Running a whole GUI as root, with a ton of unaudited code running in the same process and that brings in more code across IPC barriers, and has the tendency to poke at random environment variables, mmap random files, and read/write configuration.
Unfortunately the open source ecosystem doesn't have many external signals to users about which components are on the other side of a GUI's d-bus interactions and whether they have been audited. The polkit prompts give many uses the sense that they are granting the GUI application permission to "Run as Administrator" in the language of Windows.
While privilege separation is obviously the right choice, I can kind of understand why people keep on going for the "run desktop app as root" approach: it is a lot easier to do things the wrong way.
If you're building a graphical app that runs as root, it is quite easy to run the app from the build directory without installing it.
To go the privilege separation route, you're going to need to install at least the D-Bus policy files and Polkit action files. It could probably do with some more tutorial style documentation of current best practices here.
it's not like people are going to run GParted sandboxed otherwise. And it fundamentally needs access to your full disk, so not running as root is not going to buy you much security.
But yeah, you don't *have to* run it as root either, so why not run it as $USER.
that XKCD strip is fundamentally flawed: installing fake software running as an admin is how people get access to all those remote services without having to physically steal the laptop.
The problem is not running gparted (or whatever application): it's running everything, from settings to random (GTK) modules, as root without your knowledge or consent. You don't know what else has root access when you run a whole ass GUI application.
I've have bug reports for gdk-pixbuf being broken after the switch to sandboxed loaders because people run gparted as root and modify the environment to set themes and cursors from their user's home directory. This is the kind of insanity we allow, while going around sandboxing and hardening the underlying OS.
IIRC, udisks is pretty complicated to set up (and depends on polkit which can also be quite tricky). Consider that folks who need a GUI want something dead simple. Like “sudo gparted-daemon” and then “gparted-gui” on another terminal.
It also the kind of tool that is usually used quickly in some one-off scenario, not something for which one wants to dedicate lots of time setting up and configuring.
"depends on polkit" yeah, no shit. The privilege escalation flow is a solved problem if you use the tools that the OS provides you. "Something dead simple" is not a thing, unless you want to re-implement everything that already exists and is well integrated with the rest of the OS. In short: people don't want "dead simple" as in "I have to run two binaries"; they want something that works like everything else.
in short: yes, there's some complexity, usually already dealt with by the people developing the applications and integrating your OS. The complexity is not there for shits and giggles, and it's only visible if you're taking over from those two roles above. Some computer touchers enjoy doing the integrator's job, but that's not something that actual users have to care about.
people want “dead simple" and “want something that works like everything else”. That’s why they (try to) run gparted as root.
You can just create a socket for IPC, and use group membership to control permissions. Linux, BSD and any other Unix-like support this just fine.
Perhaps polkit+udisks has some technical advantage (compared to a socket) in some specific use case, but folks will always go for convenience. Especially the kind of folks who want a GUI.
an OpenBSD and Alpine user coming here and arguing for ease of use with handrolled IPC sockets instead of the proper privilege escalation API that is well integrated with desktop environments used by millions of people…
I've been hearing this argument for 10 years, specifically about GParted. What's the reason that the functionality you describe never got implemented? Or was it implemented, and people are just using it wrong?
@Corax42 it's a simple case of nobody putting in the work after the introduction of polkit in 2007; people worked around it with `sudo gparted` because they could.
I have an alarm in my phone called "Germantown." I have no idea why. It was probably a dictation error. But today I need to call someone from Germany at 9 AM, and as I was setting an alarm for it, I realized that "Germantown" is set for 9 AM. So I just turned it on instead of making a new one. Small things amuse me sometimes.
Please don't overwork yourself. If you feel exhausted, please take a break. Pease don't hesitate to call us via DECT 1023 at any time to sign out of a shift if you can't make it or feel uncomfortable for any reason.
While some people on our team are enjoying the opportunity of learning a lot more things about postgresql, in the meantime here's a rendered version of the map of the event as of the evening of December 24th:
how do you make these decisions around the repo, such as where to host it and what version control system to use? Is it a somewhat rational process or is it a decision from the guts?
its typically a discussion in the team and an attempt to sense what people in general would like and prefer, but ultimately also a good portion of gut feeling...
