[HN Gopher] Kids find a security flaw in Linux Mint by mashing keys
___________________________________________________________________
Kids find a security flaw in Linux Mint by mashing keys
Author : subins2000
Score : 686 points
Date : 2021-01-20 08:19 UTC (14 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| mightybyte wrote:
| Years ago I taught a high school typing class in a K-12 school.
| The school didn't have the funds to get a commercial typing
| program so I wrote my own typing program. It evolved over time
| with features to help me track the students' progress etc. One
| day we had a school open house where all the parents could come
| to school. We had a bunch of different activities set up in
| different classrooms and I ended up getting assigned to the 3rd
| grade classroom to set up my typing program so anyone coming
| through could test their typing speed. It was a DOS program and I
| didn't want people using anything other than my typing program,
| so I modified it so you couldn't quit the typing program. Over
| the course of the day the 3rd graders were hanging out in their
| homeroom not really doing anything productive. Of course the
| computer was a novel attraction and they were just smashing keys
| and exploring my program's UI. Eventually at one point I noticed
| that they had somehow crashed my program with a segfault in what
| had otherwise become a pretty stable piece of software. To this
| day I have absolutely no idea what the bug was.
| BruiseLee wrote:
| Are you sure it was a segfault? DOS did not have any memory
| protection, so segfault would be impossible. Or maybe you used
| some protected mode DOS extender?
| tachyonbeam wrote:
| What happens if you try to read from a null pointer in DOS?
| vngzs wrote:
| I haven't actually tried this, but based on my
| understanding of the MS-DOS memory model it should read the
| contents of memory at address 0.
| hvdijk wrote:
| This is correct, and address 0 is the start address of
| the interrupt vector table, so there are good reasons why
| you might read from it.
| pas wrote:
| You get what is at 0x0000 ?
| rexpop wrote:
| > The school didn't have the funds to get a commercial typing
| program so I wrote my own typing program.
|
| Off-topic, but:
|
| It seems absurd, to me, that such a conclusion could ever be
| reached. Obviously, from my perspective, the economies of
| scale, the infrastructure, overhead, and institutional
| resources available to programmers at a dedicated software
| development firm would produce an application at better quality
| per dollar (however you measure it) than a high school teacher
| in their off-hours. To me it seems that it's certainly not
| cheaper for us as a society, as a species, and only appears so
| because you are under-paid. If you were paid your actual worth,
| the school would say "we don't have the funds to develop this
| in-house, and had to buy a commercial typing program off-the-
| shelf, despite its loose fit for our use case."
|
| How can we, as rational members of society, abide this?
| kelnos wrote:
| Agreed.
|
| Where I work there is a tool that's used in hundreds of our
| internal services. It was written in-house during one of our
| hack weeks years ago, and later we open-sourced it. Despite
| the fact that the org relies so heavily on it, it's
| completely unfunded; two employees improve and maintain it in
| our free time. (We do have a few outside contributors, too,
| which is awesome!)
|
| That's not _exactly_ the same situation, but I think this
| kind of short-sightedness is pervasive in our culture, in
| every walk of life.
| fmakunbound wrote:
| There is no hope for us in this field, is there.
| scotty79 wrote:
| I once had cat walk over my keybord and do hard reset on windows
| 95 in about 1 second.
|
| No dialogs or confirmations. Just black screen and computer
| rebooting.
| etxm wrote:
| I worked at a finance co pa y in the early 00s.
|
| The QA team had a test they called "the elbow test" where they
| did exactly this.
|
| Just kind of put their elbow randomly on the keyboard to see if
| stuff would break.
| mensetmanusman wrote:
| Hilarious, esp. if you have kids.
|
| I see similar behavior with smartphones.
|
| 3 y.o. figure it out better than my parents because it seems
| their mindset is 'do all the things' to see what the i/o
| structure is. Their brain is built that way when they are so
| young.
| Havoc wrote:
| Who needs fancy fuzzing tools anyway?
| 0xTJ wrote:
| Not really the same, but I had fun back in high school. Finding
| the Novell messaging utility that let me send a message to (IIRC)
| anyone in the school board currently logged in, though not
| anonymously.
|
| Using some a couple lines of VBScript to change a couple registry
| entries (computers didn't persist storage anyways) you could also
| give your local admin privileges, to install stuff. That one got
| me in a touch of trouble, and I lost my account for a couple
| weeks while they "looked at my files", because I stored it on my
| network drive folder.
| boomboomsubban wrote:
| I'm surprised nobody had "e" in their password to notice this
| earlier.
| scalableUnicon wrote:
| Related: https://news.ycombinator.com/item?id=25801693
| plumeria wrote:
| So, is this an instance of the infinite monkey theorem?
| WhompingWindows wrote:
| Is there an automated process security researchers use like this?
| Just mashes random buttons for hours until it finds
| vulnerabilities?
| viro wrote:
| The concept of fuzzing is similar...ish
| inetknght wrote:
| A piece of GNOME easily crashes and causes security issues?
|
| Color me surprised! /s
| diegoperini wrote:
| Step 1: Gather timings of key presses from a lot of kids.
|
| 2: Use ML to learn how to simulate it.
|
| 3: Sell it as a service, labeling it KaaS.
|
| 4: Profit, then go to jail because of a misunderstanding.
|
| But seriously, is there such a tool to automate this?
| rusk wrote:
| As others have pointed out, you are describing fuzzing but
| rather than purely random you've trained your fuzzer on a
| particularly troublesome set of random variables ;-)
| fabianhjr wrote:
| Fuzzing ( https://en.m.wikipedia.org/wiki/Fuzzing )
| PartiallyTyped wrote:
| There's also model based testing and property based testing.
| QuickTest in Haskell and Erlang can generate test cases for
| your code.
| bjoli wrote:
| I have been using the name monkey-testing for this kind of
| testing for as long as I can remember. There are tools to
| automate it.
| segfaultbuserr wrote:
| People have been fuzzing user interfaces since the 80s. It was
| used for developing MacPaint and MacWrite in Apple's original
| Macintosh. Quote Wikipedia:
|
| > In 1983, Steve Capps at Apple developed "The Monkey", a tool
| that would generate random inputs for classic Mac OS
| applications, such as MacPaint [0]. The figurative "monkey"
| refers to the infinite monkey theorem which states that a
| monkey hitting keys at random on a typewriter keyboard for an
| infinite amount of time will eventually type out the entire
| works of Shakespeare. In the case of testing, the monkey would
| write the particular sequence of inputs that will trigger a
| crash.
|
| Read the story here:
|
| https://www.folklore.org/StoryView.py?story=Monkey_Lives.txt
| MrDresden wrote:
| I frequently use the monkey bundled with the Android tool
| chain[0] to stress test my UIs. Have found numerous issues
| throughout the years by using it
|
| [0] https://developer.android.com/studio/test/monkey
| Aulig wrote:
| That's really cool, I never knew about that. I'll have to
| try it on my apps!
| Anthony-G wrote:
| Thanks for sharing that story. It's probably the reason why
| Netflix decided to use "monkey" for the name of their tool to
| randomly terminate service instances:
| https://netflix.github.io/chaosmonkey/
| martin-adams wrote:
| This reminds me of when I was about 14. I had a Tamagotchi which
| I had for a record amount of time. My niece, about 2 at the time
| wanted to see it so let her hold it. Within 1/2 a second, she
| squeezed both buttons at the same time and crashed it.
|
| My daughter managed to buy 24 hours of football pass with NowTV
| by pressing the same button repeatedly on the remote within about
| 5 seconds.
|
| So a crash like this doesn't surprise me.
| _puk wrote:
| Hah, just reminded me..
|
| My daughter, whilst roaming in the US from the EU somehow
| managed to get unlimited data after her initial miserly roaming
| allowance was used up.. simply by switching airplane mode on
| and off repeatedly until data worked.
|
| I was stressing getting back home to a huge bill, but kept the
| "all chargeable services have been stopped" messages just in
| case.
|
| My final bill was PS300+, zeroed.
|
| Phew!
| withinboredom wrote:
| Also reminds me of "impossible" bug reports, only to discover
| the way to reproduce them was just simply double clicking on
| links and buttons.
| berkes wrote:
| We had some race conditions that started appearing more
| often over time. Those race conditions could be triggered
| by rapidly firing events on a busy backend.
|
| After long research, we found correlation with marketing
| moving their target from only students to 'older people'.
| Apparently the latter 'doubleclick' on links and buttons in
| webforms far more often. At least for us they did.
| josefx wrote:
| > Within 1/2 a second, she squeezed both buttons at the same
| time and crashed it.
|
| That was probably not a crash, on some that did a partial
| reset.
| gambiting wrote:
| Does anyone know why lockscreens in Linux have been such a joke?
| I remember trying Ubuntu couple years ago and when waking up my
| laptop it would show me my entire desktop with all the
| information displayed right there in the open for about 10-20
| seconds before suddenly engaging the lockscreen. All you had to
| do was close the lid and open it again and you could just copy
| whatever was on the screen before the lock screen appeared. I
| guess it's because the lockscreen was a separate process that had
| to start up? Still, what an awful awful design.
| Illniyar wrote:
| This happens to me regularly with macOS too, so perhaps it's
| harder then you imagine.
| speedgoose wrote:
| Never happened to me on Windows, so it shouldn't be that
| hard.
| mmis1000 wrote:
| Windows have multiple desktop sessions(the normal user
| session, and the safe desktop). Even if you ever able to
| crash the one that host lock screen without bsod. You still
| won't be able to go back to the normal desktop.
