That definition will cover a huge number of existing devices used by businesses. For example, Interactive Voice Response (IVR) systems (press 1 for blah,..) are used by almost every company. It could also hit automated blood test equipment, self-checkout lanes in stores, vending machines, etc.
What about an ordering kiosk in McDonalds that replaced a register clerk?
What about AI call center "bots" who replace human operators? The tax
seems intended to protect human worker's jobs. Would the tax cover such
non-moving devices, when they displace a human? Will a tax like this cause
businesses in San Francisco to fall further behind ones in less restrictive
locations, and eventually go bankrupt?
The bot currently only spreads and protects the device it's on. It's quite open about doing that; not using any stealth to hide. That is obviously a white-hat approach. The concern is that this is now a huge botnet, and potentially could be taken over by a black-hat.
As we've tried to tell the politicians a thousand times, nothing is so secure the bad guys can't take it over for misuse.
However, such regulation is unlikely to happen. It is cheaper for these companies to quickly churn out 10,000,000 insecure IoT devices with minimal testing, and then use some of the profit to buy a politician. There is too much profit in being first to market.
I agree hosts lists like this are useful protection. However, they are unfortunately off-topic for this discussion. Hosts lists are used only by the more techncalliy knowledgeable users. Insecure IoT devices are more commonly used by the _less_ techncalliy knowledgeable users. Someone who knows enough to use a host list, probably also knows enough to change default passwords and disable UPnP.
DDOSing the manufacturers is interesting. However, the device has to not work for the user as quickly as possible, so they can return it quickly. Ideally, the naive user will think it's dead on arrival, and review it that way. That will hurt the manufacturer's sales numbers and reputation.
Perhaps the ideas could be combined. Have the bot change the device so the only thing it does is DDOS the manufacturer, and not pass any other traffic. I understand this would be much harder, and far more device specific, than what brickerbot currently does.
Buttons and roms cost money. Returns cost even more. Brickerbot will cost the manufacturers a significant amount of money. That will influence the only thing they care about, their financial bottom line.
This is problematic. Often, a website signs on to an ad network, by placing a link to a rotating ad image. Then the ad agency screws them over by placing inappropriate content on that link. The site owner never intended to put anything nasty on their site, but the ad agency was negligent. You can say this will flow through to the ad agency through complaints, but they tend to have lock-in contracts, and similar stupidity. In the end, the website owner loses.
This is why I prefer to contribute money via a site's store, or maybe Patreon, rather an allow ads on a site.
This makes a lot of sense. They have complete control over how the device leaves their factory, and the ability to easily (and cheaply) offer upgrades. There's no good excuse for not supporting their gear. It does cost money to support existing sales, but that's part of being a responsible manufacturer. This translates directly to sales. Irresponsible ones get trashed in reviews.
Banning crypto software and hardware exports was tried before, and didn't work (https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States). It's far to easy to illegally export the code, or an algorithm, on a micro-sd card. It's easy to find loopholes in the law, by printing the code on a t-shirt or in book.
Much of the code was developed outside the US. For example, AES was developed in Belgium (https://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
Limiting hardware exports is also long obsolete, China now has the top two (publicly announced) supercomputers in the world (https://www.top500.org/lists/2016/11/). We don't knows what secret computers any government has, but that's irrelevant for export laws.
I've seen the "to get real work done you use windows" argument used rationally for jobs that require using windows-only desktop software like AutoCad. However, it's growing less and less true for any other desktop task. It's blatantly false for servers. Linux now massively dominates the server market, especially in supercomputing. https://en.wikipedia.org/wiki/...
Windows was a cheap, low-end desktop OS, that has grown up enough for some people to try to use as a server. Commercial Unix is an expensive server OS, that has an add-on gui desktop interface since 1984 (long before windows existed). Linux is somewhere in between.
My first was also an H89. I had a lot of fun putting it together as a kit. It had a 2MHz Z-80 cpu (later upgraded to 4MHz), 64k of ram, and one hard-sectored 5 1/4 floppy drive (later upgraded to soft sectored). I wrote a lot of assembly on it. I still have it in a box somewhere, though I havn't turned it on in at least a decade.
Most PCs with built in wifi have a couple antennas in the top of the case, connected by wires to a wireless card in a pci-e slot. That's so the antennas get better signal than they could deep inside on the card. It's usually on a card, because wifi standards vary across countries, so it's easier to put in the right card, than to make a new motherboard per region. Open it up, unplug the antenna, and remove the card. If the wireless is actually built in to the motherboard, then unplug the antennas, and wrap insulated tin foil around the card.
Ransomware typically runs as a normal user, without admin access. Yet it's one of the more devastating forms of malware. It doesn't need admin access to rip through a company's shared drives.
I've been using Pale Moon for a couple years. I hated when Firefox went to the Australis, chrome clone, interface. I hated when Firefox kept deleting features, especially preferences. Pale Moon is lighter, faster, more customizable, and pays more attention to security ideas. They were the first to deal with html5 canvas fingerprinting.
On the down side, I do occasionally find a site that won't work. I'm not entirely sure if it's Pale Moon, or my combination of script and ad blockers. It's usually a fluff entertainment site, and I don't care enough to turn them all off, or fire up chrome.
