Random News not worthy of own thread

[Vertigo 7]

I mean some American police officers are taught, that if you kill someone you have the best sex in your life afterwards and that having this post killing sex is one of the "perks that come with job".

Sounds crazy, I know, so here is the video of it being taught to them.

Am I the only one who finds that insane?

No. That's the same guy that police departments have been hiring to come train their cops to be killers. It's been going on for years.

[BaronVerde]

Open Source works just fine !

Linux kernel maintainers have permantly locket out University of Minnesota from Linux kernel development because they have repeatedly tried to inject faulty patches into the kernel, for "research prpose" and as "tests" but without informing those responsible.

https://www.zdnet.com/article/greg-kroa ... y-patches/

The maintainer wrote:

All contributions by this group of people need to be reverted, if they
have not been done so already, as what they are doing is intentional
malicious behavior and is not acceptable and totally unethical.

from: https://lore.kernel.org/linux-nfs/YH+7Z ... kroah.com/

Those derps apparemntly tried to do a paper:
https://github.com/QiushiWu/QiushiWu.gi ... curity.pdf
without sticking to sciency behaviour and honest work.

But that's not all. After that, and after being reminded to stick the rules they tried it again, and that's when the kernel maintainers had enough.

Others seem to agree (from the above first link):

The problem is that Prof. Lu and his team seem to be unrepentant, and has some very... skewed... ideas over what is considered ethical, and acceptable behavior vis-a-vis the Kernel development community. The fact that the UMN IRB [Institutional Review Board] team believes that what Prof. Lu is doing isn't considered in scope for human experimentation means that there isn't any kind of institutional controls at UMN for this sort of behavior -- which is why a University-wide Ban may be the only right answer, unfortunately.

And thus it came.

-----------
What should I say ? Open Source works just fine, doesn't it ?

[pjknibbs]

I'm not sure if you're being sarcastic or not here? The fact that this was spotted and corrected quite quickly is open source working exactly how it's meant to.

[BaronVerde]

Ok, I should have said "the Linux kernel" instead, because of it's review and maintenance process.

But that's only a side note. May main point was the insolence, somewhere between ignorance and criminal energy the University of Minnesota team and their internal review board exhibited in the process, even after being detected and reminded to stop it.

There were already gleeful remarks by google and companies who make money with security software going in the direction "imagine what's all under the radar and never detected so use our products to 'protect' your system". That's how it gows these days, snake oil everywhere.

[Vertigo 7]

Ehh, not sure what you're getting at. Google isn't known for security software, if they even sell any? Nor would anyone be wise to trust them with security, even if they did.

If anything, this event proves open source is just as vulnerable to malicious actors as closed source is. Besides, you'll be unlikely to convince enterprise network directors to opt for 3rd party support from a forum vs a contractual service agreement.

[BaronVerde]

@Vertigo7: I am getting at a group was thrown out of kernel development because of dishonest behaviour. Which I find noteworthy, even cool

[Vertigo 7]

You think MS or Apple or anyone else wouldn't fire any of their developers that get caught sneaking in bad code into their products? I don't really see much distinction or reason to credit that action beyond an acknowledgement of that being the expectation. And I still fail to see how having source code available for everyone to see makes something more secure than something that isn't available to the public.

I don't really care what vulnerabilities existed in a now 18 years old and out of service commercial OS. Windows has evolved and been patched as has Linux, OSX, Unix, on and on. You can preach open source all day long, but the corporate world runs on Windows. If open source platforms provided that much more security and stability, that wouldn't be the case and you would have 3rd party developers falling over themselves to write their products for the opensource platforms instead of Windows.

I won't deny that open source things have their niche uses. Linux makes a great base for a firewall appliance, as a for instance. But I'd never replace my desktop OS with Linux. There may be some open source equivalencies that I could source to replace my day to day uses, but I find those EU experiences lack luster, to say the least, and lacking in features offered by commercial applications. Not to mention driver support for my hardware is often DIY - no thanks.

