* Posts by AdamWill

981 posts • joined 4 Nov 2010

Page:

systemd free Linux distro Devuan releases second beta

AdamWill

Sorry, but no. I've been on the receiving end of enough of the same kind of crap, and it screws up your day no matter how 'sensible and reasonable' the rest of the post is. It's just not necessary.

Lennart isn't some cartoon devil. He's a guy who writes code. He's a perfectly nice guy with a family, and he doesn't let it show, but the eternal shitstorm he lives under weighs on him really quite a lot. He wrote some stuff he thinks is an improvement on what we had before and put it out there. It's a lot of hard work; a hell of a lot harder than writing nasty internet comments, for a start. You can't personalize every freaking issue you have with systemd into some kind of nastygram to the person most associated with it.

I don't like everything about systemd. I've been known to write people pointed emails about it at times. But this kind of crap is just wrong and I really hate it; people who are trying to do good work don't deserve it. Period. If you don't like systemd, fine: advocate against it with your OS or distribution or whatever. Or, more productively, help improve it - it's an open source and fairly well documented project, which takes pull requests frequently. Or write something better. But I'm so goddamn tired of this 'f**k Lennart' crap. It's lazy, stupid, hurtful and wrong. Do something better.

4
6
AdamWill

You do realize Lennart's a real person, right? Like, an actual flesh-and-blood person. In the real world. With bowels, and everything. He's not a Silicon Valley squillionaire, either. He's just an engineer. You can go to conferences and have dinner with him. Whatever you think of his code, he does not deserve to have people casually talking about disembowelling him. Jesus. Put a lid on it.

11
12

Debian putting everything on the /usr

AdamWill

Re: only thing I ask

Citation needed? Oh, that's an easy one. Say we fail to mount /mnt/encryptedpartitionfullofsecretdata , and instead create /mnt/encryptedpartitionfullofsecretdata as a plain old subdirectory of unencrypted /mnt and start writing all that secret data to it. Whoops. Probably didn't want that, did you?

"systemd systematically(d) tries to outsmart the sysadmin" - I'm sorry, what? This is exactly the *opposite* of being smart. Trying to make decisions about what mount points it's OK to boot without versus what mount points it's not OK to boot without is *exactly* what would constitute 'trying to outsmart the sysadmin'. What it's doing in this case is exactly *not* trying to be smart, but simply providing settings with very concrete behaviours and respecting them. You can mark a mount point as required for boot or not required, and the default is the choice considered safest. What 'outsmarting', exactly, do you think is going on there?

0
1
AdamWill

Re: only thing I ask

I know you're being sarcastic, but actually, *yes*. systemd isn't only used to boot conventional Linux distributions, note. If all it knows is that some filesystem can't be mounted but it has no information about how critical that is, just going ahead and booting the system anyway might be a *really bad idea*. The behaviour of an operating system if some of the filesystems it expects to be there are *not* in fact there is certainly not something anyone's defined. It could do anything, including something really bad that you didn't want to happen at all. Refusing to boot until the problem is fixed or systemd is told that it's OK to boot without the filesystem seems like a perfectly sensible choice to me.

0
1
AdamWill

Re: only thing I ask

[adamw@adam quick-fedora-mirror (client-filter *)]$ man systemd.mount

...

nofail

With nofail, this mount will be only wanted, not required, by local-fs.target or remote-fs.target. This

means that the boot will continue even if this mount point is not mounted successfully.

just give your non-critical mount point the option 'nofail' and systemd will happily continue if mounting it fails. It is, however, not in the business of trying to figure out whether mounts are critical or not, because it's a bit of a mug's game.

0
0
AdamWill

Re: only thing I ask

Or from the initramfs environment, these days. You can do most anything from there.

0
0

WordPress auto-update server had flaw allowing anyone to add anything to websites worldwide

AdamWill

Re: Signed updates

Most distros are a hell of a lot better at update security than Wordpress was, if the description here is accurate. At least we sign our goddamn updates.

