenging *cough*rounded corners*cough* patents) rolling over without complaint.

>>"As far as GNU/Linux and *BSD are concerned, this Android model is inferior to their own model"

Which is what I wrote. As well as Windows included with GNU/Linux and BSD. If you're going to try and argue that Android's security model is as capable as any of these, you're going to have one HELL of a job.

>>"i.e., having mostly free software packaged in the secure repositories by maintainers"

Oh, you missed the point. That's not part of the security model - that's just the way the ecosystem leans. You're now arguing that GNU/Linux is more secure because the userbase is less likely to install malware on it. By all means say that. Has no bearing on anything I wrote.

>>"Windows was brought up as a comparison to Android to show that security is not a nightmare.

It was brought up because you always bring up Windows even when the topic has nothing to do with it. And the above is a post-fact attempt to justify it that doesn't even stand up. How does modern Windows (Vista onwards) show Android security "is not a nightmare"? By comparison? Windows has a much more capable and robust security model than Android. By the amount of malware extant? Yes - that's a great like for like comparison: the world's most popular x86 desktop OS vs. a mobile OS that is locked down by default. Your various attacks on Windows don't show anything about Android security, they're just your usual attacks.

>>"I didn't invite your superfluously prolific off-topic either."

You don't get to complain that someone is "off-topic" if their post is a direct reply to your own off-topic post, instead you ask yourself if you should have used an article for pushing your own agenda in the first place. Furthermore, any factual inaccuracy is an invitation to anyone to read it to correct it.

>>"Yes, you gave a very informative comment on it stating exactly the same, however it has been rebuffed by Paul Crawford pretty well the and you even agreed with him"

It was a funny and accurate post so certainly I agreed with it. That you think it contradicts my own posts in that thread says more on your understanding than it does that post.

And really, an Appeal to Authority argument with random forum opinions as the authority? : /

I'm perfectly willing to defend silly attacks all day long if you want. But let's recognize that it's you that keeps driving the discussion off away from Debian and Android to satisfy your seeming obsession with Windows.

2
0
h4rm0ny
Silver badge

Re: Who invented permissions transparency?

>>"Both Blackberry and WP 8 followed it after Android. Unfortunately, this model have never occurred to Microsoft for the last couple decades, users would have been much safer if it did."

Who came up with something first is only really relevant to those with a football mentality wanting to show one company is more valid than another, but for what it's worth, this is not comparing like for like. Android was designed as a mobile OS and it's apps overwhelmingly are self-contained. Windows and GNU/Linux are full OSs and it's not really been appropriate to have the same sort of permissions structure. Do we really imagine that a simple structure of "Can access Internet", "Can Send Txt Message", et al. would have worked for UNIX / GNU Linux / Windows / OSX? (Or any other full-blown traditional OS). MS have only introduced this now when it's appropriate with Windows 8 as they broaden the OS to be mobile-device friendly. Also, this is an article about Debian and Android - bringing up Windows just so that you can make some (ill-founded) digs at it is off-topic.

>>"1) apps run under separate uid's"

That's a concession to the UNIX security model. It's not inherently better than proper ACLs and is not a panacea as evidenced by the many security flaws Android has had. From what I have heard, there is a tendency to regard the sandboxing of apps in Android as a strong security measure. It is, but it is also one of the things that means just adding Android support (e.g. Dalvik) directly to GNU/Linux is a very bad idea, because on GNU/Linux you don't have that sandboxing. That's why an approach like the one in this article (Android is essentially a VM in Debian) is a lot more secure than adding the relevant APIs or kernel modules straight into GNU/Linux would be.

>>"no, it's not. fine grained permissions How fine do you want those grains to be? Have you heard about SELinux on the latest android"

We've had this discussion the last time you launched in on this. It would be nice to have a full ACL system that is much more capable such as the one in Windows (Vista onwards). Android is not remotely as capable. To avoid the usual derailment that happens when you pop up in a Linux article and use it as a platform to take pot-shots at Windows, I'll just link to the last time we discussed ACLs on Windows vs. GNU/Linux here. And as Android is less capable* than GNU/Linux, the discussion is doubly true. It's wrong to tout Android as if it's more secure by design. In fact, it's that attitude that leads to poor security: over-reliance on the sandbox model is why you end up with apps leaking data to each other and magnifies the consequences massively when a bug in some Android kernel module punctures the sandbox. And as I wrote - reliance on the sandbox model is the primary reason why you can't (or shouldn't) just drop naked Android support to GNU/Linux.

