The ironic thing is that Windows servers have one of the easiest to use and most workable backup programs, wbadmin. From there, there is Veeam, and if one wants to stay in the MS ecosystem, there is MS DPM.
I would say part of the blame is that there is so much pressure to get stuff up and running, that stuff like security and backups fall to the wayside. For example, part of the cost in setting up a VMWare farm should be Veeam. However, backups tend to be ignored.
I'm sort of reminded of how people actually started practicing security when MS-DOS viruses started not just erasing hard disks, but zapping BIOS firmware and throwing monitors bogus refresh rates in order to have them fry. When hardware started getting destroyed, people started paying attention. I wonder how long it will take for the same thing to happen, once ransomware starts taking advantage of user permissions on the domain/tree/forest level and spreading via AD.
1: Pull backups. NetBackup, Veeam, and many others come to mind. 2: EMC Isilons offer SmartLock functionality that can be set to prevention deletion for everyone out but root on the physical Isilon console. 3: My little two drive NAS offers snapshots and backups to a USB hard drive. Malware can pop the current time, but just cd-ing to a directory to "#snapshot" and fetching the files is nice. 4: Amazon Glacier offers vault locks that once set after 24 hours, cannot be removed, even by the AWS owner. Set a WORM policy of 30-180 days, daily backups to that, call it done. 5: Good old fashioned tape drives. WORM cartridges are not expensive, although the drive unit is pretty pricy.
Is it the norm these days for backups to not be done, or people assume that RAID constitute as backups?
I have never gotten the "app" verb used in this context. I assume "apping an app" means using XCode and Git, with a very well-honed Agile and Scrum process, with multiple development, alpha, and beta stages to get code that is as bug-free as malware (malware tends to be the least buggy of types of software.)
I cover the camera for a very similar reason. Skype for Business is very commonly used, and it can be too easy to mash the wrong button, and wind up with people finding out that I drink ice tea instead of coffee.
That puts Seafile in quite a bind. If they do a "file foo" on everything uploaded and hand that over, that can get them in some legal hot water, or at best, net them bad press. If they don't, they lose PayPal.
Looks like they made the best decision they could. As for Bitcoins, someone would make a mint if they could make an easy to use processing service, on the level of Square or PayPal. BitCoin is still a unsteady currency, but as a means to move real money to it, make the transaction, then move out of it quickly, it is usable.
I wonder what the "analytics" mean. Would this be a scan of all the user data and handing over names, sizes, and file hashes of files, names of files uploaded/downloaded, or something less intrusive?
I have used them as a credit card merchant ("Paypal Here" scanner), and I've had decent luck with them over the years. I have read horror stories left and right, but maybe I'm just lucky, but I wind up using them quite often for paying on commissions.
Next to BitCoin, they are definitely one of the easiest ways to get cash to someone.
Two step forces an attacker to go from passive harvesting to actively targeting people for attack. A list of brute forced passwords is useless against accounts that use 2FA. Without it, there is a good chance, the attacker will be able to find some accounts with the same or similar passwords.
There are more than just Google's app for authentication. Amazon has similar, and there are a number of third party alternatives, some with dark themes.
Blizzard has similar functionality where the app will look at queued login attempts and ask for approval. Before that, it was IBM's ZTIC which was one of the first 2FA systems which did this.
I wish this were open source, just like TOTP is right now. I use a third party application that allows me to sync my 2FA codes (encrypted, of course) among my devices, including my Linux boxes, and my NAS machines. Having the ability to just tap "approve" for SSH connections would be nice, but it likely would require more moving parts outside my LAN, which could make things less secure.
The problem is that we had secure communications networks. They were kept disjoint, and with incompatible communication protocols.
There is a way to design a secure network -- circuit switched, with the switch having an ACL that only lets certain machines communicate with each other and nobody else. Add RSA keys on a low level of the stack, and an attacker would have to compromise both the switch ACL and the authorized key list on the individual machines just to attempt communicating with one of the hosts.
With basic technology available in firewalling appliances, it isn't too tough to make a rule, "if it appears to be encrypted, drop the packets, send alert, and yank offending host from the network". Just block traffic going through a HTTP/HTTPs port without a user agent, MITM the rest. This works on the LAN. It wouldn't be too hard for a repressive government to do this on a WAN basis.
I've been at a local theater chain here in Austin... and there tend to be zero cellphones visible. The Alamo Drafthouse tends to wield the LART brutally in that regard, which is why they get my business.
