There are also additions to servers which make life easier. Improvements to iLO/iDRAC/etc. which make it easy to spin up a machine, or at least boot from recovery media. Next to that, M.2 and SSD technology is becoming commonplace, just because there are so many servers that just need a relatively small OS drive, but can use the rest of the SSD as a cache for operating systems like ESXi.
I wouldn't be surprised to see servers start to have built in hypervisors, such as Hyper-V, KVM, Xen, and ESXi, and all one does is just feed in basic config details, chooses the hypervisor, powers it up, then adds it into the cluster from the vSphere or SCVMM console.
This is why I make sure to buy from HTC, Nexus phones, or a company which allows for bootloader unlocking. I pulled out an old HTC Desire HD that I used in 2011, grabbed a CM rom from the OpenDesire Project, slapped it on there, and now have a device which gets updates.
What would be nice would be the phone makers selling their device, and one able to pick their OS of choice, just like with desktop computers. This way, one can go with AOSP, CM, a phone company provided build, Google Experience, or whatever is usable.
Even if it is based in NA, a VPN is always better than nothing:
1: On an untrusted Wi-Fi network, it blocks snooping, FireSheep attacks, and other monkey business. 2: Some ISPs actively MITM http connections. I've had one ISP that actually would inject pop-unders for surveys. Another ISP would add identifying headers to every HTTP transaction. A VPN ensures that those shenanigans don't happen, or are at least moved to the VPN provider. 3: It raised the bar for geolocation. Yes, it can be done by sophisticated timing attacks, but all the end site gets is the VPN provider's location for the most part. 4: It isn't Tor, but it provides some IP address shielding, without having the VPN exit blocked wholesale at virtually every website as Tor exit nodes tend to wind up.
Depends on the town. Here in Austin, $21 is actually cheap for a pitcher of craft beer. Heck, a hamburger + fries + drink is $50-$60 at some places in town, and that's not the ritzy downtown places either.
I like the Alamo Drafthouse for exactly those reasons. Need to pee? easy to crouch and duck past people without bumping their legs, especially if you sit at a break between tables. Food and drink? On par with any decent eatery. I am more than happy to pay the Alamo Drafthouse their due because I can sit and watch a movie. No screaming kids, no texting, no people yapping on cell phones.
I understand other people have a sentiment that they should be allowed to do what they so choose anywhere, even if it diminishes the value of something for others... but that is why there are choices, and I rather pay my admission to see/hear a movie, not see/hear someone on their phone. The Alamo Drafthouse does a good job at making it worth going there.
The thing about automated replication... salespeople sell it as "cool", and "not your father's tape drive", and people who are not familar with IT, but have the purse strings buy it. People are proud that they toss the tape silos and have new forms of SAN storage like Tintris. It has its uses -- for example, when dealing with virtual machines and upgrades.
Backup options just seem to have gotten worse over the years, especially for home users.
Now for blue-sky stuff:
With SSDs coming down in price, I've wondered about having a LTO tape drive which would have SSD space about twice the size of the tape volume (and a good amount more to help with wear levelling, sector relocation, etc.) When a write is done, the drive can be configured to return that the write was successful either when the write finished with the SSD, or when the write to the tape is complete. Upon eject, the entire SSD is TRIMmed with something like "blkdiscard -s", which generates a new volume encryption key, making all existing data inaccessible. This way, if a tape has sensitive stuff on it, as soon as the drive is power cycled or the tape ejected, the data on the SSD would be gone after all I/O is complete.
For reading a tape, the SSD could act as a cache, so if one restores a file multiple times or does random read I/O, the drive can just read the entire tape onto the SSD, then hand the data from that.
As an added bonus, this makes LTFS into a very usable filesystem.
Of course, there would be some options needed, so that one could turn off the read/write SSD cache if the data written or read is hyper-sensitive and shouldn't hit anywhere but the tape. However, by adding random access and letting the tape drive do the rest, this would not just make the drive faster, but could allow someone to buy it, hook it up to a laptop via USB 2.0 and reliably back it up, with the cache ensuring that the tape drive runs at full tilt 100% without any slowdowns or shoe-shining.