Můj zlozvyk číslo 1: V rámci úspory času a nachozených kroků jsem začal strategicky přemýšlet, co všechno můžu při jedné cestě z jedné místnosti do druhé udělat nebo vzít. Nejdřív mi to dávalo smysl, ale posléze jsem toto začal praktikovat i v práci, což se trochu začínalo zvrtávat. Typickým příkladem je vaření kafe ráno po příchodu do práce. Do toho si ještě nosím vodu z automatu a někdy i talíř na snídani. Kávovar je ráno potřeba zapnout, vyhodit logr, doplnit vodu. Někdy si během toho ještě strategicky odběhnu na záchod. I když jsem si všechno strategicky plánoval, pak jsem na jednotlivé podúkoly začal zapomínat. Výsledkem bylo, že když jsem se na stejnou trasu vrátil za 20 minut, viděl jsem nachystaný talíř k odnesení, uvařené kafe nebo někde na mě ještě číhala lžička. Cítil jsem se zoufale.
I think one of the wildest parts of the Epstein Files fiasco to me is billionaires are so different that they talk about the darkest most blackmailable secrets of the worlds elite in gmail when I am miserably embarrassed Google is retaining my everyday online cosplay purchase history to train AI.
Die #DB_Bahn sollte sich lieber mal fragen, wieso Menschen mit Rollstuhl 'verladen' werden müssen - wär sie nämlich #barrierefei gäbs das Problem nämlich nicht.
Mal abgesehen davon, dass Menschen mit Hilfebedarf aufgrund fehlender #Barrierefreiheit ja nicht mal spontan reisen können sondern sich vorher erstmal beim Mobilitätservice anmelden müssen.
Der nach meinem letzten Kenntnisstand eine kostenpflichtige Rufnummer hat.
Da fehlt manchmal ein wenig das Feingefühl. Eine ansonsten sehr nette und gut gelaunte Zugbegleiterin am letzten Samstag so "Bitte nutzen Sie die nächste Tür, ich MUSS hier eine Rollstuhlfahrerin rauslassen". Sie hätte zB auch sagen können "leider ist die Bahn immer noch nicht barrierefrei" oder ähnliches. Denn das Hindernis ist ja die Struktur, nicht die Menschen, die genau wie alle anderen einfach Zug fahren möchten.
manchmal? Ein bisschen? Vielleicht solltest du mal @HoernchenCecile folgen...
Und ja klar gibt's nette, freundliche & bemühte Mitarbeitende, das hab ich nicht in Frage gestellt. Die Tatsache, dass diese aber 2025 immer noch notwendig sind, taugt aber halt genauso wenig wie Menschen im Rollstuhl nur als 'Rollstuhl' zu bezeichnen.
Ist ja nicht das erste Mal, dass so eine Durchsage die Runde macht - allein der (mediale) Aufschrei fehlt - im Zug hat's ja auch niemanden interessiert
Die Bahn begründet oft Verspätung mit dem Einladen eines Rollstuhls oder - etwas besser formuliert trotzdem diskriminierend - wegen Unterstützung beim Ein- und Ausstieg.
ich wurde schon mal ausführlich per Lautsprecherdurchsage beschimpft. Bei einem Halt wartete der Mobilitätsservice, ich sagte aber ich wolle nicht aussteigen, ich wolle beim nächsten Halt aussteigen, wegen der Verspätung komme ich so schneller an mein Ziel.
Der Mobilitätsservice verhielt sich als sei es ein "Service" und ich war die böse die absagt. Obwohl es Grundrecht ist mitfahren zu können und den "Service" gibts nur wegen der Barrieren. Aber die Auseiunandersetzung ging hin und her es wurde dirskutiert weil die wollten dass ich da aussteige und nicht beim nächsten Halt und ich was so, ich entscheide selbst.
Dann der Knaller mit der Durchsage als der Zug weiter fuhr. Man habe Verspätung weil ein Rollstuhlfahrer (sic!) - immerhin nicht nur der Rollstuhl - sich geweigert habe ausszusteigen.
Dann kam die Schaffnerin persönlich zu mir um mir auch noch vor den Fahrgästen eine Lektion zu erteilen. Die Fahrgäste solidaridierten sich zum Glück (das ist nicht immer der Fall) mit mir und die Schaffnerin war sauer, ging aber weg.
You can't say you wrote code if you wrote it in C. All you did was write a prompt to a compiler, it did all the hard work of translating that prompt into a string of ones and zeros. Real programmers do that themselves instead of just accepting slow and buggy compiler-generated slop.
