Even if (in theory) they aren't downloading my browsing history and it is my browser making the requests they can deduce what sites I must be browsing to request such "suggestions."
According to the bug report for this feature, the intent is that any suggestion would be triggered by multiple visited sites, so this wouldn't reveal exactly which sites you had visited. Still, it obviously does leak some information.
- I'm supposed to download binaries that don't have Authenticode signatures, from a web server that doesn't support TLS.
- And then I have to download (and somehow verify) a copy of PGP or GnuPG, in order to verify the signatures they do provide. (I also have to know and remember the fingerprint of the genuine PGP signing key.)
- Finally, I have to trust that no-one has cracked a 1024-bit PGP key.
I can only assume that almost all downloads from the official site are vulnerable to MITM'ing. And, as PuTTY is such a popular tool, it is surely a prime target for that.
highly protected corporate network
Do those really exist?
A win for rude, pushy and obnoxious people who shouted loudest and longest and ignored everyone else...
Well that's what I see from the systemd detractors, not its proponents. They're still shouting loudly, in the comments on every article even tangentially related to it. Of course they are being ignored by systemd proponents and most neutral parties because they mostly repeat the same myths and slurs.
A true free and open process would be to include a choice at installation/upgrade time between the choices. If I do have a choice on the web server, on the DNS server, on the mail server, even on the kernel, on the shell that I deliver for my users [...]
You can't choose any of those through the installation GUI. All of them require a custom pre-seeded install or post-install action.
If you upgrade an x86 system, both systemd and sysvinit will be installed and you can select sysvinit from the GRUB menu.
Yet all the browsers consider unencrypted connections more secure than connections encrypted with a self signed certificate.
No. They consider that entering or following a link to an 'https:' URL means that you expect a secure connection. In this context, a self-signed certificate that has not been whitelisted is an error.
MPEG set up the MPEG-LA that serves as a patent pool
No, they did not. There are a lot of the same players there, of course, but they have no formal relationship.