What's this "machine ID" you speak of? The MAC address? It's pretty easy to configure the same MAC on a different machine.
Most people don't think of doing it that way because it's not a good way of doing it.
That part was a little bizarre (if you are physically connected directly from PC to router it doesnt matter much what ID the PC might have) but as a whole it creates a pretty tight way of ensuring integrity of the router configuration. In particular, not allowing any inbound access from the WAN until a hard password is set, and not allowing any association to the WLAN until a hard encryption key/passphrase is set. However, these are two steps most users don't want to bother with (and more importantly, will call tech support to help them with when they fail to complete the tasks). Security, as we have currently designed it, is pretty hard for the layperson. Vendors optimize their devices for the path of least resistance (read: path of least tech support) to minimize costs, and we shouldn't be a bit surprised.
They are identified as having the same fingerprint (which is derived from the same source as the private key). So, someone with the private key for one device (ahem, anyone who has a copy of the firmware and knows how to use binutils) can authenticate to all devices.
Isn't TFS supposed to explain what it's talking about? 1. Why does a router have public-facing SSH? The reason to use SSH on your router is to configure it, over a wired connection from your PC, innit? 2. Why does a router come with SSH keys already installed? Don't you generate your own SSH keys?
Given that they were deployed by one particular provider (Telefónica de España in this case) they probably requested a special firmware from the vendor for their CPE to allow remote management. And then did a bad job of keeping the master key safe (by putting a copy of it on 250,000+ devices). And then the vendor used it elsewhere, too.
Honestly, after the Carna botnet, does anyone think the internet isn't a raging sea of completely compromised devices?
Any race advanced enough to travel here to invade will have capabilities way beyond anything we could hope to combat or detect. I would imagine the first sign you would have would be if you were one of the lucky ones to see half the world wiped out a few seconds before you yourself were removed from this mortal realm.
How bleak. Let's be realistic, if aliens did come and wanted our planet, they would probably enslave some/most of us in the process. I mean what's a conquered planet without a bunch of servants to run it for you?
And considering what we know about FTL travel (that it is really truly impossible) even an alien with super advanced near-light-speed technology would take decades to travel from system to system. In that amount of time, their bitter rage is sure to be tempered by boredom, so when they show up they might feel the need to just chat for a bit. Space gets pretty lonely, you know?
I've stored all my past data successfully and archived in a non-magnetic format, with duplicates stored at alternate locations for safety. Now if only I could remember what my encryption password was in 1983...
That's ok, any form of encryption used in 1983 is sure to be mere seconds away from cracking with any modern PC.
Can this be the end to the monthly "Hey guys whats the best way to back up my mp3s and family pics, no i mean really back them up, like for YEARS" on ask slashdot? From now on when one of those submissions gets greenlit, a link to this is going to be the only reply. Are we agreed?
I would recommend Google docs, assuming there isn't any crazy formating involved.
#1) It is a single document so you don't have to worry about the naming of it.. #2) Google Docs has a built in ver. control, in that you can roll backwards to early version of the document, and you can see who is editing, changing etc. (assuming everyone has their own password).
It's low tech, easy to use, and the only education is to keep on using the same file name.
The big downside is that the Google Docs UI is dramatically different from Word/Excel/etc. If they need more than just a place to throw text and actual layout work is being done, the users will need to retrain on the Google Docs way of getting things done. It's not impossible, but it's also not easy either.
Throwing more technology on the pile won't help without a lot of user education, and if you had that you would not need the technology anyway...
1) Create a rational naming convention and use that.
Or
2) use Sharepoint's (base version is free beer) built in versioning system. That is what it is designed for and is one of the few things that SP does well.
This. SharePoint does it in a fairly elegant and comprehensive way if you are a Microsoft shop. If you don't want to invest the time into installing/learning SharePoint, just look into Shadow copy or one of the many delete-less for the server, so you can go back in time if changes do get clobbered. For a more user-friendly but less controllable solution, every cloud file storage platform (Onedrive, google drive, dropbox, box, etc) offers this feature in a pretty straightforward way, and they have all have paid team collaboration solutions as well to managed shared files. And if you really want to flip them the fuck out, move to an online doc platform like Office 365 or Google Docs where you can actually do collaborative editing within the documents.
