The ironic thing is that in general, piracy is way down overall. Latest gen consoles have a 0% piracy rate. With streaming, there isn't a real reason for pirating music (other than finding not for sale songs.) Video piracy is down because one can stream or just go to RedBox. Software piracy is down because of the shift to MMOs, uncrackable DRM, and Steam/GOG, where it is almost pointless to pirate.
It is understandable that an anti-piracy firm wants to make money, but they are trying to capitalize on an infraction which is happening less and less. Might as well make a private company that uses drones to watch for cattle rustlers and claim jumpers... more money catching those perps anyway.
There are also businesses that use ISPs. What happens if a store loses its method of processing credit card orders? Of course, they can pull out the ka-chunk machines and paper, but there will definitely be revenue lost.
No ISP in their right mind will pull a link on a business without more than just the word of a third party. Either it will be a succession of strikes or a court order.
Other than getting ISPs to block users (where the ISP now has to deal with a potential subscriber lawsuit because of the word of a third party), I just don't see how this is going to work:
1: Browser makers won't allow a third party to disable their software at the third party's whim. Even if were mandated (perhaps a DMCA2 treaty), there would be some people in Russia who will just fork off a pre-bongoed source and offer that for download.
2: If it gets nailed through a browser or add-on, it will be patched by the browser or third parties. They better stand in line behind the real ransomware makers if they want to go for 0-day security day holes.
3: People have multiple browsers. To separate tasks, I use sandboxie, multiple browsers, browsers on USB flash drives, and different types of browsers. Will they shut them all down? Perhaps if they inject malware that does redirects.
4: People have virtual machines. Destroy the VM that I use for browsing the web, I just run "vagrant destroy --force && vagrant up", and in a few minutes, I have my browser virtual machine back up, running, with all my extensions present, courtesy of provisioning scripts.
5: People have and use VPNs, both in the same country and offshore. Good luck with sending copyright notices to the VPN in Switzerland, Sweden, or even Canada. Even a VPN in the same area, unless the party decided to press a legal case, they won't be handing names and other info over, if they are to remain in business for long.
6: People use combinations of the above. Push too hard and even Joe Sixpack will start using an offshore VPN service for $5 a month, pretty much making any IP enforcement impossible without having to make it an international event.
tl;dr, Rightcorp's existence depends on trying to get ISPs to do the belling the cat (with the legal risk that entails for the ISP) for them... and all it takes is 1-2 false positives for that ISP to start seriously hurting. Even worse, it will just make the pirates "go dark" and ensure that nothing but the most elaborate tracking will actually work.
I saw it on early versions of Solaris 2, back in the mid to late 1990s, where there would be a ton of zombie processes, they would laugh at a -9, and the only way to deal with them was a reboot, and even then, there almost certainly would be a NFS hang, preventing the machine from completely shutting down, so most likely a reset would be needed (which meant a force fsck of all drives because back then, journaling filesystems were not common.)
It makes me glad that operating systems eventually almost have solved this. Software RAID is doable in multiple ways (btrfs, LVM2, md-raid, ZFS), filesystems have rollback functionality to keep consistant, HDDs have moved to SSDs which have a different set of problems, etc.
I might encounter a zombie process here and there, but the only time it gets noticable is with a drive that is on the edge of disgorging its contents into oblivion, or network/storage fabric issues.
On one hand, CyanogenMod is definitely a useful ROM. Next to having a Nexus phone, having a ROM that has a consistent UI (especially if used with Nova Launcher), well maintained, and constantly updated far beyond the 1-2 year life of most Android devices, is quite useful.
CyanogenOS... different story. Not familiar with it, but if it can't use Android/GApps, I wouldn't bother. I remember the application stores (not apps) on another telco's devices with regards to Windows Mobile, and the limited, costly, locked down selection they had. If it can't support Gapps, other stores (F-Droid), and sideloading, I'll not even bother.
Is that the same as Windows 10 LTSB (long term servicing branch), which has fewer gewgaws, and is intended for the enterprise, because it has fewer things that can break or be compromised?
Exactly. For 3-6 hours while this this is being used, my phone is unusable for anything else, even if there is an emergency call or text.
Also, what's the point, other than a novelty value? I can get a 3D printer with a larger printing volume. It may not be as cool looking, but it likely will have a heated tray and almost assuredly, better precision than this model. Plus, using filament is a lot easier to deal with than guesstimating how much liquid I squirt on the phone's surface.
