I strongly suspect that if they're doing this kind of wholesale replacement they're going to be doing a lot more hardening of it, particularly in terms of communications between sites, etc.
They know the current system is infected, that they can't clean it (because they can still see signs of the active infection), and that effectively they're reduced to paper or ad hoc replacements to avoid using the infected system.
Given a choice between A) work with it as-is B) Let separate groups that can't do "A" come up with their own separate workarounds or C) Replace it all, probably leaving out all the "we can't block this because of X, Y and Z" since X, Y and Z are all being replaced.
In some ways it's almost like reinstalling your entire OS every year or two to clear out all the cruft, it's just on a much larger scale.
Because at the end of one expenditure they have an aging computer and at the end of the other they have something if not new then at least much newer.
The end of Windows XP was a great example - I had customers who still had some XP boxes that were perfectly capable of running Windows 7 - PentiumM/Core/Core2 systems with 1-2 GB of RAM, etc. Adding RAM and purchasing a license for Win7Pro for those then installing, updating, installing software, etc. for 1-3 PCs per office wasn't something I could recommend to customers even though the end result would have been the same cost to them as just getting a new or off-lease machine preinstalled with Win7Pro. The cost to them would have been pretty comparable in either case, and the benefit to me in billable hours would have been higher for upgrading, but it's not something I'd do to my customers.
SURELY there is somebody who has enough knowledge and skill to do it
Absolutely there are people who could find all of it, and it may be possible to build or find a combination of tools to address all of the possible hiding spots they're able to think of. The problem is that those skilled people don't scale. As for the tool suite, while someone's attempting to assemble it, someone else is working hard at evading what's going into the suite - and even if they do put something effective together fast, how much confidence will there be that it actually got everything? It's like running a hastily cobbled together antivirus package on an already-infected system.
XKCD 1425 is actually somewhat relevant here in that a cleaning solution is that research team project, but Germany doesn't have the time to wait for it - better to EOL some equipment 2-5 years early and replace it than to wait for a solution that won't be available until have of that equipment would be EOL anyway.
And frankly, it's like something I tell my customers probably too often for my wallet's good: "I can fix it and I'd love to have you pay me to do so, but it's not worth you paying for my time to do so when we can replace it for around the same cost."
I can see why they'd be considering wholesale replacement, but I'm not sure it's going to be good enough for a long-term fix because of A) the scope of the problem and B) replacements that still have vulnerabilities. If the intruders have the level of access, time and resources that it sounds like and it's a "state sponsor" with substantial resources to dedicate, then they may have infected some systems at a hardware level that would be almost impossible to root out or detect.
Some of the things that might be compromised and difficult to detect or clean if detected would be hard drives (BIOS), network equipment (firmware in managed switches, routers, access points, etc.), printers and copiers (firmware, plus internal hard drives in some cases) and any other "appliances" on the network that are really special-purpose computers just like the items I listed above. Those "appliances" may be NAS devices, document management servers (some of which have been sold as turnkey solutions but which probably run Linux and some proprietary web and services software), HVAC systems, almost anything.
My best computer is a Lenovo T430 with a 1600x900 display, a 250GB Samsung 840 EVO MSATA SSD and 12 GB of RAM, plus a docking station for ease of external monitors. More than enough for almost anything I'm doing, though I've occasionally regretted not spending the extra $50 for upgraded graphics.
It does the job, but for 90% of what I'm doing I don't notice a huge difference in speed between that and a Thinkpad W700 with some level of Core 2 Duo. I figure at some point I'll drop $60 on a 120+ GB SSD and jump the W700 to 64-bit Windows, then see even less difference (Linux isn't a good option with the ATI switchable graphics in that generation).
My best non-portable is a venerable Core2Quad running CentOS that I need to get back up and running as a secondary Crashplan destination server.
Are these exciting? No, but they do what I need them to and if one dies or walks away it's easy to get back up and running with relatively little fuss due to backups and disk encryption.
That's what we're going to be doing with a few 2003 servers, all but one already running as VMs and that last one likely to be converted in the next month or two.
These are systems that need to be kept around for reference, old EMR or practice management systems where it wasn't feasible to export all data for import into a replacement system. Heck, in at least two cases I know of practices expressly deciding to not even migrate patient lists from an old billing/practice management system into a new EMR/PM system because the old system had data going back into the late '80s from physicians who'd been retired for 15 years on patients who'd not been seen in at least that long.
