Posts by h4rm0ny

Re: Who invented permissions transparency?

>>"Both Blackberry and WP 8 followed it after Android. Unfortunately, this model have never occurred to Microsoft for the last couple decades, users would have been much safer if it did."

Who came up with something first is only really relevant to those with a football mentality wanting to show one company is more valid than another, but for what it's worth, this is not comparing like for like. Android was designed as a mobile OS and it's apps overwhelmingly are self-contained. Windows and GNU/Linux are full OSs and it's not really been appropriate to have the same sort of permissions structure. Do we really imagine that a simple structure of "Can access Internet", "Can Send Txt Message", et al. would have worked for UNIX / GNU Linux / Windows / OSX? (Or any other full-blown traditional OS). MS have only introduced this now when it's appropriate with Windows 8 as they broaden the OS to be mobile-device friendly. Also, this is an article about Debian and Android - bringing up Windows just so that you can make some (ill-founded) digs at it is off-topic.

>>"1) apps run under separate uid's"

That's a concession to the UNIX security model. It's not inherently better than proper ACLs and is not a panacea as evidenced by the many security flaws Android has had. From what I have heard, there is a tendency to regard the sandboxing of apps in Android as a strong security measure. It is, but it is also one of the things that means just adding Android support (e.g. Dalvik) directly to GNU/Linux is a very bad idea, because on GNU/Linux you don't have that sandboxing. That's why an approach like the one in this article (Android is essentially a VM in Debian) is a lot more secure than adding the relevant APIs or kernel modules straight into GNU/Linux would be.

>>"no, it's not. fine grained permissions How fine do you want those grains to be? Have you heard about SELinux on the latest android"

We've had this discussion the last time you launched in on this. It would be nice to have a full ACL system that is much more capable such as the one in Windows (Vista onwards). Android is not remotely as capable. To avoid the usual derailment that happens when you pop up in a Linux article and use it as a platform to take pot-shots at Windows, I'll just link to the last time we discussed ACLs on Windows vs. GNU/Linux here. And as Android is less capable* than GNU/Linux, the discussion is doubly true. It's wrong to tout Android as if it's more secure by design. In fact, it's that attitude that leads to poor security: over-reliance on the sandbox model is why you end up with apps leaking data to each other and magnifies the consequences massively when a bug in some Android kernel module punctures the sandbox. And as I wrote - reliance on the sandbox model is the primary reason why you can't (or shouldn't) just drop naked Android support to GNU/Linux.

*Note, when I say that Android security is less capable, that's not a dig, per se, it's less capable because it's more focused. This does not mean there is a problem in its own context, it means it would become one if you, e.g. used it as a model for a full-blown OS as eulampios seems to want to do when they hold it up as superior to the security models on these.

Re: Dalvik

I have no idea why you got the thumbs down here, other than that there are some very partisan and not very bright people around here who leap on anything they think is a criticism.

Anyway, as best as I can answer your very reasonable question (I welcome corrections), this is just Android in a VM with shared file system / directories (not sure if it's all or just parts of the file system). In the video, you see that he swaps between the Android and Debian environments and at one point he actually stops "Android" and then restarts it.

Furthermore, if this depends on MicroXwin, that's closed source. (Not sure if it does or not). Anyway, I hope that answers your question - it's Android in a VM so far as I can see. Handy if you're using ARM Debian and want to watch YouTube or want to use Android apps, so pretty handy. But it's not integration of GNU/Linux and Android in any deep way.

Re: Probably not so much the form factor

I have never understood this apps criticism. I have a Surface 2 (and had a Surface RT before that) and in all my time with Windows RT, I've installed probably half a dozen apps on those devices (an SSH client, a code editor being the main things). It does nearly everything I need already - it comes with Office, email clients, full featured web browser.

Apps evolved because mobile devices didn't have screen real-estate or properly functional browsers. Windows RT has that. Unless you have a burning need to play the latest games (I'm not a gamer) then I genuinely don't see any serious lack.

Re: Learning curves and walled gardens

>>"and don't need/want to make yet another effort to learn something else"

I just don't see the "effort". If I'm going to be using a device frequently, it's worth an hour of learning how to get the most out of it. What honestly is difficult anyway? Press the windows button and you're on the Start Screen, swipe from the left and you cycle through the running programs, swipe from the right and you get settings and options. Drag down from the top to close something or move it to the side. In some apps, you can get extra controls by swiping up.