The only real use I can see with this is having a dedicated smartphone or iPod Touch, and using it in the field, due to the portability.
If Apple made a docking station, I'd go for an x86 iPad in a heartbeat. The docking station, if stashed in a suitcase, would make it useful for doing stuff when in the middle of nowhere, and if space is too scarce for that, a keyboard case, perhaps a tiny USB mouse, would help.
When travelling, it is a lot easier to take an iPad over a laptop, even a MB or MBA. Plus, having full x86 functionality to run OS X applications would be quite useful, especially on the road.
Just by making an OS X tablet would get the tablet market back for Apple. MS is actually doing pretty well with the Surface Pro, so it wouldn't be too hard for Apple to make a device with comparable features, perhaps a docking station for it so it can be used in a desktop role (with external drives, Thunderbolt breakout boxes for GPU, 10gigE, and all the other stuff a desktop needs.) Would it compete with the iMac? Not really... the iMac has four cores, eight virtual cores with HT. At best, the x86 iPad would have two cores, four with HT.
On Android, the app I'd use for securing texts is TextSecure. It not just provided key exchanges, but it stashed the SMS messages encrypted. Sadly, it doesn't seem to be on the Play Store anymore. It didn't have as much functionality as dedicated SMS apps... but it did work and seemed to have been well designed. I'd definitely use this if it were still around, or on iOS.
I can run without iTunes, with the device backing itself to iCloud, and after an erase, having the device restore itself completely.
However, there is one use that iTunes is a must: If I want to do a DFU restore, I have to plug it via a wired connector, and load a firmware version that is within Apple's signing window.
Does this mean iOS is better? No. I can run an Android device, and not need to use an ADB driver until I need to flash a ROM. Restores are easy as well, as app backups are stashed on a cloud provider, then get reloaded via Titanium Backup.
I would say iTunes is a must on a computer, or at least a virtual machine, just for doing a DFU reload. Otherwise, one can run day to day without it.
I would hazard a guess that eventually... and this is after there is some big bad thing happening that actually gets companies to spend cash for it, actual security will be wanted, and programming/designing devices from the ground up with security built in and in depth, as opposed to just tacked on at the end of the process, may eventually become something part of program design. Doing secure code is something that automated tools can somewhat help with, but it is something a good, experienced dev will wind up doing, especially when dealing with a specific architecture (ARM) and its strengths/weaknesses. Optimizing code to work around CPU/RAM/storage limits isn't something one can click a checkbox on an IDE and click "build", especially if the code is critical and cannot easily be updated.
As always, embedded programming will always require the experts. You can't really play the "it builds, ship it, let the customers have autoupdate" game with applications like SCADA systems or pushing code to FPGA boards so they can do a specific task (real time video encoding, for example.)
The key is to change with the times. I'm not the youngest in the bunch, but being up to date on the latest and greatest has kept me employed.
I am skeptical as well. For something common, asking an AI to code a word processor wouldn't be difficult. However, that isn't something that would be useful or bring in cash. What would be useful are things that are pushing the edge that an AI may not be able to think about.
For example, a deduplicating program similar to obnam, bup, attic, borgbackup, or zbackup that instead of storing its repository as tons of tiny files, stores the deduplicated stuff as either a large single file, or a number of medium sized files (similar to Apple's sparse bundle bands or VMWare's 2GB.vmdk files.) This way, the filesystem does less work.
As of now, an AI would likely not be up to this task, just because of the debugging involved, such as handling garbage collection when data is deleted/expired, handling bit rot on one of the files, and so on. However, once we have AIs that are up to writing a utility like this, the need for this utility would long have since been filled.
There is a definite place for Borgbackup, attic, bup, obnam, zbackup and other deduplicating backup utilities. The ability to just toss data whenever you feel like it, and only deltas get saved (after being compressed) is a nice thing. Same with having decent encryption.
I personally have been using zbackup for a while, which is quite usable for backups, especially via SSH, where it can SSH into my NAS, fetch data, and only store what is changed to some media I rotate out for safekeeping. Zbackup has not had much Git activity, but Borgbackup has had an extreme amount of work done with it, so it is definitely a utility to watch and consider using.
