This isn't a big deal for the vast majority of Linux use-cases. Where something like this becomes a problem is kisok-like machines and certain "secure" environments.

For example, a certain US state's lottery machines, which run Linux. The machine has a list of USB device ID's it will accept, it's on a VPN, locked case, locked BIOS. All-in-all, pretty secure against tampering. However, the USB protection only goes so far because it's possible to craft a USB device which sends a fake ID.

That said, even if someone could plug a keyboard into such a machine very little can be done because of the BIOS and bootloader password protection. However, a bug like this would suddenly be a potentially huge problem.

I'm tired of people making bugs like this sound like earth shattering problems. At the same time there are a minority of situations where this type of thing is potentially a big issue. That said, we can't ignore stuff like this.

From my understanding Windows is actually deleting partitions in this case, not just overwriting the bootloader. Not the same thing at all.

If we want to talk about attack surface Flash is a bit of an issue. Individual browsers these days have issues more often than Flash, as you've pointed out. However, the install base of Flash is greater than that of any individual browser. Therefore, a problem with Flash is a big fucking deal, as it effects many more people than say, a problem in Firefox. Adobe should handle the EOL of Flash more responsibly, by either presenting a framework for transition or open sourcing Flash so somebody else can do it. As it stands, Adobe is the only entity able to fix a bug found in Flash and all tools for converting Flash content to modern standards (AFIAK) are based on a black-box understanding of how Flash works.

There was also this incident in May, where a 27 year old stole a plane and was talked down by air traffic control. If the security we have in place can't stop random incidents like the kid you mention or this guy in Vegas, what is it supposed to stop? I don't think it really has anything to do with terrorism, let alone the greater good.

This plan is a good one. To curb your concerns you could follow this plan:

1. 1) Allow users to login to unblock sites on an as-needed basis. Keep the process simple so workflow isn't encumbered.
2. 2) Keep a log of every time a user logs in to request access. Possibly keep a log of what sites users are visiting with this access, but do not log the traffic. Just the sites.
3. 3) Pair this log with your issue tracking system and possibly employee performance reviews.

If an employee's support tickets seem to be linked to the sites they are requesting, the employee can be approached and possible restrictions can be put in place if the problem isn't solved with a conversation. The same goes for browsing habits that might be linked to downturns in performance.

This way, you are allowing your employees/users their freedom to browse/work, and only restricting the people who keep presenting problems.

A little OT, but I think modifying Gentoo with a new build system to do the above would be a fun project.

I've seen this before. I do a fair bit of computer repair on the side, and just recently someone brought me a Windows 7 Home Premium install that was acting this way. I cleaned the computer of malware and junk programs, but it was still using 50%+ memory when idle. It turned out that the windows update service itself was causing the problem. The biggest ram hog was svchost running makecab.exe repeatedly, eating up nearly 1GB of memory all by itself.

It turned out the issue was actually a corrupted .NET Framework 3.5.1 which was screwing up the installation of updates. Repairing it resolved the problem. Perhaps check your update history and see if you have any failed updates, especially relating to .NET 3.5.1. If you do, try going into Programs and Features, disabling .NET 3.5.1 under Windows Features, rebooting, and then re-enabling it.

There's a problem here which Snowden has also voiced: In a "trial" of this nature justification isn't allowed as a defense. This is talked about in Citizen Four.

I thought of one particular case as soon as I read the summary: https://www.eff.org/cases/us-v....
Aernheimer was charged under the CFAA for exposing a similar problem with AT&T's website.

A gun-shaped object is just as scary as a gun, but clearly shows a lack of intent to actually harm anybody.

Just about anything can be used in some way to kill a person. That doesn't make everything a deadly weapon. I think "deadly weapon" ought to be redefined as something that it's actually practical to use to kill a person. Otherwise, we may as well criminalize butter knives, lawn darts, paintball guns, and sling shots.

Totally agree. I've seen it first hand. I got a year of prison for stealing a bicycle (while intoxicated). It was a felony because it was inside an open garage, which apparently makes it Breaking and Entering. I know what I did was wrong and I'm embarrassed about having done it. What's more embarrassing is when I tell people about it they don't believe me until I show them the court papers.

I was in a boat like this, and that's where the prior misdemeanor convictions come from. I was the lead software engineer at a promising startup. I turned to drugs to help me put in the hours. The company eventually tanked, and I was left with a bad habit and no income. I ended up homeless and stealing. I started a blog where I interviewed other homeless people and used the ad revenue to pay for a storage unit to live in.

This is what actually happened:
I was intoxicated (not that it should matter, but I don't think I'd have done this if I hadn't been). I was about 6 miles from home without a car or a phone and I saw somebody leave their house via their garage. While the door was open I saw some bicycles in there. After they left I went to the side door of the garage, went inside, and stole one of their bikes. I think the neighbor saw me and called the police. I was arrested about 20 minutes later and charged with Burglary (because it was an attached garage), and I accepted a plea deal for Breaking and Entering.

You're partially right. In Ohio you are also barred from expunging your record if you have more than 2 misdemeanors or more than 1 felony and 1 misdemeanor on your record. I have 1 minor felony and about 4 misdemeanors, all stemming from a 2 year long period. None of them were violent crimes, unless you want to count beating the hell out of a road sign with a hammer while I was drunk.