Do you know how much water you're wasting by running your LLVM-powered compiler at -o3? You'd be far better off just turning that code into assembly yourself.
Today is not the first time an agentic coding agent has unblocked me. It turns out that the Winlibs package currently ships a version of CMake using libcurl without a valid SSL cert. As such, trying to build anything that requires an HTTPS download will fail, while working everywhere else. This stumped both me and one of my most talented debugger friends yesterday, claude figured it out in 5 minutes this morning.
Ich habe die letzte Woche viel mit #Perplexity experimentiert. jetzt habe ich noch fast ein Jahr einen gratis Pro-Zugang und absolut keinen Bedarf daran. Es gab in der Zeit nur eine einzige Konversation, in der mir kein Fehler aufgefallen ist, der zu Fehlkäufen bzw. Fehlentscheidungen geführt hätte. Was das für die erstellung von Code bedeutet, mag ich mir ehrlich gesagt nicht ausmalen.
Es kann menschliche Sprache glaubwürdig nachbilden. Wenn es um korrekte Informationen geht, selbst im Mainstream, versagt diese Technologie krachend. Ja, vermutlich bleiben LLM. Aber dieser Hype und die Anwendungsfälle, die immer wieder skizziert werden, sind wirklich albern und gefährlich.
Heute: 13 km radeln mit der Flims (einer der vielen Ylvi-Spitznamen), dann Kamin, Kaffee und Kuchen zu Hause und gleich noch ne große Runde mit den Kleinis und dem Mann. Zu Hause isses halt doch am Schönsten. 😅
I did a quick unscientific comparison. AI generated drums and bass for a snippet of a cover version versus me hobbling through those parts with software instruments, playing from memory of hearing it recently.
I invested a similar amount of time in total to reach the second verse of the song. With the generative engine, I only started paying attention to time spent *after* figuring out enough of the horrible UI accessibility to be able to get anything done with it, so although that will inevitably cloud my judgment of whether I enjoyed the UX, it shouldn't impact the comparison of musicality/usefulness.
In both cases, the original song was playing for reference with its rhythm section removed. I've turned the original down pretty quiet in these examples, loud enough to be recognisable but hopefully balanced in a way that makes it easy to focus on the differences in drums and bass.
The generative engine had this prompt: "Follow the chords and dynamics of the reference track as closely as you can. I'd like a laid back feel, fingerstyle bass playing and a 70's style deadened drum sound".
This is as good as I could get from it after a bunch more prompts trying to help it hone in. 2/4
I played the drums and bass in this version on keys here, using software instruments, so a totally silent recording setup that I could make at 4AM with a sleeping partner in the same room. I'm not much of a keys player and I don't have absolute pitch or a good enough memory to recall parts note for note, hit for hit, this was just a gut instinct jam-along.
Drums were recorded in two passes, I played the kicks snares and toms first, then overdubbed hats and cymbals. In both cases I did some light tweaking of the MIDI to get a few stray velocities and timing gufties straightened out. 3/4
@KaraLG84 I thought it would be better. When I heard the first few notes of the bass track soloed my initial reaction was like "hey, that's a decent thumpy bass tone, it's playing the sort of pattern I'd expect and... oh..." then the rest happened lol.
Why are you using generative ai when you have focused so much of your time on making reaper accessible and do your own music? Also, now that you have uploaded music that you made to I am guessing suno or udio, now they have your music and can train there ai off of what you made. You basically just gave them free work and they don't have to pay you for your time and they can just steal your music so someone else can make money off of it.
@michaeljohann_ That wasn't my music, it was a cover of a hugely established band that will have already been scraped for training if that's how they're doing it. This was a quick experiment to see what generative AI provides in this context. As someone who teaches a lot of folks coming into making music for the first time it makes sense for me to be at least broadly informed about what's out there.
Fare enough as a musician I really don't like to see people using there own music for AI for the reasons I mentioned earlier I understand wanting to learn it to educate people about it. I just tell people to stay away from it and spend the time you would to use ai to learn a daw or an instrument. You will get better results and actually learn something rather then typing in prompts to a computer, but maybe I shouldn't be so harsh.
@michaeljohann_ I'm advising the same in a lot of cases. Thing is, there are an increasing amount of times when people don't listen to that advice, so, figure I may as well know what they'll find.
