With what a lot of WoW players write, I'm amazed the NSA doesn't sue them for pain and suffering when some poor slob has to look through the stored Barrens chat logs.
The command "grep -v -i 'anal'" will cut out 99% of the text though.
Why would it be guaranteed to fail? The knowledge to do this is getting to the half a century mark. We have better knowledge, better computers for simulating potential mishaps, better engineering, better metals, superb polymer tech, and both the knowledge of the USSR and the US, with their mistakes.
This is not as much breaking new ground as it is a task of getting a specialized factory up to speed, which is something China does damn well.
Part of it is that China produces what is specced and paid for. Spec out a piece of crap, and the Chinese factory will happily make sub-par components for you.
Spec out top tier materials, high tolerances, good QC, and the shipping containers will have stuff that is on par with what Europe makes. The problem is that if you pay for the top tier stuff, China's competitive edge is less than doing it domestically or having it done in Japan or Europe.
It isn't really China's fault they are the go to guys for the "make 'em cheap, stack 'em deep" orders by companies wanting to cut corners.
HyperTalk was oddball, but HyperCard was a decent way to get a non-technical user to be able to present data in a usable form, then expand from there.
I could easily do similar with a Web page and some backend scripting, but there was something fairly nice about HyperCard's instant gratification where once the script was in, it was ready to go. No makefiles, no compilation, the source was the object code.
I would not be surprised if we saw a modern version of Hypercard come around again, because done right, it would function both offline, online, and perhaps even partially online where frequently used cards would be cached.
When I was running through CS (graduated in 2008), the students knew they would have to fight tooth and nail for positions. They had to be better than the offshore coding houses, and/or the H-1Bs.
So, a lot of them not just did well in class, but went off on internships, both paid and unpaid, as well as went and got their name on some OSS project.
The people that went through CS were the die-hards... there were no illusions about getting some cushy ABAP job. Instead the students focused on trying to actually be usable pieces in a dev team puzzle. The people who were not that dedicated switched their majors to general business.
There used to be a utility called LBE Privacy Guard which did exactly this in earlier versions of Android, and on jailbroken iPhones, a utility called PMP (protect my privacy.) If the app wants contacts, it gets randomly generated cards. Songs, similar. Location, it gets where you select. Photos? Fake photos or an empty drive, ad id? Randomly generated.
Only thing is that LBE Privacy Guard has not been updated for the past few versions of Android.
Pretty much, one's best defense against a rogue fleshlight app is to have a firewall program like Droidwall or its successors and block the app from communicating on any interface.
I'm hoping you are right. Recently, one of the biggest changes in mainstream music was that the big labels stopped signing bands and started building bands. This difference doesn't sound big, but it means that instead of having an album from a group that has its own sound, stage presence, and lyrics, it means one is getting a singer who is especially chosen because he/she can follow orders, lyrics specifically chosen to appeal to a certain market segment by the MBA types, and then form a band around that.
The only downside of CDs not being a way of making money is that there are a number of bands which make better music in the studio than on stage. They are better off crafting their work and recording it than trying to get everything together in real-time and gigging. Plus, finding venues to gig in can be very difficult in some areas.
It used to be 16 characters, but that was back in the days of Windows 98, and NT 4.0 service pack 6a, well before AD forests and trees were in common use.
I get the not-so-fresh feeling being devil's advocate here, but (and this is opinion here, so take it, leave it, or just laugh at it) BitLocker is something that MS did seem to make a decent effort at getting right.
Unlike TrueCrypt, BitLocker is written not just for security, but for enterprise recoverability, so come e-Discovery time, one can recover the data on a laptop after an employee left.
If MS did drop the ball with BitLocker, they would be in a world of hurt. There are many laptops lost out there, and having an encrypted HDD [1] is the difference between writing off some inventory shrinkage versus a major public disaster, with civil, regulatory, and perhaps criminal consequences. So, BitLocker is something that had major security issues, there will be big businesses wanting their pound of flesh, not just users.
