Posts by doublelayer

Re: will the user be able to uninstall Russian made software

"Keep your bridge (and your snark)."

In that case, I'll hold onto this bridge. Other people will eventually buy it. You'll get the snark anyway, though. Because your "what's the fuss" statement is bad. First, there are lots of phones out there that aren't rootable. And even if a phone is rootable, the user has to know:

1. What rooting is.

2. Why they want to root.

3. How to root.

4. How to deal with the bootloader which, in some cases, is English only (or in a rarer case, Chinese only).

5. How to find a trustworthy replacement ROM.

6. How to deal with the situation if their replacement ROM doesn't actually work, including how to obtain a manufacturer ROM and replace it.

Some people here know all these things. But that's in a community with a lot of technical people. The general public does not know these things, and it's not completely self-explanatory. But let's leave rooting aside for the moment. What would happen if Russia wanted this done, but everyone was able to uninstall or root at will? Simple answer. They would make another law requiring manufacturers to prevent that. Russia-specific models without rooting capability and/or mandatory malware that watches for use of ADB and inserts a compromised ROM in place of the real one (or just notifies the police).

I assume you or someone with similarly bad beliefs may look at my arguments and come to the conclusion that none of this matters for us, as we know how to evade this kind of interference. Why should I care if this happens; my phone will be malware-free? The reason I care is that many around me will have this surveillance on their devices. I care about other people, but that's not all of it. If they have surveillance on their devices, then they have surveillance on me every time we communicate. Every time their device is near me. And the malware can be updated, meaning I have to worry every time I receive something from them that could exploit a security flaw that their malware may have been developed to exploit that mechanism to spread itself. And we've seen that plenty of times before, so don't accuse me of extrapolating to extremes.

It is not at all acceptable to have a preinstalled application from a government. It is rarely acceptable to have a preinstalled application from someone who isn't the manufacturer, but at least I hope some of them check the payload and don't allow purely malicious software. It does not matter if the device has an "Uninstall this app" button because I cannot trust that button to do what it says. It does not matter if the device might in theory be rootable because most people won't go to that extent. It is not acceptable.

Re: I couldn't in good conscience do that kind of deep analysis work to assist an ad-slinger

That's one aspect, but there are also plenty of technical people who don't care about people, honesty, or really anything. Just look at all the people writing malware. If you find those people and offer them enough money, they'll do whatever you ask. The world is a very big place. It doesn't matter if fifty thousand of us decide we'll never work on advertiser tracking; the companies just have to increase the salary a little bit and they'll find people ready, willing, and able.

Re: Alternate Internet

It works fine in the comments section because we want to read all the comments. And when we only want to read new comments, we often simply jump to the ones we wrote or remember and read replies to that. Top posting works well when we've already read the email they're replying to, and all we need is the new content. I'm sure we're all on an email train that goes back three months, four people added to the list of senders, and sixteen misunderstandings about something that is no longer important, and I do not need to read any of that again.

What would really be best is a button to switch from one method to the other method. Bottom posting when the history is read and top posting when I only care about the most recent thing. That would likely require more markup inside the email though.

Re: A side-effect

I took a look to have some specifics. As you were talking about American carriers, I looked up the bands in use. The one that most clearly makes my point is Verizon. Their main LTE band is band 13. Any device using their LTE network must support band 13 or it will stop working or drop to roaming inside the U.S. And not many other providers use band 13.

I did a search on handsets to see what ones were covered. Your flagships are there, of course, with Apple and Samsung highly represented. However, let's check a few less expensive varieties. I quite like Xiaomi devices. They run Lineage OS pretty well and are at a nice pricepoint. How many support that band? Answer: not many. A growing category of devices on the database I checked is the 4G feature phone. What if you want one of those? I found none. So I then checked Verizon's website to see what they offered for 4G feature phones. They have options. All of four of them. With prices ranging from $100 to $264. And the cheapest is a Verizon-specific variant of a device available elsewhere, but that variant only supports bands 4, 5, and 13. Those are all Verizon bands, and only band 5 is heavily used elsewhere. If you want to move to another country, you should hope that that country has a provider on band 5 and that you like that provider over all the competitors, because you have no other choice.

I then checked devices for the number of bands they covered. Apple's seem to be the best. The iPhone XS covers twenty one bands. But even that comes in four variants with a slightly different set of bands. For example, only one of the variants covers LTE band 11. If you're using your phone on the Japanese network Au, you'll need that one variant. Many other devices had four to eight bands. That may give you a few options, but not as many as you might hope.