That's four sides of a screen and a button. Who couldn't learn that in ten minutes? In return for which I get a bunch of things that are advantages to me.

Re: for some definition of paedophile...

>>"Paedophilia is a mental disorder and you first must become a paedophile and only then you might want to start seeing CP, not the other way round. So, preventing you from seeing CP pictures means nothing if you are not a paedophile and will do nothing to stop from you being a paedophile if you are one already"

Do you have any medical background to make such a claim? Because there are many areas where repeated exposure stimulates interest and habitualizes that interest. Similarly that normalization of something increases someone's likelihood of engaging in such activity.

Re: for some definition of paedophile...

>>"The Sexual Offences Act 2003 widened the definition of "child" to include anyone under 18 - rather than the previous "under 16"

Maybe, but I referred several times in my post which you quote to prebubescents. Paedophilia, which is the word I used, describes sexual attraction to those who have not gone through puberty, generally aged 11 or less. You can check that definition on Wikipedia if you need to. Despite some people interested in big headlines trying to use it for any old underaged sex, much like the US definition of "terrorist" gets applied to occupying armies like the Islamic State, it still has a proper meaning.

Re: for some definition of paedophile...

"Is paedophilia in the strictest sense something that should be against the law? As long as it doesn't involve the abuse of children, why would it ever be deemed illegal?"

You've entirely shifted the goalposts from what you argued and what I challenged. You attempted to argue that someone sexually attracted to prepubescents may not have psychological problems and you tried to draw an equivalence to bondage games between consenting adults. I pointed out that they were stupid. Now you quote me and respond whether paedophillia "in the strictest sense" should be criminalized. What you write here in no way counters what I said nor supports your original attempt to normalize paedophillia. Attempts plural, actually, given your other attempts.

"Exactly the same arguments used to be trotted out about homosexuality: "I think sex with a guy is gross, so there should be a law against it." It makes just as much sense in that situation as it does here."

No it does not because adults can consent. That has already been pointed out to you but you prefer to ignore that sexual interest from an adult to a child is harmful to the child. That doesn't depend on any repugnance I or others feel or which you may not share. It doesn't depend on any religious belief that homosexuality will damn someone's soul. It depends on one very simple principle - protecting children.

You see, you blend your topics - apparently under the impression it's not noticed. One strain of your argument is that if it's just drawings of children then no children are actually harmed. And then there's this whole other strain where you repeatedly attempt to segue from that into normalization of paedophilia, that perhaps it isn't a serious psychological disorder, that who is someone to say that it is wrong. As shown there are clear reasons why it is and it's neither a good analogy to talk about BDSM nor about homosexuality.

And I think both homosexual people and BDSM crowd who have long had to struggle to convince outsiders that paedophilia isn't a part of their scene don't particularly want you trying to re-associate that.

Re: for some definition of paedophile...

>>"Maybe yes, maybe no. Lots of perfectly healthy people out there enjoy very healthy sex lives involving violence, such as flogging and queening and the like. Doesn't make them "bad" people."

Congratulations - you just associated BDSM with paedophilia. And a million kinky people who'd been trying to disassociate their interests from real world abuse and harming of children place their faces in their palms once more.

Whether some people express their sexual interest in unusual ways or no, it doesn't link that interest to sexual attraction to prepubescents. Very different things.

Aside from "how" being a very qualitatively different thing from "to what", there's the clear and obvious difference that sex between adults can be consensual. Regardless of how odd particular practices may appear to some. Children can never be consenting. Sexual interference with a child is harmful to the child.

So I don't think the BDSM scene will particularly like the comparison.

>>That's not even going into the fetishes enjoyed widely in the Japanese community involving women that look suspiciously like little girls.

If the Japanese do it, it's normal. Fantastic argument! *nods slowly*

Re: for some definition of paedophile...

>>" many of the people that got off before were let off due to technicalities or "lack of evidence" rather than being cleared of being a nonce and most of them had a browser history chocked full of questionable material."

Not to say that this isn't the case, but the obvious question is how would you know this? Are you an officer involved? Seems unlikely. Therefore the above is presumably just conjecture?

Re: Police declined to explain how they "snared" the suspects

I'm getting so cynical by this point that I suspect the way it really happened was this:

Cameron picks up phone: "Chief inspector, we're getting pilloried in the media. I want you to arrest a huge number of paedophiles so we look good."