Sure, but the person asking this question never even mentioned if PKI even had anything to do with the position being hired for. All we know is that he pop quizzed them on it and they didn't happen to answer the question as he wanted. If this is for a senior development job for developing encryption software than that is one thing, but if this is just random pop quiz questions than it's as silly as me asking someone questions about ARM Neon for a position writing.NET services.
If you are right then the title should really be "Ask Slashdot: What Portion of Hiring Managers Are Bad At What They Do?"
Memex searches content typically ignored by commercial search engines, such as unstructured data, unlinked content, temporary pages that are removed before commercial search engines can crawl them, and chat forums[...] Memex also automates the mechanism of crawling the dark, or anonymous, Web where criminals conduct business. These hidden services pages, accessible only through the TOR anonymizing browser, typically operate under the radar of law enforcement selling illicit drugs and other contraband.
You are right, the "deep web" is not the same thing as the/a "darknet" or "dark web". They don't do a good job of keeping that clear in the headline. From TFA's own citation on wikipedia:
"The deep web should not be confused with the dark Internet, computers that can no longer be reached via the Internet.
However the article does assert that this Memex project is indexing both unpublicized content on the general internet (the deep part) plus anonymized content on Tor and other privacy services (the dark part).
You don't need to hire experts right off the bat. What you want to hire is someone who recognizes that they don't know the answer, and tells you that, and then immediately says they'd go research it to find out. "Can I Google that?" is a perfectly valid answer sometimes. If you hire a person who knows how to learn whatever it is you need them to become an expert in, you'll have a new employee who is not only going to be a valuable asset for where you're hiring them, but also has the flexibility to expand to other areas when necessary.
TL;DR: Stop looking for purple unicorns, and start looking for fast learners.
That all depends on the kind of leadership required of the role. If you are going to be an architect and guiding implementations of public key encryption platforms, you will need a deeper understanding than what a google search will turn up because making something out of shitty advice on the internet will probably turn out pretty shitty (and you won't know the look of shitty advice when you see it). If you just need to be familiar with the concept while you work on something else, then sure "LMGTFY" will pass.
...to put on your tinfoil hat before you get out of your bed from your lead-lined walled bedroom....
It's not tinfoil-hatism when it's true. Big brother issues aside, there's a very valid point in his post: Why pay for all those extra electronics/failure points when all you want is a display device. Personally, all I want is a screen and speakers with enough ports on the back for my various systems.
Then just shop for those features and focus on making sure the panel supports CEC on/off/input-grab and you can throw away the TVs remote and forget about the "smart" features entirely after you have all your fancy stuff hooked up. If the smart wifi module breaks and you arent using it, who cares?
Presumably by leaving it unconfigured or intentionally misconfigured, you could trick it into not being very "smart" at all. I would only consider smart TVs with mandatory connectivity (of which I don't know of any) as really falling outside the acceptable criteria here. If you dont like the "smart" features don't freaking use them. Rip the button off the remote and cover it with a bit of black electrical tape. Whatever floats your boat. However, the features come from a $10 ARM SoC which every vendor is building in nowadays since it really doesn't increase their cost much. In fact, as the question suggests, making special TVs without these features is now more expensive since more people want them than don't.
According to an article in the Havana Times [havanatimes.org] the average salary in Cuba (as of 2012) was ~$22 based on a report released by the Cuban government.
Then I would say it is considerably up from what Cubans told me it was... but, I'll take it on face value since it's not completely out of whack.
The tourism industry is also likely to see a lot of growth.
The Cuban tourism indust already represents about 60% of GDP, and has done so for a long time. A lot of their infrastructure is more or less at capacity, and isn't going to scale well.
Last I was there, they'd doubled the size of the Juan Gomez airport in Varadero... and they were so over-run that the airport had been reduced to pure chaos -- they had dozens more flights than they could handle. And the resorts themselves didn't know when they were getting huge influxes of people and were unprepared for it. So all of a sudden they had a few hundred people showing up and no rooms for them.
The nice thing about Tourism as an industry is that scale only relates to demand (see winter vs summer demand in Florida as an example of how this already works). Too many tourists? Double the room rates. Double the restaurant prices. Double the airfare. No, triple it! A new horde of US tourists surging demand in Cuba will just drive up prices. Even crappy hotels have no problem accommodating for supply vs demand by racing up the price curve.
I would like them to explain why a recording function is needed in the first place. If it is about determining what the best content for you might be, wouldn't you be the best person to choose what you want to watch? Why then take your choices away from you? Or are we evolved to the point that choices have become obnoxious?
