I edited my comment on your other reply and by my estimation, calculating every SHA256 of all MACs ever potentially issued takes less than 89 seconds on an RTX 3090.

I also think MACs are (or should be considered) personally identifiable information, since there is potentially a paper trail back to the person who bought it. Plus MACs are not secret information, it’s broadcast on the LAN and for wireless modules over the air in the immediate vicinity (though some systems will randomize wireless MACs for privacy reasons). Privacy-unfriendly software has been known to collect MACs (even from other devices on the network and in the vicinity), so there are already databases connecting MAC addresses with other data.

You don’t need this to count unique users. You could just assign a random number on install or whatever. Or even more simply, just run the thing once per month, should be accurate enough. Do they expect the software to just randomly spam duplicate reports? Don’t write it that way.

Best case they don’t care about collecting minimal data and don’t understand that hashed MACs are easily reversible. So incompetent fools with no sensitivity to privacy.

Maybe this should be Manjaro’s tagline: Not purposely malicious, just grossly negligent and ignorant.

Debian popcon is opt-in, first of all.

https://popcon.debian.org/FAQ

Q) What information is reported by popularity-contest ?

A) popularity-contest reports the system vendor [1], the system architecture you use, the version of popularity-contest you use and the list of packages installed on your system. For each package, popularity-contest looks at the most recently used (based on atime) files, and reports the filename, its last access time (atime) and last change time (ctime). However, some files are not considered, because they have unreliable atime. For privacy reasons, the times are truncated to multiple of twelve hours.

[1] i.e. the dpkg Vendor field, see dpkg-vendor(1).

So no fucking MAC addresses and machine-ids and harddrive serial numbers and stuff.

They only want package statistics, the point being to have statistics about the popularity of packages, mainly so they can be prioritized for the CD/DVD isos. You know, information that actually has a use, not hardware identifiers that can only be used for tracking purposes.

That’s not anonymous, that’s pseudonymous.

What is the point of this? The machine-id already looks to be some unique random number, so you’re calculating another unique random-looking number from that, might as well use the original number.

You can’t glean any useful information from a unique random-looking number that would help with developing Manjaro. You can’t calculate any statistics from that. The only use is tracking.

Edit: And as mentioned in my other comment, reversing the MAC SHA by brute force is trivial, so that one at least (and possibly the other hardware serial numbers they collect) shouldn’t even be considered pseudonymous.

MAC addresses are 48 bit, and half of that is just the manufacturer. So 24 bits really, and those bits aren’t random, I think manufacturers just assign these based on some scheme, like a serial number. Point is you could easily reverse the SHA by brute force.

You can’t calculate any useful statistic from a hash so literally the only use this would have is some sort of tracking.

Edit: I just looked up some data and I found someone using hashcat on an RTX 3090, which looks like it can do almost 10000 million SHA256 hashes per second of salted passwords (which are longer than 48 bit MACs, so MACs should be faster). 2²⁴ is 16.8 million, so it’ll take about 1.7 ms per vendor. I found a database with (all?) 53011 vendor ids:

>>> 2**24 * 53011 / 10000 / 1000 / 1000
88.93769973759998

Yup, 89 seconds. You can calculate the SHA256 of every single MAC ever potentially issued in 89 seconds on a bog-standard 3090.

Ich dachte eher an Holz (und Flüssigkeit) auf Edelstahl, was sehr gut abschabt. Aber ja Teflon ist auch ein Problem bei Metallutensilien.

Ist aber wurst wenn sich’s verfärbt? Scheint ja hygienisch trotzdem okay zu sein, weil Holz antibakteriell wirkt. Und Holzlöffel sind voll gut zum abschaben von Bodensatz beim ablöschen, das geht mit Plastik und Metall nicht gescheit. Je nach Situation kann aber Metall auch besser sein.

Shoving everything into the task bar doesn’t strike me as more orderly. Less so really.

