Re: [DNG] I wrote IBM
On 9/29/19 12:36 PM, goli...@devuan.org wrote: > Sorry Steve . . . I think this idea is naive, ill-advised and a tactical > error that could have very real, unintended consequences. So that the ignorant among us can understand learn, do you mind telling us why? Thanks, Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] I wrote IBM
On 2019-09-30 09:27, Simon Walter wrote: On 9/29/19 12:36 PM, goli...@devuan.org wrote: Sorry Steve . . . I think this idea is naive, ill-advised and a tactical error that could have very real, unintended consequences. So that the ignorant among us can understand learn, do you mind telling us why? Thanks, Simon History is littered with examples of real harm done to individuals and society by "business as usual". Even when there is a substantial body count, it can take decades for acknowledgement and restitution. I have been there, done that too many times. IMO, a bunch of disgruntled geeks moaning about software choices just does not have the leverage needed to move a corporate mountain. However, should enough voices become an irritation to said corporate mountain, retaliation could be "interesting" . . . As Bruce noted, Steve has every right to pursue any tactic he chooses and I will be the first to congratulate him if he succeeds. In the meantime, I choose to do real work to support alternatives rather than tilt at windmills. :) golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] I wrote IBM
On 29.09.19 05:36, goli...@devuan.org wrote: > Sorry Steve . . . I think this idea is naive, ill-advised and a tactical > error that could have very real, unintended consequences. I do hope that > neither Devuan nor s6 was mentioned in the letter that you sent. > I don't get that as well, I mean - who cares about the business model if IBM / Red Hat? I can understand your motivation, we all know that systemd sucks, but bothering people won't make this much better. They may need to find this out by themselves. BR Hans -- Hans Kramer Linux Consultant & Trainer Mail: kra...@b1-systems.de B1 Systems GmbH Osterfeldstraße 7 / 85088 Vohburg / http://www.b1-systems.de GF: Ralph Dehner / Unternehmenssitz: Vohburg / AG: Ingolstadt, HRB 3537 signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] I wrote IBM
Hi all Steve's initiative can in deed have some good effect and it's normal political work he initiated. Nothing to blame him for! There can be other than technical solutions to the problems that systemd imposed. Regards, Adrian. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Security problem
I just came across a security problem. The application signal-desktop could not be started anymore because a file from the electron framework did not set a setuid bit (https://github.com/signalapp/Signal-Desktop/issues/3536). For the sandbox feature this obviously needs root privileges. It creeps me out when an application from an untrusted source installs programs with root privileges without me even noticing it. How can I protect myself against this? Is there a way to check Debian packages for a setuid bit set, e.g. in the post-install script? Jochen ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Security problem
Hi, Jochen. El Mon, 30 Sep 2019 19:29:34 +0200 "J. Fahrner via Dng" escribió: > I just came across a security problem. The application signal-desktop > could not be started anymore because a file from the electron framework > did not set a setuid bit > (https://github.com/signalapp/Signal-Desktop/issues/3536). > For the sandbox feature this obviously needs root privileges. > It creeps me out when an application from an untrusted source installs > programs with root privileges without me even noticing it. > How can I protect myself against this? Is there a way to check Debian > packages for a setuid bit set, e.g. in the post-install script? See the manpage for dpkg-statoverride(1) and the file /val/lib/dpkg/statoverride Cheers. -- Gonzalo Pérez de Olaguer Córdoba s...@gpoc.es -=- buscando empleo desde 1988 -=- www.gpoc.es PGP: 3F87 CCE7 8B35 8C06 E637 2D57 5723 9984 718C A614 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] I wrote IBM
On Sun, 29 Sep 2019 14:39:27 +0200 Hans Kramer wrote: > On 29.09.19 05:36, goli...@devuan.org wrote: > > > Sorry Steve . . . I think this idea is naive, ill-advised and a > > tactical error that could have very real, unintended consequences. > > I do hope that neither Devuan nor s6 was mentioned in the letter > > that you sent. > > I don't get that as well, I mean - who cares about the business model > if IBM / Red Hat? I can understand your motivation, we all know that > systemd sucks, but bothering people won't make this much better. They > may need to find this out by themselves. Bothering? It's their job to receive letters from the public, and any half way smart business values feedback. SteveT Steve Litt Author: The Key to Everyday Excellence http://www.troubleshooters.com/key Twitter: http://www.twitter.com/stevelitt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] I wrote IBM
On 2019-09-30 18:34, Steve Litt wrote: It's their job to receive letters from the public, and any half way smart business values feedback. Really? What planet are you living on?!! Monsanto won't close it down after hundreds of lawsuits and millions (billions) of $$$ in settlements for injury from PCBs in Anniston to Roundup and non-hodgkin lymphoma and still they persist. Maybe the oil and gas industry while the icecaps melt and oceans rise? The beef and soy industries while the Amazon burns? It's the bottom line, baby!! When I give feedback about a product, they often buy my goodwill with coupons. Free stuff is the cost of doing business. Does it make a difference? Probably not . . . Currently the opportunity to offer feedback is often behind an email paywall to feed surveillance capitalism with your personal data. It's very hard to find a phone number for customer service anymore . . . Sorry for the OT rant. golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