The recording is strictly related to the ability of the TV to respond to voice commands like "lower volume" or "change to DIY channel", since the audio processing is done in the cloud they have to ship out the audio over the internet. They are including this legalese as a way to disclose possible wiretapping/eavesdropping since there is a real good chance that they will occasionally end up with recordings of third party conversations on their servers.
Nothing helps ease tension in a hotbed area run by a bunch of crazies with cannons aimed at Seoul like tiny drones. Good on ya, you bunch of smarties!
Even better, if you spend enough on the Kickstarter you can get your name on the drone that will crash land in N Korea after running out of batteries and be broadcast on State TV as a trophy of the regime.
That "study" makes two very dangerous assertions: 1) all of the victims of hitchhiking are found dead/raped along the highway (as opposed to in a park, someones back yard, a dumpster, etc) and 2, all of the people in the US count as the population sample (this is the craziest one). Since not everyone who dies or is assaulted while hitchhiking can be associated, and we don't have any good way to even peg how many people might hitchhike in any given year, there is no real way to tell.
My own thought was to use 7-zip to make strongly encrypted 7z files, but somebody can suggest something better. In particular, it would be nice if such a tool could automatically do the uploading/downloading to/from the storage provider, which 7-zip doesn't do.
Something like Boxcryptor, perhaps? Although it only works with consumer grade cloud storage it sounds like what you want. Although it is $48/year on its own (if you want to do fancy stuff like manage multiple cloud accounts or encrypt filenames before storing them) so the costs of the belt to go with the suspenders can add up.
And do what? As a hitchhiker you're asking a random person for a lift, which is statistically very safe indeed. The probability that a randomly selected person stopping his/her car is not only a criminal but a criminal who would target you is very small indeed.
It's like asking someone to watch your laptop for a while in Starbucks while you go to the toilet. If you ask a random person, chances are you're ok. If someone offers to do it, be wary.
Except, it's not as if you are stepping into traffic and jumping on the first passing car. By hitchhiking, you are indeed waiting for just *that* kind of person who wants to stop and let a stranger into their car.
HIPAA? The Health Information Privacy Awareness Act?
Ahem, no, the Health Insurance Portability and Accountability Act. The name doesn't get at the parts of concern here, which are a number of privacy and confidentiality measures in Title II of the act, which sets guidelines on info systems that contain personal and/or medical data.
So only the guy in the server room can access any patient^H^H^H^H^H^H customer data, for a company with millions of customers? That's going to be one busy guy! Roughly everyone who works at the insurance company needs some access to their customers' information, so it has to be on the network. The IRS demands access too, so the insurance company has to connect it to the internet.
The notion of an operator-provided or operator-unlocked key is the way it used to work "back in the days" when every server had a monitor plugged into it. You would provide a password on bootup which was a mini-key to decrypt the actual SSL/TLS keys. It would get stashed in memory at that point and (hopefully) operator intervention wouldn't be needed again until the next scheduled reboot. Before too long, the threat of in-memory attacks far eclipsed the threat of physical server theft and this practice was ditched.
If it really needs to be exceptionally secure and you're dealing with a system that is constantly running, why not just keep any encryption keys in memory only where it's that much harder to get them and have them manually be entered by someone if the system needs to be brought down. That or use some module with the encryption baked in at a physical level to handle encryption and decryption. Yes, it's more expensive, but these systems are already hugely expensive and it makes it incredibly difficult for anyone without physical access to get at the actual data.
Is there some practical reason why it couldn't be done this way or something else that I'm missing outside of the obvious that there's another, cheaper way of doing things?
Putting the key alongside the data is a bad idea no matter how the key gets there. Finding it in RAM would be no different than finding it somewhere on the disk (assuming the disk approach is more complex than c:\config\crypto.key) so that's out. There are TPM solutions that can make it secure (storing the key in tamperproof memory, never releasing it, doing the encryption/decryption only at the request of signed binaries) but at this scale I don't know if the TPM can keep up or if doing it all on one closed system is enough of a safeguard. Would security go up by having one hardened database server and one hardened decrypt server in different auth realms, or would it go down since the attack surface is larger?
Slashdot Mirror
What's this "machine ID" you speak of? The MAC address? It's pretty easy to configure the same MAC on a different machine.
Most people don't think of doing it that way because it's not a good way of doing it.
