• 2 Posts
  • 145 Comments
Joined 1 year ago
cake
Cake day: June 5th, 2023

help-circle
  • I edited my comment on your other reply and by my estimation, calculating every SHA256 of all MACs ever potentially issued takes less than 89 seconds on an RTX 3090.

    I also think MACs are (or should be considered) personally identifiable information, since there is potentially a paper trail back to the person who bought it. Plus MACs are not secret information, it’s broadcast on the LAN and for wireless modules over the air in the immediate vicinity (though some systems will randomize wireless MACs for privacy reasons). Privacy-unfriendly software has been known to collect MACs (even from other devices on the network and in the vicinity), so there are already databases connecting MAC addresses with other data.


  • You don’t need this to count unique users. You could just assign a random number on install or whatever. Or even more simply, just run the thing once per month, should be accurate enough. Do they expect the software to just randomly spam duplicate reports? Don’t write it that way.

    Best case they don’t care about collecting minimal data and don’t understand that hashed MACs are easily reversible. So incompetent fools with no sensitivity to privacy.

    Maybe this should be Manjaro’s tagline: Not purposely malicious, just grossly negligent and ignorant.


  • Debian popcon is opt-in, first of all.

    https://popcon.debian.org/FAQ

    Q) What information is reported by popularity-contest ?

    A) popularity-contest reports the system vendor [1], the system architecture you use, the version of popularity-contest you use and the list of packages installed on your system. For each package, popularity-contest looks at the most recently used (based on atime) files, and reports the filename, its last access time (atime) and last change time (ctime). However, some files are not considered, because they have unreliable atime. For privacy reasons, the times are truncated to multiple of twelve hours.

    [1] i.e. the dpkg Vendor field, see dpkg-vendor(1).

    So no fucking MAC addresses and machine-ids and harddrive serial numbers and stuff.

    They only want package statistics, the point being to have statistics about the popularity of packages, mainly so they can be prioritized for the CD/DVD isos. You know, information that actually has a use, not hardware identifiers that can only be used for tracking purposes.


  • That’s not anonymous, that’s pseudonymous.

    What is the point of this? The machine-id already looks to be some unique random number, so you’re calculating another unique random-looking number from that, might as well use the original number.

    You can’t glean any useful information from a unique random-looking number that would help with developing Manjaro. You can’t calculate any statistics from that. The only use is tracking.

    Edit: And as mentioned in my other comment, reversing the MAC SHA by brute force is trivial, so that one at least (and possibly the other hardware serial numbers they collect) shouldn’t even be considered pseudonymous.


  • MAC addresses are 48 bit, and half of that is just the manufacturer. So 24 bits really, and those bits aren’t random, I think manufacturers just assign these based on some scheme, like a serial number. Point is you could easily reverse the SHA by brute force.

    You can’t calculate any useful statistic from a hash so literally the only use this would have is some sort of tracking.


    Edit: I just looked up some data and I found someone using hashcat on an RTX 3090, which looks like it can do almost 10000 million SHA256 hashes per second of salted passwords (which are longer than 48 bit MACs, so MACs should be faster). 2²⁴ is 16.8 million, so it’ll take about 1.7 ms per vendor. I found a database with (all?) 53011 vendor ids:

    >>> 2**24 * 53011 / 10000 / 1000 / 1000
    88.93769973759998
    

    Yup, 89 seconds. You can calculate the SHA256 of every single MAC ever potentially issued in 89 seconds on a bog-standard 3090.









  • I guess the lawyers are working for the Linux Foundation? Linux development does not need and started without a legal structure. They could tell the lawyers and the Linux Foundation to get lost. Is the US government going to prosecute individuals for collaborating with individuals from Russia on free software projects? If that’s so, maybe wait till that actually happens and see what the courts have to say about that, instead of this anticipatory obedience.

    And the rest is some rhetoric parlor trick and/or racist brainworms. How is not banning Russian individuals from kernel development “supporting Russian aggression”? And apparently there is no way anybody would argue against that without being a Russian paid actor or a propaganda victim. I’ve been watching these so-called “real news” and they love carrying water for genocide right now. Their terrible propaganda – our “real news”.



  • 1: Probably any non-basic text editor has all these features. Except the tabs, which are not available by default on vim and emacs, but I think KDE’s kate (?) and Gnome’s gedit might have tabs by default, maybe. All the cool kids use vim or emacs though.