(Of course, after I write this, watch one of the next/. articles be about a backdoor found in BDE completely making what I stated irrelevant.)
[1]: Of course, there are varying degrees of encryption. Having the recovery key for BitLocker stored someplace insecure is just as bad as having the TrueCrypt recovery CD with its password stored in a bad location. This is why BitLocker keys often wind up stored in AD... if AD gets compromised, the jig is up in the enterprise anyway.
As an aside... I should have stated, "stun gun", as this was done before Tasers were the dominant on the market.
But there are a lot of cases where the crime hurts the family and friends of the victim more than the victim, especially the time it takes to get the person back to some semblance of a normal life if the beating or attack was brutal enough.
Being a friend or relative of the one attacked usually is far worse. Stuff like having a friend's son whom you grew up with tasered to death (the thieves wanted to know "where the valuables were", and kept pulling the trigger until the victim's heart gave out) makes one not really empathetic with violent criminals who do this sort of stuff.
If this were a theft, I'd say so. However, a gunpoint robbery is a trigger-pull from a murder (and often ends up that way.)
Not to mention the senseless beating of the people in the truck.
I wouldn't say death is appropriate, but pointing a gun in someone's face and then assaulting them is a lot more than just hopping into an empty truck that is still running and joyriding off with the cargo.
Acute radiation is ugly, but so is the long term damage from gunshot wounds, or the damage from being pummeled (the description was vague, but i'm sure it entailed use of some blunt objects as well.)
Encryption is not a one size fits all solution. I can say that I use encryption for everything because my HDDs use FDE (BitLocker, FileVault, and LUKS.) However, encrypting everything that hits the platters doesn't give any protection against remote attack. Scale that up to the enterprise, and having a low level PowerPath driver encrypt what hits a LUN doesn't matter much if the host machine gets breached.
While I do have faith that BitLocker and other items are not obviously backdoored, my eyes glaze over when companies say that they will just encrypt stuff, all problems over.
Encryption just makes the amount of sensitive data move from the data to how keys are stored, and attackers will just start hitting the key management system, either bribing/coercing an admin, or use basic social engineering techniques to get access to stored keys.
Even hardware key storage devices are not 100%. One can always hack a user account on one of those to sign/decrypt data even without access to the key material itself.
Encryption is just one piece. It can be equated to use of a safe. However, safecrackers tend to care less about the safe itself than the lock on the safe, and the key management is what makes or breaks security.
This might be a weakness of BitCoin eventually. As blockchains get longer and longer, it gets more unwieldy to keep everything updated.
The closest thing is having to calculate every transaction (vending machine, gas station, bank, etc.) a Loonie [1] coin has been through since it was struck at the mint. Even though big-O is a linear function, after a while, the cryptographic calculations required for each transaction can add up over time, and when a BitCoin is broken into subunits, each subunit down to the satoshi will have its own separate chain that has to be run through.
Not a big problem now, but as BitCoins circulate through large amounts of users, it might become an issue, especially for large volumes.
[1]: Or quarter, or Euro, but Loonies are a decent unit for an arbitrary example.
Code is going to be written. It will just be written in countries that don't have the non-functional [1] IP laws, and the products sold from there.
This reminds me of the 1990s and how cryptography development was stifled in the US by ITAR laws. It didn't stop crypto development. What happened was that Russia, Germany, and even China started on the process.
The same thing would happen again. It just means that innovation in coding moves to other countries, perhaps China, Russia, the Ukraine, Brazil, or elsewhere.
Of course, the genie can be put back in the bottle -- locked down devices can prevent code that hasn't been vetted to run, and on desktops, mandatory DRM stacks would ensure the laws are enforced regardless of borders.
[1]: Well, functional for a few, but not as a gestalt.
Seconded. This is a pile of manure just waiting to fall onto someone as a scapegoat, and it might be that the application is already compromised.
