I get what you're saying, people have been arrested after using Tor when that's not true of Mullvad. My point is that the domains are just not the same. It's like saying "body armor isn't as good as just wearing a baseball hat" because a higher percentage of people get shot wearing body armor than while wearing a baseball hat.
Yeah. I am hopeful that he'll run into resistance from the rank and file he is trying to depend on to get this stuff done. The California National Guard is already pissed about LA, and now he's asking for support and cooperation from the same force that watched his supporters beat the fuck out of the Capitol Police like a medieval siege not that long ago and then him give them hearty congratulations for it.
I'm not saying it won't work as he keeps trying (and as ICE gets staffed up and better funded), but I'm glad he's a moron, that's all I'm saying.
Compare the amount of arrest of Mullvad users versus Tor users
Okay. There are half a million total account numbers on Mullvad over the entire lifetime of the service. Tor has about 1.8 million daily users. That's part of why I trust Tor a lot more, is that it's been actively used for flagrantly illegal activities for long enough and by enough people to have developed an understanding of what the risks are (and it becomes news if someone gets busted.) Ring me up the next time a major drug ring is keeping its whole operation secure behind Mullvad, and the cops are helpless because they raided it and found no logs and so they had to pursue some other kind of operation to take down the ring.
Yeah. It feels like the issue is that really solving it is hard work (you can feel, with the proliferation of Linux/Windows runtimes that get downloaded behind the scenes for Steam, how much effort they're continuously putting into releasing new runtimes that make slight adjustments for particular issues), and organizations like Ubuntu are always tempted into these kind of "we'll just set up a simple system that means we don't have to work on it because it'll be solved" approaches.
Honestly I think Linus is being a little over simplistic about how easy it would be to create ABI compatibility in userland. In the kernel it's realistic, but in userland it would be hopeless. But he's not wrong that the current situation, however it arrived, is pretty crappy from a POV of wanting to ship something to people outside of the distro's package management, and IMO none of the solutions that have come along since then are effective at solving the problem.
When did he discuss OnePackage or any other packaging project?
I dunno dude. I'll take "there are some research papers about theoretical attacks, speculation that similar techniques were used by law enforcement when after great effort they were able to take down a bunch of sites that were literally some of their highest priorities at the time because they were openly and flagrantly committing felonies in the open for years, and some vulnerabilities fixed in 2014 that might have been related" over "they would have to send a subpoena" any day.
Broken link
terrible for developers
He brought up specific things from the POV of working on subsurface where Linux made things a lot more difficult for them than every "consumer" operating system.
I worked on the packaging projects he is discussing.
Which packaging projects? I don't even remember him talking about particular projects (aside from Debian itself), just about the general landscape of the problem and the attitudes of distro makers that have created it.
AppImage at the time was essentially the same thing as he was aiming for, but it has some security drawbacks. He hated them. He wanted to be them.
Post this talk, Flatpak came out, which is an improvement on the AppImage premise, but has layers, so uses less disk...in theory. He hated it.
I notice neither of these has made all that much of an impact. I have never in my life used either one of them or been encouraged to by anyone else, it has always been package management, or Docker, or pick your binary tarball, or curl | sudo sh and cross fingers.
He wants the unattainable technical solution just like every other developer.
He attained two totally separate attainable technical solutions which solved massive problems in the tech ecosystem and shape the landscape of computing today (one-and-a-half, GNU deserves quite a bit of credit.) I happen to agree mostly with his judgement on this particular problem, so it's easier for me to see it that way, but I definitely would not dismiss out-of-hand his judgement on the right way to approach significant problems.
Steam I think is probably the closest thing to "right" for the problem he was describing. You pick your app, it downloads and then it works. There's some behind-the-scenes nonsense involved, but it is in actuality hidden from the end-user, in a way that it is not in any of the "we fixed the Linux desktop!" solutions I have seen that are in actuality just another instance of XKCD 927. I was actually really pleased that he brought up Valve since that was the example that came to mind when he was laying out the problem.
I think it is okay if Linux is bad on "the desktop," honestly. The world needs tractors and consumer-grade cars. They both have use cases. If what you need is a tractor, and you're comfortable with the fact that it's not going to work like a car, then a tractor will do things that are totally impossible with a Hyundai Elantra. That doesn't mean we need to make tractors just as user-friendly as cars are, so that people can have one vehicle that does both. It is okay for some things to have a learning curve. But I think the example of the difficulties they had with subsurface are really significant things, it's not just a question of "oh yeah it works different," there are things that are just worse.
I think something like Arch or NixOS is probably the closest to "right" at this point. There is still a learning curve, so maybe not for everyone, but it's manageable and things aren't set up in gratuitously difficult ways. Maybe Bazzite, based on what I've heard, but I have not tried it so IDK.
When did they break Tor? Are you sure they didn't just exploit vulnerabilities on an onion site that was hosted on Tor or something?
You can do strict typing in python if you want it, it's very highly recommended if you're doing a big project.