It would be nice, with all that telemetry data being collected, shouldn't MS be able to find broken patches on a mass scale, realize something is wrong, and do something about it a lot more quickly.
There are levels of civilization. If civilization is destroyed to the point that preppers talk about, gold may not be the currency of choice, because there is no way to guarentee that a gold bar is genuine, or is gold-plated tungsten. Similar with silver. In a Mad Max scenario, the currency of choice will be something that is functional, and this likely will be ammo since it is relatively fungible, is useful, small and easily carried, and is universally valued. When people are on the edge of starvation, gold may be shiny, but it isn't going to help feed the family or keep the scavengers (both two legged and four legged) away.
After civilization stabilizes, and there is -some- form of government, if only to keep roads relatively safe and to dispatch people in grisly ways that counterfeit coins or fake metal, then gold can function as a means of exchange, just because there is a relatively low chance of it being worthless. However, until then, barter will be what people use to survive until there is some central authority.
The problem is that keeping backups is a lot more difficult than it was in the past, when one could buy a tape drive, have it toss files there, physically write protect the cartridge, and keep that in a safe place.
The typical consumer/business backup mechanism is usually either dumping to a file share, dumping to an external HDD, a copy to a cloud drive, or a copy to a cloud provider. All of which ransomware like this can stomp on, just by overwriting/encrypting backups. A cloud provider -might- have some backlevel versions, but they likely might just only have at most 30-90 days worth of files. That SAN with all the replication doesn't do much good, as it will replicate the rm and encrypted files.
The ideal way to combat this is a program running on another machine which pulls the data. Something that runs on another machine and does a function similar to:
Of course, adding date/time variables is left as an exercise to the reader... However, doing this not just ensures that ransomware can't touch the machine where the backups are on, but allows files to be backed up as often as one wishes, with only changes being saved. This is the only real defense to ransomware, and not often done.
On the Windows side, programs to fetch data from clients are expensive (no SSH), the cheapest is probably Windows Server Essentials (descendant of Windows Home Server) which can fetch and store client data.
Very true. The hub idea isn't perfect... but it is better than nothing, and with IoT, virtually anything is better than what we have now. Who owns the list is important, but hopefully it can be changed to whomever the consumer wants to maintain it. The key is having some way to not just block devices that have vulnerable firmware, but also limit devices from communicating directly with the outside world. That way if someone's smart toaster has a vulnerability, because it never directly communicates to the Internet, an attacker would have to attack the destination or the smart hub, as opposed to now, where if an attacker gets LAN access, that device is theirs.
Perhaps an even better thing would be to go to a hub and spoke topology? That way, devices can communicate with the center hub (or hubs, if redundancy is desired), and if there is a fix, the hub asks for it on behalf of one device, caches it, so other devices can use that same fix without issue. It is basically what happens when devices communicate through an access point, but the devices would use a low power, low range protocol as opposed to Wi-Fi, or even opening themselves for attack by touching the Internet directly. Plus, with a hub and spoke, an IDS/IPS mechanism can be places so if one device starts behaving suspiciously that is out of the design parameters (nmapping everything it can find), its connection gets dropped, and life goes on. As an added bonus, an attacker would either have to be physically nearer to intercept the low power protocol, or would have to attack the hardened hub (which could run on fairly modest hardware and use virtual machines to separate the firewall instance from the instance that deals with the devices.)
Bad analogy. A safe maker will offer locksmiths drill templates and instructions on how to pull relockers back, should they go off. This isn't a quick thing, as the locksmith will have to drill holes through very tough steel and cement, but this is a common thing, as it is a lot faster to drill a few holes, than it is to guess where the relocking devices are.
There is no analogy to "lets just take power tools and cut the safe into pieces" with encryption.
Does this mean Apple has responsibility to let anyone with a badge in at any time? It is far more often for corrupt LEOs in a third world nation to abuse their powers and demand all phones be decrypted at a whim than an encrypted device actually have decryption codes for a bong counting down, as in the movies.
Yes, a master key system can be put in place where Apple devices in Elbonia have a master key for their government, and not Latveria... but what happens if the Elbonian key storage mechanism gets hacked or compromised? Backdoors always get blown open, and it usually isn't a good guy who does this.