Maybe things will change, one day. But, some folks have been saying open source is the way to go for nearly 2 decades and doesn't seem like it's making much headway beyond the hobbyist crowd.

[Chips]

And I still fail to see how having source code available for everyone to see makes something more secure than something that isn't available to the public.

Seriously? Out of interest, are you involved in software dev/engineering/coding etc? I can understand there are arguments for/against, but just straight up "I can't see how it could possibly be..." is odd unless I assume you're not in that particular field.

I don't really care what vulnerabilities existed in a now 18 years old and out of service commercial OS. Windows has evolved and been patched as has Linux, OSX, Unix, on and on. You can preach open source all day long, but the corporate world runs on Windows. If open source platforms provided that much more security and stability, that wouldn't be the case and you would have 3rd party developers falling over themselves to write their products for the opensource platforms instead of Windows.

I'm a bit baffled.

I won't deny that open source things have their niche uses. Linux makes a great base for a firewall appliance, as a for instance. But I'd never replace my desktop OS with Linux. There may be some open source equivalencies that I could source to replace my day to day uses, but I find those EU experiences lack luster, to say the least, and lacking in features offered by commercial applications. Not to mention driver support for my hardware is often DIY - no thanks.

Maybe things will change, one day. But, some folks have been saying open source is the way to go for nearly 2 decades and doesn't seem like it's making much headway beyond the hobbyist crowd.

Are you just an end user (as in home user) in this instance?

So I'll elaborate rather than leaving this a short series of questions without the reason being clear! but here's a wiki page for starters:

https://www.techrepublic.com/article/wh ... evolution/


So the reason for the questions - and arguments for / against (non exhaustive). Open source - you can view the source code, compile/build it yourself. You can branch and create additions to it to make it more specific. As expected. But the code can be checked / verified to ensure it does what it should without any unexpected/undeclared side effects if you so determine to do so. It can be checked/verified that it doesn't have any glaring bugs, and/or analysed for vulnerabilities etc. So security is a factor. Indeed, it's listed on the wiki page.

Closed source, you have to implicitly trust the vendor (do you?) and trust that their developers are capable - and this isn't about bugs, but vulnerabilities.

Even the mighty Apple has many a vulnerability disclosed by third parties - but until they are disclosed, they're precisely that. Vulnerabilities that may be exploited. Apple weren't aware. They'd produced the code with the vulnerability/bug and had zero awareness it was there. Some go unknown to Apple for years, some are declared to Apple and just not fixed (until various people published them and suddenly Apple fixed it). Those bugs/vulnerabilities can and are exploited before they're notified to Apple.

The same could be said of open source of course - you can literally read the code to try and find where something may not quite behave as expected in certain circumstances. The hope is that obviously the community will check/find and fix.

Note, this isn't "It's more secure...", just saying you're able to look (as are others), verify, trust, etc.


I didn't see where the 18 year old out of service commercial OS came from I must admit, but the corporate world runs on Windows is definitely a questionable statement - but it depends upon your definition of corporate world of course. I'll just say I've never developed/deployed/run any software/services on Windows. The end user who utilises the service may indeed be accessing via a Windows machine, but it isn't a requirement. People may sit at windows machines, but the servers and services run upon them never had windows anywhere near them.

I think there's more open source used by businesses, relied upon by business than you may realise - but without knowing your background you may be entirely aware and just consider Open Source to still be in its infancy.

e.g. Google and MS are the biggest (or were) contributors to open source. Two Google examples? Android and Chromium.

[jlehtone]

You think MS or Apple or anyone else wouldn't fire any of their developers that get caught sneaking in bad code into their products?

They will. The only difference is that person looking fo a new job might be able keep the reason why "they left" secret, while public ban is public.

I still fail to see how having source code available for everyone to see makes something more secure than something that isn't available to the public.

It isn't. The "more eyes on the code" has diminishing returns, and all eyes do not peruse all code. Scary recent example, the "sudo" had a hole for almost a decade.

