"I don't think taxpayer money should be invested in large Phase III trials (which can cost almost $1 billion) when they have a pretty low chance of succeeding. Moreover, you really do need teams of people to be competitive in today's research world - I work in a lab in academia, and there's no way you could do much drug development all by yourself."

Which is why Pharma companies are all bankrupt? No part of what I proposed involved taxpayer money or prevented working in teams. What I proposed are loans from the federal reserve on the same terms they are given to banks. The fed does not loan out tax payer money to banks, it loans out shiny newly created money at ridiculously low rates. We have an inflationary fiat currency and it actually depends on us putting new currency into circulation. Traditionally the finance industry gets all the benefits from this system. Advanced technology and especially medicine is certainly at least one obvious alternative place we could inject this money which benefits everyone in the nation.

"You absolutely shouldn't be allowed to make something that's going to go into people in a lab like you described"

I didn't actually describe a lab. Maybe you are mentally projecting your own assumption of some sort of inferior facility? Last I checked there is nothing magical about the pharma corps that makes them more capable than anyone else.

"I'm also not sure what you have against profits in general. For-profit companies aren't inherently bad, and non-profits aren't inherently good."

In general I agree. I just don't think healthcare and medicine is an appropriate for-profit industry. The costs are the same whether for-profit or non-profit. Profit has to come from somewhere and in the case of healthcare the result is higher costs which means less people benefit from the care. A for profit has an interest in maximizing profit and you maximize profit by providing as little as possible for as much as possible. This isn't in the interest of our nation. We all benefit if the health industries provide as much as possible at the lowest cost possible.

I don't propose blocking the for profit drug industry. I propose they shouldn't be allowed to use infrastructure that exists to provide an alternative to them and tie up those resources just to increase their own profits. Non-profits and partnerships still allow for teams to group together in a more established structure and work and allow for those people to profit from that work in the form of salaries in the case of a non-profit and in the system I proposed all the net profit derived from the fruits of their labor.

The issue as I'm sure you know isn't "opened", but rather "opened within a certain length of time." Obviously given unlimited time you can get into anything, and you probably can get into an ATM a lot faster than a decent safe. But once you have the explosion routine down pat, you can probably be away with the ATM money in *seconds*. In terms of practicality and low risk, that's hard to beat.

Well, we have a ways to go before we lead the world in government corruption, but we're world class when it comes to petty political venality.

Go into the Dell "Work" section of the site - you can get this with i7 CPU, more SSD capacity options, etc.

First bear in mind the attacker has local code execution. If they can put up a fake screengrabber, it's just a logout/reboot away from running a trojaned compositor (if you use Wayland), a trojaned screenlocker (if you use X) and on either system without even a reboot, a trojaned browser, terminal, ssh program and so on and so forth. So to say this is a serious flaw with X is hyperbole.

The next case is that you also claim Wayland is secure. Therefore X11 running on Wayland is secure. Therefore in that case X11 is being run in a secure manner. I claim that if that is the case, then X11 could very easily be secured, because it's eassy to see it in operation nowrunning in a way that the additional insecuritu doesn't break things.

I'm not really sure how creating yet another way for a "designated program" to monitor input events is supposed to address the problem that any X11 client can monitor keyboard events on any window in the absence of a grab, unless you intend to rewrite all existing software to grab the keyboard on receiving input focus, and force all the desktop environments to implement support for the extension and move their global keybindings into a specially designated client. At that point you might was well switch to a system designed for secure I/O from day oneâ"like Wayland.

OK, I'm lightly lost so I'm going to swing back to the original point.

First there's the one about server grabs which prevent other windows from opening. Well, you could easily have a protocol extension that allows only one connected client to bring up windows anyway. The continuation of the grab could either be faked to the grabber, or killed outright (the latter feature---killing grabs---was removed from Xorg by the wayland people because they decided we didn't need it!). Let's say it's first come, first serve, so that the first client to request this feature is the only one to get it. Or the screenlocker could get that command. This requires the WM and screenlocker to be run on boot before a trojan, but as I pointed out, if the system is that deeply trojanned anyway, then this is all pointless.

That requires some rewriting to whichever screenlockers you want to add the feature to, hardly a major undertaking since there's about 3 in common use and a few, more obscure, ones.

The other problem---a designated screen lock key combo. Well, if the screen locker has a passive grab on ctrl-alt-delete, then the fake screenlocker can't grab that, so that already works.

It's easy to implement the insecure X11 model on top of a secure system. The reverse is much more difficult.

Why? Why not have exactly the same security model? You haven't explained, only asserted, that your chosen security feature couldn't be easily available under X.