    4: Haven’t tried but arch wiki says XBox One controllers work by default over USB. I will say that I have seen games not recognizing my (not XBox One) controllers sometimes when not running through steam, but in general the controller situation seems good on Linux.

    5: mpv is perfect as it is

    7: I know you said GUI but that’s a shell one-liner if I’ve ever seen one.

    8: Yes there are Windows-key shortcuts (often called “Super” key on Linux) available for window management. The exact shortcuts depend on the window managers / desktop environment and are usually configurable.

    9: Yes most anything works on any distro. For best results though, stick to mainstream distros and don’t be fooled by “trendy” distros. Those are not necessarily mainstream, even if you think they are based on what teenagers spam on reddit. If it doesn’t have at least a 10 year track record, it’s probably a fluke and won’t be supported in two years.

    Nvidia: Just google whatever your distro + Nvidia, look for the official wiki or whatever, and follow the instructions. It shouldn’t be that hard on any distro. Never install the nvidia driver through nvidia’s website, that won’t work out well. The nvidia driver is system/kernel level software, you cannot install it in a way that isn’t specific to your distro without breaking something.

    I personally do not like KDE, but you seem like someone who should go with KDE, which has lots GUI knobs and twists, which should suit your tastes. Windows power users tend to love that shit.

    Also, for god’s sake, try to learn some shell commands, I swear it’ll make your switch easier.

    Personally, my favoritism distribution is Debian, I would recommend it. RTFM though.





  • gnuhaut@lemmy.mltoLinux@lemmy.mlWorks about free software.
    link
    fedilink
    arrow-up
    5
    arrow-down
    2
    ·
    2 months ago

    Raymond is so much worse. Since you apparently aren’t convinced I pulled some quotes:

    CW racism, homophobia, Islamophobia

    Black people are stupid and violent:

    In the U.S., blacks are 12% of the population but commit 50% of violent crimes; can anyone honestly think this is unconnected to the fact that they average 15 points of IQ lower than the general population? That stupid people are more violent is a fact independent of skin color.

    Again:

    What’s keeping women in general from occupying the vast middle of the programming field is not general intelligence. On the other hand, the average black American has an IQ about 85 and that is pretty much a disqualifier right there. Only the cohort of their bell curve above 3 STDs from median has much hope of matching the capability of the average white programmer.

    Police should shoot black men (calls them “males” like they’re animals), that’s just rational:

    Police who react to a random black male behaving suspiciously who might be in the critical age range as though he is an near-imminent lethal threat, are being rational, not racist. They’re doing what crime statistics and street-level experience train them to do, and they’re right to do it.

    Homosexuality and pedophilia are connected:

    If the prevalence of homosexuality in the Catholic priesthood is the elephant in the sacristy, the homosexuality/pederasty/pedophilia connection in gay culture is the elephant in the bath-house. No amount of denying it’s there is going to make the beast go away.

    They hate us for our freedom:

    Al-Qaeda would not hate us any less; it is not, at bottom, U.S. policy that enrages them, it is the fact of our wealth and freedom and refusal to submit to the One True Way of Allah.

    Muslims are barbarians that need to be civilized by force to prevent the white genocide:

    If there’s no way short of straight-up imperialism and nation-building all over the Islamic world to prevent a holocaust on American or European soil that would make 9/11 look like a garden party, then that’s what we’re going to have to do – civilize the barbarians at the point of a gun.

    Nuking civilians is good actually:

    The U.S. burned essentially every major Japanese city except Kyoto to the ground with incendiaries during World War Two and then atom-bombed two of them. This seemed to help.

    Deliberate cultural genocide is what we need:

    How dare I argue that the U.S. has the right to commit deliberate cultural genocide?

    There’s a big hole in the ground in Manhattan. That’s my argument.


  • gnuhaut@lemmy.mltoLinux@lemmy.mlWorks about free software.
    link
    fedilink
    arrow-up
    11
    arrow-down
    3
    ·
    2 months ago

    Raymond is a fucking fascist.

    CW racism

    He’d call himself a libertarian, but he’s the kind of libertarian that wants to bomb muslims for hating our freedoms and thinks black people are just naturally more criminal because they have the crime gene or something, and no I’m not making this up.


    Plus he’s one of the “open source” rebrand types, so as not to scare the hoes corporations with too much scary “free software” hippie communism.