The "once someone is paid, they stay paid" is a feature of BTC. It would be nice if there were an escrow mechanism with a time limit so if Alice sells a vend a goat machine to Bob, Bob puts the BTC in escrow, until Charlie vets that the vend a goat machine made it to Bob's place and is usable, then allows the transaction to proceed, or before a time limit, interrupts the transaction and has the money sent back to Bob if instead of a vend a goat machine, it were just a box of cinderblocks. This will help against one of the more common auction frauds, and it protects the seller (the currency goes into escrow before the product is shipped), and the buyer (the escrow agent validates that they actually got what was in the package.)
Of course, this isn't perfect... the Bob the Buyer can pull the vending machine out, place some stones, then allege fraud to Charlie so Charlie nixes the transaction... but that goes from common auction fraud which is an everday happening, to actual felony larceny. Escrow does raise the bar though, and given a high enough value transaction, it might be Charlie has his people waiting with Bob for the package to actively validate that all shipped as it should have.
There is another downside... Charlie's reputation. This was discussed back in the 90s on the cypherpunks list, that if the value of Charlie's reputation was less than what the transaction was, he could collude with either Alice or Bob to fuck over the other party. It might sully Charlie's doings in the future, but if the transaction was valuable enough, hosing one party might just be worth it to the escrow agent, as they could go find another biz after that.
Right now, we are seeing version 1.0 and version 1.1 of cryptocurrencies.
I can see a version 2.0 of a cryptocurrency coming out, with some features to help:
1: Escrow. It would be nice if a third party, Charlie, could be part of the transaction, and Alice and Bob's transaction it wouldn't be completed until Charlie gives the OK. If Charlie doesn't give the OK, Bob doesn't get the currency... eventually after a selected timeout, the coins wind up back with Alice. Or, it could be configured the other way, where Bob gets his coins if Charlie doesn't step in and say "no" after a period of time. Of course, there can be collusion between Charlie and either Alice or Bob to fuck over the other party, but having the -option- for an escrow service so both parties are happy would go far in making a currency usable for trades.
2: Auditing. The ability for a party to tag their own expenses with their own ID for something, so they can in the future run through the blockchain, and find all occurances of that ID. It would be equal to the "For:" line on a checkbook.
3: Refunds. The ability for both parties to reverse a transaction, on the premise of the item in question being returned. This will go a long way in proving ownership of something if it gets questioned.
4: Disabling spending of currency for a period of time. This adds a "timelock" value, so if the currency owner is going to be gone for six months, even if someone has access to the wallet, the coins can't be spent. Of course, once the time expires, it becomes a race between the legit owner and anyone else who has access to the wallet's private key, but it is a way to ensure coins are not going to be gone while someone is on a trip. Of course, this value should be limited to a fairly period of time (6-12 months), so coins are not tossed out of the economy permanently.
5: Similar to #4, but disabling spending of coins for a period of time... but allow them to be re-enabled if another wallet or private key gives the go-ahead. This way, one can have one wallet that coins go in, set a time lock, but still have an offline wallet that can re-enable use of the coins should the need arise.
6: A way to mark part of the transaction as sales tax (with the receiver agreeing on that), so the sender is showing that the 110 units they are paying, 100 are for the product, the rest are going for taxes like a VAT or the like. Similar to #2, but covering the tax angle. In case of audit, it would be easy to just show the blockchain and that the receiver acknowledged that the tax was properly paid.
7: A way to preen the blockchain after a period of time, say seven years of older transactions, but still keep the crystallographic integrity of the entire thing. This way, eventually, the blockchain size will tend to stabilize as soon as old transactions get expired.
I'm sure there are other ways, but adding some cryptographic tricks (like escrow and moving coins out of play for a period of time) will definitely add to currency security.
The best thing one can do is find another currency, mine it, then exchange those coins for BitCoins. Some currencies are a lot miner-friendly, so that rack of 100 USB ASICs can be powered on and generate more coins and value than the cost of electricity to run them.
The Telnet server required an Expect script to use... and yes, you -can- do stuff that way... but it is a relative PITA compared to ssh, Python libraries, and Ansible. As the parent said, sending unencrypted passwords through a link (yes, one -could- do tunnels, but that is another bunch of hoops) was possible... but with SSH (especially with RSA authentication), it is far, far easier.