| joshuaissac wrote:
| It happens to me on Windows 10 if I close the laptop lid to
| lock the desktop and send it to sleep.
|
| When I open it again, the desktop is accessible for a few
| seconds (sometimes long enough to launch programs) before
| the lock screen activates and I have to input my password.
| The workaround I use is to manually lock with Win+L before
| closing the lid.
| passivate wrote:
| Would you mind posting a video? I have never seen this
| occurring in any version of Windows.
| sbarre wrote:
| Yep, also happens to me on my macOS 10.15 iMac..
|
| It will go to sleep, then when I wake it up, I get a flash of
| my desktop before the lock screen shows..
|
| Too fast to write anything down by hand, but you could
| certainly point a 60fps camera at it and get something I'm
| sure.
| SamBam wrote:
| Yup. On my 10.15.7 this happens frequently. Often if I open
| up the laptop I can see the current contents of the screen
| for a good 5-8 seconds before the lock screen shows.
|
| I don't think I could interact with the screen in any way,
| but I could certainly take a picture of it, if I had any
| private information on the screen.
| monopoledance wrote:
| In the past I also had some information leaks with an Nvidia
| discrete graphics card, which seemed to not clear its RAM or
| something. I think it even persisted over restarts or similar
| complete session terminations. So I assume, driver issues may
| play into this too.
| astrange wrote:
| Bad design in X11 which can't be fixed.
|
| https://news.ycombinator.com/item?id=25801693
| j-james wrote:
| I'm surprised he doesn't mention XSecureLock. Its entire
| focus is on preventing issues like this with modularity and
| redundancy.
|
| https://github.com/google/xsecurelock
| bionade24 wrote:
| I fear it's as secure as vsftpd: Secure until a large
| amount of users use it and find bugs.
| datenwolf wrote:
| It's not an X11 design flaw. The very concept of locking the
| screen is flawed. A flaw that also haunts Wayland, BTW.
|
| The concept of screen lockers is having a special layer, that
| can't be bypassed, which a locker creates. The whole security
| then hinges on the locker not crashing. X11 does have such a
| layer. Wayland compositors also implement it through such a
| layer. And for either the situation is, that if the locker
| crashes, that layer is destroyed by implication and the
| session exposed.
|
| That's a flawed concept.
|
| What you really want is _detachable_ graphics session. On the
| text console one can effortlessly use screen or tmux and to
| "lock" the session simply detach and exit to the regular
| login getty.
|
| You want _exactly_ the same, but for X11. And there 's no
| obstacle in printiple to implement this. It's just that the
| Xorg server can't detach. Almost all of the required code is
| there, fundamentally it'd be the same code that's executed
| during a VT switch.
|
| In the meantime one can use Xpra with Xvfb to create
| detachable X11 sessions, which then however lack GPU
| acceleration.
| jdc wrote:
| > In the meantime one can use Xpra with Xvfb to create
| detachable X11 sessions, which then however lack GPU
| acceleration.
|
| Maybe using Xdummy instead of Xvfb would work better?
|
| This wiki article makes such an approach look promising:
| https://xpra.org/trac/wiki/Xdummy
| shawnz wrote:
| The architecture you're describing would also be good for
| other reasons. For example, you could start a local
| session, lock it, and then remotely connect to the same
| session over VNC without local users at the workstation
| being able to see or interfere with what you are doing,
| just as on Windows.
|
| Mac OS almost gets this right, except it annoyingly
| defaults to sharing the remote session with the local
| console unless someone is already logged in locally.
| surajrmal wrote:
| I'm curious what other OS which avoid X11/Wayland do, such
| as Android. Do they implement an architecture like what you
| mention?
| mmis1000 wrote:
| Windows has a secure desktop that host lock screen. Crash
| that gives you a bsod or at worst a blank screen (your
| window did not host on it, whta did you expect?)
| zadler wrote:
| It's amazing to me that The most popular display managers
| on Linux have this flaw. Perhaps there is a workaround
| involving switching to another tty?
| arbitrage wrote:
| that's a really good point! your comment reminded me that
| that is what we used to do in the lab at university, a
| long time ago. switching to a different terminal, then
| locking that, was much more fool proof. perhaps not for
| security, but rather because X11 was so damned buggy and
| crashy, that you might need to have access to that
| terminal to get back into your workstation without
| forcing a reboot.
| Blikkentrekker wrote:
| Perhaps outside of display servers altogether,
| implementing an authentication system that keeps track of
| what user currently owns what v.t., and allowing only
| that user, or root, to switch to that v.t..
| toast0 wrote:
| The underlying design issues are:
|
| a) there's no Xserver concept of a lock screen which would be
| hard to fix, I suspect. How would you signal X to
| lock/unlock; what would it do if the lock client wasn't
| connected, etc.
|
| b) there's no atomic way to transfer mouse/keyboard grab to
| another window, which means you can't have a reliable, crash
| reduced screen locker that supervises a beautiful password
| checking program; it has to be the same program. This could
| probably be fixed with an X extension; yes, an extension is a
| lot of work, and yes, you'd have to deal with fragmentation,
| but you could keep the untoolkited password dialog in case
| the extension isn't present, nobody would see it unless they
| did something odd, so it's fine.
|
| Another issue is that I think I've seen some linux systems
| don't launch the screen locker until resume, instead of
| locking before suspend; that's not ideal, because the screen
| locker will take time to launch and lock the screen (more so
| if it's got a fancy initialization routine and is a large
| binary/many libraries to load).
|
| An option could be running a dedicated screen lock Xserver on
| a different VT, and (securely) switching to that one somehow.
| But that would probably involve changes to multiple layers at
| the same time, which is hard to pull off in Linux. People
| would complain about the bloat of running a second Xserver,
| regardless of the actual bloat or imcreased utility.
| josefx wrote:
| > and yes, you'd have to deal with fragmentation,
|
| Why not just require that it is there? Is there even a
| valid reason for someone to keep the extension out unless
| it is to give another "this is the reason X sucks" speech?
| toast0 wrote:
| Because, IIRC, xscreensaver is launched on demand (idle
| timer, power management), and that's a terrible time to
| detect the extension and tell a user that they won't be
| able to resume their session, because their Xserver is
| too old.
|
| Also, because of piecemeal releases, and remote X. You
| might update Xscreensaver, but not your X server or
| desktop environment. You might have a dedicated X
| terminal which can't easily have its server component
| updated, but you run remote sessions that have an updated
| Xscreensaver. (Btw, if you do this, you're pretty
| dedicated in 2021)
| andi999 wrote:
| What is todays alternative to remote sessions?
| toast0 wrote:
| Most of what I've seen has migrated towards a virtual
| display on the session server, streamed via vnc/rdp/? to
| a thin client.
| m45t3r wrote:
| > Another issue is that I think I've seen some linux
| systems don't launch the screen locker until resume,
| instead of locking before suspend; that's not ideal,
| because the screen locker will take time to launch and lock
| the screen (more so if it's got a fancy initialization
| routine and is a large binary/many libraries to load).
|
| This particular issue is fixed in logind, when you ask it
| to lock the season/suspend/hibernate it first calls the
| lock screen, wait it to signal it finishes and them it
| proceed to suspend/hibernate.
|
| Not saying you need systemd to fix this issue, but it is
| one of the things that systemd allows you to do correctly
| without reinventing the wheel.
| marcthe12 wrote:
| I like the dedicated VT, as DE users usually have a DM to
| login and for wayland that prob must a separate VT any way.
| The question is how to securely do this.
| sontek wrote:
| JWZ has been complaining about these screensavers for a
| decade. His screensaver from 20 years ago still doesn't have
| these issues.
|
| Its not an X11 problem.
|
| - https://bit.ly/3o2qekz
|
| - https://bit.ly/38Y6pGO
|
| (using bit.ly because he gives a testicle if referrer is HN
| :P)
| metafunctor wrote:
| I don't understand the part about JWZ's testicles, so here
| are the links without bit.ly tracking for those whose ad
| blockers don't allow them:
|
| - https://www.jwz.org/blog/2021/01/i-told-you-
| so-2021-edition/
|
| - https://www.jwz.org/xscreensaver/toolkits.html
|
| [Edit]: I understand now. My browser doesn't send referrer
| URLs, and I think that's the real fix instead of using
| something like bit.ly!
| gambiting wrote:
| You still get the testicles if you click this link, at
| least using Chrome you do. It's because the referrer
| field is set to HN so they know where the traffic is
| coming from.
| tehwebguy wrote:
| In mobile Safari tap and hold, then tap the preview or
| the open button
| asddubs wrote:
| just tried it in chrome, i got only one testicle
| drdec wrote:
| In Firefox, right-click and open in a new private window
| and the links will work.
|
| Just tested in Chrome and it works there as well.
| ascar wrote:
| Time to switch to Firefox and give Google less data.
| Firefox doesn't seem to send the referrer :)
| sgc wrote:
| Hmmm. I think somebody is following this thread because I
| got testies using ff on linux by clicking the bitly links
| above.
| sontek wrote:
| haha, same. jwz really wants us to see the testes!
| fullstop wrote:
| Brave does not send the referrer as well.
| sontek wrote:
| Yes it does. I use brave and I get testicles if I click
| the link.
| fullstop wrote:
| I've tested it multiple times, as have others. Perhaps
| you are running an ancient version?
|
| https://brave.com/privacy-updates-5/
|
| edit: see also:
| https://www.cookiestatus.com/brave/#referrer
| merlinscholz wrote:
| Can confirm on android, Linux and windows
| lscotte wrote:
| All good with Brave as far as I can tell. I don't know
| what everyone is talking about with testicles, but I
| don't see any with Brave.