This. Or, if one wanted to be more sophisticated, have a drive controller that would not allow writes to blocks once they were written to. Combine this with the UDF filesystem, and you now have quite usable WORM media.
Ironic thing, it used to be that all SCSI drives had a jumper to flip them read-only. I used this for anonymous FTP servers back in the 1990s to ensure that even if the server was breached, the files wouldn't be able to be tampered with.
Generally, you can buy a Bluetooth keyboard, but it generally meant for Macs.
I just don't get why vendors just standardize on Bluetooth. Even the cheap PCs now have it built in, it has time tested facilities for pairing and encryption, and is able to work better for saving battery.
As for finding them, they do exist, but are not cheap. I bought a "MS Sculpt Comfort" mouse which uses Bluetooth, and it works without issue, using encryption by default. It may not be a gaming set, but it is better than nothing.
I'd say backups and reliability are not easier or harder... but different. Back in the 1990s, there were drive failures, but there were the people who manage to get root and wipe the box for the hell of it. Because of this, people would back up to tape, physically write protect the cartridges so they couldn't be erased, and put them in a safe or have them go offsite.
When things changed about ten years ago where active hacks were not as common, the focus went to dealing with drive, path, and other hardware failures. For this case, having RAID and a secondary SAN offsite that did async replications.
Now, with ransomware, people are realizing that RAID isn't a backup, even if it allows for deduplication. That secondary array just will happily take the zeroing commands and apply them.
Maybe there might be a renaissance for tape. Hard disks are not really a backup medium because malware can zero it out almost instantaneously. Same with shares. Optical is cheap, but in general, the capacity is too small for all for most things. Which brings tape. If someone could bring a tape drive with LTO-6 or 7 capacity to the market at a consumer level price ($1000-1500), has built in encryption, decent backup software, LTFS, compression, and can work on a USB 3 port without shoe-shining itself to oblivion, it just might be a popular seller.
The best of all worlds is pull based backup software. However, the enterprise based programs are extremely pricy, well out of the range for a home user. The cheapest around would probably be Windows Fundamentals which is a descendant of Windows Home Server.
What I've wound up doing on a small scale (this won't scale up past a few machines) is having a hardware NAS appliance. It had a samba share and account for every machine. The Windows boxes use Veeam to dump their data onto the individual shares. Every 15 minutes, the NAS pops a snapshot of each share, where several are kept for each hour/day/week/month/year, and the rest get tossed after a while. Every eight hours, the NAS backs itself up to an external HDD. This protects against ransomware in several ways. If ransomware just zaps the share, restoring the snapshot and bare-metal loading the machine isn't too bad. If ransomware takes its time and zeros files over an interval, because I have weekly, monthly, and backups over a duration, there is a good chance that I will still have the file around, either in a snapshot, or on the backup drive. Because each machine dumps to a separate share via a separate account, ransomware on one box can't destroy or access another machine's data.
The ideal would be having the NAS maker writing an agent that sits on Windows and uses SSH or another time-tested protocol to pull backups. This would not just guarantee that backups are done, but are protected against ransomware.
The good thing about CD/DVD/BD technology is that making an autochanger for this technology isn't difficult. Before the move to the iPod, 400+ CD carousel autochangers were commonplace for a couple hundred dollars in people's houses. Each BDXL disk may not hold much, but ~40 TB per carousel isn't too bad, assuming 100 gigs per disk, and a 400 disk pack.
I think that if the tape makers could make a LTO 7 capacity drive, but have it be able to work on USB 3 without excessive shoe-shining (perhaps adding a fairly large RAM or SSD buffer so a consumer-grade laptop that cannot really handle the sustained I/O of a tape drive would still be able to use the drive.)
This has been done before. I remember many SCSI drives for Macs, and UNIX workstations that just plugged in and worked. With today's technologies like LTFS, it would be even easier. Add WORM tapes (which are about $25 for LTO-6 media), and that would provide a decent barrier against ransomware.