Approaching legal won't do the trick. They will immediately turn around and tell the boss that so and so have gone over their head... and this won't be good for future (or present) job prospects.
Were I in your shoes, I would be honing my LinkedIn profile, updating the resume, maybe shooting for a certificate or two for keywords, and starting the hunt.
In previous IT jobs, I've heard the mantra, "security has no ROI" plenty of times, followed by, "Geek Squad can fix it if we get hacked" when I ask the obvious followup question. When you hear that song and dance, run.
Without a sign, they have to be officially given a notice of trespass or warned off by the police. Shouting, "git off my lawn" won't do the job unless there is legal proof this was done.
During SXSW in Austin, there would be people who would pull up into driveways without permission, plug their travel trailers into outlets in the nearby house, use the nearby hose for their RV's water, and spend the night there. The homeowner would ask the people to leave, and the RV-ers would say some choice vulgarities. The police finally get called and then the trailer would get moved one driveway over. Without a posted tow away zone sign, the fact that a driveway would be a place to turn into a party spot and RV parking place was taken advantage of fairly often.
It might be just five cents of power, but it still is theft, same with the people who plug their travel trailer into the wall of someone's house without permission.
Would this be something to be arrested over? No. In most circumstances, a citation for a class C misdemeanor would be the best matter of course.
It seems to come in waves. Sometimes you get the old drives which work forever without issue, only being replaced because their capacity is pointless. Other times, your RAID arrays are constantly in degraded mode because a batch of HDDs are constantly dropping into prefail status, or just deciding to take a dirt nap.
For some vehicles, a tuner can have a setting where one needs 92 octane... but the MPG gains are significant enough to offset the higher cost for premium.
However, this is definitely a YMMV item in the literal sense.
Exactly. The set of encrypted files will have different hashes in each block than the older files, so will be counted as a separate instance. The only thing that would be the same would be the name, perhaps the size.
There are various deduplication methods. Microsoft's is passive (it runs in the background, usually doing the actual block duplicate finding late at night.) EMC's deduplication is active where the data is dehydrated as soon as it hits the platters.
The fine may not be collectible, but assuming it gets interest (likely compound interest, compounded continuously), the guy will be hounded the rest of his life by debt collectors and will never be able to purchase a car [1], house, or anything except perhaps a credit card with a 65% APR. No bankruptcy judge will ever discharge that debt either, and since it is a fine, not a civil debt, it never expires.
The two years and the permanent conviction will hurt employment prospects. The permanent debt, which will go up by 10-15% a year will never leave him, so unless he marries wealthy (with a pre-nup that ensures nothing is in his name and can be taken by creditors), the guy's future is pretty much shot.
[1]: Well, there are the used car places that charge 20%, demand payment weekly, and have a box connected to the ECM to demand a code punched in or the car won't start.
Since they are moved from the shared directory, but somewhere else on the same volume (out of reach of any script/malware on the client), cryptolockered files will be distinctly different in block content, and not able to just be turned into links.
Of course, this isn't a perfect way to do things, but it is one piece of a layered approach (the biggest layer is to do one's Web browsing in a VM or at least a sandbox so cryptolocker acting in the browser's context will get a bunch of written files in the sandbox directory, while not being able to actually cause permanent changes.)
That is true. However, I have seen that in the enterprise, sometimes they go with a laptops because they know more accurately what is going to be on it (BIOS, NIC, video), and is easier to make a Windows image for it. So, the costs of administration might be lower, especially for employees who might work on weekends, by going with a laptop and disk encryption software than a desktop.
A lost laptop is not a world-ender as it used to be in the past, especially with enterprise remote kills, and self-encrypting SSDs. Especially if the laptop has a secondary authentication mechanism as well as the TPM chip.
Slashdot Mirror
With what a lot of WoW players write, I'm amazed the NSA doesn't sue them for pain and suffering when some poor slob has to look through the stored Barrens chat logs.