| FriedrichN wrote:
| In Firefox set network.http.referer.XOriginPolicy and
| network.http.referer.XOriginTrimmingPolicy.
|
| Source: https://wiki.mozilla.org/Security/Referrer
| [deleted]
| wernercd wrote:
| I'm using Chrome with uMatrix and uBlock Origin... I
| assume one of those blocks the data because, somehow
| strangely, I feel left out that all I'm getting is the
| websites.
|
| I wonder why someone would setup a "bad result" for
| specific referrers ...
| sontek wrote:
| haha, yeah. I don't like using URL shorteners either
| there is just a balance to be made between them tracking
| you and getting redirected to testicles.
|
| Can't count on everyone having referrer turned off
| ohiovr wrote:
| Does anyone know how to make this right? Would simply
| removing the mate-screen-saver package work?
| nic_wilson wrote:
| To others, you'll definitely still want to copy paste that
| URL into a new tab rather than clicking directly. :~)
| shawnz wrote:
| In fact jwz himself says in that very post that it is a
| fundamental problem with X11:
|
| > X11 ... was designed with no security to speak of, and so
| lockers have to run as normal, unprivileged, user-level
| applications. ... This mistake of the X11 architecture can
| never, ever be fixed.
|
| He also claims in the second post that Xscreensaver is
| actually vulnerable to exactly the same kind of attack:
|
| > The xscreensaver daemon is a critical piece of security
| software. The reason for this is that, as a screen locker,
| any bug in the program that causes it to crash will cause
| the screen to unlock. As soon as xscreensaver is no longer
| running, the screen is no longer locked. Therefore, great
| care must be taken to ensure that the daemon never crash.
| erhan24 wrote:
| Xscreensaver has crashed twice in my life and opened the
| desktop. That's still a good statistic but it may have
| crashed because of the animation.
| sontek wrote:
| Sounds like you were probably using gnome-screensaver or
| some of the many other poorly written alternatives like
| cinnamon that do this. I don't believe there is any way
| for xscreensaver to unlock the desktop even if it does
| crash
| cbsks wrote:
| Incorrect. It's a limitation of X11 that if the
| screensaver daemon crashes, including xscreensaver, the
| desktop will be unlocked. See the JWZ links that are
| posted in this thread.
| throwanem wrote:
| Savers can crash without the screen unlocking. Are you
| sure it was xscreensaver you were running, and not one of
| the innumerable incompetent knockoffs?
| Liskni_si wrote:
| I've also seen some xscreensaver crashes a while ago:
| https://news.ycombinator.com/item?id=21224179
| formerly_proven wrote:
| X11 design flaws you say?
|
| https://github.com/swaywm/swaylock/issues/162
| https://github.com/swaywm/swaylock/issues/158
| https://github.com/swaywm/swaylock/issues/10
| bionade24 wrote:
| If you've ever looked in the bugtracker of a big X11
| screenlocker, you would love to have this small amount of
| bugs. In fact, some of the bugs you posted are alread
| solved and I can't find one bug related to displaying.
| Giving the display to the user could also lie in other code
| parts. We'll see how this ends, but it's already a huge
| gain that not every Everyday Linux user has experienced
| such things by themselves.
| chrismorgan wrote:
| I'm not familiar with the details of the design flaw and
| whether or not Wayland fixes it, but those links don't
| contradict this being an X-specific design flaw. I get the
| impression that swaylock is a direct port of i3lock, and
| thus stands a fair chance of being written and architected
| in an X style, rather than taking advantage of any superior
| form that Wayland may support but X didn't.
|
| Expressed otherwise: just because someone's written one
| piece of bad software for Wayland doesn't mean Wayland
| doesn't allow you to write good software. (Whereas I get
| the impression from what I'm reading that X makes it
| impossible to write a good screen locker, if by that you
| require that it be crash-proof and use the usual platform
| toolkit for the UI.)
|
| (Remember in this that I'm saying _I don't know_. I'd like
| to hear if Wayland _does_ have a good answer to this, or
| from anyone with definite knowledge that it doesn't.)
| waheoo wrote:
| I think they're simply saying that lock screens are hard
| to get right and that shitting on x11 at every chance you
| get doesn't help anything.
| notyourday wrote:
| I do not understand. There's an xl and its PAM-checking
| derivative xl-more that just work.
|
| They do nothing fancy - paint a window over everything and
| wait for the password to be typed in. No animation. No
| graphics. No anything. No enter unlock password dialog. I am
| sure there could be some edge cases but I'm having a hard
| time identifying them.
| anthk wrote:
| Slock is good.
| bionade24 wrote:
| Because X11 is such a joke. The problem is solved by wlroots
| and layer-shell, other Wayland compositors probably have
| similar things. Swaylock works 100%ly reliable until now (For
| me). I had problems with every other X11 screenlocker I used in
| the past. My unusual setup with a docking station and two
| monitors on it often caused crazy bugs.
|
| Edit: For me stuff
| Munksgaard wrote:
| What's your take on the issues listed by formerly_proven[0]?
|
| 0: https://news.ycombinator.com/item?id=25844338
| bionade24 wrote:
| I'll edit it to (for me). With working on an X11 desktop
| everyday, it felt like everyone has at least once
| experienced such an issue.
|
| To be fair to swaylock, they actually fixed some of those
| issues, in contrast to kscreenlocker which are just
| ignoring most edge-case bugs, because it's nearly
| impossible to fix them.
| Androider wrote:
| It's still a fundamentally flawed design, because the
| system fails open when the locker crashes. So it seems
| Sway / Wayland actually didn't learn anything in this
| area, and suffers from exactly the same problem as X11
| when it comes to the lockscreen.
| PurpleFoxy wrote:
| It seems like most of the complaints I see about distros have
| actually been solved problems for years but held back by poor
| distro defaults.
|
| I have been recommending fedora to people for a while because
| their defaults are far more modern and sane rather than
| clinging on to python 2 and X11
| josefx wrote:
| Other commenters link to similar issues with Wayland screen
| lockers. So I am not sure how the current shiny fixes
| things.
|
| > python 2
|
| In contrast to Wayland that can be installed in parallel to
| python 3. So the only reason to remove it is if you enjoy
| breaking working software.
| seba_dos1 wrote:
| The difference is that with Wayland there are no design
| issues that prevent you from implementing it reliably and
| securely; if it's broken it's an implementation problem
| that can be fixed.
|
| Also:
|
| > In contrast to Wayland
|
| I don't think Wayland is what you think it is.
| canofbars wrote:
| Its not that they still had python 2, its that the binary
| "python" referred to python 2 on ubuntu (it might even
| still be like this) while other distros had it pointed to
| python 3.
| eznzt wrote:
| It's complicated: https://lwn.net/Articles/780737/
| josefx wrote:
| Given that python versions are incompatible by design you
| should probably explicitly refer to the version your code
| supports. At least that is my takeaway from this mess.
| stretchcat wrote:
| This whole situation is a bad trap for novices, given how
| many tutorials, class slides, etc ask students to
| copy/paste various invocations of pip and python that may
| or may not work verbatim on their distro.
| moistbar wrote:
| Breaking stuff is the first step towards learning to fix
| stuff.
| bionade24 wrote:
| But then you are breaking enterprise stuff !!!1!11!
| canofbars wrote:
| My favourite moment was when fedora turned on CGroups v2
| after every distro waited years for docker to update to
| it. Docker was broken on fedora until you manually turned
| v1 back on but then docker suddenly upgraded to support
| v2.
| globular-toast wrote:
| I've seen Windows do that too. It's not just Linux.
|
| My guess is that these lock screens are all bolted on
| afterwards rather than being in the design from the ground up.
| AnIdiotOnTheNet wrote:
| > I've seen Windows do that too.
|
| Really? I have never seen this in Windows. Don't get me
| wrong, I've seen plenty of lock screen failures in Windows,
| usually in the form of it suddenly being unresponsive, just
| never anything that actually gave me access to the locked
| session again.
|
| The closest I've seen is when using RDP, if the Window has
| been minimized or hidden or otherwise has had reason not to
| update its display, then locked due to timeout, it will
| briefly show the last image it rendered when reactivated
| before updating and showing the lock screen.
|
| P.S.: As other users have pointed out, Windows does have some
| known lock screen bypasses using accessibility and help
| dialogs, but in regards to merely crashing the lock screen, I
| haven't seen it behave in an insecure way.
| globular-toast wrote:
| Yes, really. I don't use Windows myself, but I've seen it
| happen to others. As another commenter said, it's usually
| when the computer is coming out of "sleep" or something
| like that. Plenty of times I've seen a glimpse of the
| desktop that was long enough for me to get a vague idea of
| what they were doing before the lock screen takes over. If
| one was determined enough a photograph could easily be
| taken in that time.
| robocat wrote:
| My guess would be that the video buffer wasn't cleared
| before suspending. If so, on resuming there is a race
| condition between painting the lock screen, and turning
| on the video hardware that will show the screen memory as
| it was when suspended.
| AnIdiotOnTheNet wrote:
| Huh, interesting. Probably explains why I haven't ever
| seen it: I never use sleep.
| joefife wrote:
| I see this maybe once a week. It only seems to happen when
| I'm waking the PC.
| Jonnax wrote:
| Windows 10 or some ancient version of Windows?
| josefx wrote:
| There had been recent bugs on windows 10 where you could
| navigate your way to a desktop session through the input
| assistance dialogs (mashing the shift button). They fixed
| it by removing one of the links in the UI. In older Windows
| I think it was a mix of help and printer dialogs.