Given the cash, I'd definitely go with a LTO 7 drive. However, the next best thing is probably burning data to Blu-Ray, and finalizing the media, so it cannot be written to after the backup is done.
After deciding on different means, since a pull based backup isn't feasible without enterprise backup software, what I do is a dual stage process. First stage, is to have Veeam dump my Windows box to a NAS with RAID 1. Then, the NAS then backs the shares it has to an external HDD. This way, if something destroys a share from a PC, it can be reloaded from the external HDD.
Eventually, I plan to get another NAS whose sole function in life is to store backups (with RAID) from the "front-line" NAS models. Since the backend NAS isn't touching client PCs in any way, shape, or form, it should be fairly resistant to all but the most sophisticated ransomware.
It doesn't hurt to burn critical data to a BD-R drive either.
Some variants of ransomware erase backup drives and cloud backups/network shares.
The real way to solve the problem isn't just having more data for ransomware to encrypt or destroy. Work on pull based backups, such as Windows Home Servers, Microsoft DPM, NetBackup, or some other mechanism. Preferably something that can use SSH or an existing known good protocol for security. This way, one of the worst things that malware can do is output garbage and try to fill up the backup server's hard disks with stuff from/dev/urandom. If QNAP or Synology adds deduplicating backups to their units in a way that home users could just "set and forget" until needed, this would be a major step in mitigating ransomware attacks.
Problem is that ransomware preys on the fact that people tend to not bother with backups, and that the backup methods used these days are absolute shit and vulnerable to a "rm -rf". In the past, desktop computers would be backed up to tape, and with basic common sense, setting read only switches and backup rotations, it would be virtually impossible for stashed data to be corrupted. However, with both tape and optical drives not updated to handle modern capacity, coupled with the "just stash it on the cloud", it is no wonder why ransomware has such easy pickings on the home, SOHO, SMB, and even the enterprise level.
As a stopgap, one can always back up to a network share, then have the share backed up, so if the share is trashed, it can be restored. However, the real ideal is pulling data from clients.
I am not surprised. It can be asserted that malware is the best written software in existence today, because it had to be small, work flawlessly, and do its job well. Unlike most shops where "it builds, ship it" is the mantra, malicious software has to fly under the radar, or it will be detected and destroyed pretty quickly.
In some workplaces, this may not be the case. If someone who is extremely clued gets sick or burns out, the amount of stuff that everyone else has to do increases by a substantial amount. Even if it just a person who adds DNS entries and makes sure they resolve, having that wind up going to someone else may make or break things, especially if everyone has a full load of stuff they are doing.
It is wise to expect nothing in a work environment, but on the other hand, looking out for a co-worker might save one a lot of time and aggravation in the long run.
The Model 3 also will have more production runs, so economies of scale will start to come into play, and any bugs in one production run will get fixed in subsequent runs. It will be interesting to see how Tesla competes in this market because they are not just dealing with electric cars, but will be competing against Toyota for Camry and Prius sales, in markets where electric cars have historically never been in.
Supercharger access will make or break things. There will have to be far more Superchargers than there are now, and located in spots like on I-10 in Texas where there are none, making the highway completely unusable for any electric vehicle.
People have very long memories, especially in the career department when their house, and food for their family is on the line. Wisecracking about devs in general in IT is one thing. Insulting people to their face or their manager's face is not exactly a very wise career move.
Plus, devs have heard it all. They have heard they can be replaced by offshore dev houses, H-1Bs, monkeys, or almost anything. They are not going to perform any better when someone continues to compare them with inanimate objects or people in a persistent vegetative state.
To boot, there may be a good chance that the college intern or H-1B fresh off the boat that is the brunt of insults this week may be one's manager the the next week after a corporate reorg or a buyout.
I'm definitely getting one, because the hardware is well within the pack of flagship phones, HTC allows unlocking via htcdev (and being able to load my own ROM is something that makes/breaks a device for me. No unlockable bootloader means no sale.)