*Note, when I say that Android security is less capable, that's not a dig, per se, it's less capable because it's more focused. This does not mean there is a problem in its own context, it means it would become one if you, e.g. used it as a model for a full-blown OS as eulampios seems to want to do when they hold it up as superior to the security models on these.

2
0
h4rm0ny
Silver badge

Re: Dalvik

I have no idea why you got the thumbs down here, other than that there are some very partisan and not very bright people around here who leap on anything they think is a criticism.

Anyway, as best as I can answer your very reasonable question (I welcome corrections), this is just Android in a VM with shared file system / directories (not sure if it's all or just parts of the file system). In the video, you see that he swaps between the Android and Debian environments and at one point he actually stops "Android" and then restarts it.

Furthermore, if this depends on MicroXwin, that's closed source. (Not sure if it does or not). Anyway, I hope that answers your question - it's Android in a VM so far as I can see. Handy if you're using ARM Debian and want to watch YouTube or want to use Android apps, so pretty handy. But it's not integration of GNU/Linux and Android in any deep way.

5
0

Tails-hacking Exodus: Here's video proof of our code-injection attack

h4rm0ny
Silver badge

followed two months later by:

Exodus: Hey, NSA. We heard that Tails vuln you were depending got found and fixed. Would you like to buy this other one we have?

0
1

Major problems beset UK ISP filth filters: But it's OK, nobody uses them

h4rm0ny
Silver badge

>>""hacking" seems to be in the list of categories that are filtered. What the fuck? How is information about hardware and software considered so harmful that it cannot touch the minds of our precious little children?"

One of the signs of an authoritarian society is that things move from a state of permitted unless forbidden, to forbidden unless permitted. It's a direct consequence of a society becoming about fear and control, rather than curiosity and freedom.

36
0

NEW, SINISTER web tracking tech fingerprints your computer by making it draw

h4rm0ny
Silver badge

>>"As with Goonalytics, scripts must be run."

I've occasionally blocked googleanalytics at the router level. I found about a third of the sites I visited became unusable as they were waiting on googleanalytics to respond.

7
0

For Lenovo US, 8-inch Windows tablets are DEAD – long live 8-inch Windows tablets

h4rm0ny
Silver badge

Re: " have never understood this apps criticism."

>>Analogy :- "You cooked a meal, but it never turned out how you or your dinner guests wanted. However this microwave substitute goo is just fine because both you and your guests actually don't know or care what is actually required as long as you can slurp it down with a spoon - until you come to the porcelain throne of your expectations"

That analogy should be taken outside and shot, to put it out of its misery and ours.

2
1
h4rm0ny
Silver badge

Re: Probably not so much the form factor

I have never understood this apps criticism. I have a Surface 2 (and had a Surface RT before that) and in all my time with Windows RT, I've installed probably half a dozen apps on those devices (an SSH client, a code editor being the main things). It does nearly everything I need already - it comes with Office, email clients, full featured web browser.

Apps evolved because mobile devices didn't have screen real-estate or properly functional browsers. Windows RT has that. Unless you have a burning need to play the latest games (I'm not a gamer) then I genuinely don't see any serious lack.

2
1
h4rm0ny
Silver badge

Re: Learning curves and walled gardens

>>"and don't need/want to make yet another effort to learn something else"

I just don't see the "effort". If I'm going to be using a device frequently, it's worth an hour of learning how to get the most out of it. What honestly is difficult anyway? Press the windows button and you're on the Start Screen, swipe from the left and you cycle through the running programs, swipe from the right and you get settings and options. Drag down from the top to close something or move it to the side. In some apps, you can get extra controls by swiping up.

That's four sides of a screen and a button. Who couldn't learn that in ten minutes? In return for which I get a bunch of things that are advantages to me.

2
1

Want to beat Verizon's slow Netflix? Get a VPN

h4rm0ny
Silver badge

>>"Verizon are dicks, not stupid"

I'm not full convinced of that. Anyone else remember the person who recorded their entire phone call with Verizon where they tried to explain decimal points to a succession of Verizon employees? Without success, by the way.