| saagarjha wrote:
| I've seen this happen on macOS too.
| 3np wrote:
| slock has never surprised or disappointed me.
| ekimekim wrote:
| I've experienced an issue where the window blacking out the
| screen would get moved aside, it was something to do with
| plugging and unplugging monitors and somehow the screen
| contents would become visible. I probably couldn't reproduce
| it if I tried.
|
| I wasn't too concerned about it since it still blocked all
| user input, but if you had sensitive info visible it could
| definitely be an issue.
| Kelamir wrote:
| I use i3lock, no such issues with it.
| boblivion wrote:
| https://www.jwz.org/xscreensaver/toolkits.html Good post on the
| topic
| mici wrote:
| This link does not show what you think it will show (pretty
| much NSFW).
|
| The thread was linked below (or above, to this same parent),
| or see: https://web.archive.org/web/20210116101222/https://ww
| w.jwz.o...
| gambiting wrote:
| Uhm, this link doesn't lead where you think it does. Or the
| owner of the website is specifically redirecting HN traffic.
| ketzu wrote:
| They are, if you copy paste the link you can read the
| article.
| cinntaile wrote:
| He's specifically redirecting HN traffic, if you copy the
| link you won't have any issues.
| Tsiklon wrote:
| Judging by the redirect to the image macro of a testicle in
| an egg cup, specifically calling out HN, I think we can
| assume the author of that article does not appreciate links
| to his website from HN
| GekkePrutser wrote:
| So what. This is how the web works. If you don't want
| people linking to you, don't have a website. He puts this
| blog out there for people to read, is it so weird that tech
| sites like HN would want to link to it?
|
| And really if you're being DDoSed by a small thing like HN
| comment links you really have to up your game :) Wait till
| you get featured on reddit (previously called slashdotting
| when slashdot was still a big thing).
| throwanem wrote:
| He doesn't think he's getting DDoSed from here. He
| doesn't _respect_ anyone who comes from here.
|
| Nor should he, not least because the redirect reliably
| results in ~90% of comments in any thread where jwz is
| mentioned being about the testicle in the eggcup rather
| than anything substantial.
| GekkePrutser wrote:
| But he refers to DDoS specifically in his eggcup image :)
|
| PS: I have no idea what he means by "finance-obsessed"? I
| think the community at HN is tech-obsessed which is what
| I like about it. But finance? This is not yahoo finance
| or wherever all the finance guys hang out.
|
| It sounds more like he had a clash with someone specific
| on a finance-related issue and bases his view of the HN
| community on that. The eggcup is a bit of an immature way
| to deal with this IMO. Especially as he has good points
| to make about X11 security, and this undermines them.
| throwanem wrote:
| Venture capital is finance. So is cryptocurrency.
|
| I don't know what prompted the redirect; it predates my
| awareness of Hacker News. I could guess, but why bother?
| The man has a nightclub to run, and I'm sure that's
| plenty all by itself to fill his days.
| seabird wrote:
| "Finance obsessed" is a pretty accurate description of
| what's going on here. A huge number of people on this
| site have trouble understanding that there's a world
| outside of the Bay Area where rent isn't $3000+ a month,
| and that its possible run a company without involving
| venture capital and ballooning to multi-million dollar
| revenues in less than five years. Even the tech
| discussion here revolves around this stuff -- almost
| every thread has some mention of "scaling" even if what's
| being discussed is a niche product that will have a
| customer base of a few thousand people over its entire
| life.
|
| I like this site a lot, but I have a lot of patience when
| it comes to deciphering what is being affected by the
| Software Hub City Reality Distortion Bubble. Some people
| don't, hence the eggcup testicle, and people that think
| something like that undermines the technical argument
| aren't thinking clearly enough to even debate the
| technical point with anyway.
| kowlo wrote:
| I clicked the link specifically seeking out this testicle
| in an egg cup, however, all I got was an article on
| XScreenSaver.
|
| How do I get the testicle in an egg cup?
| ohgodplsno wrote:
| Make sure your browser sends in the Referer header.
|
| Otherwise, this is the image that gets displayed:
|
| NSFW. This is a testicle in an egg cup.
|
| https://cdn.jwz.org/images/2016/hn.png
| kowlo wrote:
| Thank you! I'm using plain Safari with no extensions.
|
| An interesting website and blog, I like it! I wonder what
| their problem with HN is, although I don't mind being a
| testicle!
| angled wrote:
| Jamie wrote xscreensaver...
| saagarjha wrote:
| Safari doesn't do referrers for what I assume is privacy
| reasons.
| minxomat wrote:
| Still happening on Linux mint for me.
| f1refly wrote:
| For x lockscreens this is solved by making sure the lock
| launches _before_ the system is suspended, I'm not sure how
| many distros do it like that though.
| anthk wrote:
| slock & pm-suspend.
| YtvwlD wrote:
| This is the default on any modern distro (which has logind).
| [deleted]
| josephg wrote:
| Can anyone explain why a crash in xscreensaver results in the
| computer being unlocked?
|
| It seems like this whole class of bugs could be fixed pretty
| easily by having a simple process watchdog run xscreensaver as
| a child process, and re-launch it if it crashes without first
| signalling that the desktop has been unlocked.
| josefx wrote:
| > and re-launch it if it crashes without first signalling
| that the desktop has been unlocked.
|
| Might be better to just exit the session or load a
| minimalistic replacement lock program (like the original
| xscreensaver) to avoid an infinite crash loop.
| josephg wrote:
| Maybe! An infinite crash loop is also usually better than a
| security vulnerability, so I think it would be a win even
| without that.
|
| Also this bug (and probably most other bugs xscreensaver
| has had over the years) wouldn't result in an infinite
| crash loop anyway.
| segfaultbuserr wrote:
| KDE has a failsafe mechanism. If the screen locker has
| crashed, it shows a black screen of death with a huge error
| message.
|
| > The screen locker is broken and unlocking is not possible
| anymore. In order to unlock, switch to a virtual terminal
| (e.g. Ctrl+Alt+F2), log in and execute the command: "loginctl
| unlock session c2". Afterwards switch back to the running
| session.
|
| I think it's a reasonable design.
| bionade24 wrote:
| No, it's not failsafe. I know a person where only one
| screen of two got locked, the second one remained
| operational.
| segfaultbuserr wrote:
| Okay, let's call it an "incomplete failsafe". I don't
| want to discuss the correct terminology, but the idea
| itself.
| josefx wrote:
| That might be a kde limitation in general. The amount of
| "fun" I had dealing with two screens on kde is outright
| endless. Not sure they even test that kind of
| configuration, 640x480 pixels should be enough for
| everyone.
| mikeyjk wrote:
| I'm using 3 monitors on KDE with Debian currently and
| it's been fine for me.
|
| All screens lock together etc.
| BoorishBears wrote:
| I'm sure they're referring to the failsafe.
| bionade24 wrote:
| Now imagine they're powered by a docking station, you go
| into suspend, put the laptop out of the docking station,
| wake it up and - tadaa! This bug dissappeared but still
| occurs slightly diffrent for other people. Three monitors
| itself aren't more edgecase than 2. How long are you
| using this setup?
|
| Besides screenlockers, having 2 screens with diffrent
| resolutions is way worse in KDE than in GNOME. (On X11)
| tremon wrote:
| I don't believe the X system had/has a separate protocol for
| screen locking, or if it does, that any of the programs
| implement it. So xscreensaver is just another X client that
| happens to draw itself full-screen on top of all other apps
| and grab all user input.
|
| From the point of view of the display manager, a
| screensaver/screenlocker crashing is just a simple app crash.
| There's nothing in the protocol to suggest that this is a
| security failure.
| tremon wrote:
| _From the point of view of the display manager_
|
| Argh. That would be the window manager, of course.
| tux wrote:
| xscreensaver + light-locker should be okay, there is no
| virtual keyboard.
|
| There is also xsecurelock [1] by Google.
|
| [1] https://github.com/google/xsecurelock
| josephg wrote:
| You don't need special X support for having a lightweight
| process monitor.
|
| I'm imagining 2 processes:
|
| 1. Process monitor shows a fullscreen black window.
| Launches xscreensaver --lock or something as a child
| process
|
| 2. Xscreensaver shows the lock screen over the top of the
| process monitor, with a password prompt
|
| When the correct password is entered, xscreensaver signals
| to its parent process. Then both processes close
| gracefully.
|
| If xscreensaver crashes without signalling, the process
| manager silently restarts xscreensaver.
|
| None of that requires any changes to X. You'd just want to
| be sure xscreensaver is displayed on top of the process
| manager's black window.
| buckminster wrote:
| jwz wrote a document explaining why this is hard. (Note
| that this link may result in an unsavoury redirect if you
| click on it from here. You can, e.g. copy and paste it to
| avoid this.)
|
| https://www.jwz.org/xscreensaver/toolkits.html
| chaganated wrote:
| I believe that's how JWZ's XScreenSaver works, but every
| distro decided to re-invent the wheel there for whatever
| reason, then blame it all on X11 when it inevitably fails.
| smolder wrote:
| I don't dispute the bad design, but FYI, there was also a very
| recent exploit for accessing bitlocker drives on Windows
| without login credentials, making use of accessibility features
| on the lockscreen.
| [deleted]
| pojntfx wrote:
| X11 problem. Wayland fixes that and is the default on Fedora
| etc. as of 2021.
| krick wrote:
| Oh, so Wayland is finally ready to replace X11?