I fully expect that these systems will be kept around on life support until the expiration of the time period for which those records need to be kept. Records for any patients who have contact with offices now are exported (well, dumped into large PDFs) then imported to the new system, but in general I expect these systems to be alive for 10+ years from the date of switchover - fortunately we're not dealing with this at any places that see minors, and the number of disabled patients is small enough that their records (which may need to be kept permanently) can be PDFd and migrated.
Sure keeping the old system around is an expense, but it's still cheaper than going to the vendor of the abandoned EMR system for custom development of something to bulk-export records for thousands of patients - assuming that said vendor still exists. Paying tens of thousands of dollars for upgrades to disused systems just to get them on a more modern OS also isn't going to happen.
Unless you have deep philosophical reasons to never ever run Microsoft software, for almost any cutting-edge hardware youmay be better off just running VMWare (Workstation or Player) on Windows, then running your Linux within the VM. You may lose convenient access to some features, but you'll also get the advantage of better hardware compatibility and with most usage you probably won't much notice the performance hit.
I believe there were more restrictions than that, however in order to go after infringers the actual owners of TC would have to come forward in some way that would make them identifiable and they've shown no interest in ever doing so.
It's even possible that the (anonymous, uncompensated) devs were looking at all the crap they were going to have to change and deal with as a result of UEFI, signed bootloaders, etc. and otherwise increasingly restricted hardware and said "screw this, I have kids now, maybe my own startup, I have a ton of things I can spend my time on that are just as satisfying and that I don't have to avoid talking about with anyone."
Back when I was writing stuff that distributed as compiled Windows executables, I'd throw a little window into the About of programs that had GUIs - if you held Ctrl-Alt-Shift and clicked the app icon the About text would change to include the names of the team and (depending on space) possibly a `fortune` style pithy saying.
Pretty mild, and if anyone had complained about the waste of time to implement changing the text of a few fields in an existing screen it would have served as a good person filter.
I can't say whether they're overvalued, but there's definite growth potential beyond where they are now.
For example, how many municipalities in areas that they cover have "dial-a-ride" transport for seniors/handicapped? Could Lyft/Uber serve as a cross-municipality contractor for those, providing the same or better service at lower cost? Adding some specialized (e.g. wheelchair-capable) vehicles, plus being able to use their existing set of drivers where appropriate could lower municipality costs while giving better on-demand service to residents.
Heh, I reinstalled Windows recently along with switching to a SSD, and apparently didn't install Flash. I didn't miss it until I saw mention of one of the Flash 0-day exploits and a new update, so I went looking to confirm that it had updated.
Of course, I run with NoScript and RequestPolicy, so I wouldn't have been seeing much Flash content anyway.
Just because someone can't describe a fairly technical topic doesn't mean they're bad at what they do, it means that cryptography, data security or possibly data transmission work isn't what they do. Perhaps you need to revisit your recruiting materials to see if you're attracting the wrong people.
I like to consider myself more informed than a lot of folks out there (I have an unread copy of the second edition of Applied Cryptography! in a box in the garage! or maybe it's the first edition, still unread either way) and I'd be hard pressed to go beyond "I'm pretty sure it relates to the difficulties of factoring large primes or the products of multiplying large primes."
And the first question I'd ask for transmitting encrypted materials is quite frankly "who are the users at each end?" because for a surprising amount of things I'd probably say "install 7-zip and do a single-page detailed step-by-step set of instructions. Possibly laminated."
A couple of other things for prevention could include CryptoPrevent and HitmanPro.Alert.
CryptoPrevent is primarily an automated way to set a variety of documented settings to restrict execution from a variety of locations, though you may need to temporarily disable it for installing or updating some software. I also haven't investigated this, but it occurred to me this evening that those policy changes might have caused problems I recently had with some Windows security updates that ended up with me saying "screw it" and reinstalling Windows.
HitmanPro.Alert monitors filesystem behavior to attempt to detect and block the assorted CryptoLocker-style infections, though there are some that it still doesn't detect (or at least can't differentiate enough from regular activity).
This could come back to bite teachers or administrators in the ass if they're sued for their actions. They'll undoubtedly get away with it with a lot of kids, but there are going to be a few that will tell them to piss off, and then things will get ugly and expensive, possibly for both school districts and the administrators personally if it's determined that A) they didn't actually have a legal right to the information and B) it was provided to them under duress (see "Color of Law" and "Color of Authority").
