On Sat, Oct 04, 2014 at 09:35:09PM -0400, Ian Grant wrote: > Well, if I do succeed in distributing malware, it will be a good > demonstration of what I have been arguing for months now, which is > that your "core infrastructure" is _very,_ _very_ flaky, and that far > from being "the most important developers," you are in fact just > part-time amateur hackers playing at your 'hobbies'. > > What I am trying to do here is wake you people up from what will > otherwise prove to be terminal sleep. This is not a hobby, you are > combatants in a global information war, and it will cost some of you > your lives,
As has been stated---your concerns are substantiated and understood, and you clearly have much experience and information to contribute, but your unnecessary and unsubstantiated insults and holier-than-thou attitude prevent meaningful discussion, especially from those who are spectating and unwilling to participate in a discussion that is consequently destined to yield little more than childish banter and silence, albeit sprinkled with bits of very interesting information and resources. The additional drama you infuse into the conversation---an example being the latter paragraph above---also works against you. There are many things that may cost us our lives, and I'm fairly certain that this does not make the top million or so for most of us. I'm killing myself sitting here typing this message.[0] From my understanding, you're allowing your body to degenerate as we speak. > I don't distribute plain text because it is too easy to alter. Once I > send one of these "essays" out I have no control over what happens to > it. So I try to make it as hard as I reasonably can for people to edit > what I have written. This argument is not valid---why is it hard to alter a PDF? In fact, PDF manipulation is a dark (and probably cancer-causing) art that's automated by countless businesses worldwide; it is a topic that eats up a significant portion of development time at my employer's office. Have you considered just distributing a GPG/PGP signature with your works, or even signing the work itself? After all, this whole discussion is about proving the unlikelihood of and preventing the modification of data. Unlike the topic of complex binaries, your works are trivially verifiable even by hand---take advantage of that. If in ASCII, verification is a simple matter of diffing, even without cryptographic assurances, provided that your original work is archived in a number of reputable places (though I'd still sign my works); however, PDFs introduce an infinite number of display modifications that can be produce a document yielding a text isomorphic to the original---just because two PDFs of your work are 99% different when binary-compared doesn't mean that the visual meaning of text it renders is not 100% the same. (To be fair: I'm fine with PDFs; it's hard to convert most TeX-heavy writings using equations into meaningful ASCII, but I still provide ASCII alternatives whenever reasonable, which is >90% of the time. Unicode is often suitable when ASCII isn't.) [0]: http://apps.washingtonpost.com/g/page/national/the-health-hazards-of-sitting/750/ -- Mike Gerwitz Free Software Hacker | GNU Maintainer http://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB
signature.asc
Description: Digital signature