| canofbars wrote:
| Whether wayland is ready for you basically comes down to 2
| questions:
|
| * Do you use a nvidia GPU * Do you need to screen share
| from electron or other x11 only applications (MS teams,
| etc)
|
| Its ready if you said no to both of those.
| xorcist wrote:
| > Do you need to screen share from electron or other x11
| only applications
|
| Doesn't XWayland solve this?
| vetinari wrote:
| No, but Pipewire does, and it works under _both_ X11 and
| Wayland.
|
| Firefox supports Pipewire, Chrome has it behind
| experimental flag. Electron apps like Skype or Teams?
| Forget it.
| YtvwlD wrote:
| No.
| kevin_thibedeau wrote:
| Won't it be ready when X11 apps can run inside without
| issue? X servers on Windows don't have these sort of
| problems.
| casept wrote:
| The screensharing can be worked around by building a
| somewhat hacky solution (recording the desktop to an
| XWayland window and sharing that, for example by using ht
| tps://gitlab.com/lelgenio/dotfiles/-/blob/master/dotfiles
| /...).
| bionade24 wrote:
| You can use MS teams in Chromium or Firefox. The secret
| is that Browsers disable 3rd Party cookies per default
| for a year now or so and Microsoft has not reacted to it
| yet.
| wilsonthewhale wrote:
| I tried plasma-wayland on Arch a couple days ago.
|
| Log in, open firefox. Minimize the window, and the entire
| machine freezes. This is on an AMD GPU as well.
|
| Every time I try Wayland, whether it be sway on my laptop
| or plasma on my desktop, I run into snags that _did not
| exist_ in X. So back to X I go.
|
| I'll switch to Wayland when it's ready "for real,
| actually, promise", and not a moment before. Maybe when
| Debian Stable switches to it by default.
| cycloptic wrote:
| Unfortunately the KDE wayland session is still somewhat
| unstable. GNOME's wayland session is farther along in
| this regard.
| gspr wrote:
| Screen sharing of X11 windows from a Firefox running on
| Wayland works fine for me under Sway. Sharing of other
| Wayland windows, or the whole screen, however, does not.
| stelf wrote:
| Time to make a joke about Windows lock screens? Or perhaps not...
| snarfy wrote:
| https://i.imgur.com/rG0p0b2.gif
| nrvn wrote:
| I enjoy to see my kid breaking software, POS terminals and
| causing ATMs to throw error windows. Nothing critical, just funny
| how random screen touching and keyboard mashing drives "serious"
| software crazy.
|
| Fool-proof and child-proof software is yet to come.
|
| Hire QA kids.
| 12312311241231 wrote:
| Keep in mind that screensavers aren't the only untested dumpster
| fire on Linux Desktops (or ~ distributions in general).
|
| The whole desktop architecture is out of date. I wouldn't be
| surprised if someone argued that screensavers aren't important
| because it's just your user data exposed, the root account is
| still safe!
| codeulike wrote:
| It works in the movies
| atomize wrote:
| They learn so young these days! Never ceases to amaze me. They
| are totally set up for this industry. Would hire 10/10.
| tauntz wrote:
| Mi kid got around the lock screen of my mac. Twice.
|
| It was 4-5 years ago when he was about 2. I had a 15+ character
| random password (a generated one including symbols etc) so the
| chances of him being lucky were rather slim. He was just mashing
| button on the lock screen for less than a minute when boom, I was
| suddenly signed in. The first time I thought it was a fluke. Then
| it happened again after a couple of months. After that I took my
| phone, sat him behind my computer and started to record him
| playing with the buttons but it never happened again and my hopes
| of getting a bug bounty from Apple vanished :(
| apexalpha wrote:
| Perhaps it was related to this bug:
| https://www.wired.com/story/macos-high-sierra-hack-root/
| matsemann wrote:
| Probably just hit enter when the password field was empty. For
| some reason that bypassed all security on OS X.
| rand49an wrote:
| You used to be able to just open up recovery mode and reset
| the password anyway, passwords on OS X used to be a theatre.
| No idea about it now though.
| thomasmg wrote:
| My kid (3 years old then) found an issue in the MacOS lock
| screen as well. It didn't result in a bypass, but a "Spinning
| Beach Ball of Death". I could then reproduce it and even filed
| an issue, but only I could reproduce (and one funny response
| was: "Why would you want a screen shot of the screen sleeping?
| It would just be black." - well tell that to my kid):
| https://discussions.apple.com/thread/7598463
| GrumpyNl wrote:
| That discussion railed of pretty quickly.
| dd_roger wrote:
| > https://discussions.apple.com/thread/7598463
|
| Wow every new person who joins that thread misses the point
| more than the previous one. This was painful to read.
| young_unixer wrote:
| genuine question: Is that dialabrain person an Apple
| employee or just a user?
| ballenf wrote:
| Here's the last reply before the thread was locked:
|
| > I don't see the point of pressing the wrong series of key
| combinations nine or more times in a row constitutes a
| "Login Window ScreenShot Problem" any more than dropping my
| MacBook from various heights until it breaks is a
| reliability problem.
|
| Why do people hold computers to such a lower standard than
| other complex devices in their life? (Serious question -- I
| don't understand people very well here.)
|
| Can you imagine a car that wouldn't unlock or start if a
| passerby without the key plays with the door handles too
| much? If this has happened and is documented, that alone is
| a testament to its rarity and people's unwillingness to
| excuse the behavior.
|
| Unless it happened to early Tesla, because they were held
| to the lower standard applied to computers and OSs. That
| doesn't seem to be as true anymore, thankfully.
| moistbar wrote:
| >Unless it happened to early Tesla, because they were
| held to the lower standard applied to computers and OSs.
| That doesn't seem to be as true anymore, thankfully.
|
| I've definitely had my Model 3 not unlock when it should,
| but I've never had it go the other way around.
| thomasmg wrote:
| With the current version of MacOS I have (not the latest),
| one could still cause some havoc... E.g. filling the disk by
| recording a movie with sound. Command+Shift+5. When mashing
| the keys, sometimes after login a list of message shows up
| ("Can not save the screenshot at this location").
| bjoli wrote:
| My 4 year old son manages to beach-ball the big sur lock screen
| about twice a week. It has resulted in lost work more than
| once.
|
| On the previous version I believe he managed to unlock the
| computer as well, just by hammering the keyboard.
| slim wrote:
| my kid got around a locked cash box yesterday. it's amazing how
| much security is tied to ingrained behavioural patterns
| [deleted]
| Jerry2 wrote:
| That reminded me of the Linux GRUB2 bug where you could press
| Backspace key 28 times and bypass all security. [1]
|
| > _The source of the vulnerability is nothing but an integer
| underflow fault that was introduced with single commit in Grub
| version 1.98 (December 2009) -
| b391bdb2f2c5ccf29da66cecdbfb7566656a704d - affecting the
| grub_password_get() function._
|
| [1] https://thehackernews.com/2015/12/hack-linux-grub-
| password.h...
| herpderperator wrote:
| In middle school long ago, I was using one of the library search
| computers. They ran Windows XP and were locked down to the point
| where you couldn't open anything except the software that was
| running and you had no access to the desktop. One day I was
| rapidly mashing the "Search" button in the native book-searching
| software they were using - for no reason at all - and it suddenly
| opened an Explorer window out of nowhere showing everything in
| the filesystem. I could reproduce it easily with rapid-enough
| clicks. I still have no idea why that happened.
| Haemm0r wrote:
| Classic thing was to write file:///C:\ (or something similar, I
| do not remember it anymore) on computers with only kiosk mode
| IE on them to access the local file system. :)
| mhh__ wrote:
| Also powershell was usually unbanned in my experience even if
| the policy disabled cmd
| michaelcampbell wrote:
| In the early web days, I had a public facing web site with a
| link that said "I can see what's on your computer", and the
| href was essentially what you posted.
|
| The number of emails I got from that was worth the vitriol
| contained in them, including threatened lawsuits.
| Hoboburger wrote:
| Oh man this brings back so much nostalgia for the old school
| computer exploits we used to find.
|
| Only approved programs software was supposed to run but you
| could actually run anything as long as the .exe was on the
| desktop.
|
| 7-zip would let you explore the entire network drive, including
| teachers folders that we didn't have access to.
|
| Unplugging the reconnecting the Ethernet cable wouldn't
| reconnect you to the teachers monitoring software.
|
| We had a zip filled with games like Starcraft 2, Quake 3, Halo
| CE that was hidden on the shared network drive that kids around
| the school would use to play and LAN with each other.
| jorvi wrote:
| This reminds me of the classic XP login screen bypass by
| opening the help dialog, then the print dialog, then searching
| for a file to open for printing, and then executing
| 'explorer.exe' (I might be misremembering, this is quite a
| while ago).
|
| I also remember figuring out how to share my USB key as a
| network drive to other users. Many fun middays were had
| blasting around in Halo or Soldier of Fortune II with like 10
| friends, although less fun was had when our school's sysadmin
| found some lingering cache files that were owned by my id.
| Darmody wrote:
| If you leave a Virtual Box window open with Windows (I'm not sure
| about other OS) it'll bypass the lockscreen on Ubuntu, at least
| partially.
| kuter wrote:
| For anyone interested there is something called fuzzing that uses
| _usually_ code coverage based heuristics to generate data to find
| bugs.
|
| For example LLVM's lib fuzzer uses instrumentation to track code
| coverage and mutates data to find invalid behaviour.
|
| https://llvm.org/docs/LibFuzzer.html
|
| It uses a compiler pass to insert code to branch points functions
| calls etc. I think it uses genetic algorithms to increase
| coverage by changing the data.