@chikim There wasn't any mixing. I did a small amount of tweaking of the starting presets in each instrument just so they sounded a bit closer to what I was imagining, nothing drastic enough to make or break whether they'd sound workable though. Then I turned the volume of the original down before I rendered, which wouldn't have been a necessary step at all outside of this comparison context. That's all. Do those choices need democratising? Who for?
@chikim In this case, they'd come away with a quick demo that didn't follow 4/4 timing or simple chords. I'm trying to think of who that's useful to, and I'm coming up empty.
@chikim Well sure, I understand what democratizing is and in many cases I'm in favour of it. TBH I can't really say I'm against it in this scenario either. It's more like... I dunno... I'm surprised that even as a barely function keys player and probably less than 5 minutes of tweaking sounds, I could throw together something that's more usable than this thing that some people are paying money for.
@chikim Last week I had a session helping someone remake a beat that was from Suno. I've heard plenty of examples now where the generative part coming first then humans doing their thing after/on it can turn out good. In part that's why I'm surprised this gave me such a shit result. I didn't think the order of events being flipped around would make the result so different.
@chikim This flow works for me. More than a few times I have heard an AI version of something and went "hey, that was fun, I bet it'd sound awesome with real people." The AI stole everything from us, we can steal it right back.
Was ich mir fürs nächste Jahr von Männern wünsche: Schweigt nicht bei sexistischem Verhalten anderer Männer. Schaut nicht betreten weg. Sagt etwas. Macht etwas. Das ist auch Eure Baustelle.
Wenn ihr Teil einer Gruppe seid, bei der sich jemand sexistisch verhält und ihr lasst es geschehen, weil: „Ist ja nicht meine Sache, muss er selbst wissen, usw…“, dann seid ihr aus Perspektive der Betroffenen nicht „Einer von den Guten, die aber nix sagen“ - ihr seid Teil des Problems.
**altbot v2.5 is out!**
fixed non-english support! switched to a two model setup: gemma3:1b handles translations while qwen3-vl does the image processing stuff. gemma3:1b is surprisingly good at translations for such a tiny model??
now running 23.
I am blind. Seeing people who think I'm not worth the effort fill my timeline with AltBot generated AI stuff that isn't even accurate in lots of cases.
Human alt text is always better, because it doesn´t focus on ocular seeing. Seeing people think, and AltBot was designed around that notion, that blind people must compensate for missing "eye-seeing", but that's not the case. I am interested in the meaning of an image to you, its maker or publisher.
Again, human alt text is better, also because it strengthens reciprocity between seeing and blind people. AltBot doesn't but it makes seeing people believe they have done their bit for accessibility. In actuality, the reverse is often true.
Lavrov: Západ musí chápat, že Rusko má na Ukrajině strategickou iniciativu
(ČTK)
https://www.ceskenoviny.cz/zpravy/lavrov-zapad-musi-chapat-ze-rusko-ma-na-ukrajine-strategickou-iniciativu/2765595
What's the good in having this apartment with it's fancy amenities (pool, barbecue) if nobody ever shows up to visit? They all said oh yeah we'll come see your place. Half of them haven't. Half of them aren't getting the fucking hint when I post on facebook. So I'm done.
Wanna swap? This is a once in a lifetime opportunity to live in a damp, cramped shit-tip that benefits from noisy neighbours in 3 directions and a wonderfully hassle-free existence by foregoing pools, barbecues or any attraction that might tempt people to visit. Act now to lock in the joys of blocked drains and a stink of sewage that can be experienced in the overgrown garden.
@Scott Awesome. We'll swap. You can have my crackhead parade, screaming children and barking dogs because people leave them home for most of the day, plus cafes and train tracks that are in bad need of work. Think we're getting good deals here haha.
@sapphireangel @Scott My place is positively utopian based on everything previously. I live in a Cul De Sac, we tend to hear trains every few minutes but they're not obnoxious, got our own back garden which is bigger than a postage stamp which, considering it's London has to be some kind of miracle, a real piano which I can play whenever and no neighbours complain. The downstairs toilet door handle needs changing but that's about it. lol
@FreakyFwoof @sapphireangel @Scott haha Knightly the piano, gotta love the sound of that thing. Here it's nice and quiet in Banesberie Close Banbury as it's mainly elderly that live here, the back garden's nice and straight and big, kept neat and tidy by Edward my carer and sometimes a gardener to help. No crack dens here. Nice and quiet.