0
0
AdamWill

Not quite 'all' wordpress servers

"Attackers that used the exploit could then send URLs to the WordPress update servers that would be accepted and pushed out to all WordPress sites."

Well, not quite all. If you're using an OS distribution's wordpress package, it probably has the auto-update mechanism disabled, so you won't be vulnerable to this. I'd think.

0
0

Has Linux got OpenStack licked? The Vanilla 'Plus' strategy

AdamWill

Re: Canonical's JuJu charms...

unless it's your job, you *really* don't want to know.

3
0

Gone in 70 seconds: Holding Enter key can smash through defense

AdamWill

Re: break=overthere

Having thought about it a bit more, really the only plausible case I can come up with is if you decided you wanted to prevent unauthorized folks accessing your system but you didn't want to lock the whole thing up, so you just locked away the main system but left the monitor and keyboard on your desk. Then you misunderstood the purpose of disk encryption and decided to use it as an access control mechanism, believing that the decryption prompt on boot would effectively prevent anyone accessing the system at all (assuming you always locked the screen or shut it down when walking away). And, probably (I'm still thinking about this bit) realized you had to set a bootloader password for this approach to be 'effective'.

Of course, what you should actually have done is set a firmware (BIOS) password.

0
0
AdamWill

Re: break=overthere

Well, you could theoretically have set up a bootloader password to try and prevent people fiddling with the boot process. Anyone who doesn't do that, though, certainly doesn't have any kind of increased attack surface due to this so-called "vulnerability".

1
0
AdamWill

Re: Missing item in the series?

Yeah, I'm not sure I'd describe this as a 'vulnerability' at all. Storage device encryption is not supposed to prevent people accessing a rescue shell on the system the encrypted storage device happens to be sitting in at that point in time. It's intended to prevent people accessing the *data on the encrypted device*. This 'attack' does nothing particularly significant to help you with that, except perhaps make it a bit easier to try a brute force attack.

Even if you do consider this a 'vulnerability', the authors of the article are *massively* overplaying it.

2
1

The Reg seeks online community manager

AdamWill

Re: A bridge too far

Most of the commenters != most of the readers.

1
1

Run a JSON file through multiple parsers and you'll get different results every time

AdamWill

Re: Welcome to the Internet

Exactly this. I mostly work in Python and came to the same conclusion: the worst failure for both Python 2 and Python 3 parsers was a failure to parse (not surprisingly, unicode shenanigans - probably not even specifically to do with JSON parsing), and this is only a problem if you're parsing untrusted input (or trusted input which might include one of the problematic values). Which I'm not. JSON's perfectly fine if you just want a quick, simple way to serialize data in a pretty well-known format. Fr'instance, I wrote a few trivial lines the other week to have a script which fires up when a certain event happens check if the same event has happened before (to a reasonable limit of previous events it cares about), and bail out in that case. I had it store the list of the last few known events as JSON, because it's right there in the standard lib and using it is like two lines of code. It would be absurd to drag pyasn1 into the code (which fits on one page) just to store a small list of strings, which originate from a trusted system and which I know aren't going to include anything but ASCII characters.

0
0

Lenovo downward dogs with Yoga BIOS update supporting Linux installs

AdamWill

Re: Not all Lenovo's fault

Intel have in fact contributed fixes for this now:

https://marc.info/?l=linux-ide&m=147709610621480&w=2

with those patches, you can install to the affected systems even without updating the firmware and changing the controller mode.

2
0

New MacBook Pro beckons fanbois to become strip pokers

AdamWill

Lenovo

So, like that thing Lenovo did for one generation of the X1 and everyone hated it so they stopped?

https://gizmodo.com/lenovo-just-made-the-x1-carbon-even-cooler-1494984619

only now it's world changing, I suppose.

1
0

SUSE: Question. What do you call second-place in ARM enterprise server linux? Answer: Red Hat

AdamWill

What happened...

"Whatever happened to peace and love in the free software world?"

We hired PR departments. We have to let 'em get it off their chests sometimes. The engineers all get together and have a laugh about it later.