I work with a few places that still have 1-2 2003 servers around, and for some of them we'll probably be locking them off from any external access and doing a few other things to restrict them while still keeping them around (possibly mostly powered down except by request). That's because they're legacy systems still running old software that someone occasionally needs to refer back to - primarily old diagnostic imaging or practice management/EMR systems which are long out of support.
I have a few places that are 1-3 doctors, 3-6 staff, and they have an old system that they need to go back and refer to every week or two for things that didn't get migrated when they changed EMRs. Migrating everything out of that old system into something like PDFs for attachment to the current system would be cost-prohibitive; paying for migration ("Sure, we'll be happy to upgrade you to our new version, it'll be just like you're switching back to us, shouldn't be more than $30k or so") is the same. We long ago VM'd almost all of these systems along with upgrading/replacing where feasible, so there's not really an added hardware maintenance cost for keeping the VMs around.
And before people say "you should have migrated everything," the last migration we did, the new vendor wanted and would accept a very specific set of fields - all on a single (large) Excel sheet. Everything migrated was practice management data - demographics, insurance, etc. NOTHING clinical was migrated (possibly for liability reasons - what happens if your import of the peanut allergy info fails because of something stupid). For clinical data, the staff at the practice still goes into the old system, generates a set of reports into PDFs, then attaches those PDFs to the new electronic chart as if the customer was coming from another practice. Migrating all the patients makes no sense, this is a specialist practice where a significant percentage of patients are seen for a year or less, then are not seen again for years if ever.
Actually, it's more that Congress stopped it by barring spending any money on transfers. So Obama could likely close Gitmo, but only by actually just closing it - take the fences down, leave the prisoners to their own devices.
I'm pretty sure that's a level of "F*ck you" to Congress that he didn't want to get into, but maybe now.... After all, what are they going to do, stop cooperating with him? Attempt to roll back what's arguably his biggest domestic achievement?
I'm pleased to see them backporting new tech to the older vehicles, and by doing this they also get replacement batteries into vehicles sold as much as 6 years ago (first introduced in 2008), though presumably they've had replacement battery packs available all along.
I'm sure they're also going to be making at least some profit on these upgrade kits, and by not abandoning the older vehicles they probably do a lot to cement loyalty from those same customers who were willing & able to drop more than $100k when they first came out.
"As Prime Minister David Cameron announced, we are required to ask ALL of our customers by the end of 2014 whether they wish to opt in or out of filtering of materials deemed offensive by the government's approved third-party monitors. As we have not yet received a response from you to our previous inquiries about this, we are now required to take additional steps to ensure that you have seen and responded to this question."
If I won a 9-figure lottery (the only kind I could win, I generally throw a dollar or two in if I notice it's gone over 200 million), the first thing to do after dealing with taxes, etc. is to set up at least one pretty iron-clad trust designed to pay me a nice solid upper-middle-class "salary" every year, with a lot of restrictions on how I could break any principal out of it. I suspect this would also impact taxes if done properly.
Once you have your perpetual senior developer-level salary set up, **then** you figure out what you want to do with the rest, be it toys, long-term investments, completing your dream to visit every strip club in the country (note: if going the "hookers and blow" route, make sure that trust is *really* airtight).
Whether it's a waste depends on what he wants to do with it. What if he wants to do a lot of code jams? Hmmmm, "Where should we get a half-dozen programmers together for a weekend?" "How about Notch's place?"
Ignoring all the people advocating A) Linux or B) Trash 'em you can turn them into decent little shopping list gadgets for people if they have decent battery life still. Avoid anything that requires Internet or other connections at all - just turn off any wireless, etc. becasue you may not have the battery for it anyway and you certainly don't have the software/updates.
HandyShopper was a great program for Palm and Windows Mobile back in the day, is free and still available: http://chrisant.home.comcast.net/~chrisant/hs3/hs3.htm
It's most useful for people who shop at multiple stores, because one of the useful features is tracking pricing for the same item across stores and showing you when it's cheaper elsewhere.
If they were easier to get I'd happily cough up the $75 to become an officially licensed exotic dancer, but the county referenced when I first saw this story a few days ago looked like it'd be a pain unless you were actually an employee of one of the businesses.
Of course, if I did this my wife might actually demand that I dance for her and that could just be ugly all around. I am not a man built for a stripper pole.
Slashdot Mirror
I strongly suspect that if they're doing this kind of wholesale replacement they're going to be doing a lot more hardening of it, particularly in terms of communications between sites, etc.