1
0

Malaysian Airlines flight MH17 claimed lives of HIV/AIDS cure scientists

h4rm0ny
Silver badge

Re: I'd still tack "alledgedly" before any attribution to a missile strike

Inability to explain yourself =/= Intelligence.

2
0

British cops cuff 660 suspected paedophiles

h4rm0ny
Silver badge

Re: Age of consent

>>"The law should not outlaw depictions of acts which are legal to perform for the participants."

Why shouldn't you have different legal ages for different things? When I was sixteen I may have been able to make an informed decision on whether I wanted to sleep with someone else in my class, but that does not mean I would have been in a good place to make long-term life impacting decisions about whether to do pornographic modelling.

Also, as has been pointed out, paedophilia is not the same as underage sex. What I wrote, I wrote about paedophilia. Posting comments about actions at the age of seventeen is a long way from actually challenging what I wrote. If you want to argue about depictions of acts that have no relation to actual children, go and reply to someone else. The post that you are challenging was written to skeland who argued that paedophilia isn't a disorder.

1
0
h4rm0ny
Silver badge

Re: for some definition of paedophile...

>>"Paedophilia is a mental disorder and you first must become a paedophile and only then you might want to start seeing CP, not the other way round. So, preventing you from seeing CP pictures means nothing if you are not a paedophile and will do nothing to stop from you being a paedophile if you are one already"

Do you have any medical background to make such a claim? Because there are many areas where repeated exposure stimulates interest and habitualizes that interest. Similarly that normalization of something increases someone's likelihood of engaging in such activity.

1
3
h4rm0ny
Silver badge

Re: for some definition of paedophile...

>>"The Sexual Offences Act 2003 widened the definition of "child" to include anyone under 18 - rather than the previous "under 16"

Maybe, but I referred several times in my post which you quote to prebubescents. Paedophilia, which is the word I used, describes sexual attraction to those who have not gone through puberty, generally aged 11 or less. You can check that definition on Wikipedia if you need to. Despite some people interested in big headlines trying to use it for any old underaged sex, much like the US definition of "terrorist" gets applied to occupying armies like the Islamic State, it still has a proper meaning.

1
0
h4rm0ny
Silver badge

Re: for some definition of paedophile...

"Is paedophilia in the strictest sense something that should be against the law? As long as it doesn't involve the abuse of children, why would it ever be deemed illegal?"

You've entirely shifted the goalposts from what you argued and what I challenged. You attempted to argue that someone sexually attracted to prepubescents may not have psychological problems and you tried to draw an equivalence to bondage games between consenting adults. I pointed out that they were stupid. Now you quote me and respond whether paedophillia "in the strictest sense" should be criminalized. What you write here in no way counters what I said nor supports your original attempt to normalize paedophillia. Attempts plural, actually, given your other attempts.

"Exactly the same arguments used to be trotted out about homosexuality: "I think sex with a guy is gross, so there should be a law against it." It makes just as much sense in that situation as it does here."

No it does not because adults can consent. That has already been pointed out to you but you prefer to ignore that sexual interest from an adult to a child is harmful to the child. That doesn't depend on any repugnance I or others feel or which you may not share. It doesn't depend on any religious belief that homosexuality will damn someone's soul. It depends on one very simple principle - protecting children.

You see, you blend your topics - apparently under the impression it's not noticed. One strain of your argument is that if it's just drawings of children then no children are actually harmed. And then there's this whole other strain where you repeatedly attempt to segue from that into normalization of paedophilia, that perhaps it isn't a serious psychological disorder, that who is someone to say that it is wrong. As shown there are clear reasons why it is and it's neither a good analogy to talk about BDSM nor about homosexuality.

And I think both homosexual people and BDSM crowd who have long had to struggle to convince outsiders that paedophilia isn't a part of their scene don't particularly want you trying to re-associate that.

6
3
h4rm0ny
Silver badge

Re: for some definition of paedophile...

>>"Maybe yes, maybe no. Lots of perfectly healthy people out there enjoy very healthy sex lives involving violence, such as flogging and queening and the like. Doesn't make them "bad" people."