7
0

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

AdamWill

Routers etc. e tc.

"Unfortunately, builds of the vulnerable kernel at the heart of countless millions of routers, Internet-of-Things gadgets and other embedded devices remain vulnerable"

meh, I wouldn't worry too much about those in this case. They don't really do much meaningful privilege separation anyway, and you're usually not going to have remote access as an unprivileged user enabled. Local root privesc bugs are most important on systems with lots of stuff running unprivileged and remotely accessible...

0
0

Oh Snap! How intelligent people make themselves stupid for Snapchat

AdamWill

Re: Optic nerve taps

One of William Gibson's recent novels came up with a t-shirt (IIRC, anyway) designed to screw with video compression algorithms and stop the wearer being trackable via security cameras...neat concept. (I may be misremembering the details a bit, it's a couple of years since I read it, but that was the basic idea).

0
0
AdamWill

It's the end of the new.

0
0

Unimpressed with Ubuntu 16.10? Yakkety Yak... don't talk back

AdamWill

wat?

I dunno if Ubuntu is doing something weird to it, but vanilla systemd doesn't change your sysv init scripts in any way. On Fedora, it runs them perfectly well. If Ubuntu is doing something weird/wrong, that's on Ubuntu, not on systemd.

2
1

HPE sells off 'non-core' software assets

AdamWill

not quite

"HPE gets $2.5bn in cash and a 50.1 per cent ownership of the new entity, which will continue to be called Micro Focus."

This isn't quite right (as I understand it). HPE's *shareholders* get a 50.1% stake in Micro Focus. *HPE* does not. Basically what's happening is that Micro Focus is buying a bunch of HPE's (as you say) 'non-core software assets', but because the deal is so large, they can't just pay for them in cash; so instead, they compensate HPE's shareholders for the purchase with MF stock. But it's not HPE *itself* which gets the MF stock, it's HPE's shareholders directly. Rather than owning a stake in HPE which now owns a stake in MF, HPE shareholders directly become MF shareholders as well.

2
0

HP doorsteps Apple shoppers at the altar of dreams

AdamWill

Re: Hey, we still innovate!

Sony was doing slim stylish highly portable laptops when Apple was still making Fisher Price toys...

0
0

Delete Google Maps? Go ahead, says Google, we'll still track you

AdamWill

Re: eh?

Whether you have GPS on or not doesn't matter much any more, at least not in any relatively well-populated area. Now they've built out their wifi access point location database, Google can locate you extremely accurately in any place where there are more than a couple of wifi access points in range whether you've got GPS on or not. Android can use wifi-based geolocation even if wifi is 'disabled'. I think there's somewhere you can 'turn this off', but of course, you're relying on Google's goodwill, I've no idea if that really works or not.

23
1

Crash test dummy? Love the excitement of breaking an OS? Fedora 25 Alpha has landed

AdamWill

I probably shouldn't say this, but...

...most of the bugs you linked actually exist in stable release too. Yes, including the OS X partition resize one. Just, er...don't do that.

Most weirdness people encounter in 25 Alpha Workstation will likely be related to Wayland, which is the default for Workstation now; we know about quite a lot of the issues, but we'd certainly welcome reports of any problems people run across. Other variants (KDE, Xfce, Cinnamon etc.) still use X by default.

and thanks for the article, it's nice to get press on pre-releases so we get more feedback!

0
0

Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea

AdamWill

The real skinny

If you'd like an accurate technical write up of *exactly* what happened here, don't read this article, read this one:

https://mjg59.dreamwidth.org/44223.html

1
0

Smartphones aren't tiny PCs, but that's how we use them in the West

AdamWill

Re: unique

Well, I mean, nearly everyone has a phone everywhere. But we *don't* generally walk around with it unlocked and the banking app loaded.

0
0
AdamWill

Re: unique

Or compared to:

1) take card from wallet

2) tap card

done. NFC is not particularly secure (though if you're worried you can always buy a lead-lined wallet or whatever), but it sure *is* incredibly convenient. And I dunno about 'the West', but in Canada it's more unusual to find a place which *doesn't* accept contactless payment than one which does, now.