@TomGrant91 @FreakyFwoof @Scott My apt is great for me. The porch is too small though, but I make do. The yard is often in need of mowing, but I get my peace and quiet. It is currently icy as hell though.
@sapphireangel @TomGrant91 @FreakyFwoof @Scott My flat is slightly noisy with traffic but am used to it now. Fairly hot especially in the summer but has a balcony and access to a well maintained shared outdoors space with children playing. Family want me to move to a larger place but right now don't think that's happening in London as I'm about a minute walk from the tube.
@andrew I haven't forgotten about going for that curry as well. I think we've found the cheapest place in London but with the very best food around. Went there in December with my mother in-law and sister in-law, along with Jake. For four people, three of us paid £38 each. Definitely not a bad run. Food was excellent, everybody came away very happy.
Best Indian Restaurant & Takeaway in Brent, London. Order authentic Indian food, covering Cricklewood, Dollis Hill, Willesden Green, Kensal Rise and nearby areas.
@FreakyFwoof Right its looking like Monday evening may be an issue now so preferably Friday or Saturday. I can also do Sunday evening but apreciate that may not be good as its a school night.
@andrew OK well we'll aim for a free Friday then, as there's no rush to get home for a particular time. Think it's probably easier. I mean I don't picture a midnight food run or anything but it does mean a bit of extra sleep next day after filling the belly.
The amount of discussions I have to hold because #Laravel devs don't want to write a read-only DTO somewhere, but instead add a dynamic property on some ActiveRecord contraption.
It's so exhausting, and it could be so simple, if it wasn't that the framework promotes terrifyingly bad software practices everywhere. #php
I took my final decision not to use Laravel unless absolutely needed (like paid for this) when I added lots of typehints, sent quite a large PR, and it was declined because "it's not needed at the moment". Then I said no, sorry not sorry. I like PHP's evolution, and writing in #PHP 5 style is something that doesn't inspire me.
The most interesting finding from using EVs in winter is not that they consume more energy (which they do), but that charging is really slow if you don't have battery preheating. Yesterday, I arrived at a 240 kW charger with 33% SoC, the outside temperature was 0°C, and the charging power was only 35 kW (the maximum charging power of the car is 118 kW). With this charging power, it would take 40 minutes to charge to 80% SoC. We don't mind too much because we primarily use the car as a city car and do 95% of our charging at home, but if you want to have an EV as your only car and drive long distances with it even in winter, definitely get one that has battery preheating.
Or plan a longer drive before the charging (ideally to arrive with lower state of charge). You can also warm up the battery by repeated acceleration and recuperation.
@ondra yes, you can improve it by this, but I drove 50km on highway speeding 120 km/h before charging, so it wasn't completely cold. I don't think you can get the battery to the ideal temperature range (25-30C) just by driving it when it's zero outside. I would definitely have gone down to a lower SoC if I could, but the next suitable charger was 50 km and I would arrive with like 5% SoC. While travelling with the family I rather play safe. And even with a lower SoC I don't think the charge power would go above 50 kW with a suboptimal battery temperature.
Wait, that's not standard? I was living under the wrong assumption that thermal control was one of the really intricate parts of EV battery packs and they're actively cooled & heated to keep them in the optimal temperature range
@Defolos thermal control which keeps it in safe range (operation/battery life) is standard, but not thermal control that keeps in the ideal temperature range although it's becoming standard with the newest EVs. We have a 2022 Audi Q4 e-tron and this model got preheating with the 2024 facelift. I wrote this as a warning that you may get a car with a large battery, but if it doesn't have preheating, it won't be a good car for long distances in winter.
@Defolos I have a car with battery preheating (Hyundai I5). But that's a Pyrrhic victory. It turns on automatically when it's freezing outside and the navigation system shows a charging station as the destination. But not when the destination is a square (where it's located). And it also turns on 30+ km before the destination. When I have a range of 40 km. So I wouldn't make it. God!!! A simple button would suffice.
@mirek @Defolos New Audi Q4 e-trons (2024 and later) have manual battery preheating. There isn't a button, but you can do it in the infotainment. It tells you how much energy it will consume and what charging boost it will provide, so you can make a decision if it's worth it.