Congratulations - you just associated BDSM with paedophilia. And a million kinky people who'd been trying to disassociate their interests from real world abuse and harming of children place their faces in their palms once more.

Whether some people express their sexual interest in unusual ways or no, it doesn't link that interest to sexual attraction to prepubescents. Very different things.

Aside from "how" being a very qualitatively different thing from "to what", there's the clear and obvious difference that sex between adults can be consensual. Regardless of how odd particular practices may appear to some. Children can never be consenting. Sexual interference with a child is harmful to the child.

So I don't think the BDSM scene will particularly like the comparison.

>>That's not even going into the fetishes enjoyed widely in the Japanese community involving women that look suspiciously like little girls.

If the Japanese do it, it's normal. Fantastic argument! *nods slowly*

2
8
h4rm0ny
Silver badge

Re: for some definition of paedophile...

>>" many of the people that got off before were let off due to technicalities or "lack of evidence" rather than being cleared of being a nonce and most of them had a browser history chocked full of questionable material."

Not to say that this isn't the case, but the obvious question is how would you know this? Are you an officer involved? Seems unlikely. Therefore the above is presumably just conjecture?

13
1
h4rm0ny
Silver badge

Re: Police declined to explain how they "snared" the suspects

I'm getting so cynical by this point that I suspect the way it really happened was this:

Cameron picks up phone: "Chief inspector, we're getting pilloried in the media. I want you to arrest a huge number of paedophiles so we look good."

Chief Inspector: "Righty-ho. I'll get a list of the ones we reckon we have enough evidence on."

Cameron: "Oh, don't worry about whether you can get convictions. The plebs will have forgotten about it by the time it actually gets that far. Just make sure the arrest count is high"

Probably I'm just too cynical but given the crap I've seen pulled by the government over the last few years, I'm finding it hard to trust their intent that much. I think they're even willing to exploit paedophillia as a political tool these days.

35
5

Voteware source code review 'could lead to hacking'

h4rm0ny
Silver badge

Re: Once a trouble maker always...

>>"360,000 lines of Visual Basic is what's being reported"

Dear gods...

That's the only response I can think to make.

1
0
h4rm0ny
Silver badge

Re: Once a trouble maker always...

>>"Human counting is also potentially unreliable, as seen in many corrupted nations. Even in Australia we've had paper votes go missing... It can be accidental or intentional, just like with electronic systems"

It's possible in both systems, but electronic voting massively lowers the difficulty of pulling off successful election fraud. In cases such as this, the outcome could be determined by a single programmer or a handful of officials. Whereas with our normal elections (e.g. UK General Election), you're needing to subvert many hundreds of polling stations and staff and counters across the country.

2
0
h4rm0ny
Silver badge

Re: Once a trouble maker always...

I feel I should have written a response that was a bit less adversarial and actually detailed what was wrong with it, but it's too late to edit that now. I was set off by the comment "only a fool would allow the source out". So here is a more detailed response.

>>What a beat-up. Basic security principles state that you don't give the enemy anything at all

Firstly, hiding the source from the public is treating the public as the enemy. It's voting code. We NEED to be able to verify it and reject it if it is not good enough. No closed body will ever be sufficient to replace public viewing of the code.

Secondly, the above is wrong. It is useful if potential attackers do not have access to the source code, but not vital. There are many major Open Source projects vital to security and the code is exposed. The principle is that knowledge of the code does not allow one to compromise it. ANY reliance on obscurity is a flaw. Especially when we are guarding against internal threats from the vendor who, by definition, the code is not obscured to.

>>"So, this guy wants to check out the code to see how it works, maybe if it has any security vulnerabilities? That's exactly what we don't want to happen."

That's exactly what we DO want to happen because the more qualified people who look through the code, the greater our chance of identifying all vulnerabilities and fixing them.

>>"Remember, the AEC computer systems are connected to the Internet. It would be easy (yes there are precendents) to create a trojan that was attached to an e-mail that would be attractive to an AEC employee or contractor. Once activated, it would be easy for it to link into a vulnerability in the software, taking commands through an apparently benign web site"

If this is true then the software is not fit for purpose and hiding evidence of that is no kind of mitigation.