0
0

London's contactless ticket payment system for sale in £15m deal

AdamWill

Re: A good thing

I think the capping is a policy thing, sadly. The Vancouver system is not set up to do it; if you do ten regular journeys in a day you pay for ten regular journeys, even though there's a flat-rate all-day fare that's much cheaper. If you want the all-day fare you have to know about it and specifically load it onto your card before you make a trip. Which is really pretty crappy, and they don't have a good excuse for it, so far as I can tell, especially since by all accounts the system is basically the same as Oyster so it certainly ought to be capable. http://askcompass.ca/?QuestionID=1387 (same applies for day pass).

1
0

Linux letting go: 32-bit builds on the way out

AdamWill

Re: Third Party Software

It's not just third-party software. It's stuff like, well, the kernel. Upstream kernel developers are less and less interested in keeping i686 codepaths working, and they frequently just don't any more.

1
0
AdamWill

Re: Thinks Bubble

The last vaguely mainstream 32-bit CPU Intel released was in, I believe, 2006. There were 32-bit Atom CPUs up to 2010, by the looks of things, but those were pretty niche-y and you're probably not going to have an awesome experience running a full-fat modern distro on one of those in any case. Almost any 32-bit x86 system you have, in other words, must be at least 6 years old and is far more likely to be over 10 years old. That's really pretty old.

The weird Atom tablets / convertibles from the last few years have 64-bit CPUs but 32-bit firmwares; they don't actually need 32-bit distributions, it's possible for 64-bit distributions to run on them with a bit of nifty bootloader footwork.

4
0
AdamWill

Re: Netbooks

"Ubuntu developers are saying that people with old hardware that they do not wish to upgrade or who cannot afford to upgrade are no longer worthy of consideration."

No, they're saying that they no longer want to consider them, in order to devote their limited resources to 'considering' larger user bases. In an ideal world full of rainbows and unicorns OS distributors would be able to make things work perfectly on all hardware ever. In the real world this is not the case, and deciding what hardware to support to what extent is a constant question of making trade-offs, and people getting all irate and stroppy and insisting on taking those decisions excessively personally ('worthy of consideration'? really?) doesn't really help.

There's *always* still some working example of old hardware somewhere. People have working 8088s and Commodore Pets and lord knows what else. That doesn't oblige all OS vendors to keep supporting them. We (I work on Fedora, which stopped considering i686 a release-blocking arch with Fedora 24) have generally decided there's a point at which supporting old hardware is more trouble than it's worth; this is why we no longer actually work on i386s, or i486s, or (for most distros) i586s. That point is coming up fast for i686.

If there's enough demand for it, there'll be niche distros that support these old systems; heck, you could create one. But the mainstream distros, as the name suggests, are there to support *mainstream* hardware. We have to make cost/benefit decisions at some point.

21
1

Let's Encrypt in trademark drama

AdamWill

Re: Oh, they've replied now.

Wow, an expiry time is a business model now? yeesh.

8
0

In obesity fight, UK’s heavy-handed soda tax beats US' watered-down warning

AdamWill

Re: "Lessons from the war on tobacco"

Er, why would your lesson from the "war on tobacco" - which has been probably the single greatest public health success story of the 20th century - be to fight it?

7
0
AdamWill

Re: Aspartame

Heck, you don't even have to believe aspartame is definitely safe for it to be the logical choice. It's simple: we know for a copper-bottomed *fact* (very rare when it comes to nutrition) that sugar is extremely damaging. We don't know for sure that aspartame is. So, go with the aspartame!

That's really all you need. It's not even necessary to note that the balance in the sweetener debate is rather strongly in favour of the 'well, we did a bunch of trials and none of them showed any negative effects except at a level of consumption that in humans would translate to drinking sixty cans of Diet Coke a day forever' side, rather than the 'some nutbag on the internet said it would give me cancer' side...

