memfd_secret() in 5.14 [LWN.net]

memfd_secret() in 5.14

Posted Aug 8, 2021 12:09 UTC (Sun) by Wol (subscriber, #4433)
In reply to: memfd_secret() in 5.14 by khim
Parent article: memfd_secret() in 5.14

> > But unfortunately Khim does seem to have the attitude "if I can't see a use for it, it's useless"

> Can, you, please stop ascribing your own faults to others. Because the only guy who does that her is named Wol, not Khim and not mpr22.

> When I wrote that that's really rare need in today's world, though what was your answer? Something like “here we have millions of people who need to do that” or “there are half-billion people who have no choice”? Note. It was It is NORMAL for me (living in a first world country) to have no access to mains power for several days at a time.

Please look at the words below. They are *YOUR* words, not mine!

> Indeed. That's why the only way to introduce new security feature is with “more security” choice being the only option. Users pick “more security” option quite easily if the alternative is not mere knob, but patch to the kernel, recompilation and other hassle of such level.

Given the choice of "security or hibernate", I don't give a monkeys what you choose. I *DO*, however, give a monkeys if you disable my preferred choice in favour of an option *I* have no use for. (And while, as a gentoo user, your alternative is easy for me, many others would find that difficult and it is precisely those people we want to attract!)

Oh - and as for BYOD, I have no problem with that, either. As long as the company gives me decent recompense. But as I said to mpr22 (I think he got the wrong end of the stick), under UK law you are NOT allowed to tamper with someone else's device without (informed) consent. And saying "let us tamper with your computer or get sacked" does not count as informed consent - it's called "unfair dismissal", which can be VERY expensive, let alone the (I believe) 5-year jail sentence that goes along with hacking the employee's personal computer.

It's quite common on LWN for people to confuse a computer's OWNER with a computer's USER. That's very important when talking about peoples' rights. If I'm the *owner* I have every right to disable (or enforce) this security feature. If I'm just a USER then that changes the dynamics. But don't treat the owner as if they're a "mere user". And as I said elsewhere, I can be a "grumpy old man". I do not like being what I can, and can not, do with MY OWN computer.

Cheers,
Wol

to post comments

memfd_secret() in 5.14

Posted Aug 8, 2021 12:44 UTC (Sun) by khim (subscriber, #9252) [Link] (3 responses)

> And saying "let us tamper with your computer or get sacked" does not count as informed consent - it's called "unfair dismissal", which can be VERY expensive, let alone the (I believe) 5-year jail sentence that goes along with hacking the employee's personal computer.

Can you give me the list of companies which were fined for that? And who got the jail sentence?

I think you still are living in the imaginary world where law means a lot more than it does in reality. PJ lived there for a few years. She have got an epiphany eight years ago. You still live in a delusion.

In a world where Supreme Court decision is easily ignored talking about what's written in this or that law is pointless.

And if you think that it's “just the insanity on the other side of the pond” then here is how princple of solidarity trumps the actual laws.

The only thing that matter is how laws are actually treated in real world. And not even how they are interpreted by courts but by how they are, then, applied by police and other government institutions.

> If I'm the *owner* I have every right to disable (or enforce) this security feature.

For a next few years, sure, you would have such right. Maybe even longer — for a devices not connected to the network.

> But don't treat the owner as if they're a "mere user". And as I said elsewhere, I can be a "grumpy old man". I do not like being what I can, and can not, do with MY OWN computer.

That's nice way if putting it. But who said there are enough people like you to matter? Heck, who said you would have the right to do that in the future? Once upon time land was treated like that, too. And buildings. You owned it — you could do whatever you want with it. Can kill the trespasser or change building shape in any way you like.

Today it's not true (violate any of bazillion related laws and you can easily be prosecuted for what you do on your own land with your own property) and as world becomes more and more connected laptops will follow (phones are already there, more-or-less).

I'm just looking of how the world behaves and make the appropriate decision based on that.

You, on the other hand, start with your likes and dislikes and then act as if they matter one jot.

No, they only matter when others allow them to matter. And that happens in rarer and rarer cases.

At some point your ability of doing what you want (and not what others think you should want) would be cancelled. And no, becoming a “grumpy old man” wouldn't save you. Unless you have some hypersonic missiles stashed under your bed and could actually protect your choice of life you would do as others would decide.

memfd_secret() in 5.14

Posted Aug 8, 2021 16:07 UTC (Sun) by Wol (subscriber, #4433) [Link] (2 responses)

> > And saying "let us tamper with your computer or get sacked" does not count as informed consent - it's called "unfair dismissal", which can be VERY expensive, let alone the (I believe) 5-year jail sentence that goes along with hacking the employee's personal computer.

> Can you give me the list of companies which were fined for that? And who got the jail sentence?

I'm not aware of any hacking occurring. Because the employee who did it would be liable for the jail sentence. Probably at the employer's expense.

As for fines, it's damages, not fines. It's actually pretty easy to take your employer to an Employment Tribunal. There have been plenty of cases of that. And in a case like this it would be a slam-dunk with serious damages. Unlike in America, in Europe mistreating your employees can really hurt. Employees can easily walk away from cases like this with two or three years salary in damages. To say nothing of the hit the company takes defending the case.

Cheers,
Wik

memfd_secret() in 5.14

Posted Aug 8, 2021 16:28 UTC (Sun) by khim (subscriber, #9252) [Link] (1 responses)

> Unlike in America, in Europe mistreating your employees can really hurt

Where do you see “mistreatment”? Nobody forces you to do anything. It's entirely up to you to install VPN (and other company-provided software) or not.

And KPI are objective, too: reaction time, number of closed tickets and so on. If you fail to deliver — why should you get the appropriate bonus? It's not called “bonus” for nothing. You have to earn it.

> Employees can easily walk away from cases like this with two or three years salary in damages. To say nothing of the hit the company takes defending the case.

These are pure words at this point. I have friends both in UK and continental EU and it's really not hard to give people who misbehave 2x-3x less money.

As long as salary is the same and on paper there are no problems Employment Tribunal can do nothing. For added safety you may organize additional income to come in form of dividends or stocks (I don't think you can get stock options in EU, but that's not a big deal if your accountants are proficient enough).

Again: it really feels as if you live in the imaginary world where laws like these are perceived as something to follow and not an obstacle to overcome.

memfd_secret() in 5.14

Posted Aug 21, 2021 0:24 UTC (Sat) by HenrikH (subscriber, #31152) [Link]

How can the salary be both "the same" and "2x-3x less" at the same time?

memfd_secret() in 5.14

Posted Aug 8, 2021 13:07 UTC (Sun) by khim (subscriber, #9252) [Link]

Answered the part where you, at least, admit that other people exist and may even, gasp, have desires different from yours.

> And while, as a gentoo user, your alternative is easy for me, many others would find that difficult and it is precisely those people we want to attract!

The majority of people are perfectly happy to live without hibernation and without the ability to change kernel options. They value the ability to pay with their phone in a shops or watch movies on Netflix much more than any software freedoms — otherwise devices of type jail made cool, designed to sever fools from their freedom wouldn't have outnumbered all others by count of 10-to-1 (and soon 100-to-1, I suspect).

Ok. Can you explain what kind of people you want to attract, why do you think I want to attract these same people, too, and why are you sure they even exist (except for the ones who have already switched to OpenBSD and Gentoo)?