"If you think back 50, 100 or more years, much of our understanding of news, technology etc comes from old printed articles, documentation etc. that historians can research. Go forwards 50-100 years from now and just think about how much information that was only ever "posted online" will have been lost forever."

I mostly agree with you, but let's also consider the amount of paper documentation that was lost for one reason or another during that time. Because paper took up so much space, lots of it was recycled, discarded, or burned. And not all of it had an archival copy somewhere. Digital records at least make it easy to copy them, such that something like the Internet Archive can exist without requiring thousands of employees to copy and file stuff. Paper records are great when they need to survive something massive that creates a gap in custody between whoever has them now and future historians, unless that gap is created by fire. Digital records, however, make it possible for a small group of people to retain a massive set of data. Of course, they also make it possible to create even larger amounts of data which only gets backed up if someone thinks to do so.

Re: Metal keys

"Plus it couldn't be pickpocketed or lost."

Yes, it could. Everything can be lost, and anything small enough to keep in a pocket can be pickpocketed. Worse still, if a metal key is lost or stolen, much more is lost than when a plastic card is lost. The hotel must choose either to replace the lock with one that doesn't respond to that key or take the risk that someone stole the key (or found the key and now intends) to wait a bit and start exploring the room for things of greater value to steal. There's a reason that pretty much every hotel has adopted temporary keycards. I definitely prefer those to a phone app, but I think I prefer them to metal keys as well for the temporary lifespan of a hotel.

Re: As an interesting thought..

Most people only have one personal device, used for 2FA and every other type of communication. Only a relatively large business or one quite paranoid about external security threats would have a separate device for 2FA purposes instead of using a corporate phone issued to whoever needs access or kept in the office of the relevant team. For nearly everything else, the cost of a separate mobile connection and possibly a separate device for a few SMS messages is considered of little value.

Re: A CITIZEN'S rights

We'll start with the fact that your comment is factually incorrect. The fourteenth amendment to the U.S. Constitution makes all rights guaranteed by that constitution, including the rights under the fourth amendment, applicable to all "persons" in the United States. This is obviously everybody, citizen or noncitizen. However, someone did argue as you did that well, how about we don't. The Supreme Court decided that that idea was wrong. See the case Yick Wo v Hopkins. So your statements are wrong on all counts.

In addition to being factually wrong, they are also morally wrong. Nobody is arguing here that all rights of a citizen should be given to noncitizens, but basic human rights should be. That is also in various legal documents, including the U.N. Convention on Human Rights, to which the U.S. is a signatory. In fact, many of the rights in that document are very similar to the ones specified in the U.S. Constitution.

Re: The law of Unintended Consequences applies....

The section is simply far too broad. There are cases where the protection is not only the most logical option, but helps prevent lots of problems. And then there are others where it allows clear abuse with a get out of consequences free card. Some examples:

Without this section, every provider is responsible for anything and everything on their platforms. This makes sense for a blog with a few readers, but it doesn't make so much sense for, say, a cloud services provider. Without protections like this, someone could find illegal content on a site and charge the provider of compute or network for that site with a crime despite the fact that the provider didn't know anything about the site. Initially, this doesn't sound like a problem; we make it illegal for people to provide services to criminals and the companies have to check their customers for criminal activity. The problem with this is that checking a customer for criminal activity is pretty hard to do without also completely ruining that customer's right to privacy. For instance, I have a virtual server online that could theoretically be used to commit crimes (it isn't). In order to verify that I'm not committing crimes, my server provider would probably have to scan every file on my machine and analyze all network traffic coming through. And even if they do that, they could be charged if it turns out their automatic system doesn't detect whatever crime I have managed to come up with. A good faith effort is not sufficient.

However, this is also frequently used to allow any type of content, no matter how obviously illegal, to be sent. The article already has some good examples of this, which I'm sure we agree should be stopped. Under the current law, our only method to try to stop it is to argue about the definition of "publisher", leaving lots of advantages for companies with many lawyers. That's not very useful. As obvious as it is to people that running ads means the advertiser is publishing at least that content, it hasn't yet been accepted in court because the law isn't clear enough.

I think we're likely to see lots of people clustered around the "protect it at all costs" and "scrap it entirely" ends of this spectrum. As usual when that happens, we really need to be somewhere in the middle.

Re: 8GB ram????