For me the most annoying part is, that German cars only charge with this low rates. My company has an ID7 and when I first plugged it into an super charger of 400kw it was stuck at 156kwh, whilst the Smart 5 beside me used 350kwh. I thought I did something wrong and went to the other ID7 driver and asked him about it, he said 160kwh is max.
To be clear: ID7 is Germanys answer for long range business cars like Passat.
@tpheine Yeah, but at least it was close to its official maximum (170kW). It's a fairly reasonable charging rate given it's the 400V architecture. For a car that should be used for long distances I would go for the 800V architecture these days. E.g. Audi A6 e-tron isn't much more expensive than ID.7 and it can charge up to 280 kW. But VW has a strong position in enterprise fleets and IDs is usually all you can get. My sister is getting an ID.4 now.
Following the discourse in Germany on why Germans deny eCars, one issue is the long charging times for long distance travel. This comes from the enterprise fleets, which make up most of the new car sales of German cars.
And I never understood the discussion, until I used my companies ID7, which is Germany's top of the pops enterprise long range car, which needed 2x 30min stops for 500km.
4 people, wasting in total 4hrs paid by company. I understand companies.
@tpheine yes, it is still limiting, my brother-in-law drives to customers spread across the whole country and time is of essence. He says he still cannot afford an EV because of this, so he has a diesel Škoda Superb. I think this will be pretty much solved with the 800V architecture which is slowly getting into this segment. A good example of this is the new BMW iX3. Its drive range is over 500km even in winter, the maximum charging rate is 400 kW and can charge for 350km in 10 minutes. Once EVs with such parameters are more widespread, most of the opposition will disappear. It's already a completely different world than my 3-year-old Audi with 35kW charging in winter. 🙂
Ten paciencia cuando se confunde. No la apresures cuando tarda en recordar. No le quites valor a sus palabras cuando repite una historia que ya conoces. Porque antes que nada… sigue siendo tu madre. La misma que respondió tus preguntas una y otra vez sin cansancio. La que secó tus lágrimas, incluso cuando no había motivo. La que veló tu sueño cuando el cuerpo te ardía de fiebre y el mundo parecía demasiado grande para ti. Hoy sus pasos son más lentos, su memoria a veces se dispersa y su cuerpo se fatiga con facilidad. Pero su amor no ha cambiado. Ese amor sigue firme, atento, completo… como siempre lo fue. Hazla sentir importante. Hazle saber que su presencia cuenta, que su risa sigue teniendo lugar y que su vida no es una carga, sino un regalo. Abrázala sin prisa. Escúchala aunque repita. Quédate un poco más. Porque llegará un día en que ese lugar quedará vacío, y darías cualquier cosa por escucharla contar su historia una vez más. Ama hoy. Cuida hoy. Porque el amor que se posterga mañana pesa más de lo que imaginas. 🤍
The greatest piece of advice I was ever given was this: when you stop work for the day, never stop at a 'clean' break point; stop in the middle of something you can finish easily.
That way the next morning you're not confronted with a a dauntingly blank page or an empty function to write, but a half-finished one you can get back into without difficulty.
I can't remember who gave me that advice, but I've stuck to it dogmatically whenever I can.
¿EEUU ha atacando a otro país soberano al margen del derecho internacional? Supongo su ahora vendrán las sanciones de la Unión Europea y eso. rtve.es/noticias/20251229/trum…
A couple decades ago, I wrote a short paper that described how the basic approaches of cryptography and computer security lead to an efficient and practical privilege escalation attack against master-keyed mechanical locks, which I published in IEEE Security and Privacy (a nerdy computing technical journal).
Unexpectedly, my paper got some press attention. @jswatz_tx found it and wrote a short piece in the NY Times.
And then locksmiths freaked out. I mean completely lost it. They were very upset, not so much that a very common lock design had a basic security flaw, but that an "outsider" found it and had the poor moral character to make it public.
I started getting weird death threats. They doxed me ("let's see what kind of lock the bastard has on HIS house")
A trade publication called The National Locksmith ran monthly guest editorials in which prominent members of that profession were invited to denounce me. My favorite quote, from a locksmith named Billy Edwards, who had written a book on master keying, and who took my paper rather personally.
I should point out that master keying was about a century old at the time, and while the mechanical details weren't secret, locksmiths tended to regard the inner workings of locks as "restricted knowledge", rather like a medieval trade guild. I didn't understand this.