You can preach open source all day long, but the corporate world runs on Windows. If open source platforms provided that much more security and stability, that wouldn't be the case and you would have 3rd party developers falling over themselves to write their products for the opensource platforms instead of Windows.

VHS vs betamax. Even if open source had valid alternatives for everything, reschooling users would still remain huge "unnecessary" cost. "Cheaper to Keep Her"

RMS started preaching open source almost four decades ago.

[BaronVerde]

Oh dear, what have I done

I deleted two points from my last post because of fear they might turn out to be devisive: that was google's suid sandbox and the disclosure of parts of windows xp code on the web a few years ago (Edit, last year actually, tempus fugit). I did it too late and it seems that offended people, sorry 'bout that. Watch your back out there, guys

[Vertigo 7]

And I still fail to see how having source code available for everyone to see makes something more secure than something that isn't available to the public.

Seriously? Out of interest, are you involved in software dev/engineering/coding etc? I can understand there are arguments for/against, but just straight up "I can't see how it could possibly be..." is odd unless I assume you're not in that particular field.

Not directly. Though I do work with those that are. The point I was trying to make, though, is that whether source code is under lock and key or available to the public doesn't mean one has flaws and the other doesn't. Linux has been open source since it's inception. It's had it's share of CVEs too.

I don't really care what vulnerabilities existed in a now 18 years old and out of service commercial OS. Windows has evolved and been patched as has Linux, OSX, Unix, on and on. You can preach open source all day long, but the corporate world runs on Windows. If open source platforms provided that much more security and stability, that wouldn't be the case and you would have 3rd party developers falling over themselves to write their products for the opensource platforms instead of Windows.

I'm a bit baffled.

Yeah, I can see why you would be. Missing some context. There was more to dude's post that was likely edited and removed before mine was submitted. Comments along the lines of source code for Windows XP being made public and ensuing predictions of doom.

I won't deny that open source things have their niche uses. Linux makes a great base for a firewall appliance, as a for instance. But I'd never replace my desktop OS with Linux. There may be some open source equivalencies that I could source to replace my day to day uses, but I find those EU experiences lack luster, to say the least, and lacking in features offered by commercial applications. Not to mention driver support for my hardware is often DIY - no thanks.

Maybe things will change, one day. But, some folks have been saying open source is the way to go for nearly 2 decades and doesn't seem like it's making much headway beyond the hobbyist crowd.

Are you just an end user (as in home user) in this instance?

Nope. I admin a bunch of servers, the majority of them are Windows, and provide end user support for specific things.

You think MS or Apple or anyone else wouldn't fire any of their developers that get caught sneaking in bad code into their products?

They will. The only difference is that person looking fo a new job might be able keep the reason why "they left" secret, while public ban is public.

Maybe... but depending on the severity, the person could also be facing lawsuits and possibly criminal charges related to espionage. It's all circumstantial.

I still fail to see how having source code available for everyone to see makes something more secure than something that isn't available to the public.

It isn't. The "more eyes on the code" has diminishing returns, and all eyes do not peruse all code. Scary recent example, the "sudo" had a hole for almost a decade.

You can preach open source all day long, but the corporate world runs on Windows. If open source platforms provided that much more security and stability, that wouldn't be the case and you would have 3rd party developers falling over themselves to write their products for the opensource platforms instead of Windows.

VHS vs betamax. Even if open source had valid alternatives for everything, reschooling users would still remain huge "unnecessary" cost. "Cheaper to Keep Her"

RMS started preaching open source almost four decades ago.

True, but I look at Apple, for instance. They've been hard and heavy after k-12 schools since I was a kid. And what'd they do here in the last few years? They stopped producing servers. Outside of graphic design, they have almost no presence in the corporate world despite all of the Mac fans saying how great and wonderful their Macs are. We even have a handful of them deployed to end users, mostly doctors that want to carry around their Macbook as a status symbol, but anyone needing to do more than check their email or tool around on the web for work, they don't make the cut, mostly because there's so little 3rd party support and they can't run the applications needed.