I’m not a Gnome user but I stopped minimizing my windows years ago. Don’t need that if you (a) don’t have icons on your desktop and (b) move your windows over to another workspace when stuff gets crowded.

Yeah better discriminate based on nationality /s. But why stop at that? Poor people are too easily bribed can’t have them. I hear the CIA recruits from top US universities, can’t trust those college grads either. Anyone belonging to some homophobic church or religious group? Better not what if they’re closeted gay and get blackmailed? Anyone in a monogamous relationship should be excluded for the same reason, if you think about it. *tips forehead*

Racists and Xenophobes will try to stop global collaboration,

Yes! Go on…

real conflict that matters will always be the smart vs the lowiq.

Uff… That’s some serious brainworms right there. How do you call your worldview? IQ Supremacy?

Maybe he’s trying to avoid conflict with US government, but he clearly is not trying to avoid conflict with that statement.

How does this prevent the Russians from accessing sensitive technology? Oh it doesn’t! It just excludes them from contributing to Linux, not from using it.

Accusing others from “arguing in bad faith” are we?

If you use netinstall you won’t have any CD-ROM sources in sources.list. I think that’s kind of stupid that the full iso installer even adds the CD-ROM line. The vast majority of people wouldn’t want that and it just confuses new users.

I guess the lawyers are working for the Linux Foundation? Linux development does not need and started without a legal structure. They could tell the lawyers and the Linux Foundation to get lost. Is the US government going to prosecute individuals for collaborating with individuals from Russia on free software projects? If that’s so, maybe wait till that actually happens and see what the courts have to say about that, instead of this anticipatory obedience.

And the rest is some rhetoric parlor trick and/or racist brainworms. How is not banning Russian individuals from kernel development “supporting Russian aggression”? And apparently there is no way anybody would argue against that without being a Russian paid actor or a propaganda victim. I’ve been watching these so-called “real news” and they love carrying water for genocide right now. Their terrible propaganda – our “real news”.

Kill the Messenger – Why Palestine radio and TV studios are fair targets in the Palestine/Israeli war. By Anne Applebaum, Jan 21, 2002

Ist ein Artikel von ihr. Die Karriere von der basiert auf dem Bashing von Kommunisten und weil sie der außenpolitische Linie der USA einen intellektuellen Anstrich gibt als “Historikerin”, obwohl die Frau keine Artikel in Fachjournalen veröffentlicht, aber haufenweise in Zeitungen/Zeitschriften. Die kann sich ihre Double-Genocide Nazi-Verharmlosung sonstwohin stecken.

Wieso wirst du nicht abgeschoben als Menschenfeind, hä? Achja deutscher Pass, kann man nichts machen, das gilt nur für Ausländer. “Arschloch und Menscherverachter” ist noch nicht mal strafbar, deine Forderung geht noch über die der NPD hinaus. Jeder, den du nicht magst, wenn er Ausländer ist (oder vielleicht weil er Ausländer ist?) wird abgeschoben, ja? Aber ich und du für uns gilt das nicht: Privilegien für Deutsche. Rassismus halt.

“Kriminelle Ausländer raus!” stand früher auf den NPD-Plakaten.

Aber Arschlöcher und Menschenverachter will ich nicht in Deutschland haben, davon haben wir schon genug.

Ich glaube ich unterhalte mich gerade mit einem/einer von diesen Menschenverachtern.

Özdemir: Die Ausländer belästigen meine Tochter! Quasi das die-Wilden-vergewaltigen-unsere-Frauen-Klischee für die ICH-bin-doch-kein-RASSIST-Fraktion. Aber wer sich hier ausbeuten lässt und die ewige Staatstreue schwört, sollte schon dabeibleiben dürfen, den Rest abschieben bitte. Der Wert eines Menschen bemisst sich bekanntermaßen an dem Wert seiner Arbeitskraft und seiner Bereitschaft zum Stiefellecken. Darum eine “progressive-konservative” (eher konservativ-konservative) schwarz-grüne Koalition.

🫡