They know the current system is infected, that they can't clean it (because they can still see signs of the active infection), and that effectively they're reduced to paper or ad hoc replacements to avoid using the infected system.
Given a choice between A) work with it as-is B) Let separate groups that can't do "A" come up with their own separate workarounds or C) Replace it all, probably leaving out all the "we can't block this because of X, Y and Z" since X, Y and Z are all being replaced.
In some ways it's almost like reinstalling your entire OS every year or two to clear out all the cruft, it's just on a much larger scale.
Because at the end of one expenditure they have an aging computer and at the end of the other they have something if not new then at least much newer.
The end of Windows XP was a great example - I had customers who still had some XP boxes that were perfectly capable of running Windows 7 - PentiumM/Core/Core2 systems with 1-2 GB of RAM, etc. Adding RAM and purchasing a license for Win7Pro for those then installing, updating, installing software, etc. for 1-3 PCs per office wasn't something I could recommend to customers even though the end result would have been the same cost to them as just getting a new or off-lease machine preinstalled with Win7Pro. The cost to them would have been pretty comparable in either case, and the benefit to me in billable hours would have been higher for upgrading, but it's not something I'd do to my customers.
Think of it as the equivalent of fiduciary duty.
Absolutely there are people who could find all of it, and it may be possible to build or find a combination of tools to address all of the possible hiding spots they're able to think of. The problem is that those skilled people don't scale. As for the tool suite, while someone's attempting to assemble it, someone else is working hard at evading what's going into the suite - and even if they do put something effective together fast, how much confidence will there be that it actually got everything? It's like running a hastily cobbled together antivirus package on an already-infected system.
XKCD 1425 is actually somewhat relevant here in that a cleaning solution is that research team project, but Germany doesn't have the time to wait for it - better to EOL some equipment 2-5 years early and replace it than to wait for a solution that won't be available until have of that equipment would be EOL anyway.
And frankly, it's like something I tell my customers probably too often for my wallet's good: "I can fix it and I'd love to have you pay me to do so, but it's not worth you paying for my time to do so when we can replace it for around the same cost."
I can see why they'd be considering wholesale replacement, but I'm not sure it's going to be good enough for a long-term fix because of A) the scope of the problem and B) replacements that still have vulnerabilities. If the intruders have the level of access, time and resources that it sounds like and it's a "state sponsor" with substantial resources to dedicate, then they may have infected some systems at a hardware level that would be almost impossible to root out or detect.
Some of the things that might be compromised and difficult to detect or clean if detected would be hard drives (BIOS), network equipment (firmware in managed switches, routers, access points, etc.), printers and copiers (firmware, plus internal hard drives in some cases) and any other "appliances" on the network that are really special-purpose computers just like the items I listed above. Those "appliances" may be NAS devices, document management servers (some of which have been sold as turnkey solutions but which probably run Linux and some proprietary web and services software), HVAC systems, almost anything.
My best computer is a Lenovo T430 with a 1600x900 display, a 250GB Samsung 840 EVO MSATA SSD and 12 GB of RAM, plus a docking station for ease of external monitors. More than enough for almost anything I'm doing, though I've occasionally regretted not spending the extra $50 for upgraded graphics.
It does the job, but for 90% of what I'm doing I don't notice a huge difference in speed between that and a Thinkpad W700 with some level of Core 2 Duo. I figure at some point I'll drop $60 on a 120+ GB SSD and jump the W700 to 64-bit Windows, then see even less difference (Linux isn't a good option with the ATI switchable graphics in that generation).
My best non-portable is a venerable Core2Quad running CentOS that I need to get back up and running as a secondary Crashplan destination server.
Are these exciting? No, but they do what I need them to and if one dies or walks away it's easy to get back up and running with relatively little fuss due to backups and disk encryption.
That's what we're going to be doing with a few 2003 servers, all but one already running as VMs and that last one likely to be converted in the next month or two.
These are systems that need to be kept around for reference, old EMR or practice management systems where it wasn't feasible to export all data for import into a replacement system. Heck, in at least two cases I know of practices expressly deciding to not even migrate patient lists from an old billing/practice management system into a new EMR/PM system because the old system had data going back into the late '80s from physicians who'd been retired for 15 years on patients who'd not been seen in at least that long.