In fact when it comes to locking things down, there are things like the X security protocol, which blocks untrusted programs from executing various protocol commands. This already exists and could (I haven't checked if it does) easily block things like receiving events from a window on another connection, reparenting or redirecting a window on another connection, diddling with the global keymap and so on.

Anyway if there's unsanboxed local code execution, you're basically screwed on any system.

You're not going to get any of my data that way, which is what is actually important.

I'm not sure I follow. Surely if I had unlocked access to your phone, I could simply read whatever data was on there? Also, can you install free apps without an additional password? If so what stops me installing a keyboard app trojan?

Honest question: I don't own an iPhone. If it stops those kind of attacks it would be great to know how.

What exactly would you propose to add? This isn't a matter of implementing new functionality, but rather removing fundamental misfeatures. Any change to address this issue is going to end up breaking existing applications which depend on the original input behavior.

Oh how about a new protocol extension that allows one designated program to receive all keyboard inputs regardless of any other grabs. The X11 server can keep on pretending that the other grabbers still have such a grab.

Look: X11 works on Windows even though windows can apparently REALLY gab the keyboard. X11 will we are told work on Wayland too despite the fact that wayland can apparently REALLY grab they keyboard. Do you really think it couldn't be extended to do that itself?

Same goes with militants in areas around Afghanistan and Pakistan. They stopped using cellphones entirely. If you use cellphone there to coordinate anything, you will die.

Interesting story. One of the things I find most reassuring about the police service* in the UK is that they have long maintained, great consistency and at almost any rank, that good community relations are the heart of good policing. Officers who go out on patrol** have consistently and overwhelmingly said they do not want to routinely carry firearms, because that goes against the basic principle of policing by consent, and instead they tend to assume that the solution to local problems often starts with trying to improve those relations if they are failing. Concerns are also raised often by the police themselves about the balance between having officers patrolling in vehicles for rapid response and having officers literally walking the beat and actually making contact with the public. I get the feeling that police officers in certain other parts of the world have a very, very different attitude to their relationship with the public.

*I remember well that when the local police schools liaison officer visited us, he made a point of saying he didn't like the term "police force" because it had the wrong connotations before you even started to look at what the police did.

**It's curious how often police officers and politicians in some places refer to officers "on the front line", this being about as overt a military metaphor as I can think of (short of being "on the front line in the war against $ABSTRACT_NOUN" I suppose).

The key point from an ethical/legal point of view might be the warrant. The key safeguard from a practical point of view is that to plant those bugs someone has to actually visit the site and do something. This requires time, effort, and a risk of getting caught, which means it's potentially an option if you really do have a good reason to consider a specific individual to be a threat but it's prohibitively expensive to spy on everyone all of the time. As far as defending democracy is concerned, that is a much healthier balance than mass surveillance of the many by the few.

All agreed, though I am increasingly of the view that systemic bias in favour of the accused is not sufficient. Merely being dragged through the legal system even if ultimately found not guilty is sure to be stressful, time-consuming, and possibly costly in more ways than one. People who have committed even quite serious crimes are sometimes released immediately after conviction on the basis that they've already served as much or more time than their sentence -- but of course, someone who was entirely innocent and not convicted in court also served that time. Right now you're unlikely to get much financial compensation for any of that, and even less any obligation for those who caused the damage to do anything else to set the record straight or otherwise make things right as much as possible.

The more I've thought about these kinds of issues as I get older, the more I think our modern "justice" systems are no longer fit for purpose, if indeed they ever were. In particular, they take an absurd amount of time and resources to deal with trivial infractions, sometimes at a cost to all involved that is far greater than any damage done by the alleged act itself. For major cases, the court proceedings can cost millions and drag on for years, and by the time they are finally over the result is no longer relevant anyway.

I think we would probably do much better if we built on the kinds of distinction we already make about severity: misdemeanour vs. felony in the US, magistrates vs. crown courts here in the UK, small claims courts with less formal procedures for minor civil disputes, and so on. For example, I don't see why any very minor offence can't be fully tried and a judgement made within a single court session and within a matter of days after the alleged infraction. Either there is clear evidence to convict, or you acquit. If you convict in a fast track procedure, you have strict limits on the level of penalty that can be imposed.

Then for repeated minor offences within some defined time period or for more serious crimes (probably anything including violence that allegedly caused significant injury and/or damage needing repairs exceeding a certain cost, for example) you can extend the timescales involved to a degree to allow for more careful preparation of the case, perhaps increase the degree of scrutiny in terms of magistrates vs. judge and jury and allow the use of expert witnesses, and so on.