That part was a little bizarre (if you are physically connected directly from PC to router it doesnt matter much what ID the PC might have) but as a whole it creates a pretty tight way of ensuring integrity of the router configuration. In particular, not allowing any inbound access from the WAN until a hard password is set, and not allowing any association to the WLAN until a hard encryption key/passphrase is set. However, these are two steps most users don't want to bother with (and more importantly, will call tech support to help them with when they fail to complete the tasks). Security, as we have currently designed it, is pretty hard for the layperson. Vendors optimize their devices for the path of least resistance (read: path of least tech support) to minimize costs, and we shouldn't be a bit surprised.
This is the fingerprint, not the root user's key.
They are identified as having the same fingerprint (which is derived from the same source as the private key). So, someone with the private key for one device (ahem, anyone who has a copy of the firmware and knows how to use binutils) can authenticate to all devices.
Isn't TFS supposed to explain what it's talking about?
1. Why does a router have public-facing SSH? The reason to use SSH on your router is to configure it, over a wired connection from your PC, innit?
2. Why does a router come with SSH keys already installed? Don't you generate your own SSH keys?
Given that they were deployed by one particular provider (Telefónica de España in this case) they probably requested a special firmware from the vendor for their CPE to allow remote management. And then did a bad job of keeping the master key safe (by putting a copy of it on 250,000+ devices). And then the vendor used it elsewhere, too.
Honestly, after the Carna botnet, does anyone think the internet isn't a raging sea of completely compromised devices?
Any race advanced enough to travel here to invade will have capabilities way beyond anything we could hope to combat or detect. I would imagine the first sign you would have would be if you were one of the lucky ones to see half the world wiped out a few seconds before you yourself were removed from this mortal realm.
How bleak. Let's be realistic, if aliens did come and wanted our planet, they would probably enslave some/most of us in the process. I mean what's a conquered planet without a bunch of servants to run it for you?
And considering what we know about FTL travel (that it is really truly impossible) even an alien with super advanced near-light-speed technology would take decades to travel from system to system. In that amount of time, their bitter rage is sure to be tempered by boredom, so when they show up they might feel the need to just chat for a bit. Space gets pretty lonely, you know?
I've stored all my past data successfully and archived in a non-magnetic format, with duplicates stored at alternate locations for safety. Now if only I could remember what my encryption password was in 1983...
That's ok, any form of encryption used in 1983 is sure to be mere seconds away from cracking with any modern PC.
Can this be the end to the monthly "Hey guys whats the best way to back up my mp3s and family pics, no i mean really back them up, like for YEARS" on ask slashdot? From now on when one of those submissions gets greenlit, a link to this is going to be the only reply. Are we agreed?
I would recommend Google docs, assuming there isn't any crazy formating involved.
#1) It is a single document so you don't have to worry about the naming of it..
#2) Google Docs has a built in ver. control, in that you can roll backwards to early version of the document, and you can see who is editing, changing etc. (assuming everyone has their own password).
It's low tech, easy to use, and the only education is to keep on using the same file name.
The big downside is that the Google Docs UI is dramatically different from Word/Excel/etc. If they need more than just a place to throw text and actual layout work is being done, the users will need to retrain on the Google Docs way of getting things done. It's not impossible, but it's also not easy either.
Throwing more technology on the pile won't help without a lot of user education, and if you had that you would not need the technology anyway...
1) Create a rational naming convention and use that.
Or
2) use Sharepoint's (base version is free beer) built in versioning system. That is what it is designed for and is one of the few things that SP does well.
This. SharePoint does it in a fairly elegant and comprehensive way if you are a Microsoft shop. If you don't want to invest the time into installing/learning SharePoint, just look into Shadow copy or one of the many delete-less for the server, so you can go back in time if changes do get clobbered. For a more user-friendly but less controllable solution, every cloud file storage platform (Onedrive, google drive, dropbox, box, etc) offers this feature in a pretty straightforward way, and they have all have paid team collaboration solutions as well to managed shared files. And if you really want to flip them the fuck out, move to an online doc platform like Office 365 or Google Docs where you can actually do collaborative editing within the documents.
Sure, but the person asking this question never even mentioned if PKI even had anything to do with the position being hired for. All we know is that he pop quizzed them on it and they didn't happen to answer the question as he wanted. If this is for a senior development job for developing encryption software than that is one thing, but if this is just random pop quiz questions than it's as silly as me asking someone questions about ARM Neon for a position writing .NET services.