I fully expect that these systems will be kept around on life support until the expiration of the time period for which those records need to be kept. Records for any patients who have contact with offices now are exported (well, dumped into large PDFs) then imported to the new system, but in general I expect these systems to be alive for 10+ years from the date of switchover - fortunately we're not dealing with this at any places that see minors, and the number of disabled patients is small enough that their records (which may need to be kept permanently) can be PDFd and migrated.
Sure keeping the old system around is an expense, but it's still cheaper than going to the vendor of the abandoned EMR system for custom development of something to bulk-export records for thousands of patients - assuming that said vendor still exists. Paying tens of thousands of dollars for upgrades to disused systems just to get them on a more modern OS also isn't going to happen.
Unless you have deep philosophical reasons to never ever run Microsoft software, for almost any cutting-edge hardware youmay be better off just running VMWare (Workstation or Player) on Windows, then running your Linux within the VM. You may lose convenient access to some features, but you'll also get the advantage of better hardware compatibility and with most usage you probably won't much notice the performance hit.
I believe there were more restrictions than that, however in order to go after infringers the actual owners of TC would have to come forward in some way that would make them identifiable and they've shown no interest in ever doing so.
It's even possible that the (anonymous, uncompensated) devs were looking at all the crap they were going to have to change and deal with as a result of UEFI, signed bootloaders, etc. and otherwise increasingly restricted hardware and said "screw this, I have kids now, maybe my own startup, I have a ton of things I can spend my time on that are just as satisfying and that I don't have to avoid talking about with anyone."
Back when I was writing stuff that distributed as compiled Windows executables, I'd throw a little window into the About of programs that had GUIs - if you held Ctrl-Alt-Shift and clicked the app icon the About text would change to include the names of the team and (depending on space) possibly a `fortune` style pithy saying.
Pretty mild, and if anyone had complained about the waste of time to implement changing the text of a few fields in an existing screen it would have served as a good person filter.
Yeah, yeah, whoosh, "Meet the Fockers", blah blah
The answer should actually have been "Yes, but you probably wouldn't enjoy what's required."
I can't say whether they're overvalued, but there's definite growth potential beyond where they are now.
For example, how many municipalities in areas that they cover have "dial-a-ride" transport for seniors/handicapped? Could Lyft/Uber serve as a cross-municipality contractor for those, providing the same or better service at lower cost? Adding some specialized (e.g. wheelchair-capable) vehicles, plus being able to use their existing set of drivers where appropriate could lower municipality costs while giving better on-demand service to residents.
Heh, I reinstalled Windows recently along with switching to a SSD, and apparently didn't install Flash. I didn't miss it until I saw mention of one of the Flash 0-day exploits and a new update, so I went looking to confirm that it had updated.
Of course, I run with NoScript and RequestPolicy, so I wouldn't have been seeing much Flash content anyway.
Just because someone can't describe a fairly technical topic doesn't mean they're bad at what they do, it means that cryptography, data security or possibly data transmission work isn't what they do. Perhaps you need to revisit your recruiting materials to see if you're attracting the wrong people.
I like to consider myself more informed than a lot of folks out there (I have an unread copy of the second edition of Applied Cryptography! in a box in the garage! or maybe it's the first edition, still unread either way) and I'd be hard pressed to go beyond "I'm pretty sure it relates to the difficulties of factoring large primes or the products of multiplying large primes."
And the first question I'd ask for transmitting encrypted materials is quite frankly "who are the users at each end?" because for a surprising amount of things I'd probably say "install 7-zip and do a single-page detailed step-by-step set of instructions. Possibly laminated."
A couple of other things for prevention could include CryptoPrevent and HitmanPro.Alert.
CryptoPrevent is primarily an automated way to set a variety of documented settings to restrict execution from a variety of locations, though you may need to temporarily disable it for installing or updating some software. I also haven't investigated this, but it occurred to me this evening that those policy changes might have caused problems I recently had with some Windows security updates that ended up with me saying "screw it" and reinstalling Windows.
HitmanPro.Alert monitors filesystem behavior to attempt to detect and block the assorted CryptoLocker-style infections, though there are some that it still doesn't detect (or at least can't differentiate enough from regular activity).
This could come back to bite teachers or administrators in the ass if they're sued for their actions. They'll undoubtedly get away with it with a lot of kids, but there are going to be a few that will tell them to piss off, and then things will get ugly and expensive, possibly for both school districts and the administrators personally if it's determined that A) they didn't actually have a legal right to the information and B) it was provided to them under duress (see "Color of Law" and "Color of Authority").