Oh dear, what have I done

I deleted two points from my last post because of fear they might turn out to be devisive: that was google's suid sandbox and the disclosure of parts of windows xp code on the web a few years ago. I did it too late and it seems that offended people, sorry 'bout that. Watch your back out there, guys

Not offended, fyi. Just giving my view.

I freely admit, I use some opensource things. There are some rather clever utilities I use to give me a better picture of certain situations that are open source and I run a TrueNAS server that I have integrated with my AD lab. But my desktop is and will most likely forever be Windows and the majority of my software is not opensource. I can't see that changing here or at work any time soon.

[Chips]

I realise I just posed questions without adding in anything more - so I was editing it in post-posting. It's revised with extras.

I'm surprised you don't think Open Source is gaining prevalence in the world - whether corporate or otherwise. It's debatable whether it's leading as it'd take too long to dig up endless figures to prove it is, however its farcical to claim it's hobbyist.

[red assassin]

You think MS or Apple or anyone else wouldn't fire any of their developers that get caught sneaking in bad code into their products? I don't really see much distinction or reason to credit that action beyond an acknowledgement of that being the expectation. And I still fail to see how having source code available for everyone to see makes something more secure than something that isn't available to the public.

I don't really care what vulnerabilities existed in a now 18 years old and out of service commercial OS. Windows has evolved and been patched as has Linux, OSX, Unix, on and on. You can preach open source all day long, but the corporate world runs on Windows. If open source platforms provided that much more security and stability, that wouldn't be the case and you would have 3rd party developers falling over themselves to write their products for the opensource platforms instead of Windows.

I won't deny that open source things have their niche uses. Linux makes a great base for a firewall appliance, as a for instance. But I'd never replace my desktop OS with Linux. There may be some open source equivalencies that I could source to replace my day to day uses, but I find those EU experiences lack luster, to say the least, and lacking in features offered by commercial applications. Not to mention driver support for my hardware is often DIY - no thanks.

Maybe things will change, one day. But, some folks have been saying open source is the way to go for nearly 2 decades and doesn't seem like it's making much headway beyond the hobbyist crowd.

I think this is a baffling take for a security professional. For the record, there are obvious advantages and disadvantages of both models as far as security goes, and I don't think either is obviously correct. The problem with open source software is the bystander effect where everybody assumes that everybody else is checking the code they're using. The solution to this is the large corporate interests that rely on open source code ponying up and investing properly in it. The problem with closed source software is that it's difficult to perform security research and validate the security claims of the vendors, which means that only very large and well-resourced groups know about security vulnerabilities in said software. The solution to this is bug bounty programs and deliberately enabling - rather than fighting - security research.

This is not an argument that Microsoft aren't a major player, because they clearly are. But the idea that open source is "niche" is simply wrong. Some examples: Firstly, what's the most popular operating system in the world? If you said "Windows", nil points: it's Android, which is open source (though typically shipped with some proprietary components). In the corporate world, Windows is certainly dominant for desktop systems, but the picture is much muddier for the overall market. Windows ships more server OSes by unit than any commercial Linux vendor, but not by that much: MS take about 50% of the market, to Red Hat's 33%. But this doesn't count people who aren't paying for support contracts for open source software. In AWS, the world's largest cloud by a large margin, Linux accounts for about 90% of the market, while even on MS's own cloud Azure, Linux market share is over 50%. Windows accounts for about 25% of web servers. Meanwhile, networking hardware like routers are mostly Linux based these days, with vendors like Cisco moving from their own OS to proprietary components on Linux. It's also notable that most interaction with computers is now via a web browser (whether visibly or with something like Electron), and there are no major closed source web browsers left: with the death of EdgeHTML, they're all open source with, at most, a bit of closed source code for the UI. Also, the rapid growth of IoT things and computer control of nearly everything is another avenue: mostly these run Linux or one of a selection of RTOSes, of which some are proprietary and some are open source, with vendor code on top. This "some proprietary bits, but the bulk of the code, including the core components, is open source" model is now incredibly common.

