Yes, our masters once again embarrass us unworthy peons with their endless grace, generosity and forebearance. How lucky we are to entrust our data and our lives to them!
...and yet, zero mention of systemd's recommendation for programs to link in the libsystemd kitchen sink just to call sd_notify() (which should really be its own library)
...and no mention of why systemd felt the need to preemptively load compression libraries, which it only needs to read/write compressed log files, even if you don't read/write log files at all? Again, it's a whole independent subsystem that could be its own library.
The video showed that xz was a dependency of OpenSSH. It showed on screen, but never said aloud, that this was only because of systemd. Debian/Redhat's sshd [0] was started with systemd and they added in a call to the sd_notify() helper function (which simply sends a message to the $NOTIFY_SOCKET socket), just to inform systemd of the exact moment sshd is ready. This loads the whole of libsystemd. That loads the whole of liblzma. Since the xz backdoor, OpenSSH no longer uses the sd_notify() function directly, it writes its own code to connect to $NOTIFY_SOCKET. And the sd_notify manpage begrudgingly gives a listing of code you can use to avoid calling it, so if you're an independent program with no connection to systemd, you just want to notify it you've started... you don't need to pull in the libsystemd kitchen sink. As it should've been in the first place.
Is the real master hacker Lennart Poettering, for making sure his architectural choices didn't appear in this video?
[0]: as an aside, the systemd notification code is only in Debian, Redhat et al because OpenSSH is OpenBSD's fork of Tatu Ylönen's SSH, which went on to become proprietary software. systemd is Linux-only and will never support OpenBSD, so likewise OpenBSD don't include any lines of code in OpenSSH to support systemd. Come to think of it, "BSD" is another thing they don't mention in the script, despite mentioning the AT&T lawsuit (https://en.wikipedia.org/wiki/USL_v._BSDi)
When I was being interviewed, we did talk about exactly this, including that libsystemd is a kitchen sink, and that eventually OpenSSH went with open-coding the equivalent to sd_notify instead of depending on libsystemd. (Also that ahem Red Hat added the dependency on libsystemd in a downstream patch oops).
However the editors (correctly IMHO) took the decision to simplify the whole story of dependencies. In an early draft they simplified it too much, sort of implying that sshd depended directly on liblzma, but they corrected that (adding the illustration of dependencies) after I pointed out it was inaccurate.
I agree with everything you say, but you have to pick your battles when explaining very complicated topics like shared libraries to a lay audience.
In general I was impressed by their careful fact checking and attention to detail.
Sadly they missed the misspelling (UNRESOVLED) even though I pointed it out last week :-( But that's literally the only thing they didn't fix after my feedback.
It did get mentioned - in the context of the upstream change to dynamically load those libraries being a threat to the hack's viability which may have caused "Jia Tan" to rush and accidentally make mistakes in the process.
They say "an open-source developer requests to remove the dependency that links xz to OpenSSH" while showing https://github.com/systemd/systemd/pull/31550 on screen, zoomed and focused so the word "systemd" does not appear.
They never once utter the word "systemd", anywhere in the script... isn't that strange for such a key dependency?
It probably is because of video length, mentioning systemd would mean explaining init system which could add another 5 min runtime. At least they showed it in diagram of dependencies.
From my vague memory of xz backdoor, I don't even recall systemd being involved. Now, I get what people are talking about when they said systemd is taking over everything and why there was so much pushback to systemd when it was being added to distros. For me as a end user/dev, it mattered little whether services were started by systemd, openrc etc.
OpenSSH is maintained by the OpenBSD developers. OpenSSH does not use liblzma (xz) at all.
Linux distros which chose to switch to systemd also chose to patch OpenSSH to call systemd's sd_notify() function, to inform systemd when sshd is fully started.
This sd_notify() function is in the huge, sprawling kitchen sink of a library called libsystemd. sd_notify() is only a few lines of code, but it's convenient (to Linux distro packagers) to make systemd a dependency of OpenSSH, link in the whole library and call that one function. It makes their patches of the upstream software smaller and easier to review for correctness.