Slashdot Mirror
The ironic thing is that in general, piracy is way down overall. Latest gen consoles have a 0% piracy rate. With streaming, there isn't a real reason for pirating music (other than finding not for sale songs.) Video piracy is down because one can stream or just go to RedBox. Software piracy is down because of the shift to MMOs, uncrackable DRM, and Steam/GOG, where it is almost pointless to pirate.
It is understandable that an anti-piracy firm wants to make money, but they are trying to capitalize on an infraction which is happening less and less. Might as well make a private company that uses drones to watch for cattle rustlers and claim jumpers... more money catching those perps anyway.
There are also businesses that use ISPs. What happens if a store loses its method of processing credit card orders? Of course, they can pull out the ka-chunk machines and paper, but there will definitely be revenue lost.
No ISP in their right mind will pull a link on a business without more than just the word of a third party. Either it will be a succession of strikes or a court order.
Sure it won't stop the hardcore 'nix folks
How hard is it to run a VM?
Other than getting ISPs to block users (where the ISP now has to deal with a potential subscriber lawsuit because of the word of a third party), I just don't see how this is going to work:
1: Browser makers won't allow a third party to disable their software at the third party's whim. Even if were mandated (perhaps a DMCA2 treaty), there would be some people in Russia who will just fork off a pre-bongoed source and offer that for download.
2: If it gets nailed through a browser or add-on, it will be patched by the browser or third parties. They better stand in line behind the real ransomware makers if they want to go for 0-day security day holes.
3: People have multiple browsers. To separate tasks, I use sandboxie, multiple browsers, browsers on USB flash drives, and different types of browsers. Will they shut them all down? Perhaps if they inject malware that does redirects.
4: People have virtual machines. Destroy the VM that I use for browsing the web, I just run "vagrant destroy --force && vagrant up", and in a few minutes, I have my browser virtual machine back up, running, with all my extensions present, courtesy of provisioning scripts.
5: People have and use VPNs, both in the same country and offshore. Good luck with sending copyright notices to the VPN in Switzerland, Sweden, or even Canada. Even a VPN in the same area, unless the party decided to press a legal case, they won't be handing names and other info over, if they are to remain in business for long.
6: People use combinations of the above. Push too hard and even Joe Sixpack will start using an offshore VPN service for $5 a month, pretty much making any IP enforcement impossible without having to make it an international event.
tl;dr, Rightcorp's existence depends on trying to get ISPs to do the belling the cat (with the legal risk that entails for the ISP) for them... and all it takes is 1-2 false positives for that ISP to start seriously hurting. Even worse, it will just make the pirates "go dark" and ensure that nothing but the most elaborate tracking will actually work.
I saw it on early versions of Solaris 2, back in the mid to late 1990s, where there would be a ton of zombie processes, they would laugh at a -9, and the only way to deal with them was a reboot, and even then, there almost certainly would be a NFS hang, preventing the machine from completely shutting down, so most likely a reset would be needed (which meant a force fsck of all drives because back then, journaling filesystems were not common.)
It makes me glad that operating systems eventually almost have solved this. Software RAID is doable in multiple ways (btrfs, LVM2, md-raid, ZFS), filesystems have rollback functionality to keep consistant, HDDs have moved to SSDs which have a different set of problems, etc.
I might encounter a zombie process here and there, but the only time it gets noticable is with a drive that is on the edge of disgorging its contents into oblivion, or network/storage fabric issues.
On one hand, CyanogenMod is definitely a useful ROM. Next to having a Nexus phone, having a ROM that has a consistent UI (especially if used with Nova Launcher), well maintained, and constantly updated far beyond the 1-2 year life of most Android devices, is quite useful.
CyanogenOS... different story. Not familiar with it, but if it can't use Android/GApps, I wouldn't bother. I remember the application stores (not apps) on another telco's devices with regards to Windows Mobile, and the limited, costly, locked down selection they had. If it can't support Gapps, other stores (F-Droid), and sideloading, I'll not even bother.
Is that the same as Windows 10 LTSB (long term servicing branch), which has fewer gewgaws, and is intended for the enterprise, because it has fewer things that can break or be compromised?
Exactly. For 3-6 hours while this this is being used, my phone is unusable for anything else, even if there is an emergency call or text.
Also, what's the point, other than a novelty value? I can get a 3D printer with a larger printing volume. It may not be as cool looking, but it likely will have a heated tray and almost assuredly, better precision than this model. Plus, using filament is a lot easier to deal with than guesstimating how much liquid I squirt on the phone's surface.