I used to argue this over a decade ago, that AAC was Apple only. However, times have changed, with many other devices accepting this format. The days of WMA players are long gone, and virtually everything will play AAC. Ideally, one should purchase music in FLAC, and choose the best format for the device. For a high noise threshold car, 192kbps might be good enough. For listening with cans, might be best just to listen to the FLAC file directly for the best quality.
Of course, most newer audio heads assume you have some device with Bluetooth and may not even bother with storage or CD/DVD slots.
I've not bought a CD from a big label in years, unless you consider Cold Spring Records [1], Nuclear Blast Records, or Cleopatra Records big. Otherwise, I do buy the albums.
MP3 or AAC. I am in places with spotty to no cellular reception, and with a 128GB smartphone (or 128 GB SD card), I can shovel most of my music collection onto the device. Plus, downloading/purchasing ensures artists get some revenue, compared to streaming where the royalty per play is just insanely small.
Here is something often conflated: A device may be secure because a user can't get any access to it, but it may be easily compromised from remote. How would one make a device that the user can easily flash, and do what they please with, even flashing a custom OS or firmware, while still making it resistant from remote, and perhaps local attacks? The closest I've seen is Android, which when rooted loses none of its security (other than a user hitting "allow this app to run as root") by accident. Other ecosystems, like iOS, have their entire security model destroyed by jailbreaking.
I think TFA was written by someone who wants video because it means they get their ads in front of screens far longer than a text page. Same reason why a lot of the clickbait crap always leads at a video, when they could have easily stated their piece in 1-2 paragraphs.
Text is not going anywhere. People don't have time to watch a video 24/7 for everything, nor really care to watch someone yap in their house about a topic that could easily be covered by another medium of communication.
It makes life easy for monitoring as well. Some box loses its network connection, getting a console just means going to the iDRAC/iLO web port, logging on, seeing what is going on, and getting the NIC unstuck. It also is nice to load an ISO and install the machine from scratch if the box is a one-off and not worth making a PXE boot mechanism for what it is doing. Or, just boot the ISO stashed as a virtual CD, point it to a kickstarter file, and call it done.
It is easier to have an easily compromised sign than a sign that can't be used because it is too secure, and the key for it was lost. Cellular connections may be dicey, especially when the sign is in proximity to a lot of rebar or out where there is no real signal.
I personally would just have a locking cabinet with an Abloy PROTEC2 CLIQ cylinder (or something with similar good electronic/mechanical strength), which not just will ward off vandals (it can be defeated, but will require a lot more physical tampering), but also give an electronic audit record of who has the sign. From there, just open the cabinet, set the text of the sign, close cabinet.
I got "dumped" into Rhapsody after the URGE store closed down (which arguably was excellently curated because at the time, MTV actually did some decent background write-ups about bands.)
Trying to cancel with them is insane. You can't cancel online, but you have to call, be passed between people until you start demanding a supervisor, then "Can you cancel my subscription, if not, hand me to someone with that capability". It was an extremely unpleasant experience with multiple call attempts until it was done. Any of the other mainstream services can be stopped pretty easily, but because it was so difficult to cancel with them, I'd never ever go back, no matter how good they were.
Swift 2 is stable enough that I get occasional calls from recruiters asking for five years of it as a language for dev jobs. So, if it is good enough to transcend time/space, it should be stable enough.
With ransomware on the rise, having a filesystem that can take snapshots, perhaps coupled with a version of Time Machine that works on snapshots will help provide some mitigation. If the ransomware doesn't have root, it can't purge snapshots, although it can do mayhem in other places.
I would say Time Machine is OK for an "oh shit" backup for bare metal restores, but I wouldn't really rely on it as my sole way to retrieve data, because I've had instances where TM backups got hopelessly corrupted. I would probably recommend TM + Borg Backup or another utility, ideally a utility that can pull the data, so ransomware cannot get near the backup repository to destroy any existing data. Barring that, there is always Carbonite or Mozy, but one has to be aware of the security implications of dumping to the cloud.
Licensing. Apple did flirt with ZFS, but for some reason, and I would guess it was license issues, they decided not to go that route. Using btrfs would bring GPL/BSD licensing issues. So, Apple either had to license something like ReFS from MS, or roll their own.
Slashdot Mirror
The ironic thing is that Windows servers have one of the easiest to use and most workable backup programs, wbadmin. From there, there is Veeam, and if one wants to stay in the MS ecosystem, there is MS DPM.