In fact, I've worked on Windows 10 machines with even less. I currently have a machine here with only four gigabytes of memory, and that one works fine. It's probably not the best machine to use when running memory-hungry software like some IDEs, but it does just fine running more standard software under both Windows and Linux, and I rarely notice the difference.

At one point, I had the pleasure of using a cheap Windows tablet with a whole one gigabyte of memory. I did notice that, but the Intel atom it was paired with was the more annoying of the specs. Even with that, however, the device ran. I could write code and read email with ease until I gave it back to its owner and started using my machines again.

Re: Four years?

It sounds like their job included looking at specific user accounts and they made some attempt to limit their targets. Logically, Twitter should have had controls on even small numbers of accounts accessed, but I don't know the details of what these people were doing. If it involved something like trying to identify if users were bots or not, it's possible that the criminals hid their account sweeps in something like that, and removed the data they were interested in from that data stream rather than deliberately accessing the profiles. Given the article's figures of six thousand accounts accessed for a target count of thirty three, that approach might have been the one taken.

Re: More slurping

That's not much change. If your using one of these, you're almost certainly signed into a Google account (I'm not sure whether they have made it mandatory or whether there's some pretense that you have the choice not to). They'll already collect anything and everything you see on that. I have a feeling that to sync laptop Chrome to Android Chrome, they expect both devices to be signed into the same accounts. If you've done that, you probably don't need Chrome sync on for Google to have collected anything and everything they can find on both devices. The Chromebook concept does not make much sense to me, but Google's intrinsic data collection inside everything they create made it definite that I will not be buying or even using one.

Re: Is there a silver lining here?

No, it almost certainly isn't. That would be great, though. Huawei did have a third OS, which they talked about installing on these phones, but that wouldn't necessarily have been open (they never said anything about that). They have chosen, however, not to use it at the moment. My theory is that they expect these restrictions to go away soon enough that they can go back to Android, and they don't want to have two competing operating systems they have to manage. Whether or not they use AOSP or their own OS, they have decided not to have unlocked bootloaders for replacement. So I'm afraid our dreams of a stable and generally available third mobile OS will have to wait for another company to decide to escape the current monoculture or something really weird to happen to Huawei so they change their minds on a lot of things.

Should they decide that it is a real problem and they want it stopped, they have quite a few powers that would make it easy to do. First, they refuse to reauthorize. Then, they demand monthly if not more frequent meetings about how the programs have been shut down and any privacy risks they might pose in the future. If the programs aren't shut down fast enough, budgets get slashed. If the people running the programs lie, they're tried in court for perjury and put in prison. That's what could happen.

That's what could have already happened for a lot of years and to many people. They absolutely have the ability to get this situation fixed. Sadly, I have seen little indication that we are making progress on getting them to want to. Since these programs have started, they have been vehemently supported by presidents and legislators of both parties no matter how much obviously illegal and technically legal but clearly wrong activities were publicly known. Perhaps I need more optimism, but I don't think much will happen any time soon.

Re: Why are you still an AT&T customer?

You assume here that the people are still customers. I'm guessing quite a few left after their contracts ended, tired of being lied to. But you also have to realize that people still need phone service. If only one provider provides useful service wherever you may be, then you are effectively locked into them. And even if you're in an area of good coverage from everyone, you still have to shop for the best plan. It might end up being that the plan from AT&T was a better value for money than the available plans from the competition, just without honesty.

One can't always keep placing companies on the never-buy-from-them-again list; sometimes their services are needed as much as people dislike them for previous decisions. Your approach works fine in a market of perfect competition, but mobile service is not in a state of perfect competition anywhere in the world, let alone the U.S.

Re: Google complains about data hungry ISP's??? Those are some swinging balls

It's Mozilla making the argument here. And I completely agree with you about Google's willingness to collect and sell data. The solution to this, however, isn't to choose anyone and everyone who isn't Google and keep data flowing to them. Instead, technology promoting privacy should be supported, investigated, and adopted when feasible, no matter whose data collection is disrupted. If a certain endeavor doesn't do much to cut off the data pipe to Google but does to Facebook, it's still a good thing.