Chief Inspector: "Righty-ho. I'll get a list of the ones we reckon we have enough evidence on."

Cameron: "Oh, don't worry about whether you can get convictions. The plebs will have forgotten about it by the time it actually gets that far. Just make sure the arrest count is high"

Probably I'm just too cynical but given the crap I've seen pulled by the government over the last few years, I'm finding it hard to trust their intent that much. I think they're even willing to exploit paedophillia as a political tool these days.

Re: Once a trouble maker always...

>>"Human counting is also potentially unreliable, as seen in many corrupted nations. Even in Australia we've had paper votes go missing... It can be accidental or intentional, just like with electronic systems"

It's possible in both systems, but electronic voting massively lowers the difficulty of pulling off successful election fraud. In cases such as this, the outcome could be determined by a single programmer or a handful of officials. Whereas with our normal elections (e.g. UK General Election), you're needing to subvert many hundreds of polling stations and staff and counters across the country.

Re: Once a trouble maker always...

I feel I should have written a response that was a bit less adversarial and actually detailed what was wrong with it, but it's too late to edit that now. I was set off by the comment "only a fool would allow the source out". So here is a more detailed response.

>>What a beat-up. Basic security principles state that you don't give the enemy anything at all

Firstly, hiding the source from the public is treating the public as the enemy. It's voting code. We NEED to be able to verify it and reject it if it is not good enough. No closed body will ever be sufficient to replace public viewing of the code.

Secondly, the above is wrong. It is useful if potential attackers do not have access to the source code, but not vital. There are many major Open Source projects vital to security and the code is exposed. The principle is that knowledge of the code does not allow one to compromise it. ANY reliance on obscurity is a flaw. Especially when we are guarding against internal threats from the vendor who, by definition, the code is not obscured to.

>>"So, this guy wants to check out the code to see how it works, maybe if it has any security vulnerabilities? That's exactly what we don't want to happen."

That's exactly what we DO want to happen because the more qualified people who look through the code, the greater our chance of identifying all vulnerabilities and fixing them.

>>"Remember, the AEC computer systems are connected to the Internet. It would be easy (yes there are precendents) to create a trojan that was attached to an e-mail that would be attractive to an AEC employee or contractor. Once activated, it would be easy for it to link into a vulnerability in the software, taking commands through an apparently benign web site"

If this is true then the software is not fit for purpose and hiding evidence of that is no kind of mitigation.

There are massive risks with electronic voting because it is so easy for a small group in the right place to invisibly determine the results. Personally, I favour human counting - in elections trust is more important than speed, whatever the media would like. However, IF one is to have electronic counting, I would expect as a minimum the machines to not be accessible over the Internet or be deployed in such a way that an operator could infect one by getting an email.

This is why only a fool would allow the source code out.

If half of what you say is true, the company behind this system should be sued until not even Wikipedia remembers who they are.

Regardless of whether there are reasons why viewing this particular code could lead to risk, we shouldn't be in this position in the first place - election code has to be able to survive public review because public review is the only way we can trust the election results.

Here's an interesting fact - we don't know who won the 2008 Mayor of London election. We know that Boris Johnson got the job, but we don't know that he was actually elected. The Open Rights Group were monitoring the software and hardware used to count votes and concluded there wasn't sufficient evidence for them to actually audit the process. They also noted that the number of error messages, bugs and system freezes indicated "poor quality software".

Citation

I repeat - it is entirely possible that Boris Johnson did not win the mayor of London elections and we cannot determine the truth. He could have been elected by an error. Or better, it is factually accurate to say that a programmer somewhere or other technical person in the process may have decided who became mayor of London. We cannot tell.

All of this is because that code was not up for public review.

Re: Password Entropy

Your joke icon is inappropriate though you may not realize this! I've done checks on databases of some large services and found a significant number of hashes matching "correct horse battery staple". There are idiots who either don't get the comic at all, or find it hilarious to amuse themselves by setting this as their personal password.

Sad but true.

>>"Unless they are also counting every Office365 and visualstudio.com that uses Azure as the backend."

Which they're obviously not or the number would be a very great deal higher than 42,000.

Re: Booksellers do deserve protection

>>"I'm sure some rabid free marketeers will be along to vote down in their droves, but I do think book sellers are a class of shop that we should be doing more to protect."