[Vertigo 7]

You think MS or Apple or anyone else wouldn't fire any of their developers that get caught sneaking in bad code into their products? I don't really see much distinction or reason to credit that action beyond an acknowledgement of that being the expectation. And I still fail to see how having source code available for everyone to see makes something more secure than something that isn't available to the public.

I don't really care what vulnerabilities existed in a now 18 years old and out of service commercial OS. Windows has evolved and been patched as has Linux, OSX, Unix, on and on. You can preach open source all day long, but the corporate world runs on Windows. If open source platforms provided that much more security and stability, that wouldn't be the case and you would have 3rd party developers falling over themselves to write their products for the opensource platforms instead of Windows.

I won't deny that open source things have their niche uses. Linux makes a great base for a firewall appliance, as a for instance. But I'd never replace my desktop OS with Linux. There may be some open source equivalencies that I could source to replace my day to day uses, but I find those EU experiences lack luster, to say the least, and lacking in features offered by commercial applications. Not to mention driver support for my hardware is often DIY - no thanks.

Maybe things will change, one day. But, some folks have been saying open source is the way to go for nearly 2 decades and doesn't seem like it's making much headway beyond the hobbyist crowd.

I think this is a baffling take for a security professional. For the record, there are obvious advantages and disadvantages of both models as far as security goes, and I don't think either is obviously correct. The problem with open source software is the bystander effect where everybody assumes that everybody else is checking the code they're using. The solution to this is the large corporate interests that rely on open source code ponying up and investing properly in it. The problem with closed source software is that it's difficult to perform security research and validate the security claims of the vendors, which means that only very large and well-resourced groups know about security vulnerabilities in said software. The solution to this is bug bounty programs and deliberately enabling - rather than fighting - security research.

This is not an argument that Microsoft aren't a major player, because they clearly are. But the idea that open source is "niche" is simply wrong. Some examples: Firstly, what's the most popular operating system in the world? If you said "Windows", nil points: it's Android, which is open source (though typically shipped with some proprietary components). In the corporate world, Windows is certainly dominant for desktop systems, but the picture is much muddier for the overall market. Windows ships more server OSes by unit than any commercial Linux vendor, but not by that much: MS take about 50% of the market, to Red Hat's 33%. But this doesn't count people who aren't paying for support contracts for open source software. In AWS, the world's largest cloud by a large margin, Linux accounts for about 90% of the market, while even on MS's own cloud Azure, Linux market share is over 50%. Windows accounts for about 25% of web servers. Meanwhile, networking hardware like routers are mostly Linux based these days, with vendors like Cisco moving from their own OS to proprietary components on Linux. It's also notable that most interaction with computers is now via a web browser (whether visibly or with something like Electron), and there are no major closed source web browsers left: with the death of EdgeHTML, they're all open source with, at most, a bit of closed source code for the UI. Also, the rapid growth of IoT things and computer control of nearly everything is another avenue: mostly these run Linux or one of a selection of RTOSes, of which some are proprietary and some are open source, with vendor code on top. This "some proprietary bits, but the bulk of the code, including the core components, is open source" model is now incredibly common.

How's that baffling? You just pretty much said the same things I did, just more wordy. I already said opensource platforms have their niche uses, like Linux on firewalls. I guess I should have used more examples like Android cell phones or IOT devices that clearly have to run some kind of OS. Sorry... I'll detail out other use cases in the future if I can be bothered to do so.

And for the record, among desktops, Windows has 75% of the market share as of March, 2021, with OSX being the next at 16% https://gs.statcounter.com/os-market-sh ... /worldwide. It's hardly surprising that Android phones, when all sources are considered, currently have the lead when the Android phones are super cheap or it's installed on a Smart TV (Sony). It's also no surprise that the Android OS has been a frequent target of attacks, despite all of the opensourceness. <-- see my point, "And I still fail to see how having source code available for everyone to see makes something more secure than something that isn't available to the public."

Interesting tidbit, things switch up in the US, and Windows and IOS are neck and neck in overall market share and Android is trailing behind.