There are massive risks with electronic voting because it is so easy for a small group in the right place to invisibly determine the results. Personally, I favour human counting - in elections trust is more important than speed, whatever the media would like. However, IF one is to have electronic counting, I would expect as a minimum the machines to not be accessible over the Internet or be deployed in such a way that an operator could infect one by getting an email.

This is why only a fool would allow the source code out.

If half of what you say is true, the company behind this system should be sued until not even Wikipedia remembers who they are.

14
1
h4rm0ny
Silver badge
WTF?

@ Fluffy Bunny

I initially took your post to be humour, but I now think you may be serious. I hope you have no connection to computer security in your professional life.

11
0
h4rm0ny
Silver badge

Regardless of whether there are reasons why viewing this particular code could lead to risk, we shouldn't be in this position in the first place - election code has to be able to survive public review because public review is the only way we can trust the election results.

Here's an interesting fact - we don't know who won the 2008 Mayor of London election. We know that Boris Johnson got the job, but we don't know that he was actually elected. The Open Rights Group were monitoring the software and hardware used to count votes and concluded there wasn't sufficient evidence for them to actually audit the process. They also noted that the number of error messages, bugs and system freezes indicated "poor quality software".

Citation

I repeat - it is entirely possible that Boris Johnson did not win the mayor of London elections and we cannot determine the truth. He could have been elected by an error. Or better, it is factually accurate to say that a programmer somewhere or other technical person in the process may have decided who became mayor of London. We cannot tell.

All of this is because that code was not up for public review.

12
0

UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill

h4rm0ny
Silver badge

Re: Is their a list ?

>>"I confess I hadn't heard of most of them, but there was no great surprise about the ones I had heard of. David Davis, of course, and – yet again – Caroline Lucas is a national hero."

If the Greens would drop their unsupportable opposition to Nuclear Power, I'd cheerfully vote for them just to put civil liberties pressure on the big three.

(Well, big two now, since the Lib Dems formed a coalition with the Tories and probably destroyed their own support base).

4
0

Microsoft's new 'Adam' AI trounces Google ... and beats HUMANS

h4rm0ny
Silver badge

Re: is that where the Bing R&D guys went?

Even if you have a better product, it still takes a long time to dislodge an established dominant player. And I think Bing and Google search are only comparable, not that one is better than the other particularly.

1
0

Microsoft: You NEED bad passwords and should re-use them a lot

h4rm0ny
Silver badge

Date of birth

Actually, never mind passwords. I'd just be happy if I could persuade such institutions as banks and others from thinking my date of birth is some magical secret that confirms my identity.

11
0
h4rm0ny
Silver badge

Re: Password Entropy

Your joke icon is inappropriate though you may not realize this! I've done checks on databases of some large services and found a significant number of hashes matching "correct horse battery staple". There are idiots who either don't get the comic at all, or find it hilarious to amuse themselves by setting this as their personal password.

Sad but true.

8
0

Delaware pair nabbed for getting saucy atop Mexican eatery

h4rm0ny
Silver badge
Thumb Up

Re: At least...

>>You have very low standards.

Oooh, is it time again for someone on the Internet to crow about how a woman is below their sexual standards again? I guess it is.

Care to share a photo of yourself taken by a police photographer shortly after arrest. Thanks! :)

8
0

Microsoft takes on Chromebook with low-cost Windows laptops

h4rm0ny
Silver badge

Re: a netbook by any other name would stink as much

>>"I thought commentards thought Netbooks are amazingly awesome - or do they cease being so when MS bring out 'Netbook v2'?"

Actually, I dislike them regardless. An underpowered device is no good to me.

2
0
h4rm0ny
Silver badge

>>"Unless they are also counting every Office365 and visualstudio.com that uses Azure as the backend."

Which they're obviously not or the number would be a very great deal higher than 42,000.

4
4

New leaked 'Windows 8 screenshot': The Start Menu strikes back

h4rm0ny
Silver badge

Microsoft jumps chasm in bus...

Decides in response to passenger screams to stop half-way across.

13
0

Will GCHQ furtle this El Reg readers' poll? Team Snowden suggests: Yes

h4rm0ny
Silver badge
Mushroom

You can't have democracy...

...without information. When government distorts public perception through trickery, that's an attack on the public.