Online selling, however, has done more to protect niche publishing. There are perhaps many books that would be out of print or perhaps never printed at all, if they had to go the traditional route of printing enough to be present in many bookshops in the hope they'd be found by the few who want them. Books are ultimately what needs protection, no?

>>"Drive the small bookshops out of existence, and there will be many people, I suspect, who will not be at all happy that the only way to get hold of, for example, The Carnivorous Lamb, is to give your name and address to a large corporation and trust they'll never hand over records as part of the next moral panic."

Tracking, I agree, is a valid concern.

Re: Money isn't everything, @ h4rm0ny

>>"If the government is fixing the price so that all shops have roughly the same price then there will be no need to go round lots of different shops looking for a better deal effectively taking price out of the equation"

Actually, I was thinking about finding what I want, not saving money. Sitting on the sofa looking through products for the one I want is a lot more time efficient than visiting lots of different shops. I also have extra information available in the form of reviews.

If I want to go shopping as a form of social activity, that I do with friends and I do with clothes. For movies, books, electronics, I do that online. The less mainstream something is, the more efficient that becomes.

Re: And that's cuttin' me own throat!

>>"Greengrocer B sells his apples at 1 penny a pound, absorbing the loss, to try to drive greengrocer A out of business, and then when he is the only player left in the market, he can charge whatever he likes for apples."

Your analogy only works if Amazon are actually selling at a loss. I don't believe they are and am interested in any evidence that this is the case. To do so would be anti-competitive. But if they're still making a product then they're not abusing their position (at least because of selling more cheaply), they're just undercutting their competitors. Which is what you're meant to do.

>>"Or does the law mandate that the publisher must sell to each vendor at the same price (wouldn't that encourage a cartel and be against EU competition law)"

Question - how would mandating all vendors get to pay the same costs encourage a cartel? I would have thought the opposite. I.e. if a dominant player can't leverage their position to get better deals than smaller players, isn't that good for the smaller players?

Re: Money isn't everything,

>>"Only the autistic think a free market will solve all of life's problems. In the US we are racing to the bottom thanks to the free market"

I'm not sure autism inclines one to any particular political leaning.

>>It sounds like the French value their culture and leisure time more than making a buck, which is kinda refreshing!

This isn't "the French", it's the French Government - a different thing. Clearly if "the French" didn't want to use Amazon in place of local retailers, then the Government would not have to institute such a law to try and stop them. I'm also unclear as to how impeding Amazon is an indicator of the French valuing their culture and leisure time. Using Amazon typically saves time over going round lots of different shops.

Re: King Canute

Being able to try stuff out before you buy is good. But honestly, when it comes to customer service, Amazon are about the best I've ever dealt with. I can request a callback and my phone has rung almost immediately. I used the wrong address for a delivery once and they took care of everything. And the rare returns I've just peeled the provided return sticker off and placed it on the package and back it's gone. As easier (or easier) than taking it back to a shop.

I'm sure there are some bad stories out there, but in my years of using Amazon, their customer service has been extraordinary.

(No, I don't work for them!)

Re: Trust + Compilers

>>"What about if someone managed to pwn the master repository for the source code and inject the hack such that they cover the fact the file was altered?"

Okay, I kind of talked about the scenario but more detail would probably be useful. All of the Open Source code is covered by version control systems. Sometimes Subversion, often GIT. Whatever is used anyway, the principle is the same - you track the changes that are made by the developers so that you can review them, roll them back, work on seperate branches et al.

Suppose you did have complete control over a server that was the main repository for the code, from which others normally pulled (took their copies). The others don't get their copies by just copying over files, they get the changes made to the version control system. So if you changed a file without the version control system noticing somehow, the others still wouldn't get it because they're just requesting a change history (with all the developer comments, commit times, etc.). Furthermore, the original version control system would normally pick up the changes you had made as local uncommitted modifications which would stand out like a sore thumb. In order to avoid that, you'd need to compromise the version control system. Which in our full access scenario you could do, but that still wouldn't help you get your exploit onto the other copies of the repository because they only update according to published changes. And once you publish changes we're back to the fact that you're no longer covering that the file was altered. It's very tricky and I'm not actually sure how you would pull something like this off.

>>Perhaps slip it into a little-used part of the code or split it into several pieces, each piece lying somewhere more plausible but when the whole thing comes together, they can all link together?