I would say part of the blame is that there is so much pressure to get stuff up and running, that stuff like security and backups fall to the wayside. For example, part of the cost in setting up a VMWare farm should be Veeam. However, backups tend to be ignored.
I'm sort of reminded of how people actually started practicing security when MS-DOS viruses started not just erasing hard disks, but zapping BIOS firmware and throwing monitors bogus refresh rates in order to have them fry. When hardware started getting destroyed, people started paying attention. I wonder how long it will take for the same thing to happen, once ransomware starts taking advantage of user permissions on the domain/tree/forest level and spreading via AD.
There are many ransomware-resistant solutions:
1: Pull backups. NetBackup, Veeam, and many others come to mind.
2: EMC Isilons offer SmartLock functionality that can be set to prevention deletion for everyone out but root on the physical Isilon console.
3: My little two drive NAS offers snapshots and backups to a USB hard drive. Malware can pop the current time, but just cd-ing to a directory to "#snapshot" and fetching the files is nice.
4: Amazon Glacier offers vault locks that once set after 24 hours, cannot be removed, even by the AWS owner. Set a WORM policy of 30-180 days, daily backups to that, call it done.
5: Good old fashioned tape drives. WORM cartridges are not expensive, although the drive unit is pretty pricy.
Is it the norm these days for backups to not be done, or people assume that RAID constitute as backups?
I have never gotten the "app" verb used in this context. I assume "apping an app" means using XCode and Git, with a very well-honed Agile and Scrum process, with multiple development, alpha, and beta stages to get code that is as bug-free as malware (malware tends to be the least buggy of types of software.)
I cover the camera for a very similar reason. Skype for Business is very commonly used, and it can be too easy to mash the wrong button, and wind up with people finding out that I drink ice tea instead of coffee.
That puts Seafile in quite a bind. If they do a "file foo" on everything uploaded and hand that over, that can get them in some legal hot water, or at best, net them bad press. If they don't, they lose PayPal.
Looks like they made the best decision they could. As for Bitcoins, someone would make a mint if they could make an easy to use processing service, on the level of Square or PayPal. BitCoin is still a unsteady currency, but as a means to move real money to it, make the transaction, then move out of it quickly, it is usable.
I wonder what the "analytics" mean. Would this be a scan of all the user data and handing over names, sizes, and file hashes of files, names of files uploaded/downloaded, or something less intrusive?
I have used them as a credit card merchant ("Paypal Here" scanner), and I've had decent luck with them over the years. I have read horror stories left and right, but maybe I'm just lucky, but I wind up using them quite often for paying on commissions.
Next to BitCoin, they are definitely one of the easiest ways to get cash to someone.
Two step forces an attacker to go from passive harvesting to actively targeting people for attack. A list of brute forced passwords is useless against accounts that use 2FA. Without it, there is a good chance, the attacker will be able to find some accounts with the same or similar passwords.
There are more than just Google's app for authentication. Amazon has similar, and there are a number of third party alternatives, some with dark themes.
Blizzard has similar functionality where the app will look at queued login attempts and ask for approval. Before that, it was IBM's ZTIC which was one of the first 2FA systems which did this.
I wish this were open source, just like TOTP is right now. I use a third party application that allows me to sync my 2FA codes (encrypted, of course) among my devices, including my Linux boxes, and my NAS machines. Having the ability to just tap "approve" for SSH connections would be nice, but it likely would require more moving parts outside my LAN, which could make things less secure.
The problem is that we had secure communications networks. They were kept disjoint, and with incompatible communication protocols.
There is a way to design a secure network -- circuit switched, with the switch having an ACL that only lets certain machines communicate with each other and nobody else. Add RSA keys on a low level of the stack, and an attacker would have to compromise both the switch ACL and the authorized key list on the individual machines just to attempt communicating with one of the hosts.
With basic technology available in firewalling appliances, it isn't too tough to make a rule, "if it appears to be encrypted, drop the packets, send alert, and yank offending host from the network". Just block traffic going through a HTTP/HTTPs port without a user agent, MITM the rest. This works on the LAN. It wouldn't be too hard for a repressive government to do this on a WAN basis.
I've been at a local theater chain here in Austin... and there tend to be zero cellphones visible. The Alamo Drafthouse tends to wield the LART brutally in that regard, which is why they get my business.