What took me by surprise was how different the physical security wold's attitude was compared with that of my community, where the ethics of discussion of vulnerabilities has long been essentially settled in favor of openness.
Essentially, their argument was that this would be a huge pain and expense to fix, and so we are all better off just keeping it on the down low. And that kind of worked, for about a hundred years, until more open communities - like computer security research - started looking seriously at locks (as both metaphors and as interesting mechanisms in their own right).
I see their point, even if I personally reject it. But in the age of the Internet, you just can't keep this kind of stuff secret.
Anyway, my intent in looking at locks and publishing my paper wasn't to disrupt the lock industry. I believed, as I still do, that mechanical locks and physical security have quite a bit to teach computing, but also that the abstract techniques of cryptography and computer security can illuminate weaknesses that are hard to see when looking at systems in strictly mechanical terms.
My attack is intuitive and obvious to cryptographers, but rather subtle without our field's tools.
I never did reach a truce with the locksmiths. A couple years later, I met Billy Edwards, the author of that editorial denouncing me, at a trade show, and when he learned who I was he refused to shake my hand and asked me to leave him alone.
I wish he had seen things differently, but I can respect that he was coming from a place of genuine concern, even if I think his approach was wrong.
To this day, I worry that I'm pretty screwed if I get locked out of my house.
NB: While I never intended to piss off locksmiths with my master keying paper, I did write a followup a couple years later about safes and safecracking, partly out of spite.
TL;dr: We can learn a lot from safes and safe locks, and the frameworks of cryptography and computer security are applicable there, too. The fact that our learning about this subject makes people in that industry upset is just a bonus.
I wrote that paper after I had moved from AT&T Labs to U. Penn. The Penn locksmith went totally apoplectic, and wrote regular angry letters to the dean and to the head of campus security warning about what an irresponsible, dangerous menace I am. But for whatever reason, his efforts were unsuccessful in getting me fired; the administration just forwarded me his letters, which I taped to the door of my office.
It occurs to me that people outside the security field might find it odd that we openly publish stuff like this. Why help people who might use the knowledge to do bad things?
There are a number of reasons. The first is that only through open discussion are we able to identify and fix problems. Another, which is what motivated my work, is educational: you can't learn to defend systems unless you understand how they are attacked.
So while openly publishing offensive security techniques might indeed help criminals, that harm is outweighed by significant benefits. Every properly trained computer science student should understand how to exploit vulnerabilities. Because the attackers DEFINITELY understand it.
What accessible E-Mail client do we use for iOS these days? Heard that the official has some notification issues with generic smtp accounts and the design isn't super awesome either.
O gosh, I threw Gemini-cli on my /etc/cloud.cfg on a Raspberry OS install. It totally fried the file such as the only remaining contents in it was the “$content” phrase. Not very nice! Luckily, dpkg came to a rescue and allowed me to restore the file.
New update to Audio Invaders! I tweaked the Runner enemy to be easier to hear, not lightning fast when you first start encountering it, and it now has a progressive rumble as it gets closer to the ground. High scores now save properly again, and you can now Pause the game and toggle Verbosity options on the fly! marconius.com/fun/audioInvader…
a bunch of weirdos on youtube are very mad and scared about the price of silver i guess?? like I don't know anyone who owns enough silver to give a shit
![...It [Blaze’s master keying paper] shouldnt have been
published, because the only people it will educate are the
dishonest who will use it to compromise security.
Locksmiths dont have to be surreptitious ...
... No, we can t call him a moron because he is obviously
intelligent, after all he did grasp the concepts of master
keying. We can however, see that he is an inexperienced
amateur when it comes to physical security. In his
computerized world it is a simple thing to fix a security
problem, you just load new software...
— from a guest editorial denouncing me in The National Locksmith (June
2003)](https://fedi.ml/photo/preview/640/742748 "...It [Blaze’s master keying paper] shouldnt have been
published, because the only people it will educate are the
dishonest who will use it to compromise security.
Locksmiths dont have to be surreptitious ...
... No, we can t call him a moron because he is obviously
intelligent, after all he did grasp the concepts of master
keying. We can however, see that he is an inexperienced
amateur when it comes to physical security. In his
computerized world it is a simple thing to fix a security
problem, you just load new software...