I get what you're saying - it's kind of the movie scenario where someone goes through security in an innocent looking wheelchair and then the arm becomes a gun barrel and the battery opens to reveal the handle-bit and it all clips together to make a weapon.

But happily it doesn't translate into that in practice. At least not unless you're an absolute genius. For a start, the more areas of the code you alter, the more likely you actually are to attract attention. Development teams tend to split into different areas of the code that they handle. If you've got one area where someone is inattentive maybe you can compromise that. If you're treading on everybody's areas, someone will notice. Especially as you'll (presumably) be doing this under one account which would look odd, or multiple developer accounts, which would increase the risk of someone going: "I didn't write that!".

Ditto really for the "quiet" area of the code. If I were a hypothetical criminal mastermind doing this, I'd actually bury my changes in an area where there were a huge number of commits and my change would hopefully be lost in traffic. I'd also choose a very busy time in the project where the commits were flying thick and fast.

If you picked an area that hardly ever changed, you'd just get a lot of developers looking at their version control tools going "huh - why has that module suddenly changed".

I hope all this doesn't come across as me shooting down your ideas. They're all very legitimate questions and exactly the sort of thing someone smart but not familiar with the process would ask. As I say: this is one of the great strengths of Open Source. (The other, imo, being surety of long-term code availability and potential to fork it yourself if needed).

Re: Trust + Compilers

>>"What is the feasibility of introducing malware into the most common compilers?"

Theoretically possible but extremely difficult to do with Open Source. Everyone can see the commit history for Open Source projects such as GCC and privileges to commit tend to be a short list. So anything untoward introduced into the source code has an extremely high chance of being noticed and it's a short list of people who can do so. PHP source was briefly compromised back in 2010 when someone managed to fake a developer's credentials to make a commit. But they only added their name to the credits and it was still picked up and cleaned out. Again with PHP, they had a possible loss of developer credentials when their wiki server was compromised. They responded by doing a full review of all commits since the time the vulnerability was introduced and things were fine. So in short, getting your exploit into a public code base with a small number of approved and active developers is very hard and likely to be noticed quickly even if you do.

So if you can't get your malware into the compiler's source code, you're left with trying to sneak it in as a binary that doesn't match up with the actual source code. This too would be very difficult. Many different groups compile their own binaries from source. They also compile regularly and frequently. If you download GCC for your Ubuntu distribution, someone hasn't been sitting there compiling that binary by hand. It's compiled automatically from automatically obtained source whenever changes happen and everything is signed with public keys. And multiple mirrors, too. Even if you sneaked your own tweaked binaries onto a server, it would be tricky to get it out there consistently and keep it there.

So basically very hard to compromise the source, very hard to get binaries out there that don't match the source. That's one of the big advantages of Open Source - it's not that the code is inherently more secure, but that it's well protected against deliberate subversion by the providers.

I welcome corrections on the above if I missed anything.

Re: Code is truly awful, but sadly not unusual

>>"Even if the openSSL code was carefully rebuilt by seasoned programmers I would not trust significant financial transactions to it, let alone military secrets."

What about BoringSSL, though? Google has *a lot* of resources and they're doing their own fork of OpenSSL. They say they want to co-operate with OpenSSL and LibreSSL as well, so that's a lot of potential development resource we're talking about.

I've seen a few disasters where instead of improving what was already there, people tried to clean slate everything. It's very tempting to do that when you're a developer but look at Netscape / Mozilla. They lost massive ground to IE because they decided to re-write, rather than re-factor. And it took a long time to catch up.

As someone else said, what's the alternative? I found your post very interesting btw, so this isn't my arguing with you. I'm just querying if you genuinely believe a whole new project would actually be better.

Re: math editors

>>"Just a quick reply. Did you notice that in Lomath editor a bottom window allows entering raw text, a pseudo mark-up language somewhat similar to TeX. On your pictures it is not obvious if it is there."

Yes. From my post: "Libre Office does have a long-hand text entry box option which MS Office does not, but I found it pretty painful to use."

Much of the rest of your post is (a) comparing TeX / LaTeX to the tool when what you wrote was that Libre Office's formula editing was much better than the one in MS Office - I don't wish to just change subject from what you claimed; and (b) repeatedly talking about MS Equation Editor which as I pointed out, is old deprecated and has been replaced some time ago.

I several times in my post asked if you had actually used the current version in any way that actually would give you some familiarity with it. You've not answered that. I'm going to take this as admission that you haven't. If I'm wrong then by all means correct me.