The only real use I can see with this is having a dedicated smartphone or iPod Touch, and using it in the field, due to the portability.
If Apple made a docking station, I'd go for an x86 iPad in a heartbeat. The docking station, if stashed in a suitcase, would make it useful for doing stuff when in the middle of nowhere, and if space is too scarce for that, a keyboard case, perhaps a tiny USB mouse, would help.
When travelling, it is a lot easier to take an iPad over a laptop, even a MB or MBA. Plus, having full x86 functionality to run OS X applications would be quite useful, especially on the road.
Just by making an OS X tablet would get the tablet market back for Apple. MS is actually doing pretty well with the Surface Pro, so it wouldn't be too hard for Apple to make a device with comparable features, perhaps a docking station for it so it can be used in a desktop role (with external drives, Thunderbolt breakout boxes for GPU, 10gigE, and all the other stuff a desktop needs.) Would it compete with the iMac? Not really... the iMac has four cores, eight virtual cores with HT. At best, the x86 iPad would have two cores, four with HT.
On Android, the app I'd use for securing texts is TextSecure. It not just provided key exchanges, but it stashed the SMS messages encrypted. Sadly, it doesn't seem to be on the Play Store anymore. It didn't have as much functionality as dedicated SMS apps... but it did work and seemed to have been well designed. I'd definitely use this if it were still around, or on iOS.
I can run without iTunes, with the device backing itself to iCloud, and after an erase, having the device restore itself completely.
However, there is one use that iTunes is a must: If I want to do a DFU restore, I have to plug it via a wired connector, and load a firmware version that is within Apple's signing window.
Does this mean iOS is better? No. I can run an Android device, and not need to use an ADB driver until I need to flash a ROM. Restores are easy as well, as app backups are stashed on a cloud provider, then get reloaded via Titanium Backup.
I would say iTunes is a must on a computer, or at least a virtual machine, just for doing a DFU reload. Otherwise, one can run day to day without it.
I would hazard a guess that eventually... and this is after there is some big bad thing happening that actually gets companies to spend cash for it, actual security will be wanted, and programming/designing devices from the ground up with security built in and in depth, as opposed to just tacked on at the end of the process, may eventually become something part of program design. Doing secure code is something that automated tools can somewhat help with, but it is something a good, experienced dev will wind up doing, especially when dealing with a specific architecture (ARM) and its strengths/weaknesses. Optimizing code to work around CPU/RAM/storage limits isn't something one can click a checkbox on an IDE and click "build", especially if the code is critical and cannot easily be updated.
As always, embedded programming will always require the experts. You can't really play the "it builds, ship it, let the customers have autoupdate" game with applications like SCADA systems or pushing code to FPGA boards so they can do a specific task (real time video encoding, for example.)
The key is to change with the times. I'm not the youngest in the bunch, but being up to date on the latest and greatest has kept me employed.
I am skeptical as well. For something common, asking an AI to code a word processor wouldn't be difficult. However, that isn't something that would be useful or bring in cash. What would be useful are things that are pushing the edge that an AI may not be able to think about.
For example, a deduplicating program similar to obnam, bup, attic, borgbackup, or zbackup that instead of storing its repository as tons of tiny files, stores the deduplicated stuff as either a large single file, or a number of medium sized files (similar to Apple's sparse bundle bands or VMWare's 2GB .vmdk files.) This way, the filesystem does less work.
As of now, an AI would likely not be up to this task, just because of the debugging involved, such as handling garbage collection when data is deleted/expired, handling bit rot on one of the files, and so on. However, once we have AIs that are up to writing a utility like this, the need for this utility would long have since been filled.
There is a definite place for Borgbackup, attic, bup, obnam, zbackup and other deduplicating backup utilities. The ability to just toss data whenever you feel like it, and only deltas get saved (after being compressed) is a nice thing. Same with having decent encryption.
I personally have been using zbackup for a while, which is quite usable for backups, especially via SSH, where it can SSH into my NAS, fetch data, and only store what is changed to some media I rotate out for safekeeping. Zbackup has not had much Git activity, but Borgbackup has had an extreme amount of work done with it, so it is definitely a utility to watch and consider using.