I have had very good luck with HTC phones. They are on par with everyone else, have MicroSD cards (which is quite useful for nandroid and Titanium Backup storage), have stood up to daily use quite well, and have done well for a daily workhorse device. With CyanogenMod, one can be assured of security updates, and with Nova Launcher, the UI will be similar across devices.
Not if; when. I can see this code being used as a vector to flash rogue firmware to devices. DMA access? We already have a problem with hardware slurping keys out of RAM with DMA... now imagine websites that can get this ability. I can see ransomware using this ability to bypass many different things to ensure a computer is unusable, perhaps even firmware flashes so the computer's BIOS runs the ransomware on that level.
How is this different from someone who manages to get a RAT on a victim's computer and control iTunes, installing/buying/removing apps at will? iOS is pretty much "vulnerable" to the same thing.
Vagrant is a good tool as well. There are a lot of Vagrant boxes, and it is nice to be able to try a new OS by making a directory, doing a vagrant init, then a vagrant up.
As for need cases, there is always Slackware and Gentoo. Still actively maintained and going strong. If one dislikes RHEL and downstreams (CentOS, Orable UBL, SuSE) or Debian/Ubuntu, it can't hurt to try those.
I'd say that falls under the aegis of a developer. There is a difference between someone hammering out code in the programming language of the hour, as opposed to someone who can take their code in their git repo, package it (MSI for Windows,.rpm,.deb, and.tar.gz for Linux,.dmg for OS X, installp for AIX, etc.), build it, make a testable release to hand to alpha or beta testers [1], then after that gets hammered out, yank the debug code, then build a release that can install and uninstall without issue.
It is similar in the sysadmin world. In the past, one could "admin" just by knowing the basics of Linux (shell, networking, etc.) Now, one has to know how the OS interacts when running as a VM versus bare metal, grok kickstarts, build vagrant test provisioning scripts to make sure there is some disaster recovery method before going live, know how to backup or rebuild a machine, and so on.
What really needs to be done is for apps to "pack their own parachutes" and offer their own encryption, separate from Apple. Of course, the problem is that PINs used by applications are trivial to brute force, and typing a real password is a PITA on a phone. However, I can see an open source utility/app/library being written whose purpose is to hold application keys in secure memory, as one switches between them, (similar to Firefox's key store or Kwallet) which is independent of the OS, requires the full unlock key on first use in a session, then only a PIN to unlock it until the user's session is complete.
This is not a 100% effective means, but if phone makers are required to have useless encryption, it will fall to third parties to provide this.
The real culprit, in my experience, is the "security has no ROI" philosophy which has been part of many companies since 2000. When told by a previous manager that "a lock brings no money except to the lock maker", with the implications that security is, at best, an afterthought in product design.
Now combine that with the fact that so far, there have been no real consequences for security breaches. All a company has to do is tell the Windows admin to do a "dsquery user | dsmod user -mustchpwd yes", pay for the victims to have a year of LifeLock, toss some PR ads, and stock prices will be back to normal in 90 days or less, even for the most egregious breaches. Even regulations have no teeth. HIPAA is rarely used. The only person who went to jail by Sarbanes-Oxley law was someone fishing who went over their bag limit with grouper, and that use of the law got tossed overboard by SCOTUS. The only "regulation" that has any respect whatsoever is PCI-DSS3.x, and that is because Visa will pull merchant status.
It is common to criticize blaming the victim... but with security being an afterthought at best in many places, it is actually astounding that far more attacks have not happened.
How can this be fixed? Well, right now, there still isn't any interest or caring for the most part in general. It is going to take an event like GM's OnStar being compromised and disabling all vehicles during a hurricane evacuation, causing astounding casualties, before something actually will get done.
The ironic thing is that, of all places, security is where the TLAs are actually on the ball. NIST has a lot of security guidelines on their website, from basic stuff like killing the guest user, but there are a lot more useful and esoteric things as well (for example, using trustchk on AIX to keep unauthorized libraries from being loaded.)