The command "grep -v -i 'anal'" will cut out 99% of the text though.
Why would it be guaranteed to fail? The knowledge to do this is getting to the half a century mark. We have better knowledge, better computers for simulating potential mishaps, better engineering, better metals, superb polymer tech, and both the knowledge of the USSR and the US, with their mistakes.
This is not as much breaking new ground as it is a task of getting a specialized factory up to speed, which is something China does damn well.
Part of it is that China produces what is specced and paid for. Spec out a piece of crap, and the Chinese factory will happily make sub-par components for you.
Spec out top tier materials, high tolerances, good QC, and the shipping containers will have stuff that is on par with what Europe makes. The problem is that if you pay for the top tier stuff, China's competitive edge is less than doing it domestically or having it done in Japan or Europe.
It isn't really China's fault they are the go to guys for the "make 'em cheap, stack 'em deep" orders by companies wanting to cut corners.
HyperTalk was oddball, but HyperCard was a decent way to get a non-technical user to be able to present data in a usable form, then expand from there.
I could easily do similar with a Web page and some backend scripting, but there was something fairly nice about HyperCard's instant gratification where once the script was in, it was ready to go. No makefiles, no compilation, the source was the object code.
I would not be surprised if we saw a modern version of Hypercard come around again, because done right, it would function both offline, online, and perhaps even partially online where frequently used cards would be cached.
When I was running through CS (graduated in 2008), the students knew they would have to fight tooth and nail for positions. They had to be better than the offshore coding houses, and/or the H-1Bs.
So, a lot of them not just did well in class, but went off on internships, both paid and unpaid, as well as went and got their name on some OSS project.
The people that went through CS were the die-hards... there were no illusions about getting some cushy ABAP job. Instead the students focused on trying to actually be usable pieces in a dev team puzzle. The people who were not that dedicated switched their majors to general business.
I'm curious if this could be used with a FPGA card array to help with I/O or transaction processing, assuming the disk I/O isn't the bottleneck.
There used to be a utility called LBE Privacy Guard which did exactly this in earlier versions of Android, and on jailbroken iPhones, a utility called PMP (protect my privacy.) If the app wants contacts, it gets randomly generated cards. Songs, similar. Location, it gets where you select. Photos? Fake photos or an empty drive, ad id? Randomly generated.
Only thing is that LBE Privacy Guard has not been updated for the past few versions of Android.
Pretty much, one's best defense against a rogue fleshlight app is to have a firewall program like Droidwall or its successors and block the app from communicating on any interface.
I'm hoping you are right. Recently, one of the biggest changes in mainstream music was that the big labels stopped signing bands and started building bands. This difference doesn't sound big, but it means that instead of having an album from a group that has its own sound, stage presence, and lyrics, it means one is getting a singer who is especially chosen because he/she can follow orders, lyrics specifically chosen to appeal to a certain market segment by the MBA types, and then form a band around that.
The only downside of CDs not being a way of making money is that there are a number of bands which make better music in the studio than on stage. They are better off crafting their work and recording it than trying to get everything together in real-time and gigging. Plus, finding venues to gig in can be very difficult in some areas.
127 characters is low?
It used to be 16 characters, but that was back in the days of Windows 98, and NT 4.0 service pack 6a, well before AD forests and trees were in common use.
I get the not-so-fresh feeling being devil's advocate here, but (and this is opinion here, so take it, leave it, or just laugh at it) BitLocker is something that MS did seem to make a decent effort at getting right.
Unlike TrueCrypt, BitLocker is written not just for security, but for enterprise recoverability, so come e-Discovery time, one can recover the data on a laptop after an employee left.
If MS did drop the ball with BitLocker, they would be in a world of hurt. There are many laptops lost out there, and having an encrypted HDD [1] is the difference between writing off some inventory shrinkage versus a major public disaster, with civil, regulatory, and perhaps criminal consequences. So, BitLocker is something that had major security issues, there will be big businesses wanting their pound of flesh, not just users.