>>Just recently a colleague asked to convert her document to LaTeX, since this (a British) journal didn't like the style and the fact it was in MS Word, not that they are not accepting it in doc, but they require a certain style there. It's hard to change style if it's not in (La)TeX, hard to automate it. So, I tried to convert it, but the formulas were all embedded pictures

Here is the formatting options for formula in the current version of Word: http://oi57.tinypic.com/s1kl6t.jpg

And this is why I keep repeating that it's pointless for you to keep attacking the way things were in the past. Technology progresses and if you're going to start arguments about why ODF is better than OOXML and say people are attacking you with their ignorance for attaching the latter, then it doesn't support your argument to talk about old legacy versions.

Incidentally, you can also export the formulas you create in Word as MathML which is, as I'm sure you are aware, a popular standard and also means, should you wish, it's pretty easy to transform formulas you create in Word into TeX / LaTeX if you wish.

>>AOMF, I had to deal with MS Equations circa 94-96

Precisely. If you're going to start talking about the inferiority of one file format to another, you have to talk about the current and standard ones, not "circa 94-96" if you want to support such a statement.

Why don't you just try the new versions and see for yourself if you like them? At least then you'd be making an informed choice.

Re: h4rmony, you're super-great!

Made a typo in my formula! Correct one for Office 2013 is here: http://oi60.tinypic.com/2lut8vs.jpg

Not that it would matter for purposes of illustrating the formula editors, but I feel sure that detail would be used to hone in on rather than actually comparing the editors if I didn't correct it.

Re: h4rmony, you're super-great!

>>"...if they send an attachment you don't approve of, that's attacking them. "

If you have to cut your quotes from me off part way through a sentence, you may be trying to misrepresent me. It's a clue. Here's the full sentence I wrote:

>>"If you start a post by saying you feel threatened by people's ignorance if they send an attachment you don't approve of, that's attacking them"

Yeah, calling a lot of people ignorant is an attack on them. Especially when your reasoning that they are "ignorant" is because they just happen to be sending you a common file format that you personally don't approve of.

>>Since you're a Microsoft advocate here (while still using Debian and CentOS according your other comments, which is supposed to add more value to this, another get the facts business)

I'm not a "Microsoft advocate". I like good technology. All of my posts have been in defence of ill-founded accusations, not attacks by me on others. For example, Libre Office has the same macros issue as MS Office and has pretty much hit on the same solution as well. Pointing that out is not attacking Libre Office / ODF. Nor is it advocating MS Office. It's simply highlighting that someone shouldn't hold one up as more secure than the other in this regard.

Of course to a partisan person, neutrality appears bias. I like and use Debian and MS products. There's nothing wrong with that. In fact, it lets me make informed comparisons. I'm sure you recall that ridiculous discussion on Powershell vs. Bash where I posted a question asking for help on Powershell - a topic with no reference to Bash, and you waded in with a tonne of posts about how Powershell must be inferior to Bash before finally admitting you hadn't used Powershell. Having a wide range of experience is a GOOD thing, so I have no problem with you highlighting that I use Debian, CentOS and Windows 8 in my work. I'm happy to do so and I fail to see why that's a negative.

>>"If you prefer sending docs in doc, docx, xls etc format when another format is a better way to go, than you are ignorant by my definition."

First you have to prove that your other format is better. You have singularly not done that in this discussion. The above statement contains an unproven assumption which you appear to have taken for granted. Furthermore, just because someone doesn't agree with you, that is not a definition of ignorance.

In fact, two people pointed out to YOU that Libre Office documents can contain macros the same way that MS Office documents do, so I have some doubts just how much you actually know on the subject.

>>"I know you also mentioned, that without those scary and dangerous proprietary bits the IT world is devoid of color, beauty and sense."

I said nothing remotely like that. If you even respond to this post have the decency to find something I've written in this thread that remotely matches up to what you just said that I said. It's a ridiculous thing to post - anyone following this thread can easily look back at my posts and see you're now making up positions for me.

>>"But the due thanks do indeed go to Adobe, the good part of the company, that created the open standard of PDF and PostScript formats. MS doesn't even deserve one hundredth of this."