Slashdot Mirror
There are also additions to servers which make life easier. Improvements to iLO/iDRAC/etc. which make it easy to spin up a machine, or at least boot from recovery media. Next to that, M.2 and SSD technology is becoming commonplace, just because there are so many servers that just need a relatively small OS drive, but can use the rest of the SSD as a cache for operating systems like ESXi.
I wouldn't be surprised to see servers start to have built in hypervisors, such as Hyper-V, KVM, Xen, and ESXi, and all one does is just feed in basic config details, chooses the hypervisor, powers it up, then adds it into the cluster from the vSphere or SCVMM console.
This is why I make sure to buy from HTC, Nexus phones, or a company which allows for bootloader unlocking. I pulled out an old HTC Desire HD that I used in 2011, grabbed a CM rom from the OpenDesire Project, slapped it on there, and now have a device which gets updates.
What would be nice would be the phone makers selling their device, and one able to pick their OS of choice, just like with desktop computers. This way, one can go with AOSP, CM, a phone company provided build, Google Experience, or whatever is usable.
Even if it is based in NA, a VPN is always better than nothing:
1: On an untrusted Wi-Fi network, it blocks snooping, FireSheep attacks, and other monkey business.
2: Some ISPs actively MITM http connections. I've had one ISP that actually would inject pop-unders for surveys. Another ISP would add identifying headers to every HTTP transaction. A VPN ensures that those shenanigans don't happen, or are at least moved to the VPN provider.
3: It raised the bar for geolocation. Yes, it can be done by sophisticated timing attacks, but all the end site gets is the VPN provider's location for the most part.
4: It isn't Tor, but it provides some IP address shielding, without having the VPN exit blocked wholesale at virtually every website as Tor exit nodes tend to wind up.
In this case, anything is better than nothing.
Depends on the town. Here in Austin, $21 is actually cheap for a pitcher of craft beer. Heck, a hamburger + fries + drink is $50-$60 at some places in town, and that's not the ritzy downtown places either.
I like the Alamo Drafthouse for exactly those reasons. Need to pee? easy to crouch and duck past people without bumping their legs, especially if you sit at a break between tables. Food and drink? On par with any decent eatery. I am more than happy to pay the Alamo Drafthouse their due because I can sit and watch a movie. No screaming kids, no texting, no people yapping on cell phones.
I understand other people have a sentiment that they should be allowed to do what they so choose anywhere, even if it diminishes the value of something for others... but that is why there are choices, and I rather pay my admission to see/hear a movie, not see/hear someone on their phone. The Alamo Drafthouse does a good job at making it worth going there.
The thing about automated replication... salespeople sell it as "cool", and "not your father's tape drive", and people who are not familar with IT, but have the purse strings buy it. People are proud that they toss the tape silos and have new forms of SAN storage like Tintris. It has its uses -- for example, when dealing with virtual machines and upgrades.
Backup options just seem to have gotten worse over the years, especially for home users.
Now for blue-sky stuff:
With SSDs coming down in price, I've wondered about having a LTO tape drive which would have SSD space about twice the size of the tape volume (and a good amount more to help with wear levelling, sector relocation, etc.) When a write is done, the drive can be configured to return that the write was successful either when the write finished with the SSD, or when the write to the tape is complete. Upon eject, the entire SSD is TRIMmed with something like "blkdiscard -s", which generates a new volume encryption key, making all existing data inaccessible. This way, if a tape has sensitive stuff on it, as soon as the drive is power cycled or the tape ejected, the data on the SSD would be gone after all I/O is complete.
For reading a tape, the SSD could act as a cache, so if one restores a file multiple times or does random read I/O, the drive can just read the entire tape onto the SSD, then hand the data from that.
As an added bonus, this makes LTFS into a very usable filesystem.
Of course, there would be some options needed, so that one could turn off the read/write SSD cache if the data written or read is hyper-sensitive and shouldn't hit anywhere but the tape. However, by adding random access and letting the tape drive do the rest, this would not just make the drive faster, but could allow someone to buy it, hook it up to a laptop via USB 2.0 and reliably back it up, with the cache ensuring that the tape drive runs at full tilt 100% without any slowdowns or shoe-shining.