I work with a few places that still have 1-2 2003 servers around, and for some of them we'll probably be locking them off from any external access and doing a few other things to restrict them while still keeping them around (possibly mostly powered down except by request). That's because they're legacy systems still running old software that someone occasionally needs to refer back to - primarily old diagnostic imaging or practice management/EMR systems which are long out of support.
I have a few places that are 1-3 doctors, 3-6 staff, and they have an old system that they need to go back and refer to every week or two for things that didn't get migrated when they changed EMRs. Migrating everything out of that old system into something like PDFs for attachment to the current system would be cost-prohibitive; paying for migration ("Sure, we'll be happy to upgrade you to our new version, it'll be just like you're switching back to us, shouldn't be more than $30k or so") is the same. We long ago VM'd almost all of these systems along with upgrading/replacing where feasible, so there's not really an added hardware maintenance cost for keeping the VMs around.
And before people say "you should have migrated everything," the last migration we did, the new vendor wanted and would accept a very specific set of fields - all on a single (large) Excel sheet. Everything migrated was practice management data - demographics, insurance, etc. NOTHING clinical was migrated (possibly for liability reasons - what happens if your import of the peanut allergy info fails because of something stupid). For clinical data, the staff at the practice still goes into the old system, generates a set of reports into PDFs, then attaches those PDFs to the new electronic chart as if the customer was coming from another practice. Migrating all the patients makes no sense, this is a specialist practice where a significant percentage of patients are seen for a year or less, then are not seen again for years if ever.
Actually, it's more that Congress stopped it by barring spending any money on transfers. So Obama could likely close Gitmo, but only by actually just closing it - take the fences down, leave the prisoners to their own devices.
I'm pretty sure that's a level of "F*ck you" to Congress that he didn't want to get into, but maybe now.... After all, what are they going to do, stop cooperating with him? Attempt to roll back what's arguably his biggest domestic achievement?
This may turn out to be a situation where your best way to run Linux reliably is going to be full screen under VMware. No driver problems, etc.
I'm pleased to see them backporting new tech to the older vehicles, and by doing this they also get replacement batteries into vehicles sold as much as 6 years ago (first introduced in 2008), though presumably they've had replacement battery packs available all along.
I'm sure they're also going to be making at least some profit on these upgrade kits, and by not abandoning the older vehicles they probably do a lot to cement loyalty from those same customers who were willing & able to drop more than $100k when they first came out.
"As Prime Minister David Cameron announced, we are required to ask ALL of our customers by the end of 2014 whether they wish to opt in or out of filtering of materials deemed offensive by the government's approved third-party monitors. As we have not yet received a response from you to our previous inquiries about this, we are now required to take additional steps to ensure that you have seen and responded to this question."
Or at least that's how I'd phrase it.
If I won a 9-figure lottery (the only kind I could win, I generally throw a dollar or two in if I notice it's gone over 200 million), the first thing to do after dealing with taxes, etc. is to set up at least one pretty iron-clad trust designed to pay me a nice solid upper-middle-class "salary" every year, with a lot of restrictions on how I could break any principal out of it. I suspect this would also impact taxes if done properly.
Once you have your perpetual senior developer-level salary set up, **then** you figure out what you want to do with the rest, be it toys, long-term investments, completing your dream to visit every strip club in the country (note: if going the "hookers and blow" route, make sure that trust is *really* airtight).
Whether it's a waste depends on what he wants to do with it. What if he wants to do a lot of code jams? Hmmmm, "Where should we get a half-dozen programmers together for a weekend?" "How about Notch's place?"
Ignoring all the people advocating A) Linux or B) Trash 'em you can turn them into decent little shopping list gadgets for people if they have decent battery life still. Avoid anything that requires Internet or other connections at all - just turn off any wireless, etc. becasue you may not have the battery for it anyway and you certainly don't have the software/updates.
HandyShopper was a great program for Palm and Windows Mobile back in the day, is free and still available: http://chrisant.home.comcast.net/~chrisant/hs3/hs3.htm
It's most useful for people who shop at multiple stores, because one of the useful features is tracking pricing for the same item across stores and showing you when it's cheaper elsewhere.
If they were easier to get I'd happily cough up the $75 to become an officially licensed exotic dancer, but the county referenced when I first saw this story a few days ago looked like it'd be a pain unless you were actually an employee of one of the businesses.
Of course, if I did this my wife might actually demand that I dance for her and that could just be ugly all around. I am not a man built for a stripper pole.