Take SSL/TLS. Are they going to demand both parties stash the session key, or do their handshaking through a proxy logging each packet?

Probably not. You're thinking like a geek instead of a politician. Politicians don't get their way by understanding technology. They get their way by finding people who do and forcing them to obey their will.

In this case, what Cameron means by banning encryption is passing laws that say something like, "If your website is used by people in the UK, you must always be able to comply with a warrant demanding data and you must provide all data, even if it is encrypted". The exact details of how that works is neither here nor there to them.

Now of course the interesting thing is how this interacts with jurisdictions, and whether it would be enough to make GCHQ shut up (probably not). The UK may or may not be able to force the hands of Facebook/Google/etc because the UK is such a huge market and they all have offices there, but China was a huge market too and Google walked away from that anyway. So it's hard to know how things would play out. For companies that have no UK exposure it's not clear what they'd do - probably use ad-hoc blocking of any website they suspect might be used by The Evil Terrorists if it doesn't comply. Could be a mess depending on how heavily they enforce it.

Or the 7th Guest.

All those figures say is that birds of a feather flock together. Tory voters tend to live near each other and because the UK has a political system designed a long time ago for resolving local issues, not surprisingly it doesn't translate votes to seats directly at the national level. As local politics becomes less and less relevant, of course, people feel this system no longer works well for them.

However, as you note, it would not have mattered if Labour had won, or any other party. There are NO parties in the UK that believe people should be able to keep secrets from the government. It's just not something that fits into the political worldview. And because the voting system collapses thousands of decisions down to just one every so many years, surveillance and encryption is simply not democratically decided at all. Basically the wheel of power is decided by the economy, and that's about it.

Unfortunately this is not specific to the UK and is true nearly everywhere, France is even worse for example, and the USA pretends to care but realistically lots of Congressmen would very much like total surveillance of Americans .... and only feel they can't demand it openly because of that darned constitution. That won't stop them doing it in secret though!

Ha ha, did you think he meant warrants?

He meant warrant. Unfortunately as is often the case with the Tories, they use words differently to how ordinary people do. By warrant he means a ministerial rubber-stamp. For instance Theresa May last year alone "signed" nearly 2,800 warrants, a number that clearly shows zero attempt to investigate their legitimacy and indeed almost certainly means some anonymous flunky is signing them on her behalf.

Sure, no problem. If you dislike systemd that much, it certainly makes sense to move to a different software platform.

I don't particularly dislike systemd per se. I do observe the controversy around it, and the image of it and its project, painted by its opponents (some of whom have enough creds that it's unlikely that they're talking through their hats), indicates that the claimed issues are likely to be real problems, and this may be a tipping point for Linux adoption and user choice among distributions or OSes.

Your Snowden argument isn't particularly applicable in this instance, as you have access to the full source code for systemd. If you're not comfortable looking through C code, then any init system would be a problem for you. ... If you think that porting your laptop, home servers and desktops to a completely different operating system is less effort than learning how systemd works, then I can only conclude you haven't tried to learn how systemd works. Or you've severely underestimated the work involved in moving to another OS.

I did my first Linux drivers (a PROM burner and a Selectric-with-selonoids printer) on my personal Altos ACS 68000 running System III, wrote a driver for a block-structured tape drive for AUX - working from my own decompilation of their SCSI disk driver (since the sources weren't available to me initially), ported and augmented a mainframe RAID controller from SvR3 to SvR4, and so on, for nearly three decades, through hacking DeviceTree on my current project. I don't think C has many problems left for me, nor does moving to yet another UNIX environment - especially to one that is still organized in the old, familiar, fashion. B-)

As for trying to learn how systemd works, that's not the proper question. Instead, I ask what is so great about it that I should spend the time to do so, distracting me from my other work, and how doing this would meet my goals (especially the undertand-the-security-issues goal), as compared to moving to a well-supported, time-proven, high-reliability, security-conscious alternative (which is also under a license that is less of a sell to the PHBs when building it into a shippable product.)

Snowden's revealations show that the NSA, and others like them are adept, at taking advantage of problems in obscure corners of systems and using that obscurity to avoid detection. The defence against this is simplicity and clarity, avoiding the complexity that creates subtle bugs and hides them by burying them in distractions. Bigger haystacks hide more needles.

The configuration for systemd isn't buried. It's there for all to see and change, in plain text. Logging in binary form is _optional_. You can choose to direct logged messages to syslog, or use both syslog and binary, to have the "best of both worlds", albeit with the best of disk usage.

Unfortunately, I don't get to make that choice myself. It's made by the distribution maintainers. My choice is to accept it, open the can of worms and redo the work of entire teams (and hope their software updates don't break things faster than I fix them), or pick another distribution or OS.

Again, why should I put myself on such a treadmill of unending extra work? If I could trust the maintainers to mostly make the right choices I could go along - with no more than an audit and perhaps an occasional tweak. But if they were making what I consider the right choices, I wouldn't expect to see such a debacle.

Entangling diverse processes into an interlocking mass is what operating systems are all about! ;)

No, it's not. The job of an operating system is to KEEP them from becoming an interlocking mass, while letting them become an interacting system to only the extent appropriate. It isolates them in their own boxes, protects them from each other, and facilitates their access to resources and ONLY their LEGITIMATE interaction wherever appropriate and/or necessary. The job is to Keep It Simple while letting it work.