DoH, unfortunately, is somewhere in the middle. It really does promote privacy; it's not difficult to change the provider in a browser and it's quite easy for a DNS provider to set it up. However, it can be used by programs and devices to evade DNS blockers and user controls, including the use of hard-coded servers. Even admitting this, I believe the balance is tilted toward the positive. Programs ranging from actively malicious to locked down by vendor will probably use DoH to hide their tracks, but that can't be helped. If DoH didn't exist, they could and would use something similar. Meanwhile, DoH does really help ensure the privacy of DNS lookups until the DNS server, which can be very useful at keeping data away from ISPs, malicious network devices, etc.

Re: How is the device added...?

Logically, it probably starts with account access. This could be from password reuse, poor passwords, access to an email account, theft of credentials via malware, or the like. However, as we don't have many details, it is theoretically possible that there is another vulnerability somewhere that people have found. We don't need to assume that exists at the moment, but it's not beyond the bounds of possibility.

Everyone will have some type of security incident, and quite a few of those will be account accesses. However, the real problem is recovery from an event like this. Most accounts can be recovered by taking them over again, changing access methods, and enabling multi-factor. When this course of action is not sufficient, we have a problem.

That's not a good idea. For one thing, the organization never asked for the domain. They just complained about Amazon getting the domain because they're annoyed. As pointless as it is for Amazon to want the domain so much and as warranted as Brazil's complaints against the U.S. are, this fight is producing no useful outcome for anybody, which the complainants know well. I have little sympathy for them. I don't really care whether Amazon gets their domain or not, but I can't see that people deliberately trying to be obstructionists have any legitimacy.

Re: Meh

But a auto dealership and a hardware company aren't search engines. They are making recommendations when asked, but it is not their job to provide information. In addition, no manufacturer of cars or phones currently has an effective monopoly on that market. Google, as a search engine, does have providing information as a primary purpose, and at the time (and now), their market share does place them very close to a monopoly in many countries. If they choose to bias their search results to promote other products, it could be considered abusing their market position, which violates antitrust and pro-competition legislation. Your analogy is inadequate.

Re: Hearing aid?

I don't want these, and they're ridiculously priced as well, but there is a simple answer to why people want earphones that block out a lot of the noise from their environment: open plan office. I'm in a mixed plan office and I still choose to use headphones because if I decide to work to music, I won't be irritating the person closest to me. In addition, having devices that have the capacity to serve as impromptu earplugs can be nice if I'm being subjected to far too much ambient noise. An airplane cabin or construction zone next to where I'm working come to mind. Another that comes to mind is if I have to work inside the server room at some point. The shriek of lots of servers is annoying and can damage my hearing, while there's very little likelihood I have to listen out for dangers (unless it's the BOFH's server room) or would be able to hear them anyway.

Re: Hypocrites

They have. At least some of the new companies placed on the American entity list were placed there because they create surveillance systems used in the Chinese province of Xinjiang for tracking and in many cases imprisoning people on ethnic grounds. Which is why they got suggested on the list, but they'll certainly be removed if the trade war goes the way the American administration wants because human rights won't matter in that case. Various other countries have been calling this massive human rights abuse by China out too. It's so obviously happening and so obviously really bad that nearly everyone at least says they're concerned about it.

Just give the pager a very basic microprocessor capable of performing encryption and decryption. They have them all over the place, and they're quite cheap and run with little power requirements. You can still use the same frequency. Given the privacy requirements of some of this data, that would seem to be a sane precaution.

Re: There seems to be something wrong here

Well, let's round up a few suspects:

1. Reused password.

2. Poor password.

3. Keylogger.

4. Phishing email.

5. Someone with a passwords file (especially children).

6. Insecure IoT device (E.G. television watching Amazon's video service).

7. Malicious attack by someone who knew the person.

8. The poster was not the person whose account was accessed; they are the technical person who helped a family member or friend whose account was accessed using one of the above mechanisms.

9. Amazon's had their system accessed and Amazon doesn't know or hasn't told us.

10. Dumb luck.

So maybe one of those was used to access the account. It's still a massive problem if you can't lock them out by changing the password and deleting connected devices and changing how 2FA is working and talking to normal customer support. I fail to see your objection to this quite likely possibility.

Re: Quick question

That question is difficult to answer. The main reason is that these aren't of particular concern to single-user machines. Of course one might want access to protected memory on those, but an evil person is more likely to have a better way of gaining access to data on a less secure user machine. This type of vulnerability is more useful in penetrating the protections in place on a machine running VMs for multiple people or for multiple purposes. The other problem is that you can't easily detect this by a signature or other file characteristic. Only by observing the operation of a program can the behavior be detected, and the overhead required to do that to everything is prohibitive.