This. Or, if one wanted to be more sophisticated, have a drive controller that would not allow writes to blocks once they were written to. Combine this with the UDF filesystem, and you now have quite usable WORM media.
Ironic thing, it used to be that all SCSI drives had a jumper to flip them read-only. I used this for anonymous FTP servers back in the 1990s to ensure that even if the server was breached, the files wouldn't be able to be tampered with.
Generally, you can buy a Bluetooth keyboard, but it generally meant for Macs.
I just don't get why vendors just standardize on Bluetooth. Even the cheap PCs now have it built in, it has time tested facilities for pairing and encryption, and is able to work better for saving battery.
As for finding them, they do exist, but are not cheap. I bought a "MS Sculpt Comfort" mouse which uses Bluetooth, and it works without issue, using encryption by default. It may not be a gaming set, but it is better than nothing.
I'd say backups and reliability are not easier or harder... but different. Back in the 1990s, there were drive failures, but there were the people who manage to get root and wipe the box for the hell of it. Because of this, people would back up to tape, physically write protect the cartridges so they couldn't be erased, and put them in a safe or have them go offsite.
When things changed about ten years ago where active hacks were not as common, the focus went to dealing with drive, path, and other hardware failures. For this case, having RAID and a secondary SAN offsite that did async replications.
Now, with ransomware, people are realizing that RAID isn't a backup, even if it allows for deduplication. That secondary array just will happily take the zeroing commands and apply them.
Maybe there might be a renaissance for tape. Hard disks are not really a backup medium because malware can zero it out almost instantaneously. Same with shares. Optical is cheap, but in general, the capacity is too small for all for most things. Which brings tape. If someone could bring a tape drive with LTO-6 or 7 capacity to the market at a consumer level price ($1000-1500), has built in encryption, decent backup software, LTFS, compression, and can work on a USB 3 port without shoe-shining itself to oblivion, it just might be a popular seller.
The best of all worlds is pull based backup software. However, the enterprise based programs are extremely pricy, well out of the range for a home user. The cheapest around would probably be Windows Fundamentals which is a descendant of Windows Home Server.
What I've wound up doing on a small scale (this won't scale up past a few machines) is having a hardware NAS appliance. It had a samba share and account for every machine. The Windows boxes use Veeam to dump their data onto the individual shares. Every 15 minutes, the NAS pops a snapshot of each share, where several are kept for each hour/day/week/month/year, and the rest get tossed after a while. Every eight hours, the NAS backs itself up to an external HDD. This protects against ransomware in several ways. If ransomware just zaps the share, restoring the snapshot and bare-metal loading the machine isn't too bad. If ransomware takes its time and zeros files over an interval, because I have weekly, monthly, and backups over a duration, there is a good chance that I will still have the file around, either in a snapshot, or on the backup drive. Because each machine dumps to a separate share via a separate account, ransomware on one box can't destroy or access another machine's data.
The ideal would be having the NAS maker writing an agent that sits on Windows and uses SSH or another time-tested protocol to pull backups. This would not just guarantee that backups are done, but are protected against ransomware.
The good thing about CD/DVD/BD technology is that making an autochanger for this technology isn't difficult. Before the move to the iPod, 400+ CD carousel autochangers were commonplace for a couple hundred dollars in people's houses. Each BDXL disk may not hold much, but ~40 TB per carousel isn't too bad, assuming 100 gigs per disk, and a 400 disk pack.
I think that if the tape makers could make a LTO 7 capacity drive, but have it be able to work on USB 3 without excessive shoe-shining (perhaps adding a fairly large RAM or SSD buffer so a consumer-grade laptop that cannot really handle the sustained I/O of a tape drive would still be able to use the drive.)
This has been done before. I remember many SCSI drives for Macs, and UNIX workstations that just plugged in and worked. With today's technologies like LTFS, it would be even easier. Add WORM tapes (which are about $25 for LTO-6 media), and that would provide a decent barrier against ransomware.