|
| There are others that work in similar ways one of them is.
| https://github.com/google/AFL
| passivate wrote:
| Well, I guess the obvious question to ask is has anyone run
| this particular fuzzer on the code in question?
| cuillevel3 wrote:
| Here is an eight year old presentation on fuzzing X:
|
| https://media.ccc.de/v/30C3_-_5499_-_en_-_saal_1_-_201312291...
| suyjuris wrote:
| I have used AFL a few times casually in some personal projects,
| and it has always performed quite well for me. Of course, there
| are a lot of weird cornercases which would not occur on real-
| world (non-adversarial) inputs, but it also found some very
| real bugs.
|
| (For example, I once wrote a hash table implementation where
| the insertion and resizing procedures had slightly different
| views on wraparound, causing failures on very specific inputs.
| Another time, I wrote some code to buffer out-of-order
| messages, which would only occur due to a race condition. It
| was wrong. Both times I had thought carefully about the code,
| and the bugs would have been painful to discover otherwise.)
| Vinnl wrote:
| Somewhat similar for web UIs: Quickstrom is a tool that lets
| you define a set of conditions that should hold (e.g. "there
| should always be an 'Add todo' button"), and then it'll
| simulate behaviour that might break that condition.
|
| See https://quickstrom.io/
|
| (I haven't used it myself yet, but it looks interesting.)
| rblion wrote:
| Imagine if Jurassic Park was real and this happened...
| smooth__ wrote:
| "It's a Linux system! I know this!"
|
| _smashes keys_
|
| _Unlocks_
| causalmodels wrote:
| The first computer I ever bricked was a my father's work laptop
| running Windows 95. I was a toddler and wanted to press the
| buttons. Good to see the kids are still at it!
| technothrasher wrote:
| I remember finding a very similar issue with XDM on a Sun 3/60
| back in about 1992. Just mash the keyboard while in the
| 'password' field and it would eventually drop a root shell. Oops!
| GlitchMr wrote:
| I find interesting that GNOME Screensaver's security depends on
| it to not crash.
|
| Meanwhile, in KDE the lock screen is managed by KDE Session
| Management Server which ensures that lock screen cannot be
| bypassed by simply crashing its process.
|
| The way it works is follows: ksmserver draws a black rectangle
| over everything and spawns kscreenlocker. If kscreenlocker
| crashes, the black rectangle is still here, and ksmserver will
| spawn kscreenlocker again but this time with software rendering
| (just in case it crashed due to graphics driver issue). If
| kscreenlocker crashes four times then KDE Session Management
| Server gives up, stops respawning kscreenlocker and simply draws
| the following text on the screen. The screen
| locker is broken and unlocking is not possible anymore. In
| order to unlock switch to a virtual terminal (e.g. Ctrl+Alt+F2),
| log in and execute the command: loginctl unlock-
| session %1 Afterwards switch back to the running
| session (Ctrl+Alt+F%2).
|
| If ksmserver itself crashes then the entire session closes.
|
| I'm not sure why GNOME screensaver cannot do something like this.
| Lock screen crashing seems like something inevitable (especially
| considering buggy graphic card drivers and so on), and it makes
| sense to prepare for it so that crashes won't bypass the screen
| locker.
| awestroke wrote:
| That does sound much more sane.
| [deleted]
| anticensor wrote:
| Interestingly, there is a race condition in GNOME lock screen
| which sometimes blocks sleep until _unlocking_.
| cycloptic wrote:
| >I'm not sure why GNOME screensaver cannot do something like
| this.
|
| This actually is fixed in upstream GNOME because the
| screensaver is now built into the shell. The problem here is
| exclusively with cinnamon-screensaver and other components
| derived from gnome-screensaver, which is unmaintained and
| upstream GNOME considers it obsolete.
| fao_ wrote:
| [counter-factual information produced by a misreading of what
| was stated in the github comments - deleted :)]
| noisy_boy wrote:
| > I'm not sure why GNOME screensaver cannot do something like
| this. Lock screen crashing seems like something inevitable
| (especially considering buggy graphic card drivers and so on),
| and it makes sense to prepare for it so that crashes won't
| bypass the screen locker.
|
| That is an option Linux Mint is considering[0] among other
| options.
|
| [0]: https://github.com/linuxmint/cinnamon-
| screensaver/issues/354...
| dheera wrote:
| The Gnome screensaver lock is only a fluffy fake security
| mechanism. It's not real security.
|
| I've had many instances where my CPU was bogged down and after
| hitting the keyboard I could use the computer for a good
| several seconds before the lock screen popped up asking for a
| password.
| inetknght wrote:
| I actually had this happen around Christmas (using Manjaro). I
| had no idea what the message really meant or what caused it.
| The instructions were at least clear enough to get back into
| the running session, which is far better than, say, most of
| GNOME's crap.
| Blikkentrekker wrote:
| Our internal research found that clear error messages
| confused our users, so we removed it.
|
| I have no idea what _KDE_ is or does, sorry.
| inetknght wrote:
| > _Our internal research found that clear error messages
| confused our users and removed it._
|
| I can't tell if this is sarcasm or if you're serious. If
| you're serious, please tell me what product you've
| butchered so I can avoid it like the plague.
|
| Clear error messages only confuse people who shouldn't be
| using the product in the first place. More importantly: a
| clear error message at the cost of a few confused users is
| far more important than an unclear error message that costs
| even more users hours or days of trouble.
|
| I would far rather have a message that tells me that the
| software broke because the desktop manager found a crash
| loop and point me to the crash loop logs even if some other
| poor unfortunate soul has no idea what a crash log is or
| can't figure out how to access or understand the crash log.
| Blikkentrekker wrote:
| > _I can 't tell if this is sarcasm or if you're
| serious._
|
| It is entirely sarcastic, mocking some of _GNOME_ 's more
| infamous design proclivities.
| cycloptic wrote:
| I'm asking nicely, can we please not do this? Let's not
| exacerbate the problems of bad communication by using
| more sarcasm and hyperbole. If there is some particular
| thing that can be done to improve areas where there are
| perceived design proclivities, can we focus on that
| instead?
| Blikkentrekker wrote:
| But it's not constructive criticism, but humor.
|
| I agree that sarcasm provides for poor constructive
| criticism to get a point across, but the intent was
| mockery, not being helpful.
|
| I certainly do not believe that _GNOME_ would take the
| advice of an _H.N._ post, and they are well aware of
| these criticisms to begin with, as they are commonly
| levied against them.
| cycloptic wrote:
| I don't mean criticism, we (HN users) all have heard all
| the criticism a hundred times before. I mean actual
| actionable feedback that someone is able to work with,
| e.g. if there are problems with the design then we can
| bring some concrete data that shows new, reliable
| information. That means taking honest efforts to
| establish two-way communication where there is none.
| Blikkentrekker wrote:
| > _I mean actual actionable feedback that someone is able
| to work with_
|
| Is this not what "constructive criticism", as I called
| it, is?
|
| _GNOME_ is not going to listen to an _H.N._ comment an
| change it 's ways, and it was never my intent to reach
| them or otherwise inspire change in them.
|
| My intent was simply to be humorous.
| cycloptic wrote:
| Please don't discount yourself like that, by resigning to
| the usual HN snark. I think you're smart and capable of
| much more. If there is new, important and relevant
| information brought to them, they will listen to that.
| (This applies to most big projects I've seen, not any one
| in particular. The smaller niche ones that commit to
| having their small narrow audience are the ones I've seen
| that tend to be resistant to new ideas)
| Blikkentrekker wrote:
| I doubt they scan _H.N._ comments for input or come
| across them.
|
| If I had wanted to reach them, I would certainly do wiser
| to simply send them a feature requaest bug report.
| inetknght wrote:
| Many developers and executives _do_ participate in social
| media including Hacker News. I have seen plenty of tech-
| related fixes and features that come directly from Hacker
| News comments.
|
| In all I think the best feedback I can give _you_ would
| have been to include a ` /s` to indicate sarcasm and
| jest.
| Minor49er wrote:
| I've had similar discussions at a previous job with their
| platform (it was a marketing dashboard). Management
| wanted developers to suppress error messages because
| users wouldn't know what to do with them. However, users
| always contact the help desk when things go wrong. User
| feedback became much harder for us to understand, so
| issues would take much longer to resolve. Instead of
| saying "I did ABC and I saw a message that said 'XYZ'",
| they would say "I did ABC and it broke"
| genpfault wrote:
| Given the "I have no idea what KDE is or does, sorry." I
| suspect it's a reference to the 'ole "I have no idea what
| XFCE is or does sorry."[1][2]
|
| [1]:
| https://trac.transmissionbt.com/ticket/3685#comment:4
|
| [2]: https://web.archive.org/web/20130429182829/http://ww
| w.linuxu...
| johnmaguire2013 wrote:
| Maybe the issue is what you consider a "clear error
| message"?
|
| A clear error message should not necessarily clearly
| explain _what_ the issue is - a clear error message should
| clearly explain how to solve the issue, or at least point
| the user in the direction of a solution.
| inetknght wrote:
| At a minimum, a clear error message should include a
| contact point and what information to include. If error
| logs are available, they must be available for
| inspection, annotation, and approval before submission.
| brnt wrote:
| I have no idea why GNOME is the default DE for the big distros
| (Redhat et al, Ubuntu). Technically it's evidently inferior, it
| had substandard ergonomics and features like accesibility
| services. I really dont get it.
| Const-me wrote:
| In Windows it's also good. The way it works is follows.
