It's not as if encryption would stop them being able to infiltrate and observe criminal gangs, and generally catch the bad guys. There are all kinds of other tools they can use without having instant push-button access to all communications data.
Encryption doesn't stop them spying on you. It stops them spying on everyone in the world simultaneously all the time with no effort.
The funny thing is that this is probably lobbying from NTT Docomo, who lost their own app store monopoly for feature phones the moment smartphones arrived.
Again? Isn’t this the third time or something? Then Microsoft comes along with a briefcase of Euros and the “problem” goes away. Sombody please correct me if I’m mis-remembering.
Apple exec doesn’t actually understand how computers work and think that that actually might be a reasonable arguement.
It doesn’t matter how good your processor is if you can only bank 8 GB of something into memory it’s going to be slow. The only way an 8 GB device would beat a 16 GB device would be if the 16 GB device had the world’s slowest processor. Like something from 2005. Taking stuff out of RAM is the single slowest operation you can perform other than loading from a hard drive.
Yeah, but anything you create automatically has a copyright, so for example this comment is not in the public domain. Its use is limited to the context I am using it in; that is, I expect it to be copied for federation purposes, but I wouldn’t say that AI is covered in this context, just genuine readership, moderation, and bots that are ‘part of the community’.
At least that’s the EU stance afaik. Like if I saw this comment on a billboard somewhere I’d see that as a clear breach of copyright and even privacy.
Well, it’s one thing to say an ‘artificial agent’ looks at someone’s work on deviant art and learns from it. It’s another to use that to make money, as I personally can’t imagine many of the posters would have been on board with that.
Plasma is not replacing Gnome in Fedora Workstation.
And it doesn’t need to anyway, the plasma spin works great and there’s no real sign of it being treated as a second class citizen in terms of development/support from the Fedora team.
I think the argument is that since it not the default and not visible in the fedora landing page, the kde spin gets less coverage and hence people are more likely to come across and use the fedora workstation in favour of the kde spin.
IT can be pretty fucking stressful. You really have to distance yourself a bit from the work. If you put to much heart in and blame yourself when things go wrong you’ll end up burning out and destroying yourself.
I’ve watched people enter info sec and it actually makes them so insanely paranoid I feel sorry for them. Especially the fella working for the charity that got owned. That’s got to feel awful.
Yup, the reason I’m so good at my job is because I don’t care.
If systems go down, a bunch of rich people will lose some money, but it’s not a life or death situation. And not panicking is pretty much a requirement to work in upper level IT.
Even the really big boys have shit security and almost no one invests in it.
I was called ‘insanely paranoid’ for not wanting any IoT things in my house even though I am an IT guy.
I told them ‘I don’t want IoT things in my house BECAUSE I’m an IT guy and know what I’m talking about.’
They ignored me of course, even companies that paid for my opinion and services.
And some paid the price, but funny enough that didn’t stop them from insecure practices, it just made them choose another brand of insecure IoT devices to replace the old.
Not all IoT is bad… If you decide to get some cloud IoT and keep it on the main network that’s on you, but you could have a separate vlan or even a separate protocol like zigbee and z-wave to secure these devices and control them locally with home assistant. It might not be good enough for highly sensitive enterprise environments, but more than enough for average Joe who’s not being targeted by APTs or espionage
There’s no oversight for any of these agencies and they have the means and incentive to backdoor cryptography, what would stop them from doing this morality? There’s no possible way that they both aren’t compromised and all we’re seeing now is them firing pot shots at each other trying to convince the reader to join their honeypot because its sweeter.
Personally I think it would be of great benefit if Enterprise vendors just stopped doing that extremely long term support. It just enables the people who want to pretend they can stop the world around them and those people are bad for everyone, especially in a security context but also because they pretend that “stability” is achieved by using old versions.
I hope that the community at large can wrestle kernel livepatching away from the commercial distros. No reason the big names should have a monopoly on that.
Even where those are concerned, it’s not a silver bullet for seamlessly jumping major kernel versions, but it’s a start.
I feel it was a direct reply to the comment above.
Dinosaurs don’t want to give up their extended LTS kernels because upgrading is a hassle and often requires rebooting, occasionally to a bad state.
So how can you bring your userbase forward so you don’t have to keep slapping security patches onto an ancient kernel?
I feel it was a direct reply to the comment above.
At no point did it mention livepatching.