7
2

GNU cryptocurrency aims at 'the mainstream economy not the black market'

AdamWill

Re: Expect a trademark infringement claim

Why would that mean you couldn't trademark it? There's no rule that trademarks have to be 'original' words, most aren't.

2
0

Does it even make sense to buy a VTL today?

AdamWill

Re: you referring to tape in general or VTL specifically?

Given that VTL is in the title of the article, and is repeated about two dozen times, I'm gonna go out on a limb and say that's what he was talking about.

2
0

Smartwatches: I hate to say ‘I told you so’. But I told you so.

AdamWill

"Do people really expect smartwatches to be as ubiquitous as smartphones? No, why would they?"

Well, you rather get the feeling Apple would like them to be, since the Apple Watch seems to have been their big bet to move on from the rapidly-maturing and margin-thinning smartphone market...

8
0
AdamWill

Re: MS Band

I'm not a huge smartwatch fan (I bought a Pebble, it was kind of neat, it stopped working properly, I never felt at all like buying another) but that's just stupid logic. Similarly we all used to have fairly robust cellphones with two week battery lives...because all they could do was make phone calls and send text messages really painfully and maaaybe, if you were lucky, play Snake. There's a small core of people who've decided that's all they want from a cellphone and who still use similar devices, and more power to them. But far far more people use relatively fragile and short-battery-lived modern smartphones, and they don't do this because they're stupid or sheep, they do it because they want to use all the capabilities they get *in exchange* for the relative fragility and short battery life.

Similarly it's stupid to argue that smartwatches have to have the same longevity as regular watches in order for anyone to want them, because if they can provide sufficient useful capabilities in exchange for the complexity and charging, then sensible people will make sensible choices to buy them. The problem so far is that they haven't.

12
1

Guess what's 'easily hacked'? Yes, that's right: Smart city transport infrastructure

AdamWill

er...passwords *are* authentication, aren't they?

"No authentication was required to communicate with the Bluetooth-enabled device. "Anyone with a Bluetooth-enabled device and software for discovering passwords via multiple variants (brute force) could connect to a road sensor in this way," the Kaspersky team discovered."

So, er, no authentication was required except a password, which is authentication, then?

2
2

Obama to admit Moon landing was faked?

AdamWill

yep

Yep. In fact it's a very good case for the bookies indeed, because likely lots of people will have bet on one of the teams that people actually thought had a chance in hell of winning, and the bookies get to keep *all* that money. They have to pay out eye catching individual sums to the loonies who bet on Leicester, but since there are probably, like, three people who bet any remotely significant amount on that, they still wind up quids in.

0
0

Nest's bricking of Revolv serves as wake-up call to industry

AdamWill

Re: IPV6, TLDs, etc

With a system allowing the 'phone home' point for existing hardware to be changed, other people could step in to do so: either as a community effort, or a commercial one. A few hundred thousand (or whatever) people with expensive hardware that suddenly does nothing could be a business opportunity for a savvy person: for $x we'll keep your hardware working for the next X months, or for $x/month we'll keep it working so long as you keep paying and we stay afloat.

If the 'phone home' point is hardwired into the hardware (and that connection is secured), there's nothing anyone besides the original manufacturer can do to offer support for the device even if they wanted to, short of coming up with some way to hack the hardware and convincing users to apply it.

3
0

Bash on Windows. Repeat, Microsoft demos Bash on Windows

AdamWill

Re: Hmm.

AMD is putting their efforts lately into improving the free driver, which is a *much* better idea. It's not quite up to the performance of the proprietary driver yet, but it's getting there.

6
0

Slack smackback: There's no IRC in team (software), say open-sourcers

AdamWill

also, check the ToS

I had a look at Slack's terms of service when it started getting popular. Unless they've revised them lately, they reserve the right to look at any of your content at any time, and they also reserve the right to delete all your content irretrievably and without any notification.