|
| The OS support multiple desktops. Similar to files or registry
| keys, desktops have security descriptors attached (a data
| structure keeping who's the owner, and optionally listing
| users/groups with their respective permissions on the object
| being controlled).
|
| To do anything on a desktop, like create windows, paint stuff,
| or interact with windows on that desktop, user doing that is
| required to pass an access check against the security
| descriptor of the desktop. If failed, these GUI-related
| functions gonna return "access denied" status code instead of
| doing anything.
|
| The login screen is simply rendered on a separate desktop. That
| desktop has restrictive security descriptor, most users don't
| have permissions to interact with them. UAC prompts are also
| displayed on another desktop, that's how it's impossible to
| automate them from within a program who triggered the UAC
| prompt.
|
| BTW, about crashing GPU drivers, on modern Windows the
| condition is recoverable. The symptoms are black screen for a
| second, then the OS resets the hardware, restarts the driver,
| and resumes rendering of the desktop. Observed quite a few
| times working on advanced GPU stuff, especially compute
| shaders.
| Sohcahtoa82 wrote:
| > BTW, about crashing GPU drivers, on modern Windows the
| condition is recoverable. The symptoms are black screen for a
| second, then the OS resets the hardware, restarts the driver,
| and resumes rendering of the desktop. Observed quite a few
| times working on advanced GPU stuff, especially compute
| shaders.
|
| When I mine cryptocurrency while playing games, I appear to
| sometimes run out of GPU memory (Both Task Manager and MSI
| Afterburner let me monitor usage) and I have experienced this
| reset. It's surprisingly graceful, even when a game is
| running, though NVIDIA Broadcast often doesn't like it and
| needs to be restarted, and I will sometimes see lingering
| graphical glitches in the game until I restart, but it's not
| game breaking.
|
| You can also trigger a GPU reset manually with CTRL-WIN-
| SHIFT-B.
| dr_cypher wrote:
| jwz has a lot to say about complex graphical toolkits/desktop
| environments and their complex locking mechanisms. It's an
| interesting series of posts. If you are not
| running xscreensaver on Linux, then it is safe to assume that
| your screen does not lock. Once is happenstance. Twice is
| coincidence. Three times is enemy action. Four times is
| Official GNOME Policy.
|
| https://www.jwz.org/xscreensaver/toolkits.html
| xanax wrote:
| I don't think that's the right link mate. I got redirected.
| GlitchMr wrote:
| I would recommend not linking to jwz's website. Use web
| archive or something if you have to. jwz dislikes Hacker News
| and intentionally shows an NSFW image when Referer header
| shows Hacker News.
| Stierlitz wrote:
| > .. jwz dislikes Hacker News ..
|
| Why, what's the back story?
| RichardCA wrote:
| It has something to do with the 1990's dot-com culture,
| like the original Netscape was somehow more pure than
| what came after, and this causes him to view modern
| inheritors like YC with a jaundiced eye.
|
| You can watch this if you have an hour.
|
| https://youtu.be/4Q7FTjhvZ7Y
| avree wrote:
| It's quite nice of Apple to strip this by default in Safari
| --didn't even realize it was a thing until I switched over
| to Chrome to see what you were talking about.
| wutbrodo wrote:
| I didn't see it in mobile Chrome (well, Brave) but I kind
| of want to...
| loeg wrote:
| It's this: https://cdn.jwz.org/images/2016/hn.png
| wutbrodo wrote:
| I immediately regret this decision
|
| Anyway, thanks!
| patrickmcnamara wrote:
| I tested Safari on iOS, iPadOS and macOS and it didn't
| strip the "referer" header for any of them. WatchOS did
| strip it though I'm not sure that counts as Safari.
| smnrchrds wrote:
| Can he at least update the text? HN _was_ full of
| entrepreneurs and wantrepreneurs years ago. It is mostly
| big- and mid tech employees now, tech bureaucrats if you
| will.
| nefitty wrote:
| Not to belabor the meta discussion, but your comment
| sparked a question. If it is how you say, and using a
| politico-economic lens, I wonder if there has been any
| discernible shift in commenter attitudes as the
| demographics have changed. Specifically, if the shift was
| from entrepreneurs -> skilled wage workers, as you've
| asserted.
|
| The interests of the petit bourgeoisie (entrepreneurs, et
| al), the professional management class and that of
| skilled workers sometimes overlap. I think those overlaps
| would probably translate to some overarching strains of
| belief, for example, the tendency toward libertarian
| viewpoints on HN.
|
| Sorry for the tangent, just had to get that out of my
| head!
| [deleted]
| toyg wrote:
| This is OT, but I can't resist. I've been around HN since
| 2011, and tone has definitely shifted in the last 5-6
| years. I used to stumble on HN posts that infuriated me
| relatively often, it was part of the deal (i.e.
| understanding how the self-appointed entrepreneurial
| classes actually rationalize certain things). That
| doesn't really happen anymore.
|
| _> those overlaps would probably translate to some
| overarching strains of belief, for example, the tendency
| toward libertarian viewpoints_
|
| The opposite is actually true, in my experience. Hardcore
| libertarian views on HN have been largely quashed into
| irrelevance, they only survive in lore. New commenters
| who join and expect HN to be a nest of hyper-capitalists
| are quickly downvoted into oblivion. Which is not a
| terrible thing in the great scheme of things, from the
| personal perspective of somebody who would likely dislike
| their point of view; but it has definitely taken
| something away from the HN experience, and possibly
| pushed some people towards worse (more radicalized)
| forums.
| smnrchrds wrote:
| What I miss about the old HN is learning about all the
| cool new programming tools, libraries, frameworks, etc
| and participating in the discussions about them. These
| days, you rarely see posts about programming tools,
| unless it is one of the big ones like React, Qt, or
| TypeScript. I used to stumble upon so many great tools on
| HN, but that has become a rare experience these days.
|
| Is there still somewhere on the web, perhaps on Reddit or
| another platform, where you can find such posts and
| discussions?
| HDMI_Cable wrote:
| Honestly, I think that says something more about
| Javascript-ifying of the web rather than HN.
| nitrogen wrote:
| https://lobste.rs was supposed to be something like that.
| throwaway325 wrote:
| >Is there still somewhere on the web, perhaps on Reddit
| or another platform, where you can find such posts and
| discussions?
|
| If they exist it would be wise not to link it here, or
| else the same fate would befall the new community. My
| advice is to search for a small community around a niche
| topic (say a specific text editor or programming
| language).
| girvo wrote:
| I've also been around for donkeys years, and I agree
| mostly. Certain topics bring the "screw you, got mine"
| opinions back out of the woodworks at times, but yeah
| it's far less prevalent.
| charlesdaniels wrote:
| Anecdotally, I use xidle[0] and xlock[1], and have found both
| to be very reliable. xidle supports locking the screen by
| sending it SIGUSR1, which is really useful since you can
| trigger it from a process that doesn't have DISPLAY set.
|
| The trick on laptops is to block on sending the signal in the
| script you use to suspend, so that when the laptop resumes
| the display is already locked.
|
| 0 - https://github.com/steinex/xidle-linux
|
| 1 - http://sillycycle.com/xlockmore.html
| johnmaguire2013 wrote:
| I use physlock[0] which locks all of the ttys. I've had no
| issues.
|
| [1] https://github.com/muennich/physlock
| smnrchrds wrote:
| Never directly link to jwz from HN.
|
| https://web.archive.org/web/20210117212403/https://www.jwz.o.
| ..
| [deleted]
| phendrenad2 wrote:
| I wish HN would just block his site already, that damn
| image is burned into my retinas after seeing it 10+ times
| here.
| vlovich123 wrote:
| Why?
| thesh4d0w wrote:
| Cause he redirects based on referrer to
| https://cdn.jwz.org/images/2016/hn.png
| Naracion wrote:
| I did not get redirected--would that be because I'm using
| Brave? Or because I'm on mobile?
| smnrchrds wrote:
| The former. Brave has explained their referer policy
| here: https://brave.com/privacy-updates-5/
|
| > _When navigating to a new site, never send a referer
| header._
|
| JWZ wouldn't know you are visiting from HN if you use
| Brave.
| HDMI_Cable wrote:
| What's the reason behind JWZ doing that anyways?
| Alvarito050506 wrote:
| Because sometimes he behaves like what's in the image.
| kstrauser wrote:
| Or Safari, apparently.
| freebuju wrote:
| Weird. Just tested this, Brave on PC redirected to the
| image but not on Brave mobile
| lern_too_spel wrote:
| Also, if you're using a Hacker News app, it won't send a
| Referer header when opening an article unless the app
| authors went out of their way to implement that. I would
| be surprised if any did.
| notRobot wrote:
| Because you won't be able to actually view anything on
| the website.
| [deleted]
| wrsh07 wrote:
| This is a good lesson in "failing open" vs "failing closed"
| greypowerOz wrote:
| warning: cat-like typing detected
| uoaei wrote:
| Linux Mint, and whatever it's built on, has been disappointing to
| me. The most worrying thing I've experienced is that, when waking
| up from sleep, the unlocked screen will sometimes flash before
| showing the lockscreen. That is a huge no-no and really betrays
| the fallibility of whatever security measures are employed.
| lostgame wrote:
| Huh. Am I alone in that I consistently test for a massive ton of
| random key or screen presses? Either manually or through
| automation?
| Qub3d wrote:
| For everyone linking the JWZ "I Told You So" post, the devs are
| aware of it and posted a response in the GitHub issue. I
| encourage everyone to read their side of the issue:
| https://github.com/linuxmint/cinnamon-screensaver/issues/354...