Um, I think you lost a zero. The speed of light in a vacuum is 299792458 meters per second, so your 300,000 km/s figure is more than close enough. However, in a single mode glass fiber, it's about 2/3 of that, around 200,000 km/s. 3000 km / 200,000 is 15 ms, and the round trip would be a minimum of 30 ms.
Slashdot Mirror
That definition will cover a huge number of existing devices used by businesses. For example, Interactive Voice Response (IVR) systems (press 1 for blah,..) are used by almost every company. It could also hit automated blood test equipment, self-checkout lanes in stores, vending machines, etc.
What about an ordering kiosk in McDonalds that replaced a register clerk? What about AI call center "bots" who replace human operators? The tax seems intended to protect human worker's jobs. Would the tax cover such non-moving devices, when they displace a human? Will a tax like this cause businesses in San Francisco to fall further behind ones in less restrictive locations, and eventually go bankrupt?
As we've tried to tell the politicians a thousand times, nothing is so secure the bad guys can't take it over for misuse.
However, such regulation is unlikely to happen. It is cheaper for these companies to quickly churn out 10,000,000 insecure IoT devices with minimal testing, and then use some of the profit to buy a politician. There is too much profit in being first to market.
I agree hosts lists like this are useful protection. However, they are unfortunately off-topic for this discussion. Hosts lists are used only by the more techncalliy knowledgeable users. Insecure IoT devices are more commonly used by the _less_ techncalliy knowledgeable users. Someone who knows enough to use a host list, probably also knows enough to change default passwords and disable UPnP.
Perhaps the ideas could be combined. Have the bot change the device so the only thing it does is DDOS the manufacturer, and not pass any other traffic. I understand this would be much harder, and far more device specific, than what brickerbot currently does.
Buttons and roms cost money. Returns cost even more. Brickerbot will cost the manufacturers a significant amount of money. That will influence the only thing they care about, their financial bottom line.
This is why I prefer to contribute money via a site's store, or maybe Patreon, rather an allow ads on a site.
This makes a lot of sense. They have complete control over how the device leaves their factory, and the ability to easily (and cheaply) offer upgrades. There's no good excuse for not supporting their gear. It does cost money to support existing sales, but that's part of being a responsible manufacturer. This translates directly to sales. Irresponsible ones get trashed in reviews.
What security upgrades? Most of these manufacturers never try to upgrade their IoT crap. They drop it, and move on.
Yes. This merits a class action against the ISP, for distributing defective routers.
I agree with your definitions. However, the BrickerBot author is closer to a vigilante hero, than a criminal.
Much of the code was developed outside the US. For example, AES was developed in Belgium (https://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
Limiting hardware exports is also long obsolete, China now has the top two (publicly announced) supercomputers in the world (https://www.top500.org/lists/2016/11/). We don't knows what secret computers any government has, but that's irrelevant for export laws.
Windows was a cheap, low-end desktop OS, that has grown up enough for some people to try to use as a server. Commercial Unix is an expensive server OS, that has an add-on gui desktop interface since 1984 (long before windows existed). Linux is somewhere in between.
I suspect they'll "forget" to model 2 Kings 2:24, or any of the other awkward moments. https://www.kingjamesbibleonli...
My first was also an H89. I had a lot of fun putting it together as a kit. It had a 2MHz Z-80 cpu (later upgraded to 4MHz), 64k of ram, and one hard-sectored 5 1/4 floppy drive (later upgraded to soft sectored). I wrote a lot of assembly on it. I still have it in a box somewhere, though I havn't turned it on in at least a decade.
Also consider the reduction in weight from eliminating the graphite anode. That would be very useful in an electric car.
Most PCs with built in wifi have a couple antennas in the top of the case, connected by wires to a wireless card in a pci-e slot. That's so the antennas get better signal than they could deep inside on the card. It's usually on a card, because wifi standards vary across countries, so it's easier to put in the right card, than to make a new motherboard per region. Open it up, unplug the antenna, and remove the card. If the wireless is actually built in to the motherboard, then unplug the antennas, and wrap insulated tin foil around the card.
Pale Moon 27.1.2 got "381 out of 555 points" at https://html5test.com/.
Charging content providers for bandwidth in addition to end users is the opposite of the right idea.
Ransomware typically runs as a normal user, without admin access. Yet it's one of the more devastating forms of malware. It doesn't need admin access to rip through a company's shared drives.
SAP, this is a nice way to price yourself out of existance.
I've been using Pale Moon for a couple years. I hated when Firefox went to the Australis, chrome clone, interface. I hated when Firefox kept deleting features, especially preferences. Pale Moon is lighter, faster, more customizable, and pays more attention to security ideas. They were the first to deal with html5 canvas fingerprinting.
On the down side, I do occasionally find a site that won't work. I'm not entirely sure if it's Pale Moon, or my combination of script and ad blockers. It's usually a fluff entertainment site, and I don't care enough to turn them all off, or fire up chrome.
If you use firefox, or a derivative, put this in your user.js file (or set it through about:config).
user_pref("media.autoplay.enabled", false);
user_pref("image.animation_mode", "once");
Um, I think you lost a zero. The speed of light in a vacuum is 299792458 meters per second, so your 300,000 km/s figure is more than close enough. However, in a single mode glass fiber, it's about 2/3 of that, around 200,000 km/s. 3000 km / 200,000 is 15 ms, and the round trip would be a minimum of 30 ms.
https://en.wikipedia.org/wiki/...
http://physics.stackexchange.c...