Hi Timothy, first of all please smile thinking of the Great Irony of History that lead MINIX to be probably the most installed OS on the market (I don't have thefigures but _strong_ suspicion)
so now "we" have won the free software OS battle just to start the next one? :-)
«We are the Borg. Lower your shields and surrender your ships. We will add your biological and technological distinctiveness to our own. Your culture will adapt to service us. Resistance is futile.» (Star Trek - First Contact, 1996) * Timothy Pearson [2017-11-24 14:56:21 -0600]:
Sadly, I'm not sure that this massive leak matters much with e.g. local governments moving to Windows 10 that is already known to exfiltrate data.
please consider that the majority of local and EU policy-makers are not doing this because they are despicable, simply they are sure **they can manage** this kind of problems signing "special case EULAs" and alike, trying to fix those issues by "de jure patches" we should convince them that is a _losing_ path: given the scientific evidences we are witnessing time after time, legal contracts cannot fix those huge security and privacy (government security and privacy!) problems [...]
GDPR. I'd love to hear someone from the EU weigh in on how this is possible from a legal perspective; I don't fully understand it from the other side of the pond.
me too, I love the principles stated in GDPR but I fear they will be "useless de jure patches" given how much **the computing devices and Internet _are_ broken by design** this is why I appreciate (draft!) legislative proposals like those from #youbroketheinternet [1]: they *may* be questionable but an interesting starting point (and I'm still studying them) please also consider that many respectable free software supporters are proposing solutions that are **useless tech workarounds**; e.g. looking at https://privacylab.yale.edu/ , in the "What we do" box, I read: "Hosting Tor", "providing TAILS OS", "hardened GNU/Linux", privacy-respecting toolssuch as PGP/GPG e-mail and E2EE messaging...
Also, if this sort of CPU-as-a-Service is concerning, why not use an ARM [0] or OpenPOWER [1] system that gives you full control?
please _do not_ concentrate on the "phenomenology of x386 brokenness" since it' **not** the only one example; e.g. also some (all?) smartphones are broken by design so while I **love** all the projects you mentioned (there are many you already listed in other messages AFAIK), I want to stress that **the market alone cannot fix it**: is it clear enough?!? :-) the very fact that **is** possible to sell **broken by design** computing devices should be considered _unconstitutional_, this brings to the consequence that selling **broken by design** computing devices should be (severely) illegal [2]; the really good "side effect" of this would be that selling broken devices is also considered _unfair competition_ versus constitutional respectful vendors ;-)
Especially for those already using libre software the switch is pretty painless.
ehrm: sorry if it sounds bold but please consider all the properties of relationships coming from complex system theory such as nonlinearity, emergence, spontaneous order, adaptation, and feedback loops (/me hacking :-) ) in this complex system we **have to** consider that _few_ of us can "easily" set up an entire free software **infrastructure** starting from _the devices_ and ending with JS programs running in their browsers: that is my job and I know I _cannot_ "sell" such a solution to my customers yet, OK? _soon_ my customers will have to be GDPR compliant: how can I support them in order to give reasonable confidence that their infrastructures will not leak sensitive data they collect _even_ if they are using free software "infrastructure wide"? ...I cannot even use an entire free infrastructure for "myself", partly because I _already have_ a running infrastructure and would be quite expensive (in monetary and time terms) to replace it... in case of smartphones *almost* impossible (I'm still not convinced Replicant resolves the **broken by design computing devices** problem, and the very fact that Replicant is supported on too few smartphones *is* very limiting) when talking about infrastructure please also consider that **all** of us needs _some_ "external computing device", usually rented from a vendor: why should I be "obliged by the market" to use a broken by design "bare metal" host?!? why the _burden_ to verify the level of brokenness should be contractually transferred to "me" and I cannot **pretend** that the host _is_ secure **by design**?!? I'm not alone in this _inability_ to free my devices, given that there is a research group in Google (read: great resources) that has been struggling for almost two years *just* to get rid of the most toxic "features" deeply buried in their servers we *need* the constitutional right to buy a device or sign an hosting contract and trust the vendor will not use his physical access power to break the security of such devices *by design* OK, I've stressed this enough :-D
Going forward one relatively easy way to deal with the problem is to put the data-slurping proprietary applications on a dedicated x86 machine that's isolated from the wider Internet as much as possible, and use rdesktop or similar to connect from a secure machine.
I respect this proposed solution *but* this is just a temporary (and costly)workaround... and I'm not willing to follow you on this path :-)
considering we are going towards an even increasing **broken Internet of broken computing Things**™ the "final consequence" of this _could_ likely be that one day those who wants to be free will be forced to opt-out from _every_ "form" of their digital life and choose to be "analog only" [3] :-O concluding: I want that my right to use interconnected digital devices _remaining a free human being_ will be treated as a **constitutional** fundamental right, all other policies and market regulation decisions should be consequent [...] Ciao Giovanni [1] http://youbroketheinternet.org/legislation/ObCrypto-law-proposal.pdf [2] in Italy we are used to read messages like "è _severamente_ vietato" ("it's severely forbidden"): it always sound very funny to many of us :-) [3] the infamous "blue or red phial" dilemma from Douglas Hofstadter's 1979 book Gödel, Escher, Bach https://en.wikipedia.org/wiki/Red_pill_and_blue_pill#G.C3.B6del.2C_Escher.2C_Bachstill inspiring many fictions
-- Giovanni Biscuolo Xelera - IT infrastructures http://xelera.eu/contact-us/ **per favore** Quota Bene: http://wiki.news.nic.it/QuotarBene **please** use Inline Reply: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
signature.asc
Description: PGP signature
_______________________________________________ Discussion mailing list Discussion@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/discussion