Given the cash, I'd definitely go with a LTO 7 drive. However, the next best thing is probably burning data to Blu-Ray, and finalizing the media, so it cannot be written to after the backup is done.
After deciding on different means, since a pull based backup isn't feasible without enterprise backup software, what I do is a dual stage process. First stage, is to have Veeam dump my Windows box to a NAS with RAID 1. Then, the NAS then backs the shares it has to an external HDD. This way, if something destroys a share from a PC, it can be reloaded from the external HDD.
Eventually, I plan to get another NAS whose sole function in life is to store backups (with RAID) from the "front-line" NAS models. Since the backend NAS isn't touching client PCs in any way, shape, or form, it should be fairly resistant to all but the most sophisticated ransomware.
It doesn't hurt to burn critical data to a BD-R drive either.
Some variants of ransomware erase backup drives and cloud backups/network shares.
The real way to solve the problem isn't just having more data for ransomware to encrypt or destroy. Work on pull based backups, such as Windows Home Servers, Microsoft DPM, NetBackup, or some other mechanism. Preferably something that can use SSH or an existing known good protocol for security. This way, one of the worst things that malware can do is output garbage and try to fill up the backup server's hard disks with stuff from /dev/urandom. If QNAP or Synology adds deduplicating backups to their units in a way that home users could just "set and forget" until needed, this would be a major step in mitigating ransomware attacks.
Problem is that ransomware preys on the fact that people tend to not bother with backups, and that the backup methods used these days are absolute shit and vulnerable to a "rm -rf". In the past, desktop computers would be backed up to tape, and with basic common sense, setting read only switches and backup rotations, it would be virtually impossible for stashed data to be corrupted. However, with both tape and optical drives not updated to handle modern capacity, coupled with the "just stash it on the cloud", it is no wonder why ransomware has such easy pickings on the home, SOHO, SMB, and even the enterprise level.
As a stopgap, one can always back up to a network share, then have the share backed up, so if the share is trashed, it can be restored. However, the real ideal is pulling data from clients.
I am not surprised. It can be asserted that malware is the best written software in existence today, because it had to be small, work flawlessly, and do its job well. Unlike most shops where "it builds, ship it" is the mantra, malicious software has to fly under the radar, or it will be detected and destroyed pretty quickly.
In some workplaces, this may not be the case. If someone who is extremely clued gets sick or burns out, the amount of stuff that everyone else has to do increases by a substantial amount. Even if it just a person who adds DNS entries and makes sure they resolve, having that wind up going to someone else may make or break things, especially if everyone has a full load of stuff they are doing.
It is wise to expect nothing in a work environment, but on the other hand, looking out for a co-worker might save one a lot of time and aggravation in the long run.
The Model 3 also will have more production runs, so economies of scale will start to come into play, and any bugs in one production run will get fixed in subsequent runs. It will be interesting to see how Tesla competes in this market because they are not just dealing with electric cars, but will be competing against Toyota for Camry and Prius sales, in markets where electric cars have historically never been in.
Supercharger access will make or break things. There will have to be far more Superchargers than there are now, and located in spots like on I-10 in Texas where there are none, making the highway completely unusable for any electric vehicle.
People have very long memories, especially in the career department when their house, and food for their family is on the line. Wisecracking about devs in general in IT is one thing. Insulting people to their face or their manager's face is not exactly a very wise career move.
Plus, devs have heard it all. They have heard they can be replaced by offshore dev houses, H-1Bs, monkeys, or almost anything. They are not going to perform any better when someone continues to compare them with inanimate objects or people in a persistent vegetative state.
To boot, there may be a good chance that the college intern or H-1B fresh off the boat that is the brunt of insults this week may be one's manager the the next week after a corporate reorg or a buyout.
I'm definitely getting one, because the hardware is well within the pack of flagship phones, HTC allows unlocking via htcdev (and being able to load my own ROM is something that makes/breaks a device for me. No unlockable bootloader means no sale.)