I used to argue this over a decade ago, that AAC was Apple only. However, times have changed, with many other devices accepting this format. The days of WMA players are long gone, and virtually everything will play AAC. Ideally, one should purchase music in FLAC, and choose the best format for the device. For a high noise threshold car, 192kbps might be good enough. For listening with cans, might be best just to listen to the FLAC file directly for the best quality.
Of course, most newer audio heads assume you have some device with Bluetooth and may not even bother with storage or CD/DVD slots.
I've not bought a CD from a big label in years, unless you consider Cold Spring Records [1], Nuclear Blast Records, or Cleopatra Records big. Otherwise, I do buy the albums.
[1]: R. I. P. Cold Meat Industries.
MP3 or AAC. I am in places with spotty to no cellular reception, and with a 128GB smartphone (or 128 GB SD card), I can shovel most of my music collection onto the device. Plus, downloading/purchasing ensures artists get some revenue, compared to streaming where the royalty per play is just insanely small.
Here is something often conflated: A device may be secure because a user can't get any access to it, but it may be easily compromised from remote. How would one make a device that the user can easily flash, and do what they please with, even flashing a custom OS or firmware, while still making it resistant from remote, and perhaps local attacks? The closest I've seen is Android, which when rooted loses none of its security (other than a user hitting "allow this app to run as root") by accident. Other ecosystems, like iOS, have their entire security model destroyed by jailbreaking.
I think TFA was written by someone who wants video because it means they get their ads in front of screens far longer than a text page. Same reason why a lot of the clickbait crap always leads at a video, when they could have easily stated their piece in 1-2 paragraphs.
Text is not going anywhere. People don't have time to watch a video 24/7 for everything, nor really care to watch someone yap in their house about a topic that could easily be covered by another medium of communication.
It makes life easy for monitoring as well. Some box loses its network connection, getting a console just means going to the iDRAC/iLO web port, logging on, seeing what is going on, and getting the NIC unstuck. It also is nice to load an ISO and install the machine from scratch if the box is a one-off and not worth making a PXE boot mechanism for what it is doing. Or, just boot the ISO stashed as a virtual CD, point it to a kickstarter file, and call it done.
It is easier to have an easily compromised sign than a sign that can't be used because it is too secure, and the key for it was lost. Cellular connections may be dicey, especially when the sign is in proximity to a lot of rebar or out where there is no real signal.
I personally would just have a locking cabinet with an Abloy PROTEC2 CLIQ cylinder (or something with similar good electronic/mechanical strength), which not just will ward off vandals (it can be defeated, but will require a lot more physical tampering), but also give an electronic audit record of who has the sign. From there, just open the cabinet, set the text of the sign, close cabinet.
I got "dumped" into Rhapsody after the URGE store closed down (which arguably was excellently curated because at the time, MTV actually did some decent background write-ups about bands.)
Trying to cancel with them is insane. You can't cancel online, but you have to call, be passed between people until you start demanding a supervisor, then "Can you cancel my subscription, if not, hand me to someone with that capability". It was an extremely unpleasant experience with multiple call attempts until it was done. Any of the other mainstream services can be stopped pretty easily, but because it was so difficult to cancel with them, I'd never ever go back, no matter how good they were.
Here in Austin, we are no stranger to road signs with off-beat messages. "Turn around, zombies ahead" was seen on a few signs.
Swift 2 is stable enough that I get occasional calls from recruiters asking for five years of it as a language for dev jobs. So, if it is good enough to transcend time/space, it should be stable enough.
With ransomware on the rise, having a filesystem that can take snapshots, perhaps coupled with a version of Time Machine that works on snapshots will help provide some mitigation. If the ransomware doesn't have root, it can't purge snapshots, although it can do mayhem in other places.
I would say Time Machine is OK for an "oh shit" backup for bare metal restores, but I wouldn't really rely on it as my sole way to retrieve data, because I've had instances where TM backups got hopelessly corrupted. I would probably recommend TM + Borg Backup or another utility, ideally a utility that can pull the data, so ransomware cannot get near the backup repository to destroy any existing data. Barring that, there is always Carbonite or Mozy, but one has to be aware of the security implications of dumping to the cloud.
Licensing. Apple did flirt with ZFS, but for some reason, and I would guess it was license issues, they decided not to go that route. Using btrfs would bring GPL/BSD licensing issues. So, Apple either had to license something like ReFS from MS, or roll their own.