Point being, that while Linux may have its place in appliances, which I said, it ain't sitting on desktops. And for something like Windows that has limited portability beyond a laptop or tablet for it to still maintain such a high market share when considering cellphones and IoT devices, that says quite a bit.

I'm not making arguments for or against opensource. I do have arguments for closed source stuff, if for no other reason than vendor and 3rd party support.

[red assassin]

How's that baffling? You just pretty much said the same things I did, just more wordy. I already said opensource platforms have their niche uses, like Linux on firewalls. I guess I should have used more examples like Android cell phones or IOT devices that clearly have to run some kind of OS. Sorry... I'll detail out other use cases in the future if I can be bothered to do so.

And for the record, among desktops, Windows has 75% of the market share as of March, 2021, with OSX being the next at 16% https://gs.statcounter.com/os-market-sh ... /worldwide. It's hardly surprising that Android phones, when all sources are considered, currently have the lead when the Android phones are super cheap or it's installed on a Smart TV (Sony). It's also no surprise that the Android OS has been a frequent target of attacks, despite all of the opensourceness. <-- see my point, "And I still fail to see how having source code available for everyone to see makes something more secure than something that isn't available to the public."

Interesting tidbit, things switch up in the US, and Windows and IOS are neck and neck in overall market share and Android is trailing behind.

Point being, that while Linux may have its place in appliances, which I said, it ain't sitting on desktops. And for something like Windows that has limited portability beyond a laptop or tablet for it to still maintain such a high market share when considering cellphones and IoT devices, that says quite a bit.

I'm not making arguments for or against opensource. I do have arguments for closed source stuff, if for no other reason than vendor and 3rd party support.

You described open source software - the paradigm which is anywhere from neck-and-neck to absolutely dominant in literally every operating system market except desktop computing - as "niche" and "doesn't seem like it's making much headway beyond the hobbyist crowd". That's what I find baffling. If anything, desktop computing is the niche at this point.

Also, re vendor support, that's literally what companies like Red Hat and Canonical do for open source software in the corporate world. As I pointed out, Red Hat alone isn't far off MS' market share for servers.

[jlehtone]

If anything, desktop computing is the niche at this point.

Yes, a feasible scenario is that desktop will vanish and die completely rather than Linux take over.

[Tracker001]

Or is it ?
C.S. Lewis: My Life's Journey
Length ~ 1:30:-- https://www.youtube.com/watch?v=96uT-BvRi-k

[BaronVerde]

Africa's so far oldest burial has been unburied. It dates to ~78,000 BP, a ~3 year old modern human child. Other intentional burials in Europe and Asia data back 120,000 BP, modern humans and Neandertals.

Paper:
https://www.nature.com/articles/s41586-021-03457-8

Pop science:
https://www.nature.com/articles/d41586-021-00805-6
https://www.sciencemag.org/news/2021/05 ... -years-ago

Method of dating:
https://en.wikipedia.org/wiki/Luminescence_dating

Burial rites are seen as part of what's somewhat generically called modern behavior, or behavioral modernity (attention, the wikipedia article is outdated), though the term should be used with caution because it carries some implications. Is currently thought that it gradually and variably arose between 800,000 and 40,000 before now, across different human species. Artwork like paintings and carvings, personal adornement, composite tools, advanced stone tool technology and burial rites are among the indicators.

[CBJ]

Until before, no intentional burial hac been found in Africa...

This news article doesn't give much info about it, but it does suggest there is another:

https://www.bbc.co.uk/news/science-environment-56986457

[BaronVerde]

Yep, Border Cave: https://www.sciencedirect.com/science/a ... via%3Dihub
as well as Taramsa Hill in Egypt. I have corrected my post.

Edit: other sites with 'earliest personal adornement' in and around Africa, partly discussed, are for instance and incompletely listed without any order: Forbes Quarry in Gibraltar (Neandertal), Shkul in the Levant (modern humans and Neandertals), and a site in Morocco whose name I forgot.