It would be nice, with all that telemetry data being collected, shouldn't MS be able to find broken patches on a mass scale, realize something is wrong, and do something about it a lot more quickly.
There are levels of civilization. If civilization is destroyed to the point that preppers talk about, gold may not be the currency of choice, because there is no way to guarentee that a gold bar is genuine, or is gold-plated tungsten. Similar with silver. In a Mad Max scenario, the currency of choice will be something that is functional, and this likely will be ammo since it is relatively fungible, is useful, small and easily carried, and is universally valued. When people are on the edge of starvation, gold may be shiny, but it isn't going to help feed the family or keep the scavengers (both two legged and four legged) away.
After civilization stabilizes, and there is -some- form of government, if only to keep roads relatively safe and to dispatch people in grisly ways that counterfeit coins or fake metal, then gold can function as a means of exchange, just because there is a relatively low chance of it being worthless. However, until then, barter will be what people use to survive until there is some central authority.
The problem is that keeping backups is a lot more difficult than it was in the past, when one could buy a tape drive, have it toss files there, physically write protect the cartridge, and keep that in a safe place.
The typical consumer/business backup mechanism is usually either dumping to a file share, dumping to an external HDD, a copy to a cloud drive, or a copy to a cloud provider. All of which ransomware like this can stomp on, just by overwriting/encrypting backups. A cloud provider -might- have some backlevel versions, but they likely might just only have at most 30-90 days worth of files. That SAN with all the replication doesn't do much good, as it will replicate the rm and encrypted files.
The ideal way to combat this is a program running on another machine which pulls the data. Something that runs on another machine and does a function similar to:
ssh foohost ' ( cd /home ; tar cvf - * ) ' | zbackup --password-file ~/mysecret backup /some/fs/zbackup/backups/homedirbackup.tar
Of course, adding date/time variables is left as an exercise to the reader... However, doing this not just ensures that ransomware can't touch the machine where the backups are on, but allows files to be backed up as often as one wishes, with only changes being saved. This is the only real defense to ransomware, and not often done.
On the Windows side, programs to fetch data from clients are expensive (no SSH), the cheapest is probably Windows Server Essentials (descendant of Windows Home Server) which can fetch and store client data.
Very true. The hub idea isn't perfect... but it is better than nothing, and with IoT, virtually anything is better than what we have now. Who owns the list is important, but hopefully it can be changed to whomever the consumer wants to maintain it. The key is having some way to not just block devices that have vulnerable firmware, but also limit devices from communicating directly with the outside world. That way if someone's smart toaster has a vulnerability, because it never directly communicates to the Internet, an attacker would have to attack the destination or the smart hub, as opposed to now, where if an attacker gets LAN access, that device is theirs.
Perhaps an even better thing would be to go to a hub and spoke topology? That way, devices can communicate with the center hub (or hubs, if redundancy is desired), and if there is a fix, the hub asks for it on behalf of one device, caches it, so other devices can use that same fix without issue. It is basically what happens when devices communicate through an access point, but the devices would use a low power, low range protocol as opposed to Wi-Fi, or even opening themselves for attack by touching the Internet directly. Plus, with a hub and spoke, an IDS/IPS mechanism can be places so if one device starts behaving suspiciously that is out of the design parameters (nmapping everything it can find), its connection gets dropped, and life goes on. As an added bonus, an attacker would either have to be physically nearer to intercept the low power protocol, or would have to attack the hardened hub (which could run on fairly modest hardware and use virtual machines to separate the firewall instance from the instance that deals with the devices.)
Bad analogy. A safe maker will offer locksmiths drill templates and instructions on how to pull relockers back, should they go off. This isn't a quick thing, as the locksmith will have to drill holes through very tough steel and cement, but this is a common thing, as it is a lot faster to drill a few holes, than it is to guess where the relocking devices are.
There is no analogy to "lets just take power tools and cut the safe into pieces" with encryption.
Does this mean Apple has responsibility to let anyone with a badge in at any time? It is far more often for corrupt LEOs in a third world nation to abuse their powers and demand all phones be decrypted at a whim than an encrypted device actually have decryption codes for a bong counting down, as in the movies.
Yes, a master key system can be put in place where Apple devices in Elbonia have a master key for their government, and not Latveria... but what happens if the Elbonian key storage mechanism gets hacked or compromised? Backdoors always get blown open, and it usually isn't a good guy who does this.