All that said, the best answer is "not very many". It's not easy to do, it's relatively slow, and it's only useful in a few circumstances. You probably shouldn't fear this vulnerability as much as many others. But that's not to say it's unimportant, as there are lots of things someone could do with it.

Re: Just a second

This is not about competition. I know, unpopular opinion, but it's not. It started from real concerns in some security circles across multiple countries that Huawei might actually spy for the Chinese government. These people recommended code checks, which revealed some worrying things but didn't reveal spying. And now the security people have mostly dropped their concerns. The only reason this is still a thing is that some American politicians realized that "security reasons" sounds better than "hostage in a trade war". But it's not about Huawei competing with other companies on comms tech, it's about wanting the trade balance to switch. That's an issue so important to the current American administration that they'll sacrifice anything to get it, and they're not above manufacturing another bargaining chip to try and add some stress.

Re: Mobile data is faster in the US?

There are two major reasons for the difference. Reason number one is logical; the U.S. is really, really big. They have their share of large cities that can be cabled quickly, but you have a lot of very empty spaces. It's like that saying: "The difference between an American person and a British person is that the American thinks that a hundred years is a long time, and the British thinks a hundred [insert kilometers or miles depending on whether it's an American saying this] is a long distance". Running wires to all the places people live is expensive, so there is often no desire to do it again if there's something there already, and relatively little reason for other companies to compete outside the major cities. There are various places that are remote enough that there just isn't a cable; if you want internet, you either have to get satellite or pay for the installation of a cable.

The second reason is purely economic and political. Competition is not considered an issue of major importance, and most places don't have it. The various regulations about what service levels are and what companies are allowed to do have frequently allowed service providers to lock down certain areas as captive markets. Even as regulations change, which they do from time to time, the inertia of past regulations carries on. For two examples, there was frequently a monopoly given to cable television companies who agreed to serve an area. When internet began to come along those cables, the companies with those monopolies had a great opportunity to assert their dominance in the fast-enough internet market as well. Meanwhile, companies were not required (and still aren't in most places) to share any infrastructure, increasing barriers to entry. Regulators frequently focused on geographic coverage rather than competition.

Re: In other words

"I'd question if it is truly AI or just some glorified DSS. Probably the latter."

From what they've said, it fits the standard definition of AI, being based on a neural network rather than just a large set of rules. But that doesn't necessarily mean the large amount of different ways a sentence could be read will matter at all to the accuracy of search results. The fact that their own demonstration test case didn't hold after they release indicates that it's probably not as reliable or useful as they would like to believe.

This type of analysis, if it worked, would be very helpful. There are various things that cannot be easily phrased without using word positioning and prepositions. Quite frequently, searches I perform fall into this by being in the format "A without B", as I know I'm going to get a lot of articles about A with B, which is how I got desperate enough to try phrasing a search to get things without B in the first place. But I somehow doubt that this will solve that problem.

Re: SECURITY!!!1!!

It doesn't really matter when the warnings happen. A wall of them makes a better point in one picture, but it doesn't really change the experience if the warnings appear one by one. I'm happy to have to manually grant access to stuff. But it is Apple's responsibility to make sure that works when other programs try to use it. And there is no good reason not to tell people that they have the option to proceed with running an unsigned app; that box is pretty bad. Apple's headed in the right direction, but they're on the wrong track. They'll need to jump to a parallel one with good UX and user choice in mind, then keep going in the direction of more OS-enforced security.

Re: Perplexed

I think they do that, but it takes a certain amount of time to take something down, especially when the person investigating it doesn't live in the same country where it's run, and others can find and use its services while it's not been shut down yet.

Re: Charities are a fraud

Some charities are frauds. Some are run incompetently. And some, quite a lot, are quite useful to the local area in whatever field they focus on. Trying to get an easy answer by putting them all in one box, no matter what box you pick, is certain to get it wrong for a large chunk of charities. Only by researching what a charity does and whether they're doing it honestly can you know whether it is legitimate or not.

I volunteer my time to some charities*. When I decided to do that, I checked out the charities involved to see whether they were trustworthy. This may be tricky in some ways, because a charity can do a lot of the same things a for-profit business does without having violated its trust, including paying some people quite a bit or spending a lot of money on certain things**. And there are definitely charities that exist in a middle area where they're not manifestly perfect. But, even with that admitted, it would be harmful to say that all charities are thus.

*I volunteer my time outside of work, but I work for a company that is definitely not charitable.