In the sprawling libsystemd is an entire subsystem for reading/writing systemd's famous binary log files, and the user can choose compression (xz, zstd or lz4). It depended on and loaded all three of these compression libraries, whether you read/write compressed logs or not. In the video you hear about the imminent request to load these libraries dynamically on demand -- https://github.com/systemd/systemd/pull/31550 -- but this arrives many years adding these functions to the libsystem kitchen sink, and generally speaking most programs shouldn't use the libsystemd functions for reading/writing log files, they only need to send log messages to journald via syslog() or sd_journal_print()
So you can see this unwarranted dependency chain was introduced by Linux distros adding systemd to everything, and nation-state level hackers saw and tried to exploit it, seeking out the xz maintainer for social engineering.
Most bus users I know don't mind how far away the stop is, within a certain time. They really care about waiting long times at the stop because the bus is infrequent or unreliable.
Humans walk at roughly 2.1-3.0mph. "European cities" are listed as having bus stops 984-1476 ft apart, which would imply you'd typically walk half that to reach the nearest one (492-738 ft), which for a fit 3.0mph person is 2-3 minutes, and for a frail old 2.1mph person is 3-4 minutes.
Of course, people can be further away than that (they live orthagonally to the bus route), but you get the point. If you doubled bus stop distances to 1476ft apart, it would not add many walking minutes for the users.
Bus users can compensate for extra walking time by leaving earlier, provided the bus is on time. Good bus services can estimate arrivals in realtime, and show it to users on websites, apps, etc. as well as at the bus stop.
Bus punctuality is affected by a number of factors (e.g. traffic congestion, temporary and dedicated bus lanes), including number of stops.
The faster a bus can complete its route, the higher the route frequency can be with the same number of buses+drivers, which means buses pick up passengers more often, which means fewer passengers per stop (because less time between pickups), which means faster boarding, which in turn allows for a higher reliable route frequency. Having payment schemes like tap on/tap off, and having multiple entry doors also improves boarding times.
An analysis based on linear distance fails the essential geometric test:
> Humans walk at roughly 2.1-3.0mph. "European cities" are listed as having bus stops 984-1476 ft apart, which would imply you'd typically walk half that to reach the nearest one (492-738 ft), which for a fit 3.0mph person is 2-3 minutes, and for a frail old 2.1mph person is 3-4 minutes.
> Of course, people can be further away than that (they live orthagonally to the bus route), but you get the point. If you doubled bus stop distances to 1476ft apart, it would not add many walking minutes for the users.
Given four "bus stops" spaced at the corners of a square of dimension d, and a linear relationship of distance and time such that d == t, the distance to a stop along the edges of the square is at most d/2 == 0.5d. As the crow flies (straight line) the distance from the center of the square to any of the corners is sqrt(2*(d^2)) / 2 or (approximately) 0.71d.
But people don't fly, rather geometric physical reality is something sometimes called "manhattan distance" which essentially means that they need to walk to the edge and then along the edge (or zig-zag block by block, which amounts to the same thing just repeated at smaller scale). In this case the distance walked to any of the corners from the center is exactly d. Unless you live in the middle of a park (with stops at the corners) d is the best outcome. In a physical environment other obstacles may present which require backtracking; indeed, the bus routes (and hence stops) are likely optimized to avoid backtracking, acknowledging this physical reality.
Typo squatting is a thing, and so are Unicode homographs.
The permissions approach isn't bad. I may trust Thunderbird for some things, but permission to read SMS and notifications is permission to bypass SMS 2FA for every other account using that phone number. It deserves a special gate that's very hard for a scammer to pass. The exact nature of the gate can be reasonably debated.
They are, but this the next-layer-up problem. Most people don't type memorise and type URLs into their browser bar, they use a search engine result, browser history or browser bookmark.
It's therefore on their choice of search engine, or choice of app store, to lead them from "thunderbird" to "The app downloadable from https://thunderbird.net/", which can then be validated as signed by the verified owner of the same domain.
I'm not proposing changing the permissions system.
Something like Thunderbird might be an exception, but also domain confusion exists, so in the general case, most likely not because most users are susceptible to this.
That's a search engine / reputation problem and it's also present even in Daddy Google's and Daddy Apple's walled gardens.
If you search any web search engine for "thunderbird", https://thunderbird.net/ is the top result. You can choose your preferred search engine, you should be able to choose your own app store, and your level of confidence stems from your own estimation of that entity's past competence.
If you do search Google Play for "thunderbird", you'll find it lists an app with internal name "net.thunderbird.android" as the top result (along with lots of other mail clients). What I'm proposing is that if your choice of search engine or app store shows you https://thunderbird.net/ as the place to download Thunderbird, and you do, PKI can then verify that the app was independently signed by the owner of the matching domain, and that the certificate was issued to them by a CA who regularly validates they control that domain.