The "once someone is paid, they stay paid" is a feature of BTC. It would be nice if there were an escrow mechanism with a time limit so if Alice sells a vend a goat machine to Bob, Bob puts the BTC in escrow, until Charlie vets that the vend a goat machine made it to Bob's place and is usable, then allows the transaction to proceed, or before a time limit, interrupts the transaction and has the money sent back to Bob if instead of a vend a goat machine, it were just a box of cinderblocks. This will help against one of the more common auction frauds, and it protects the seller (the currency goes into escrow before the product is shipped), and the buyer (the escrow agent validates that they actually got what was in the package.)
Of course, this isn't perfect... the Bob the Buyer can pull the vending machine out, place some stones, then allege fraud to Charlie so Charlie nixes the transaction... but that goes from common auction fraud which is an everday happening, to actual felony larceny. Escrow does raise the bar though, and given a high enough value transaction, it might be Charlie has his people waiting with Bob for the package to actively validate that all shipped as it should have.
There is another downside... Charlie's reputation. This was discussed back in the 90s on the cypherpunks list, that if the value of Charlie's reputation was less than what the transaction was, he could collude with either Alice or Bob to fuck over the other party. It might sully Charlie's doings in the future, but if the transaction was valuable enough, hosing one party might just be worth it to the escrow agent, as they could go find another biz after that.
Right now, we are seeing version 1.0 and version 1.1 of cryptocurrencies.
I can see a version 2.0 of a cryptocurrency coming out, with some features to help:
1: Escrow. It would be nice if a third party, Charlie, could be part of the transaction, and Alice and Bob's transaction it wouldn't be completed until Charlie gives the OK. If Charlie doesn't give the OK, Bob doesn't get the currency... eventually after a selected timeout, the coins wind up back with Alice. Or, it could be configured the other way, where Bob gets his coins if Charlie doesn't step in and say "no" after a period of time. Of course, there can be collusion between Charlie and either Alice or Bob to fuck over the other party, but having the -option- for an escrow service so both parties are happy would go far in making a currency usable for trades.
2: Auditing. The ability for a party to tag their own expenses with their own ID for something, so they can in the future run through the blockchain, and find all occurances of that ID. It would be equal to the "For:" line on a checkbook.
3: Refunds. The ability for both parties to reverse a transaction, on the premise of the item in question being returned. This will go a long way in proving ownership of something if it gets questioned.
4: Disabling spending of currency for a period of time. This adds a "timelock" value, so if the currency owner is going to be gone for six months, even if someone has access to the wallet, the coins can't be spent. Of course, once the time expires, it becomes a race between the legit owner and anyone else who has access to the wallet's private key, but it is a way to ensure coins are not going to be gone while someone is on a trip. Of course, this value should be limited to a fairly period of time (6-12 months), so coins are not tossed out of the economy permanently.
5: Similar to #4, but disabling spending of coins for a period of time... but allow them to be re-enabled if another wallet or private key gives the go-ahead. This way, one can have one wallet that coins go in, set a time lock, but still have an offline wallet that can re-enable use of the coins should the need arise.
6: A way to mark part of the transaction as sales tax (with the receiver agreeing on that), so the sender is showing that the 110 units they are paying, 100 are for the product, the rest are going for taxes like a VAT or the like. Similar to #2, but covering the tax angle. In case of audit, it would be easy to just show the blockchain and that the receiver acknowledged that the tax was properly paid.
7: A way to preen the blockchain after a period of time, say seven years of older transactions, but still keep the crystallographic integrity of the entire thing. This way, eventually, the blockchain size will tend to stabilize as soon as old transactions get expired.
I'm sure there are other ways, but adding some cryptographic tricks (like escrow and moving coins out of play for a period of time) will definitely add to currency security.
The best thing one can do is find another currency, mine it, then exchange those coins for BitCoins. Some currencies are a lot miner-friendly, so that rack of 100 USB ASICs can be powered on and generate more coins and value than the cost of electricity to run them.
The Telnet server required an Expect script to use... and yes, you -can- do stuff that way... but it is a relative PITA compared to ssh, Python libraries, and Ansible. As the parent said, sending unencrypted passwords through a link (yes, one -could- do tunnels, but that is another bunch of hoops) was possible... but with SSH (especially with RSA authentication), it is far, far easier.