See, I'm trying to argue security aspects of file formats and features. You're repeatedly going off to make emotive assertions about what Microsoft doesn't deserve. This is why your arguments keep shifting around - because you use them as tools to shore up your dislike rather than as an interesting discussion in and of themself. I keep trying to stay focused on security, you keep using my posts to launch off into diatribes about proprietary software. And so eventually, I end up making a post like this where instead of talking about execution priveleges for Macros as I was earlier, I'm just defending myself against rambling attacks and sly suggestions that I'm making things up. Oh, and childish comments about how h4rm0ny is not on your preferred list. *sigh*

>>"As far as your threat is concerned, go ahead and try infecting us, the users of ods, odt and odp format, you'll be praised to be the first one after those hundreds of thousands if not millions of Windows users that have fallen victims to this already. H4rmony is super-great! "

This is not only childish, but gross misinterpretation and I really object to it. Firstly, I made no "threat". I pointed out that I could write a trojan for GNU/Linux that worked on exactly the same principles as one for Windows. That's a technical point and an accurate one. Secondly, don't even try to pull an "Us vs. Them" when you say 'go ahead and try infecting us'. I use GNU/Linux daily, as you know. You don't get to cast me as some Other. I started out with SuSE 6.4 long ago. Like it or not, I'm part of the Linux community, so tough. You have no special claim to represent the Linux community and in fact, I think your preachy comments about how other people are ignorant cast us all in a bad light, tbh.

>>"For myself, I'd call a math paper written in odf "an ignorance attack" as well (even if a person is a Math, Physics genius), for better formatting things should laid out by means of LaTeX or TeX.."

So? Are we meant to conclude that if LaTeX is better for laying out maths papers than ODF then someone is wrong to use OOXML over ODF? You're missing a few steps there. Argument by analogy is generally a poor dodge to avoid having to prove something. Or is your contention that if you accurately call something ignorant in one case, then you are accurate to call something ignorant in another? Again - missing a few steps.

>>"Although a LO formula editor is much better adn closer to TeX than that infamous and ignorant MS Equations!"

By this point, I'd be willing to bet money that you have no significant experience in using the current formula editors in MS Office. Am I right? For a start "MS Equations" was deprecated some years ago. I think it's still available for backwards compatibility, but formula editing is built into MS Office without that now. Because I'm near certain you don't use it, based on your history of criticising without actual experience (ref. the extended argument you had about the flaws in Powershell before admitting you hadn't used it), I bothered to install the Maths plug in for Libre Office to do a quick comparison. Obviously there's no substitute for experience, but here are two screenshots of me editing a famous equation in both products, which I entered from scratch. I think the comparison is actually quite a fun one:

Here is Office 2013 formula editor: http://oi62.tinypic.com/2iqfjw6.jpg

Here is Libre Office formular editor: http://oi57.tinypic.com/2091r2d.jpg

Note, it took me a few goes to find the formula editor in Libre Office as I've not used it before. I found it tucked away under Insert->Object->Formula. On the ribbon, you just go to the Insert tab and there's a big Pi symbol with formula written underneath it, which I personally find a little more accessible.

Anyway, looking at them both and trying to enter some formula, I don't see the basis for claiming superiority for LO's implementation. Although I'll concede you did deliberately compare it to older and officially deprecated tools. Libre Office does have a long-hand text entry box option which MS Office does not, but I found it pretty painful to use. I'm still interested to know if you've used the current version of formula in MS Office seeing as you're so keen to criticise. Honest answer, please.

>>"It is stupid if one uses Adobe reader, are you using one?.. on Debian and CentOS, I am sure you're not..."

No, I'm not. But the world of computer security doesn't depend on what I use. I said PDFs shouldn't be on a preferred list for security (several times now, my point really should be quite clear). That some people use less capable PDF readers than the current most popular PDF reader in the world, is not an argument that they should be. You do this repeatedly - instead of rebutting my point, you quote part of it and then say something true as if it does rebutt my point without actually showing in any way how it does (or could!).

As to the final silly little barbs you're sticking on the end of your posts, I'm going to recap:

You: "it is good that you are not making my preferred list."

Me: "Okay".

You: "Okay? No it's great."

What should this exchange tell you about your posts? That they are personally antagonistic and that you're being rather childish. Just stick to the discussion and if you want to talk about relative security of file formats, I'm happy to do so. I'm even happy to talk about the merits of Libre Office vs. MS Office formula editors. But lets not have this ridiculous stuff about how I'm not on your preferred list. I don't care and it benefits no-one.