If you are right then the title should really be "Ask Slashdot: What Portion of Hiring Managers Are Bad At What They Do?"
Which is it, Deep Web or Darknet?
Excellent reporting there.
TFA explains that it's both:
Memex searches content typically ignored by commercial search engines, such as unstructured data, unlinked content, temporary pages that are removed before commercial search engines can crawl them, and chat forums[...]
Memex also automates the mechanism of crawling the dark, or anonymous, Web where criminals conduct business. These hidden services pages, accessible only through the TOR anonymizing browser, typically operate under the radar of law enforcement selling illicit drugs and other contraband.
You are right, the "deep web" is not the same thing as the/a "darknet" or "dark web". They don't do a good job of keeping that clear in the headline. From TFA's own citation on wikipedia:
"The deep web should not be confused with the dark Internet, computers that can no longer be reached via the Internet.
However the article does assert that this Memex project is indexing both unpublicized content on the general internet (the deep part) plus anonymized content on Tor and other privacy services (the dark part).
You don't need to hire experts right off the bat. What you want to hire is someone who recognizes that they don't know the answer, and tells you that, and then immediately says they'd go research it to find out. "Can I Google that?" is a perfectly valid answer sometimes. If you hire a person who knows how to learn whatever it is you need them to become an expert in, you'll have a new employee who is not only going to be a valuable asset for where you're hiring them, but also has the flexibility to expand to other areas when necessary.
TL;DR: Stop looking for purple unicorns, and start looking for fast learners.
That all depends on the kind of leadership required of the role. If you are going to be an architect and guiding implementations of public key encryption platforms, you will need a deeper understanding than what a google search will turn up because making something out of shitty advice on the internet will probably turn out pretty shitty (and you won't know the look of shitty advice when you see it). If you just need to be familiar with the concept while you work on something else, then sure "LMGTFY" will pass.
...to put on your tinfoil hat before you get out of your bed from your lead-lined walled bedroom....
It's not tinfoil-hatism when it's true. Big brother issues aside, there's a very valid point in his post: Why pay for all those extra electronics/failure points when all you want is a display device. Personally, all I want is a screen and speakers with enough ports on the back for my various systems.
Then just shop for those features and focus on making sure the panel supports CEC on/off/input-grab and you can throw away the TVs remote and forget about the "smart" features entirely after you have all your fancy stuff hooked up. If the smart wifi module breaks and you arent using it, who cares?
Presumably by leaving it unconfigured or intentionally misconfigured, you could trick it into not being very "smart" at all. I would only consider smart TVs with mandatory connectivity (of which I don't know of any) as really falling outside the acceptable criteria here. If you dont like the "smart" features don't freaking use them. Rip the button off the remote and cover it with a bit of black electrical tape. Whatever floats your boat. However, the features come from a $10 ARM SoC which every vendor is building in nowadays since it really doesn't increase their cost much. In fact, as the question suggests, making special TVs without these features is now more expensive since more people want them than don't.
Then I would say it is considerably up from what Cubans told me it was ... but, I'll take it on face value since it's not completely out of whack.
The Cuban tourism indust already represents about 60% of GDP, and has done so for a long time. A lot of their infrastructure is more or less at capacity, and isn't going to scale well.
Last I was there, they'd doubled the size of the Juan Gomez airport in Varadero ... and they were so over-run that the airport had been reduced to pure chaos -- they had dozens more flights than they could handle. And the resorts themselves didn't know when they were getting huge influxes of people and were unprepared for it. So all of a sudden they had a few hundred people showing up and no rooms for them.
The nice thing about Tourism as an industry is that scale only relates to demand (see winter vs summer demand in Florida as an example of how this already works). Too many tourists? Double the room rates. Double the restaurant prices. Double the airfare. No, triple it! A new horde of US tourists surging demand in Cuba will just drive up prices. Even crappy hotels have no problem accommodating for supply vs demand by racing up the price curve.
I would like them to explain why a recording function is needed in the first place. If it is about determining what the best content for you might be, wouldn't you be the best person to choose what you want to watch? Why then take your choices away from you? Or are we evolved to the point that choices have become obnoxious?
The recording is strictly related to the ability of the TV to respond to voice commands like "lower volume" or "change to DIY channel", since the audio processing is done in the cloud they have to ship out the audio over the internet. They are including this legalese as a way to disclose possible wiretapping/eavesdropping since there is a real good chance that they will occasionally end up with recordings of third party conversations on their servers.
