Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Expected /. response (Score 1) 444

Firstly, you apparently didn't read my comment that I wasn't discussing how apt works, only yum.

When Yum downloads something, it fetches a bunch of repo information (like apt-get update), then it downloads files (like apt-get install). To do this, it does... all the shit I described apt doing.

Secondly, the critical issue that you are missing is that if I install a package from an alternate repository (eg EPEL), my systems don't tell the main CENTOS mirrors about those EPEL packages.

No, of course not. You tell Georgia Tech, the NSA CentOS Mirror, or Microsoft's Redmond CentOS mirror, at random, who you are and what you're downloading.

Multiple distributions and mirror maintainers coordinate in secret to keep security exploit details quiet until a patch is ready from everyone. There's an entire network of quiet discussion that happens, intentionally hidden from everyone, to make sure everyone hits the ground running. If you report a remote exploit in Firefox directly to Mozilla, Debian, RedHat, Slackware, or Gentoo, marked as a security bug, they will keep the details private until everyone has patches ready; then they all release at once.

So you believe Microsoft is doing secret things dealing your data to secret partners in secret; but that Linux distributions might not be secretly collecting your data, or that various Linux mirrors who aren't controlled by those distributions aren't under the influence of others. That is: although AT&T was sucking up your phone data and piping it to the NSA, they apparently won't collect what scraps of OS update telemetry data hits their servers in the same way.

You're basically saying there's no network of bad actors out there, so instead of trusting "Debian", you trust everyone.

Finally, there is no fingerprinting involved in the yum transactions. If I have multiple machines behind a single IP address, the server doesn't have sufficient information to distinguish them. As well has having insufficient information to fingerprint individual systems, no user information is transmitted.

We've been able to identify individuals based on their Internet usage and TV usage, even from the same account, device, and browser. We can tell if your 16 year old daughter or her 17 year old sister is currently using the PC or watching TV.

I might have two x86-64 PCs running the same version of Ubuntu, and a Raspberry pi; you can fingerprint at least three systems out of my usage habits, and identify one distinctly at least.

Through all of that...

In summary, yes I am leaking some information, but it is benign.

The leaking of what Microsoft software you've installed to Microsoft's servers is benign as well. Who fucking cares that Microsoft knows you have Office 2013 installed?

Comment Re:The two seem very related... (Score 2) 228

Who said anything about believing him? He's just saying what everyone wants to hear, that's all, over here in Europe we've had a lot of experience with populist loudmouths, it's about time you got one too.

They're very entertaining and ok to keep the powers that are in check, but you don't elect them as president! You don't make the court jester king, are you nuts?

Comment Re: Only a fraction of US munitions... (Score 3, Insightful) 172

Dude, we did fuck it up. Big time. A century ago I could have agreed with you, but we spent the last 100 years or so messing the place up in ways that even their religious bullshit couldn't. British mandate in Palestine rings a bell?

We started by arbitrarily drawing lines on a map without considering who is living there. We basically divided the Kurds up (who were, by the way, our allies in that war and we promised them if they bash the Turks we'd hand them their own country) between three successor states and didn't give a shit about where which tribes wanted to live together or couldn't stand each other. Then we fucked them over again with Israel. It's easy to hand over land that ain't yours, granted, but it's still bullshit. And when oil became interesting we pumped the juice out of their soil without even really asking whether that's ok.

Iran (back then Persia) until 1979, then the Iran-Iraq war 80-88, then the whole bullshit with Afghanistan 'til the 90s, then turning our back on them when we made peace with the Russians... Let's face it, folks, we have been bullshitting them for about a century now, I can understand that they're kinda pissed.

Slashdot Top Deals

Real Programmers don't write in FORTRAN. FORTRAN is for pipe stress freaks and crystallography weenies. FORTRAN is for wimp engineers who wear white socks.