It sets a verified lower bound on baggage loss. An achieveable ideal that other airports should aspire to.
Lots of orgs claim to aspire to 5 nines of uptime but can barely manage 2 nines. Kansai airport with an average of about 17 million pax/yr [0] hasn't lost any luggage. Losing one item out of, say, 10 million items a year, would be 7 nines.
Let's say the government issues hundreds of thousands of IDs to people who don't exist and uses them to verify bots (or room full of paid humans) that post pro-government messages all day, at "normal" rates that a human posts.
It's amazing how there is a much larger crowd, of completely real people, who approve of the government, than those nasty dissenters. We know they're real people because we trust the government vouching for its own IDs.
And because of the real ID policy, the government can also ask the social media company for the ID used by opposed posters, and find out where they live and "visit" them, maybe "warn" them.
This sounds like an unreasonable amount of distrust in a government. If a government is truly malicious, it no longer matters if an ID was issued in the first place.
Take the current US administration. If they were to point the finger at a user for something the government didn't like, I doubt many people will agree, and more likely people will be opposed to the government than the user. The most important thing is to prevent government from abusing violence on the people for speaking up, which is somewhat lacking in the US.
More effort should be done to hold governments accountable, not finding ways to skirt around it.
It doesn't even have to be malicious. The UK government had the https://en.wikipedia.org/wiki/Windrush_scandal where it lost the only identity documents of thousands of people, and also tried to remove them from the UK for not having these documents.
Governments shouldn't work like Google's technical support, where they are in 100% control and you have zero recourse if they don't like you, or even if they just fuck up. Governments should be accountable to their people, there need to be systems (like courts) to rein in the government's unlawful actions. It goes without saying that government shouldn't build fully centralised systems of authority, and certainly shouldn't be implicitly trusted by third parties - because when they do that, things go badly for the citizens of that government. Or citizens of other countries (see e.g. the USA fucking with ICC staff)
...and yet here we are, discussing systems that would lock people out of all sorts of things if they won't or can't get a trusted proof they're in a central database we trust the custodians of 100% - those custodians never make mistakes or abuse their position, right? Why the rush to adopt the more fragile system?
What I worry about is more and more "nudge theory" or dark patterns coming in; you may be entitled to something, or have rights, and the government doesn't like people having that, or paying for people to have it. They won't say "no, people can't have these rights and entitlements" and take the hit at the ballot box (though sometime they do and that is strictly worse), but they will deliberately put in roadblocks and gotchas (digital or otherwise) that oh-so-unfortunately sometimes don't work, or are cumbersome and thus discourage people from exercising their rights.
Point taken on incompetence as opposed to maliciousness. I'm not gung ho on a central database. Perhaps issuing a physical ID, similar to driving license would suffice? And if we want to prevent having tech corps scanning your face, just make it a pin locked card, ala bank cards. Social media isn't a human right anyways.
You're not thinking more than one step ahead. If you let a third party define who "has ID", "is human", etc. you give that third party control over you. You already gave control of your attention away to the sites who host the UGC, now you also give away control of your sense of reality.
At any point they can tell a real human what they can and can't say, and if they go against their masters, their "real human" status is revoked, because you trust the platform and not the person.
If we want to go full conspiritard, we could accuse those of wanting to control speech to be the financial backers of those flooding social media with AI slop: https://www.youtube.com/watch?v=-gGLvg0n-uY -- this fictional video thematically marries Metal Gear Solid 2's plot with current events: "perfect AI speech, audio and video synthesis will drown out reality [...] That is when we will present our solution: mandatory digital identity verification for all humans at all times"
I am though. In the world I live in I already have to give power over myself to corporations and a government, I don’t buy this as an argument for continuing to let internet companies skirt existing laws.
I don't know what to say. You will live in a world "where the average person unknowingly interacts with bots more than other individuals and where black market actors can sway public opinion with armies of bots", even more so after you and I and everyone on the planet are compelled to provide our identity at all times.
The various government actions trying to force "robust" age verification on the internet are being woefully naive in trusting other internet companies and letting them skirt existing laws on data protection.
You are being a useful idiot, sorry. Your weakness is what politicians exploit when they say "think of the children", you fail to see the amoral power-grabs hiding beneath their professed sentiment.
I don't want you encouraging people to demand my identity because you trust "authorities" taking yours
reply