Hmm, yep, still there:

"You acknowledge that Slack and its designees shall have the right (but not the obligation) in their sole discretion to pre-screen, refuse, or remove any of Your Data that is available via the Service...We may also review Your Data transmitted through non-public mechanisms (such as private channels within the Service) where we deem appropriate, including for violations of this TOS or in response to a user complaint. Without limiting the foregoing, Slack and its designees shall have the right (but not the obligation) to remove any of Your Data that violates the TOS or is otherwise objectionable."

...

"You acknowledge, consent and agree that Slack may access, preserve and disclose your account information and Your Data if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary to: (i) comply with legal process; (ii) enforce the TOS; (iii) respond to claims that any of Your Data violates the rights of third parties; (iv) respond to your requests for customer service; or (v) protect the rights, property or personal safety of Slack, its users and the public."

...

"We reserve the right to deactivate and delete your account (or the access privileges of any Member) and terminate this TOS at any time for any reason, or no reason, with or without notice."

so...yeah, good luck with putting all your mission-critical data there.

7
0

Converged PC and smartphone is the future, says Canonical's Mark Shuttleworth

AdamWill

the problem with 'seamless' is that it never is

We don't want the same interface on a phone as on a computer, right? So all these 'seamless' systems have to come up with some kind of clever software layer which knows or remembers what kind of layout we want for all sorts of things, and when.

So instead of needing a clever software layer of some kind to share data between devices which have a simple time of deciding what interface they want to show you, you need a clever software layer to decide what interface to show you on top of data it has a simple time accessing.

i.e. it's just a trade-off, and not a very obviously good one, since phone flash is not exactly renowned as the world's safest place to store all your data.

2
0

Gopher server revived after 15 years of downtime

AdamWill

pfah

I have a colleague who's still configured to accept UUCP-routed mail...

another one I can think of, John Carmack's .plan file was updated up until 2005: http://www.bluesnews.com/cgi-bin/finger.pl?id=1 . Someone else at id updated theirs in 2007: http://www.bluesnews.com/cgi-bin/finger.pl?id=476 . Sadly seems like you can't connect any more, though. :(

0
0

Yelp minimum wage row shines spotlight on … broke, fired employee

AdamWill

Re: speak for yourselft

Where do you get this drivel?

"Talia sounds like most millennials, an entitled brat that never worked a day in her life.... "

Er. The entire story is about how she was paid far less than a living wage *for her job*. Which she *worked at*. Do you just take lines out of the cliche book and throw them out there with no thought about their relevance to what actually happened?

90
4

ADpocalypse NOW: Three raises the stakes

AdamWill

Inferring a bit too far

"Strangely the net neutrality crowd have gone very quiet", says Andrew, and goes on to extrapolate two paragraphs of bollocks from that. Er, this story broke within the last, what, seven hours? Overnight, in the US? You might want to at least give people a day before making wild inferrals on the sole basis that they didn't say anything yet.

28
3

FCC clicks off the safety, fires at America's great cable TV box rip-off

AdamWill

tweedledum and tweedledee

Cableco #1: "...The FCC's thumb on the scales will inevitably straightjacket innovation..."

Cableco #2: "...puts the Commission's thumb on the scale by endorsing..."

they've really given up on pretending they're not a cartel, haven't they? Do they just have one PR department between the lot of 'em, to save a bit of money for spending on the executive suites?

3
0

Coding is more important than Shakespeare, says VC living in self-contained universe

AdamWill

Re: Shakespeare? who is he anyway?

Millions of people annually around the world "wade their way through" at least one of Shakespeare's plays, as a cursory glance at just about any theatre program would show you. They don't put on all those productions to empty houses, you know. Theatres are - believe it or not! - subject to the guidelines of supply and demand just like everyone else.

(Sidebar to this debate: the most tiresome thing for me is the assumption that what you study in school or university somehow determines your path for life, and is really only of interest insofar as it "gets you a job". I've got a degree in history. I work in software. I know there are a lot of other people like me - if you do an informal count among any reasonably-sized gathering of software engineers, you'll wind up with ~25% with "liberal arts" degrees, in my experience. To a large extent, the point of study is not so much what you study as the techniques you learn by studying it.)

8
0

Page:

Forums