— from a guest editorial denouncing me in The National Locksmith (June
2003)")
Simon Crowe
in reply to Emmanuele Bassi • • •Emmanuele Bassi
in reply to Simon Crowe • • •Simon Crowe
in reply to Emmanuele Bassi • • •Sheogorath
in reply to Emmanuele Bassi • • •Emmanuele Bassi
in reply to Sheogorath • • •Doug Webb
in reply to Emmanuele Bassi • • •Emmanuele Bassi
in reply to Doug Webb • • •Emmanuele Bassi
in reply to Emmanuele Bassi • • •Running a whole GUI as root, with a ton of unaudited code running in the same process and that brings in more code across IPC barriers, and has the tendency to poke at random environment variables, mmap random files, and read/write configuration.
What could possibly go wrong.
Emmanuele Bassi
in reply to Emmanuele Bassi • • •Emmanuele Bassi
in reply to Emmanuele Bassi • • •Been writing the same thing in various issue trackers and forums for nearly 10 years: bugzilla.gnome.org/show_bug.cg…
Even the gparted devs know about it: gitlab.gnome.org/GNOME/gparted…
GParted should have a privileged DBUS backend (#26) · Issues · GNOME / gparted · GitLab
GitLabDrew 🐘
in reply to Emmanuele Bassi • • •James Henstridge
in reply to Emmanuele Bassi • • •While privilege separation is obviously the right choice, I can kind of understand why people keep on going for the "run desktop app as root" approach: it is a lot easier to do things the wrong way.
If you're building a graphical app that runs as root, it is quite easy to run the app from the build directory without installing it.
To go the privilege separation route, you're going to need to install at least the D-Bus policy files and Polkit action files. It could probably do with some more tutorial style documentation of current best practices here.
Ivan Molodetskikh
in reply to Emmanuele Bassi • • •Sergey Bugaev
in reply to Emmanuele Bassi • • •m.xkcd.com/1200/
it's not like people are going to run GParted sandboxed otherwise. And it fundamentally needs access to your full disk, so not running as root is not going to buy you much security.
But yeah, you don't *have to* run it as root either, so why not run it as $USER.
xkcd: Authorization
m.xkcd.comEmmanuele Bassi
in reply to Sergey Bugaev • • •that XKCD strip is fundamentally flawed: installing fake software running as an admin is how people get access to all those remote services without having to physically steal the laptop.
The problem is not running gparted (or whatever application): it's running everything, from settings to random (GTK) modules, as root without your knowledge or consent. You don't know what else has root access when you run a whole ass GUI application.
Emmanuele Bassi
in reply to Emmanuele Bassi • • •Hugo 雨果
in reply to Emmanuele Bassi • • •is there some sort of privilege-separated GUI that folk can use instead?
I tend to use a cli, but I can definitely understand how some folk feel far more comfortable running a GUI.
Emmanuele Bassi
in reply to Hugo 雨果 • • •Hugo 雨果
in reply to Emmanuele Bassi • • •IIRC, udisks is pretty complicated to set up (and depends on polkit which can also be quite tricky). Consider that folks who need a GUI want something dead simple. Like “sudo gparted-daemon” and then “gparted-gui” on another terminal.
It also the kind of tool that is usually used quickly in some one-off scenario, not something for which one wants to dedicate lots of time setting up and configuring.
Emmanuele Bassi
in reply to Hugo 雨果 • • •Emmanuele Bassi
in reply to Emmanuele Bassi • • •Hugo 雨果
in reply to Emmanuele Bassi • • •people want “dead simple" and “want something that works like everything else”. That’s why they (try to) run gparted as root.
You can just create a socket for IPC, and use group membership to control permissions. Linux, BSD and any other Unix-like support this just fine.
Perhaps polkit+udisks has some technical advantage (compared to a socket) in some specific use case, but folks will always go for convenience. Especially the kind of folks who want a GUI.
Emmanuele Bassi
in reply to Hugo 雨果 • • •Emmanuele Bassi
in reply to Emmanuele Bassi • • •Hugo 雨果
in reply to Emmanuele Bassi • • •stating that what I said is incorrect contributes nothing to a discussion. If you believe that a statement is incorrect, please elaborate on that.
And please refrain for insults, this has so far been a civil conversions. I have not disrespected you in any way.
Corax
in reply to Emmanuele Bassi • • •Emmanuele Bassi
in reply to Corax • • •