13
0

Amazon France routes around free shipping ban with €0.01 charge

h4rm0ny
Silver badge

Re: King Canute

>>"Sorry, I think I zoned out at "fun" being used in the same sentence with "clothes", in a shopping context"

You spend a few hours drifting around town with your friends, chatting and having fun and trying out new looks and getting their opinions, spending a bit of time having a coffee together. You like hanging out with your friends, don't you?

1
5
h4rm0ny
Silver badge

Re: Booksellers do deserve protection

>>"I'm sure some rabid free marketeers will be along to vote down in their droves, but I do think book sellers are a class of shop that we should be doing more to protect."

Online selling, however, has done more to protect niche publishing. There are perhaps many books that would be out of print or perhaps never printed at all, if they had to go the traditional route of printing enough to be present in many bookshops in the hope they'd be found by the few who want them. Books are ultimately what needs protection, no?

>>"Drive the small bookshops out of existence, and there will be many people, I suspect, who will not be at all happy that the only way to get hold of, for example, The Carnivorous Lamb, is to give your name and address to a large corporation and trust they'll never hand over records as part of the next moral panic."

Tracking, I agree, is a valid concern.

1
0
h4rm0ny
Silver badge

Re: Money isn't everything, @ h4rm0ny

>>"If the government is fixing the price so that all shops have roughly the same price then there will be no need to go round lots of different shops looking for a better deal effectively taking price out of the equation"

Actually, I was thinking about finding what I want, not saving money. Sitting on the sofa looking through products for the one I want is a lot more time efficient than visiting lots of different shops. I also have extra information available in the form of reviews.

If I want to go shopping as a form of social activity, that I do with friends and I do with clothes. For movies, books, electronics, I do that online. The less mainstream something is, the more efficient that becomes.

1
1
h4rm0ny
Silver badge

Re: And that's cuttin' me own throat!

>>"Greengrocer B sells his apples at 1 penny a pound, absorbing the loss, to try to drive greengrocer A out of business, and then when he is the only player left in the market, he can charge whatever he likes for apples."

Your analogy only works if Amazon are actually selling at a loss. I don't believe they are and am interested in any evidence that this is the case. To do so would be anti-competitive. But if they're still making a product then they're not abusing their position (at least because of selling more cheaply), they're just undercutting their competitors. Which is what you're meant to do.

0
1
h4rm0ny
Silver badge

>>"Or does the law mandate that the publisher must sell to each vendor at the same price (wouldn't that encourage a cartel and be against EU competition law)"

Question - how would mandating all vendors get to pay the same costs encourage a cartel? I would have thought the opposite. I.e. if a dominant player can't leverage their position to get better deals than smaller players, isn't that good for the smaller players?

1
0
h4rm0ny
Silver badge

Re: Money isn't everything,

>>"Only the autistic think a free market will solve all of life's problems. In the US we are racing to the bottom thanks to the free market"

I'm not sure autism inclines one to any particular political leaning.

>>It sounds like the French value their culture and leisure time more than making a buck, which is kinda refreshing!

This isn't "the French", it's the French Government - a different thing. Clearly if "the French" didn't want to use Amazon in place of local retailers, then the Government would not have to institute such a law to try and stop them. I'm also unclear as to how impeding Amazon is an indicator of the French valuing their culture and leisure time. Using Amazon typically saves time over going round lots of different shops.

3
1
h4rm0ny
Silver badge

Re: King Canute

Being able to try stuff out before you buy is good. But honestly, when it comes to customer service, Amazon are about the best I've ever dealt with. I can request a callback and my phone has rung almost immediately. I used the wrong address for a delivery once and they took care of everything. And the rare returns I've just peeled the provided return sticker off and placed it on the package and back it's gone. As easier (or easier) than taking it back to a shop.

I'm sure there are some bad stories out there, but in my years of using Amazon, their customer service has been extraordinary.

(No, I don't work for them!)

7
1
h4rm0ny
Silver badge

King Canute

That's what this sounds like. We now have the technology for near-instant communication long-distance, the infrastructure to transports goods cheaply and quickly... We're even seeing P2P delivery start to emerge with some services that just use local people to deliver the last few miles for a small cut.