Your phrasing, and making a joke of this issue, is symptomatic of what is alleged to be wrong with systemd and the engineering behind it.

The Tor that was developed by the US military? That Tor?

At a large scale, the internet was designed to route around individual problems such as this.
Can't this same principle be applied on a smaller scale?

Yes, it can. Just dig a whole bunch MORE trenches around the country at enormous cost.

The SONET fiber networks were designed to be primarily intersecting rings. Most sites have fiber going in opposite directions (with a few having more than two fibers going off in more than two directions so it's not just ONE big, convoluted, ring.) This is built right into the signaling architecture: Bandwitdth slots are pre-assigned in both directions around the ring. Cut ONE fiber run and the signals that would have crossed the break are folded back at the boxes at each end of the break, run around the ring the other way, and get to where they're going after taking the long route. The switching is automatic and takes place in miliseconds. The ring approach means that the expensive cable runs are about a short and as separated as it's possible to make them.

But cut the ring in TWO places and it partitions into two, unconnected, networks. To get from one to the other you have to hope there's another run between the two pieces, and there's enough switching where they join to reroute the traffic.

IP WANs have, in some portions, also adopted the ring topology as they move to fiber, rather than sticking to the historic "network of intersecting trees" approach everywhere. That's partly because much of the long haul is done on formerly "dark fiber" laid down in bundles with the SONET rings from the great fiber buildout (or is carried in assigned bandwidth slots on the SONET networks themselves), partly because the same economics of achieving redundancy while minimizing costly digging apply to high-bandwidth networking regardless of the format of the traffic, and partly because routers that KNOW they're on a ring can reroute everything quickly when a fiber run fails, rather than rediscovering what's still alive and recomputing all the routing tables.

= = = = =

Personal note: Back when Pacific Bell was stringing its fibers around the San Francisco Bay Area, I was living in Palo Alto. They did their backbone as two rings. There was only one section, perhaps a mile long, where BOTH rings ran along the same route. It happened to go right past my house, with the big, many-manhole repeater vault right next to the house. (I used to daydream of running my own fiber the few feet into the vault. B-) The best I had available, in those pre-DSL days, were dialup with Telebit PEP modems (18-23 k half-duplex) and base-rate (128k) ISDN.)

I'm glad to see someone besides me on /, isn't terrified of Facebook.

I use it and I think it's relatively harmless as long as you understand, as Rasperin says, it's a loud speaker. I expect everything I post on FB will be available to everyone, everywhere, forever. I long ago, many years before Facebook was a thing, figured out that if I never posted anything online I wouldn't want my sainted mother to see, I'd never have anything to worry about*. I speak my mind freely, but I would have no problem if my mother, my wife, my boss, my kids or my pastor were to see anything I've posted.

* Now, of course, that doesn't mean some day in the near future agents of the Ministry of Love won't show up at my door to conduct me to a re-education camp for my political views, but at least I know my mother won't be ashamed of me.

Anyway, I digress. Advantages of systemd are: [long list]

Those are all very nice things to have.

Unfortunately, for my needs, simplicity and understandability are far more important than a fast boot and feature-rich management of the runtime environment. I need to KNOW that things are being handled properly and securely. That's become far more important since Snowden showed us, not that the spooks were getting into our computers (which we'd already figured was happening), but how DEEPLY and EFFECTIVELY their technology and personnel are able to do so.

If the improved functionality is at the cost of burying the configuration and logging in non-human-readable form and entangling diverse processes into an interlocking mass under a complex and ever growing manager, the shark has been jumped.

Though Linux has been becoming (MUCH!) more usable with time, its configuration has been buried progressively more deeply under more and more "convenient and simplifying", but non-transparent, configuration management tools. Systemd is the continuation of the trend. But it is also a quantum leap, rather than another thin slice off the salami. So it has apparently created the "Shelling Point", where a lot of frogs simultaneously figure out that NOW is the time to jump out of the pot.

It's been a great ride. It had the potential to be even greater. But I think this is where it took the wrong turn and it's time for me to get serious about switching.

There's good reason to switch to NetBSD at work, on the product. (The code supporting the secret sauce is on the user side of the API and is Posix compatible, so it should be no big problem.) Porting my laptop, home servers, and desktops to OpenBSD now looks like it's worth the effort - and less effort than trying to learn, and keep abreast of, the internals of systemd.

Call me if somebody comes up with a way to obtain the key benefits of systemd in a simple and transparent manner, rather than creating an opaque mass reminiscent of Tron's Master Control Program. (Unfortunately, the downsides of systemd's approach seem to be built into its fundamental structure, so I don't expect it to evolve into something suitable, even if it's forked.)

As I understand the three major forks:

One (OpenBSD) is for having as secure a desktop/server/embedded platform as the maintainers can manage - important in this post-Snowden era (as it was, all unknown, in the era preceding Snowden B-b). It is based outside the US so it can incorporate strong encryption without coming afoul of US export controls.

One (NetBSD) is for developing network internals software and networking platforms (typically ported, when possible and not part of a proprietary product, to the others and other OSes.)

One (FreeBSD), now that its original purpose of getting the code disentangled from proprietary accomplished and the other two projects forked from it, is for making an open unix-like system run on the widest range of hardware platforms and devices possible.

Unless you're using your machine for building networking equipment or it's a new hardware platform under development, the choice seems clear.