Crucial to all of this, in my ideal world, would be the idea that there was also proper compensation for anyone brought through the system at any given level but not ultimately found guilty, making it not cost effective to bring cases in the first place without a reasonable expectation of a conviction. No doubt experienced lawyers could come up with much better ideas for the specific details of any such system, but I think the idea of having more well-defined tiers with strict limits on applicability and proportionate compensation arrangements is basically a sound one.

I agree with your basic point about the need for balance. Of course there are bad people in the world and of course we need police and courts and the like.

I think the problem today is that many in our current political class don't recognise that need for balance so much as they see "them and us" and even start to forget whose side they are supposed to be on. The truly evil part of the situation is that this result seems almost inevitable. The people calling the shots are exactly the people who necessarily deal with the worst of humanity as part of their job. How could this not affect their perspective? They naturally want to trust their allies, who are the people who would be empowered under all these proposed security measures and aided by restrictions on the privacy and security of others. And of course being influential figures within the government, it is highly unlikely that they will personally ever find themselves on the wrong side of a government screw-up and unable to get the problem fixed very quickly.

I don't think these people are evil. On the contrary, I suspect most people in government, including their agents in the police and security services, are probably just normal people who have a job to do and who genuinely want to do the right thing. As with any large group, there will eventually be a few bad actors included as well and it is necessary to identify and contain them, but that isn't usually the main problem.

However, I do think we're talking about people who are heavily biased, even paranoid, because it would take a superhuman level of detachment not to be when you look at the kind of people they have to deal with at times. I also think in most cases they are ignorant about the technologies they are dealing with, and therefore unable to make rational, objective judgements about the likely effects of the technical measures they propose as policy. Finally, I think that the more senior these figures get within the government and its agencies, the more detached they tend to be from reality for average citizens and the more ignorant or dismissive they can become of how things tend to play out for innocent people in less privileged positions who are nevertheless caught up by the measures the politicians propose.

As the saying goes, power corrupts. It doesn't necessarily have to be malicious or intentional. Obviously in some cases it has been, but often I think the corruption is more of a slow but almost inevitable change in perspective caused by the situations you find yourself in when you have power to wield.

And so it is necessary for those who are looking from outside, those who don't spend disproportionate amounts of their time dealing with a particularly nasty minority of the human race, those who understand the technical issues, to speak out about what is happening and where it could lead. As with any issue of civilised government, in the long run you're going to get much further by educating people about relevant issues and promoting intelligent discourse than you are with wildly exaggerated rhetoric and extreme positions backed by intimidation and ultimately violence. The latter are seductive, and often appear quite effective in the short term, but I doubt they've ever truly solved much.

Which could be a good argument for replacing X. It is rather old technology, perhaps it is time to update it to something newer, rather than clinging to it and claiming it is all one needs.

Or how about adding a protocol extension to deal with this security problem as has been done a number of times in the past for authentication. I don't understand why X11 seems to get special treatment here.

Program has security flaw. Response "has it been patched yet"

X11 has security flaw: we can't possibly patch it we must discard everything and start again.

There's certainly some things wrong with X11, but this is one which could be solved easily. It could, for example, be done by having a "kill all grabs" command which is available to the window manager.

Uh.

Why can't I have my screen locker have a passive grab on Ctrl+Alt+Delete or shift+altgr+control+` or whatever, using XGrabKey. That way if someone else installs a screenlock faker then I'll know because it won't respond to the magic key presses.

The thing is on Windows it never worked as well as it ought to. The reason is that if the screen said something like:

"pls entar u r passwordz to login"
[ password box ]
[OK]

"pls wate wile redirecting to http://scamsite.ru/yourbank"

"Pls entar u r bank passwrd thx"

an appalingly large number of people would have dilligently followed those steps. the ctrl+alt+delete thing was fine but required more knowledge than 99.9% of users had.

Oh and the active grab thing: if you ever hear a wayland dev tout that as a problem, please kick them in the nuts because it XFree86 USED to have a feature for killing grabs from a keystroke, until the fuckers who went on to develop Wayland decided we didn't really need it because "it would only be needed if a program is buggy". Well, no fucking shit hotshot.

Why is this considered acceptable? Get physical access to my iPhone (for example - Android is probably the same?), good luck getting in.

Huh? This exploit only works if someone has already had access to your unlocked computer long enough to load and run malicious code. It's not like oyu can plonk down someone at a computer wit ha locked screen and have them hack in by being clever.

And if I had access to your unlocked iPhone, could I not root it or whatever the iPhone cracking is called and install a fake screenlocker too? Or hell, install a custom keyboard app which looks like the normal one but saves all passwords and sends them to the cloud. I might not even need to root it to do that.