Apple has a great PR (propaganda) department that has convinced many people they respect your privacy. In truth, they do not. They're "better" than Google, but only slightly. And only so slightly that realistically it doesn't matter.
"Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data."
Did you just post an article where Apple refused a UK government order to weaken their encryption as "proof" that Apple doesn't respect customer privacy?
Also, the US Government has already demanded that Apple weaken device encryption.
Apple fought it in court, and the government dropped their demand rather than set a privacy precedent they wanted to avoid.
I'm confused what you think Apple should have done differently there. If the government presents you with a legal demand generally your only options are to either comply or leave the market. Would you prefer Apple to have pulled out of the UK entirely?
I'm not even much of a fan of Apple but I really don't think you can hold it against them when they loudly protest but ultimately comply with legal demands.
>> "Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data."
They did exactly what they should have. Their choices were build a backdoor or disable the advanced data protection feature in the UK. They also made it incredibly public.
> Most water use in data centers should be able to be self-sufficient, mostly closed
[Citation Needed]
My understanding is that data centers CAN use closed-loop systems. But, most don't if they're not forced to, because it costs more than evaporating towers.
According to this[1], 88% of water-cooled data-centers use open-loop evaporation towers.
"up to 85% of the water data centers use evaporates and does not return to the water supply" [2]
No one is saying the water is destroyed, but it is removed from the local community that depends on it at a significantly faster rate when used this way.
Examples of games that use HJKL are the text-based "graphic" adventures like NetHack, the Rogue series, and Linley's Dungeon Crawl. It is also used by some players of the Dance Dance Revolution clone StepMania, where HJKL corresponds directly to the order of the arrows. Gmail, Google Labs' keyboard shortcuts, and other websites use J and K for "next" and "previous".
You're being downvoted, but, seriously... NFS is a joke for anything outside of an enterprise setup with a bunch of ancillary support services in place.
The fact that NFSv4 has no concept of true "Authentication" and just blindly accepts whatever the client sends is the craziest network application design ever:
Client: Hi, NFS server, I'm Bob! UID=1000
Server: Hi Bob! Here's access to all of Bob's files! I trust you and don't need a password or anything!
Client: Thanks!!!
Some of you may nitpick and say, "well ackkkuallyy, NFS supports authentication through GSSAPI/krb."
And to you, I say, that's crazy! Setting up Kerberos just to authenticate users for access to my Linux ISOs is a crazy large requirement! Sure, it might make sense for an enterprise that already uses Kerberos + LDAP + NFS + certificate management, but for everyone else, that's a lot of infrastructure to set up and maintain for what should be BASIC functionality.
EDIT
ALSO!!! Why the fork does NFS run as a kernel module (nfsd)!? Shouldn't that be an external daemon!? Who the heck thought any of this was a good idea!?
<sarcasm mode>
Dev1: Here's a great idea! Let's run an insecure network server in Kernel space!
Dev2: OMG! You're so smart! Let's also exclude any encryption!!!
</>
Funny part is, that NFSv4 supports SIDs for user authentication, but the Linux implementation leaves it out (among all the other ACL features) simply on the basis that Linux doesn't support them at all.
The FreeBSD, Solaris, Mac OS X, and Windows (yes, even Windows) implementations of NFSv4 are fully featured with this stuff.
To be fair setting up a KDC and then distributing krb5.conf and idmap.conf files is not such a hard task.
Then it's not unencrypted anymore because sec=krb5p handles signing and encryption. I have better throughput using sec=krb5p than with samba signing and encryption. I don't know if it's because Samba uses GNUTLS but the transfer speeds are always awful.
My beefs with NFS is MacOS being extremely quirk with settings. That and the extremely misleading error messages.
>Dev1: Here's a great idea! Let's run an insecure network server in Kernel space!
>Dev2: OMG! You're so smart! Let's also exclude any encryption!!!
At work once someone dockerized a service that needed read access to NFS. The default for a docker image is to run as root, which would mean it was effectively "nobody" when reading over NFS.
For the typical case of world-readable files this was fine. Occasionally someone would feed it a file that was not group-readable but not world-readable and it would error (when it would have worked before).
I suggested printing the error message: "nobody can't read this file" but we solved it in a different way.
> The fact that NFSv4 has no concept of true "Authentication" and just blindly accepts whatever the client sends is the craziest network application design ever
Doesn’t the secure option require ports only a root user can bind too? And you can always create secure tunnels if the physical network is insecure.
Sure, if you (the admin) have full control over the NFS server, the network, and the client devices, NFS can be secure with the help of Kerberos. But this isn't a simple thing. A Kerberos server needs to be set up, Kerberos clients need to be configured on the NFS server and client, tickets need to be issued, firewall ports need to be opened, and user accounts need to be centrally managed. That's all fine for an Enterprise.
Now, how about this common scenario: I want to run a file-sharing server on my network. I want a random "friend" to come over and grab a copy of a file, but I don't want them to see any other files on the NFS server.
So, the "friend" has root access on their device. They can just log in and lie to the NFS server, claim they're my UID, and see all my files that I didn't want them to access. Configuring KRB in that scenario is totally impractical.
> Now, how about this common scenario: I want to run a file-sharing server on my network. I want a random "friend" to come over and grab a copy of a file, but I don't want them to see any other files on the NFS server.
How is that a common scenario? Why not give them your drive and the encryption key while you’re at it? It would be way faster.
The correct scenario would be to just copy the file and serve it with ftp or http on another interface.
Ah, so you agree NFS is not fit for purpose (network file sharing), and I should use something else to share files over the network.
EDIT (the above is a bit more snark than I intended, let me add a little more):
NFS's direct (still widely used) competitor, SMB, natively supports:
- Authentication
- Transfer encryption
- Authentication encryption
- Has open implementations across platforms
- Supports individual account management, and large enterprisey account management (LDAP/AD/etc)
With SMB, I can share out a directory on the network that allows visitors access, optionally authenticated with a simple username and password.
I can share out specific directories with easy control over who can access what. You know, basic network file sharing capabilities.
[[ And, don't take this as a love for SMB, it too has many issues and legacy junk ]]
Utah used to require safety inspections every year, but they eliminated them; there were no noticeable side effects [1].
"Safety Inspections" were generally just a grift for third-party repairshops to collect free money and I couldn't be happier that they are no longer a thing.
Be aware that "safety" and "emissions" are different. Emissions testing is still required biannually for newish vehicles and yearly for older ones.
That’s a really shallow interpretation of the data.
1. The safety inspections were never rigorous to begin with. Everyone who drives a piece of shit car in a state with safety inspections “knows a guy”. And in many urban areas, you can just drive around without an inspection.
2. Police very rarely sit at the roadside doing root cause analysis after an accident. If somebody loses control of their vehicle, they write a report for insurance or at most write them a ticket for failure to maintain control. So of course you don’t see a measurable increase in accidents due to faulty equipment. It’s because they rarely look for faulty equipment after an accident. So they aren’t measuring it.
"Free Money" from what? If they don't need repairing, they can't get it?
We have yearly inspections in the UK (twice yearly for any "public" carrying, like a taxi). If your vehicle is in working order you only pay the £39 fee
If it’s due on June 1, most people show up at the last minute. So you have time pressure which makes you vulnerable to upsell.
My girlfriend almost got swindled by this. She needed brake pads and rotors, and they tried to slide unnecessary fluid changes and other stuff. Like replacing a $14 air filter for $120.
Wow! Somebody with ChatGPT discovered the concept of browser headers, then for some odd reason made the verbiage really ... weird "We chose not to tell you"... okay...
Anyway, if you really want to know what your browser is sending:
reply