**For example, certain charities do spend a lot of money on lawsuits or travel expenses, which would ordinarily be red flags. If the charity is a legal advocacy thing, the law expenses make sense. If the charity does field research, then the travel makes sense. But otherwise, those remain red flags. So you have to consider all the available details; there's no easy equation for whether something is trustworthy enough.

Re: "vishing"?

I don't think we need a new name for this, but this isn't social engineering. Social engineering is when you convince a person to trust you when they shouldn't and you leverage that trust. This is exploiting an unexpected vulnerability in a device so a user's data can be exfiltrated. It's malware, not social engineering. The easy way to determine the difference is whether a person needs to be involved. After writing this skill, a malicious person can push it out and get recordings of users without ever having to personally interact with any of them.

It's wonderful that both Amazon and Google had to specify that they've taken down the proof of concept malware skills. As if we didn't already figure that. What we want to know and what they refuse to tell us is whether they're actually taking any of the necessary steps to prevent active use of the same tactics. From their statements, Amazon seems to be saying "Yes we made a change, but don't ask for details. Trust me, it's fine" and Google appear to be saying "We already did, so we didn't have to make a change, it's fine, and we don't need you poking about now go away". I'm taking both statements with the annual salt output of Bolivia.

Re: Relocate ?

There are places he could run to, but he almost certainly wouldn't. Even if you stick with English-speaking only, you've got countries on every continent meeting that criterion*, and you can find someone who speaks English well and willing to translate for you in exchange for a bunch of money anywhere you go.

But even if this law got passed, he would have a team of lawyers so massive that it would be years before anything at all happened to him, years that would be spent trying to get the law repealed or modified, a pardon issued, or a loophole found so that nothing would happen at all. And, by some leap of imagination we actually consider that he got convicted, I doubt the prison sentence would be very long or onerous. A life in exile isn't so desirable if you can pretend you've learned your lesson, go wherever you'd like, and leave with billions.

*I count at least nineteen countries with English as the primary official language and lingua franca across six continents, and at least another twenty with English as an official language spoken by a large enough community. Not that all of those are places you'd want to live on a full-time basis, but they at least exist.

Re: Any Idiot...

So the phone app shouldn't be used for this information? The paper map isn't necessarily any better. It could be inaccurate or out of date, and you wouldn't know until it became a real problem. While I get that the phone could run out of power or the app could get broken, lots of coulds apply to a paper map as well.

It's also probably worth keeping in mind that many of those people probably didn't use this app for areas they had a high chance of dying in. If people like going to a perfectly safe area containing nature, they're probably using the map to help identify and locate things, rather than get to safety. I am reasonably sure this applies to most users, and therefore the consequences for the app being useless were a ruined excursion rather than a brush with death. As such, your calling them idiots seems quite a bit harsher than they deserve.

Re: Erm

Most good fingerprint sensors won't work on a lifted fingerprint, so you have to pick up someone's hand and physically place the finger on the sensor. Since people move a bit in sleep and the sensor requires sustained contact, you'd also have to hold their finger there for a second or two. In addition, many sensors aren't great and require multiple scans, which means possibly having to lift and reapply the finger. Some people may sleep soundly enough that you can pick up their hand, separate one finger to avoid interference, and hold it to something else, but I doubt it's all that many people. The majority who would wake up would now know the exact person trying to access their device, have very clear proof, and be in convenient punching range (either from gaining lucidity admirably quickly or simply a strong enough startle reflex). Judging from how well my cat can wake me up, it won't work on me.

But I doubt the screen size is directly proportional to the processing, memory, and storage. They could have obtained all of those parts from their extra inventory and simply attached a larger screen to the result. Of course, since nobody will actually run all that much on this device, perhaps that's the most efficient choice for all involved.

Re: @tfb - Already patched in Slackware.

"It is not you alone that decides who is to be trusted and who's not, business has also a word to say."

Methinks you misunderstood the main point. The main point was that giving unrestricted root access lets everyone with that access do anything. The business wouldn't want that. Nothing was said about the admins making all decisions; instead the admins would be better implementing a security policy limiting users' access to run stuff with root privileges.

"Also, may I remind you the not so few cases in which a trusted sysadmin locked down networks and systems and denied legitimate users access ?"

And how did they do that? By running commands as root. So if you give ten times as many people unrestricted root access, you have ten times as many people who could do something like that. And your disagreement with the original point was?