(Of course, after I write this, watch one of the next /. articles be about a backdoor found in BDE completely making what I stated irrelevant.)
[1]: Of course, there are varying degrees of encryption. Having the recovery key for BitLocker stored someplace insecure is just as bad as having the TrueCrypt recovery CD with its password stored in a bad location. This is why BitLocker keys often wind up stored in AD... if AD gets compromised, the jig is up in the enterprise anyway.
As an aside... I should have stated, "stun gun", as this was done before Tasers were the dominant on the market.
But there are a lot of cases where the crime hurts the family and friends of the victim more than the victim, especially the time it takes to get the person back to some semblance of a normal life if the beating or attack was brutal enough.
Being the one beaten is one thing.
Being a friend or relative of the one attacked usually is far worse. Stuff like having a friend's son whom you grew up with tasered to death (the thieves wanted to know "where the valuables were", and kept pulling the trigger until the victim's heart gave out) makes one not really empathetic with violent criminals who do this sort of stuff.
If this were a theft, I'd say so. However, a gunpoint robbery is a trigger-pull from a murder (and often ends up that way.)
Not to mention the senseless beating of the people in the truck.
I wouldn't say death is appropriate, but pointing a gun in someone's face and then assaulting them is a lot more than just hopping into an empty truck that is still running and joyriding off with the cargo.
Acute radiation is ugly, but so is the long term damage from gunshot wounds, or the damage from being pummeled (the description was vague, but i'm sure it entailed use of some blunt objects as well.)
Encryption is not a one size fits all solution. I can say that I use encryption for everything because my HDDs use FDE (BitLocker, FileVault, and LUKS.) However, encrypting everything that hits the platters doesn't give any protection against remote attack. Scale that up to the enterprise, and having a low level PowerPath driver encrypt what hits a LUN doesn't matter much if the host machine gets breached.
While I do have faith that BitLocker and other items are not obviously backdoored, my eyes glaze over when companies say that they will just encrypt stuff, all problems over.
Encryption just makes the amount of sensitive data move from the data to how keys are stored, and attackers will just start hitting the key management system, either bribing/coercing an admin, or use basic social engineering techniques to get access to stored keys.
Even hardware key storage devices are not 100%. One can always hack a user account on one of those to sign/decrypt data even without access to the key material itself.
Encryption is just one piece. It can be equated to use of a safe. However, safecrackers tend to care less about the safe itself than the lock on the safe, and the key management is what makes or breaks security.
This might be a weakness of BitCoin eventually. As blockchains get longer and longer, it gets more unwieldy to keep everything updated.
The closest thing is having to calculate every transaction (vending machine, gas station, bank, etc.) a Loonie [1] coin has been through since it was struck at the mint. Even though big-O is a linear function, after a while, the cryptographic calculations required for each transaction can add up over time, and when a BitCoin is broken into subunits, each subunit down to the satoshi will have its own separate chain that has to be run through.
Not a big problem now, but as BitCoins circulate through large amounts of users, it might become an issue, especially for large volumes.
[1]: Or quarter, or Euro, but Loonies are a decent unit for an arbitrary example.
This is only going to hurt in the long run.
Code is going to be written. It will just be written in countries that don't have the non-functional [1] IP laws, and the products sold from there.
This reminds me of the 1990s and how cryptography development was stifled in the US by ITAR laws. It didn't stop crypto development. What happened was that Russia, Germany, and even China started on the process.
The same thing would happen again. It just means that innovation in coding moves to other countries, perhaps China, Russia, the Ukraine, Brazil, or elsewhere.
Of course, the genie can be put back in the bottle -- locked down devices can prevent code that hasn't been vetted to run, and on desktops, mandatory DRM stacks would ensure the laws are enforced regardless of borders.