Nothing helps ease tension in a hotbed area run by a bunch of crazies with cannons aimed at Seoul like tiny drones. Good on ya, you bunch of smarties!
Even better, if you spend enough on the Kickstarter you can get your name on the drone that will crash land in N Korea after running out of batteries and be broadcast on State TV as a trophy of the regime.
That "study" makes two very dangerous assertions: 1) all of the victims of hitchhiking are found dead/raped along the highway (as opposed to in a park, someones back yard, a dumpster, etc) and 2, all of the people in the US count as the population sample (this is the craziest one). Since not everyone who dies or is assaulted while hitchhiking can be associated, and we don't have any good way to even peg how many people might hitchhike in any given year, there is no real way to tell.
Good question. I asked something similar in a comment the last time this question was asked, only about a week ago but nobody provided an answer. Maybe we'll get one this time.
My own thought was to use 7-zip to make strongly encrypted 7z files, but somebody can suggest something better. In particular, it would be nice if such a tool could automatically do the uploading/downloading to/from the storage provider, which 7-zip doesn't do.
Something like Boxcryptor, perhaps? Although it only works with consumer grade cloud storage it sounds like what you want. Although it is $48/year on its own (if you want to do fancy stuff like manage multiple cloud accounts or encrypt filenames before storing them) so the costs of the belt to go with the suspenders can add up.
https://www.boxcryptor.com/
Homemade RC Millennium Falcon Is the Drone You've Always Dreamed of Flying
Stop telling me what to think. Does no-one have any opinions of their own any more?
OK fine. This is not the clickbait you're looking for...
And do what? As a hitchhiker you're asking a random person for a lift, which is statistically very safe indeed. The probability that a randomly selected person stopping his/her car is not only a criminal but a criminal who would target you is very small indeed.
It's like asking someone to watch your laptop for a while in Starbucks while you go to the toilet. If you ask a random person, chances are you're ok. If someone offers to do it, be wary.
Except, it's not as if you are stepping into traffic and jumping on the first passing car. By hitchhiking, you are indeed waiting for just *that* kind of person who wants to stop and let a stranger into their car.
you mean you dont have `alias rm="rm -rf"` in your bash.rc file? Pansy.
HIPAA? The Health Information Privacy Awareness Act?
Ahem, no, the Health Insurance Portability and Accountability Act. The name doesn't get at the parts of concern here, which are a number of privacy and confidentiality measures in Title II of the act, which sets guidelines on info systems that contain personal and/or medical data.
So only the guy in the server room can access any patient^H^H^H^H^H^H customer data, for a company with millions of customers? That's going to be one busy guy! Roughly everyone who works at the insurance company needs some access to their customers' information, so it has to be on the network. The IRS demands access too, so the insurance company has to connect it to the internet.
The notion of an operator-provided or operator-unlocked key is the way it used to work "back in the days" when every server had a monitor plugged into it. You would provide a password on bootup which was a mini-key to decrypt the actual SSL/TLS keys. It would get stashed in memory at that point and (hopefully) operator intervention wouldn't be needed again until the next scheduled reboot. Before too long, the threat of in-memory attacks far eclipsed the threat of physical server theft and this practice was ditched.
If it really needs to be exceptionally secure and you're dealing with a system that is constantly running, why not just keep any encryption keys in memory only where it's that much harder to get them and have them manually be entered by someone if the system needs to be brought down. That or use some module with the encryption baked in at a physical level to handle encryption and decryption. Yes, it's more expensive, but these systems are already hugely expensive and it makes it incredibly difficult for anyone without physical access to get at the actual data.
Is there some practical reason why it couldn't be done this way or something else that I'm missing outside of the obvious that there's another, cheaper way of doing things?
Putting the key alongside the data is a bad idea no matter how the key gets there. Finding it in RAM would be no different than finding it somewhere on the disk (assuming the disk approach is more complex than c:\config\crypto.key) so that's out. There are TPM solutions that can make it secure (storing the key in tamperproof memory, never releasing it, doing the encryption/decryption only at the request of signed binaries) but at this scale I don't know if the TPM can keep up or if doing it all on one closed system is enough of a safeguard. Would security go up by having one hardened database server and one hardened decrypt server in different auth realms, or would it go down since the attack surface is larger?