Basically, when it's Steam Engine Time, steam engines will appear. Our cities are going to look quite different in the near future with so much of our shopping being done online. Clothes will probably be the last to go because it's fun and necessary to try them on and see how they look. It's also a social activity in the way that buying a TV isn't. (You can't go out with your friends and buy TVs on a regular basis or you're going to have a lot of TVs).

1
3

Murdoch calls for ISPs to be liable for users' activities

h4rm0ny
Silver badge
Headmaster

Re: Rupert!!!

No, preferably die.

We don't want him to enjoy his last moments.

27
1

LibreSSL crypto library leaps from OpenBSD to Linux, OS X, more

h4rm0ny
Silver badge

Re: Pity they dropped Windows support

>>"But everything starting with "Libre" is today managed by a bunch of code-extremists whose only aim is to destroy Windows. I've seen already many "cross-platform" project trying not supporting Windows, because now "cross-platform" should just mean "support the n-thousand versions of something derived by Unix".

I can't speak for what the developers are like as I don't know them, but I can install LibreOffice on Windows and have done in the past. Unless something has changed, I believe that to still be the case.

>>"They don't se code and software as a job or products, for them code *is* politics and a way to shape the world."

It isn't inherently bad to want to change the world or have a higher motivation for doing something than money. Of course I am happy to use both proprietary and libre software, but I believe Libre Source may be a positive thing in helping keep standards open and competition strong. MS Windows certainly improved dramatically back when MS realized GNU/Linux could become an actual competitor to them on the desktop. And I'm not sure OOXML would have been made an open standard without ODF and Open Office. Or perhaps it would but not till later.

4
0
h4rm0ny
Silver badge

Re: Trust + Compilers

>>"What about if someone managed to pwn the master repository for the source code and inject the hack such that they cover the fact the file was altered?"

Okay, I kind of talked about the scenario but more detail would probably be useful. All of the Open Source code is covered by version control systems. Sometimes Subversion, often GIT. Whatever is used anyway, the principle is the same - you track the changes that are made by the developers so that you can review them, roll them back, work on seperate branches et al.

Suppose you did have complete control over a server that was the main repository for the code, from which others normally pulled (took their copies). The others don't get their copies by just copying over files, they get the changes made to the version control system. So if you changed a file without the version control system noticing somehow, the others still wouldn't get it because they're just requesting a change history (with all the developer comments, commit times, etc.). Furthermore, the original version control system would normally pick up the changes you had made as local uncommitted modifications which would stand out like a sore thumb. In order to avoid that, you'd need to compromise the version control system. Which in our full access scenario you could do, but that still wouldn't help you get your exploit onto the other copies of the repository because they only update according to published changes. And once you publish changes we're back to the fact that you're no longer covering that the file was altered. It's very tricky and I'm not actually sure how you would pull something like this off.

>>Perhaps slip it into a little-used part of the code or split it into several pieces, each piece lying somewhere more plausible but when the whole thing comes together, they can all link together?

I get what you're saying - it's kind of the movie scenario where someone goes through security in an innocent looking wheelchair and then the arm becomes a gun barrel and the battery opens to reveal the handle-bit and it all clips together to make a weapon.

But happily it doesn't translate into that in practice. At least not unless you're an absolute genius. For a start, the more areas of the code you alter, the more likely you actually are to attract attention. Development teams tend to split into different areas of the code that they handle. If you've got one area where someone is inattentive maybe you can compromise that. If you're treading on everybody's areas, someone will notice. Especially as you'll (presumably) be doing this under one account which would look odd, or multiple developer accounts, which would increase the risk of someone going: "I didn't write that!".

Ditto really for the "quiet" area of the code. If I were a hypothetical criminal mastermind doing this, I'd actually bury my changes in an area where there were a huge number of commits and my change would hopefully be lost in traffic. I'd also choose a very busy time in the project where the commits were flying thick and fast.

If you picked an area that hardly ever changed, you'd just get a lot of developers looking at their version control tools going "huh - why has that module suddenly changed".

I hope all this doesn't come across as me shooting down your ideas. They're all very legitimate questions and exactly the sort of thing someone smart but not familiar with the process would ask. As I say: this is one of the great strengths of Open Source. (The other, imo, being surety of long-term code availability and potential to fork it yourself if needed).

2
0