I have had very good luck with HTC phones. They are on par with everyone else, have MicroSD cards (which is quite useful for nandroid and Titanium Backup storage), have stood up to daily use quite well, and have done well for a daily workhorse device. With CyanogenMod, one can be assured of security updates, and with Nova Launcher, the UI will be similar across devices.
Not if; when. I can see this code being used as a vector to flash rogue firmware to devices. DMA access? We already have a problem with hardware slurping keys out of RAM with DMA... now imagine websites that can get this ability. I can see ransomware using this ability to bypass many different things to ensure a computer is unusable, perhaps even firmware flashes so the computer's BIOS runs the ransomware on that level.
How is this different from someone who manages to get a RAT on a victim's computer and control iTunes, installing/buying/removing apps at will? iOS is pretty much "vulnerable" to the same thing.
Vagrant is a good tool as well. There are a lot of Vagrant boxes, and it is nice to be able to try a new OS by making a directory, doing a vagrant init, then a vagrant up.
As for need cases, there is always Slackware and Gentoo. Still actively maintained and going strong. If one dislikes RHEL and downstreams (CentOS, Orable UBL, SuSE) or Debian/Ubuntu, it can't hurt to try those.
I'd say that falls under the aegis of a developer. There is a difference between someone hammering out code in the programming language of the hour, as opposed to someone who can take their code in their git repo, package it (MSI for Windows, .rpm, .deb, and .tar.gz for Linux, .dmg for OS X, installp for AIX, etc.), build it, make a testable release to hand to alpha or beta testers [1], then after that gets hammered out, yank the debug code, then build a release that can install and uninstall without issue.
It is similar in the sysadmin world. In the past, one could "admin" just by knowing the basics of Linux (shell, networking, etc.) Now, one has to know how the OS interacts when running as a VM versus bare metal, grok kickstarts, build vagrant test provisioning scripts to make sure there is some disaster recovery method before going live, know how to backup or rebuild a machine, and so on.
What really needs to be done is for apps to "pack their own parachutes" and offer their own encryption, separate from Apple. Of course, the problem is that PINs used by applications are trivial to brute force, and typing a real password is a PITA on a phone. However, I can see an open source utility/app/library being written whose purpose is to hold application keys in secure memory, as one switches between them, (similar to Firefox's key store or Kwallet) which is independent of the OS, requires the full unlock key on first use in a session, then only a PIN to unlock it until the user's session is complete.
This is not a 100% effective means, but if phone makers are required to have useless encryption, it will fall to third parties to provide this.
I wouldn't say it was alphabet agencies.
The real culprit, in my experience, is the "security has no ROI" philosophy which has been part of many companies since 2000. When told by a previous manager that "a lock brings no money except to the lock maker", with the implications that security is, at best, an afterthought in product design.
Now combine that with the fact that so far, there have been no real consequences for security breaches. All a company has to do is tell the Windows admin to do a "dsquery user | dsmod user -mustchpwd yes", pay for the victims to have a year of LifeLock, toss some PR ads, and stock prices will be back to normal in 90 days or less, even for the most egregious breaches. Even regulations have no teeth. HIPAA is rarely used. The only person who went to jail by Sarbanes-Oxley law was someone fishing who went over their bag limit with grouper, and that use of the law got tossed overboard by SCOTUS. The only "regulation" that has any respect whatsoever is PCI-DSS3.x, and that is because Visa will pull merchant status.
It is common to criticize blaming the victim... but with security being an afterthought at best in many places, it is actually astounding that far more attacks have not happened.
How can this be fixed? Well, right now, there still isn't any interest or caring for the most part in general. It is going to take an event like GM's OnStar being compromised and disabling all vehicles during a hurricane evacuation, causing astounding casualties, before something actually will get done.
The ironic thing is that, of all places, security is where the TLAs are actually on the ball. NIST has a lot of security guidelines on their website, from basic stuff like killing the guest user, but there are a lot more useful and esoteric things as well (for example, using trustchk on AIX to keep unauthorized libraries from being loaded.)