| sbierwagen wrote:
| What context? Reading that issue, the content seems to be:
|
| 1: jwz says if you add accessibility features to a text box,
| make sure they don't have any bugs that can kill a process,
| since that will break screen lockers
|
| 2: Cinnamon adds a buggy accessibility feature to a text box
| that lets you crash the screen locker
|
| 3: Github user clefebvre says something along the lines of "why
| is jwz being so negative >:("
|
| Well... you did exactly what he told you not to do. If you're
| going to add accessibility features to a text box, you need to
| not screw it up. If you screw it up, then it breaks the screen
| locker for every user in the world, including the 99% of people
| who will never use the accessibility features.
|
| If you make an obvious, stupid mistake, people will make fun of
| you. Complaining that people are making fun of you won't do
| much. Try, instead, to not make the obvious stupid mistake?
|
| From the issue:
|
| >With that said, I have on message for JWZ. Don't be that guy.
| It's too easy to just tell people no to cross the street. Work
| with us on building that safest path.
|
| Huh? What? He wrote xscreensaver 20 years ago. He's supposed to
| fix buggy code written by other people until he dies?
|
| Why is it his responsibility to fix your code? The distro
| extended his program, the extension broke. You can either
| ignore the problem, remove the extension, or fix the extension.
| None of these things sounds like xscreensaver's problem!
| Qub3d wrote:
| > Why is it his responsibility to fix your code? The distro
| extended his program, the extension broke.
|
| cinnamon-screensaver (the repo this discussion is pertinent
| to) is written from scratch. The commenter's intent here is
| to suggest that JWZ has valid criticisms, but he has voiced
| them before and his latest blog post doesn't add anything to
| the discussion.
|
| This blog post, which links to the issue, creates additional
| overhead for the project to deal with. Just like _this_ HN
| link does.
|
| I think its fair for us to give them a voice in the matter if
| we're showing the discussion to everyone. It would be nice to
| assume people read the entire discussion but clearly, that is
| not a reality.
| eesmith wrote:
| "written from scratch", though it does contain xscreensaver
| code written by jwz ... and with a copyright changed from
| BSD to GPL - https://github.com/linuxmint/cinnamon-
| screensaver/blob/maste... .
|
| The commit is at https://github.com/linuxmint/cinnamon-
| screensaver/commit/38a... where mtwebster writes:
|
| > We'll use the old screensaver auth code instead - this
| ports gs-auth-pam.c and gs-auth.h from the old screensaver,
| rodgerd wrote:
| > Don't be that guy.
|
| Pretty rich from someone who starts with "I'll fight him in a
| cage match"
| dluan wrote:
| Something about this exchange was extremely pleasing and calming
| to read, maybe I'm irony poisoned from overly loud social media.
| But this was so nice to read through.
| berkes wrote:
| A pleasant bugreport with no judgement or demands.
|
| And a quick response by the maintainer who shows thank, is
| focused on a clear outcome, and shows the progress
| transparently.
|
| I've seen too many bugreports where one, or both actors behave
| vastly different. This one here should be a reference for
| anyone involved in 'bugreports' in some way.
| chromatin wrote:
| Meatspace fuzzing
| blackrock wrote:
| Is this the old monkey testing technique?
| joshspankit wrote:
| My own anecdote:
|
| My daughter was 1ish at the time, and I sat her down while I
| grabbed something from the fridge. Windows 98, locked. When I
| came back the screensaver was on, the password dialog was still
| up, _but the desktop was fully functional in front of it_. I
| could navigate, open applications, and everything else.
|
| Still no idea how she did it, but that's not the first or last
| time she surprised me :)
| benibela wrote:
| There is this classic: https://i.imgur.com/rG0p0b2.gif
| throwanem wrote:
| I think you just had to hit Escape.
|
| In general, the way you secured a Windows 9x box was by locking
| the door to the room it was in.
| z29LiTp5qUC30n wrote:
| The best part is the moved to physlock, specifically the version
| which you can bypass by hitting enter 3 times...
| amid34d wrote:
| hllo
| eth0up wrote:
| Physlock works comparatively well, but nothing can stop the
| omniscient stupidity of, eg ctrl-alt-del 10x (or similar)
| invoking reboot, which I've found no method of preventing. The
| general attitude encountered when seeking a solution to this
| madness is "if someone has physical access, you're pwned anyway",
| which is also supremely unimaginative and omnisciently stupid.
| This has gnawed at my cranial portions for years, and I now speak
| forth in due fury.
|
| https://linuxcommandlibrary.com/man/physlock
| mhh__ wrote:
| Unless there's something unbelievably wacky going on, this is why
| people use formal verification.
|
| If you can describe your program as a state machine, you can ask
| an SMT solver to find any transitions that break stuff.
| Unfortunately it's a lot harder to do for software than hardware
| because of the plasticity people expect from the former, but
| works it was it's really nice.
| cuillevel3 wrote:
| Right ....
|
| Start kiosk mode fullscreen app as a lock screen -> if app
| exits -> show desktop
| mhh__ wrote:
| The inputs cause the transitions, but it depends on if you
| can encode the states granularly enough to be invalid.
| amid34d wrote:
| poophbdam
| Leherenn wrote:
| Another tangentially linked anecdote. We had build artefacts
| stored on a Samba shared drive, that were write protected, since
| some people regularly used to move them instead of copying them.
| Then one day, the latest build was gone again. We asked around to
| see whether someone had purposefully removed the build, but no.
| Turns out someone on Windows 10 had tried to cut and paste the
| file, but his computer had crashed before pasting. Apparently the
| permissions were only checked on paste, but the file was unlinked
| on cut?
| mercora wrote:
| i don't think these permissions are enforced client side... I
| also think write and delete are separate permissions on windows
| and i am pretty sure i never lost a file on accidentally doing
| only the first halt of a cut and paste aka move... so i
| conclude this "someone" either had nothing to do with the
| incident or removed it by accident...
| Leherenn wrote:
| I was surprised as well, but we could reproduce it. Delete
| would not work, "normal" cut and paste would throw an error
| when pasting, but cut and switch off power -> file was gone.
| passivate wrote:
| Sounds like something funky was going on, server side. For
| file operations, I don't believe the OS does anything to
| the file/folder for Cut and Copy operations, it simply
| notes the handle. Its only when you paste the file is when
| the operation happens. You can try this yourself, cut/copy
| a large file and see if your mem usage spikes and/or
| perform cut on any folder which you don't have delete
| rights for.
| idiocrat wrote:
| Well, the original definition of the word "hacking". Hacking on
| keyboard to exploit keypress timings, key combinations and key
| buffer overflows.
| radicalbyte wrote:
| The original definition of "hacking" was "hacking code
| together". Move fast and break things. There are a lot of us OG
| and TNG hackers here. It's kind of the SV spirit.
|
| "Cracker" is the term used commonly - as in "crack the nut";
| i.e. gain access to systems / break copy protection etc. Then
| you have the phone guys, the phreakers, whistling for free
| calls.
| dagw wrote:
| Hacking (in the modern 'computer' sense) has been used since
| at least the late 50s and early 60s and used to mean
| experimenting with any technical machine or system. It wasn't
| until the 70s when it primarily became connected with
| programming.
| zwp wrote:
| > original definition of "hacking" was "hacking code
| together"
|
| Hmm. Right spirit but not so much "hacking code together"
| going on at MIT's Tech Model Railroad Club in 1958.
|
| "a project undertaken or a product built not solely to
| fulfill some constructive goal but with some wild pleasure
| taken in mere involvement, was called a `hack'".
|
| (Steven Levy, "Hackers").
| masswerk wrote:
| The _Tech Model Railroad Club (TMRC) Dictionary_ [1], June
| 1959, by Peter R. Samson defines (comments in italics by
| PRS, 2005): HACK: 1) something done without
| constructive end; 2) a project undertaken on
| bad self-advice; 3) an entropy booster;
| 4) to produce, or attempt to produce, a hack.
|
| _I saw this as a term for an unconventional or unorthodox
| application of technology, typically deprecated for
| engineering reasons. There was no specific suggestion of
| malicious intent (or of benevolence, either). Indeed, the
| era of this dictionary saw some "good hacks:" using a room-
| sized computer to play music, for instance; or, some would
| say, writing the dictionary itself._
| HACKER: one who hacks, or makes them.
|
| _A hacker avoids the standard solution. The hack is the
| basic concept; the hacker is defined in terms of it._
|
| ----
|
| [1] "An Abridged Dictionary of the TMRC Language", 1959:
| http://www.gricer.com/tmrc/dictionary1959.html
| s_gourichon wrote:
| A well known reference, Eric Raymond's "jargon file" a.k.a.
| "hacker's dictionary" offers 9 definitions, much broader and
| seemingly older than keypress timings:
| http://catb.org/~esr/jargon/html/H/hack.html
|
| ( see also http://catb.org/~esr/jargon/html/index.html and
| https://en.wikipedia.org/wiki/Jargon_File )
| viro wrote:
| As an infosec person with no CVE's stories like this make me feel
| like a complete failure. -\\_(tsu)_/-
| smarx007 wrote:
| Margaret Hamilton's daughter Lauren still takes the first place
| for "kid fuzzing" the AGC IMO
| https://wehackthemoon.com/people/margaret-hamilton-her-daugh...
|
| But this is pretty impressive as well!
| carapace wrote:
| Hamilton who coined the phrase "software engineering". Great
| find!
| johnwayne117 wrote:
| and they say, "monkey testing" is underrated
___________________________________________________________________
(page generated 2021-01-20 23:00 UTC)