Dinosaurs don’t want to give up their extended LTS kernels because upgrading is a hassle and often requires rebooting, occasionally to a bad state.
No, Dinosaurs want LTS because it’s stable; it’s in the name.
You can’t have your proprietary shitware kernel module in any kernel other than the ABI it’s made for. You can’t run your proprietary legacy service heap of crap on newer kernels where the kernel APIs function slightly differently.
how can you bring your userbase forward so you don’t have to keep slapping security patches onto an ancient kernel?
No, Dinosaurs want LTS because it’s stable; it’s in the name.
Mostly they want LTS because if they never upgrade nobody can blame them for the failures that are happening because “not doing things” is seen as less blame-worthy than “doing things”. Actual stability is not achieved by running ancient version numbers with backported fixes. Nor is it achieved by never rebooting and then wondering why nothing works when you are inevitably forced to reboot by some unpreventable external circumstance. Actual stability is achieved by testing updates before applying them and doing so frequently so increments are small and causes of problems thus easily identifiable and fixable.
I think Arch has FOSS support kernel live patchingNixos also has an open issue where they seem to be discussing an implementation they might consider.
With upstream support and kpatch being FOSS I think the willingness is just low to maintain patches at a distro level and announcing it as a thing you can do yourself has limited audience.
I agree its super cool though and with containers and some of systems work for system level reboots and portable services I see a lot of potential for high uptime systems (like my laptop lol).
Personally I think it would be of great benefit if Enterprise vendors just stopped doing that extremely long term support. It just enables the people who want to pretend they can stop the world around them and those people are bad for everyone, especially in a security context but also because they pretend that “stability” is achieved by using old versions.
This is how I know you need to learn more about the Enterprise, about long-term support, and stability. Everything you wrote sounds like “Smoke detectors and seat belts are for chumps”
I know a lot more about those topics than I ever wished I would.
Stability doesn’t magically appear because you leave the version number unchanged. Stability is the result of qualified people (hint: people backporting patches in 100s of projects they barely know aren’t very qualified in comparison to the main developers of those projects) making well-informed changes to a project and then testing them.
Old versions with backports are still new versions, just new versions with a smaller user base and less testing.
Stability is also much harder to achieve if you do certain tasks rarely, e.g. only every 10 years, since nobody will remember how to do them.
Upstream supports those old releases only begrudgingly because every feature that needs support across all versions in use is held back by those extremely long term support versions.
I am not objecting to the goal of stability, I am objecting to the snakeoil that pretends you can achieve it by using the same version number all the time basically with a forked branch of the code that contains cherry-picked changes.
Agreed at a certain point supporting an old enough ABI is just a practice in preservation and shouldn’t be where any serious work is done on.
There are still companies that treat software development as if they craving stone for future generations instead of living collections of logic, idioms, and ideas (that reasonbly should be expected to adapted or replaced as conditions change!)
In Canada it’s tap to pay for ~8 years now, never saw a QR code to pay. However when I go in USA, every stores is tap to pay, except one, there’s one store in USA where there is no tap, it’s Walmart, inconcevable.
Tap to pay was pretty well established when they went with scan to pay, they just hoped the Walmart name was large enough that they could cut out all the middlemen inherent with traditional payment processors and keep a bigger piece of the pie. Specifically they were in a spat with Visa over merchant fees at the time so they wanted an option that allowed them to cut Visa out of the picture. They thought that having their own scan to pay system would allow them to do that, but they eventually reconciled with Visa and got the merchant fees discount they wanted and that aspect of the scan to pay system sorta dropped out of focus.
Some reporter(s?) in Germany found that all the forums for CSA actually host their material in the clearnet, i.e. on Google Drive, Dropbox, etc. (since TOR speeds are shit and those people don’t watch SD videos anymore).
The police could have demanded data from the uploading accounts and that the material was taken offline. They refused to do so, in order to “catch more criminals” or something like that.
So, their “think of the children” is exactly as in the spirit of Helen Lovejoy as it seems.
They also openly use youtube for distributing passwords and pastebin links to such content. I have seen multiple channels from a specific country (starts with I) that does this, sometimes going so far as to flash a single letter of the password at a time throughout innocent-looking childrens videos, with the encrypted pastebin link on the last video that requires the full password to unlock. Some others on a site I will not name have been trying to report these channels for several days (they have actually been operating for years with millions of views) but youtube isn’t doing anything. Only company who has done anything was mediafire for removing some actual content.
theregister.com
Top