[1]: Well, functional for a few, but not as a gestalt.
Seconded. This is a pile of manure just waiting to fall onto someone as a scapegoat, and it might be that the application is already compromised.
Approaching legal won't do the trick. They will immediately turn around and tell the boss that so and so have gone over their head... and this won't be good for future (or present) job prospects.
Were I in your shoes, I would be honing my LinkedIn profile, updating the resume, maybe shooting for a certificate or two for keywords, and starting the hunt.
In previous IT jobs, I've heard the mantra, "security has no ROI" plenty of times, followed by, "Geek Squad can fix it if we get hacked" when I ask the obvious followup question. When you hear that song and dance, run.
Without a sign, they have to be officially given a notice of trespass or warned off by the police. Shouting, "git off my lawn" won't do the job unless there is legal proof this was done.
During SXSW in Austin, there would be people who would pull up into driveways without permission, plug their travel trailers into outlets in the nearby house, use the nearby hose for their RV's water, and spend the night there. The homeowner would ask the people to leave, and the RV-ers would say some choice vulgarities. The police finally get called and then the trailer would get moved one driveway over. Without a posted tow away zone sign, the fact that a driveway would be a place to turn into a party spot and RV parking place was taken advantage of fairly often.
It might be just five cents of power, but it still is theft, same with the people who plug their travel trailer into the wall of someone's house without permission.
Would this be something to be arrested over? No. In most circumstances, a citation for a class C misdemeanor would be the best matter of course.
It seems to come in waves. Sometimes you get the old drives which work forever without issue, only being replaced because their capacity is pointless. Other times, your RAID arrays are constantly in degraded mode because a batch of HDDs are constantly dropping into prefail status, or just deciding to take a dirt nap.
For some vehicles, a tuner can have a setting where one needs 92 octane... but the MPG gains are significant enough to offset the higher cost for premium.
However, this is definitely a YMMV item in the literal sense.
Exactly. The set of encrypted files will have different hashes in each block than the older files, so will be counted as a separate instance. The only thing that would be the same would be the name, perhaps the size.
There are various deduplication methods. Microsoft's is passive (it runs in the background, usually doing the actual block duplicate finding late at night.) EMC's deduplication is active where the data is dehydrated as soon as it hits the platters.
The fine may not be collectible, but assuming it gets interest (likely compound interest, compounded continuously), the guy will be hounded the rest of his life by debt collectors and will never be able to purchase a car [1], house, or anything except perhaps a credit card with a 65% APR. No bankruptcy judge will ever discharge that debt either, and since it is a fine, not a civil debt, it never expires.
The two years and the permanent conviction will hurt employment prospects. The permanent debt, which will go up by 10-15% a year will never leave him, so unless he marries wealthy (with a pre-nup that ensures nothing is in his name and can be taken by creditors), the guy's future is pretty much shot.
[1]: Well, there are the used car places that charge 20%, demand payment weekly, and have a box connected to the ECM to demand a code punched in or the car won't start.
Since they are moved from the shared directory, but somewhere else on the same volume (out of reach of any script/malware on the client), cryptolockered files will be distinctly different in block content, and not able to just be turned into links.
Of course, this isn't a perfect way to do things, but it is one piece of a layered approach (the biggest layer is to do one's Web browsing in a VM or at least a sandbox so cryptolocker acting in the browser's context will get a bunch of written files in the sandbox directory, while not being able to actually cause permanent changes.)
That is true. However, I have seen that in the enterprise, sometimes they go with a laptops because they know more accurately what is going to be on it (BIOS, NIC, video), and is easier to make a Windows image for it. So, the costs of administration might be lower, especially for employees who might work on weekends, by going with a laptop and disk encryption software than a desktop.
A lost laptop is not a world-ender as it used to be in the past, especially with enterprise remote kills, and self-encrypting SSDs. Especially if the laptop has a secondary authentication mechanism as well as the TPM chip.