At a guess, SourceForge, or maybe some other third party download mirror site with similar practices, and yeah, AFAIK, it's mostly a Windows thing. SourceForge - and others - went through a period of bundling crapware with tools being downloaded from them, and since they were a popular means for small projects to offset bandwidth costs a lot of projects got bitten until they were forced to provide an opt out - and FileZilla the poster child for projects involved. There was an outcry, as you'd expect, but I have no idea which the mirror sites stopped the practice or not because this pretty much killed my use of them for downloads (sorry, small projects!), but I believe most mirror sites that are claiming to be reputable either no longer do so at all, or at least provide projects an opt out.
While I suppose it's possible that a UK source could have leaked the information to US media where the name and pictures first emerged - or sources, given two different outlets were involved - Trump didn't waste any time in taking responsibility for the leaks and promising to get to the bottom of them. Given Trump's public disdain for the media, I'm not sure their citing of US based sources for the name and images would be enough "evidence" for him to do that, so perhaps there was also either enough of a chain of custody or something specific to the leaked data that further pinned things on a US source. Then again, someone in Trump's team might have had a brainwave and decided to capitalise on a bad situation; if Trump ever wanted an excuse to go on a witch hunt through the intelligence services, then he's now got a really good one.
In some cases, sure. In this one, not so much. What was leaked here was the name of the suspect and images of the device used at a point in the investigation at which the UK was still in the process of rounding up associates of the suspect and risked tipping them off that they needed to run (assuming they had not already done so, of course). At least some of that information would have come out anyway (did we *really* need to see images of part of the device and a bloody backpack though?), but the premature release to stroke someone's ego/wallet/whatever may lead to some members of the suspected network evading capture and successfully carrying out further attacks. Maybe next time that'll be against US interests, or someone won't share information with the US that could have prevented an attack because they didn't want the risk of having it leak.
There's a big difference between blowing the whistle on wholesale survelliance and abuse of legal limits vs. compromising a live investigation for the sake of a little kudos and a scoop, but it can also be an awfully fine line between the two and it's pretty clear those involved in the leaks and reporting them either have no idea - or simply don't care - which is which. This is absolutely the latter and it's a damning indictment of both the leaker(s) *and* the media that published it sense of responsibilty and intelligence - government is far from the only agency that is out of control.
I think it's pretty clear that BTC - and ETH, for that matter - is in a bubble right now, but due to the relatively low trading volumes it's such a volatile entity that does not mean it's too late to buy in; you just won't have the same return as those who got in at a lower price while facing exactly the same risk of a wipe out. The trick - as with any investment bubble - is to sell before it pops and, as I doubt anyone can confidently say when that will occur, "$2,700 or from some place much higher" is probably about as good as it's going to get. Even then, there's no telling what the correction will be or (more importantly, for those that don't get out in time) how long it will take BTC to recover - if you're prepared to play the long game then riding out the correction and eventual recovery is a viable route to a profit as well.
If you're not already onboard by this point though, the smarter option might be to just wait for the all but inevitable correction, buy in during the panic selling as the price corrects, then ride the next price bubble to profits. Just be sure to sell before that bubble pops too.
Blame the media, but it's not entirely a dupe. The actual story here is that Tabby's star has just started to dim again which means that astronomers are scrambling to do more observations, gather more data, and hopefully figure out some alternative possiblities with supporting evidence for what's going on, natural or otherwise. Unfortunately, we're probably going to have to get used to the Tabby's Star / aliens theory cropping up every time this dimming happens because - unlikely as the alien mega-structure theory might be - it generates clicks and, short of an overwhelming amount of evidence for an alternative solution or a reason why it can't possibly be a Dyson structure, it's still bad science to just rule it out.
That's not going help with the lunatic fringe that see aliens everywhere, or if it actually is some kind of Dyson structure (which is currently still a possibility, no matter how unlikely), of course...
Breathing might be a common trait, but breathing generic atmospheres... probably not so much. Much of the life here on Earth has fairly tight tolerances as to the specifics of the environment it exists in to the point that even a fairly small shift in levels of some trace elements would be lethal. Evolution can deal with global changes if they occur over a sufficiently long period time, and migration if the changes are more localised, but the chances of being able to breathe the unmodified atmosphere of another planet - even with a similar mix of primary elements like nitrogen and oxgen, in our case - is *much* slimmer than SciFi usually depicts.
To be fair, the claims of "aliens" are mostly coming from the media because sensational headlines leads to more readers. What actually happened was that some scientists included the possibility that it could be a Dyson structure in their list of possible explanations for what's going on, stressing that it was unlikely to be the case, and the media ran with it without the emphasis on the last part.
The problem here isn't with the scientists - except in so far as they were naive in their handling of the media - because a good scientist shouldn't discount *any* viable possibility (and a Dyson structure *is* a viable possibility for what's going on, no matter how unlikely) until there is evidence to do so. The problem - as usual - is the media's current bias towards sensationalism over unbiased factual reporting. There's also a world of difference between those who think aliens must be out there somewhere because of the Drake Equation and feel that figuring out a solution to The Great Silence could help us avoid a catastrophe vs. those who jump to unfounded conclusions that LGM as the cause of everything that they can't explain. In practice most (but certainly not all) applicable scientists are going to fall into the former group, but thanks to the media they're tarred with the same brush as those in the latter, with all the problems acquiring funding for potentially useful science that results in.
If the admins are that on the ball with their security then you'd kind of expect them to detect and deal with the infection anyway, assuming that they were even vulnerable in the first place, so at best the rootkit is going to buy its operator a little bit of time by doing the bare minimum necessary to setup the bot, but probably not all that much. The flipside would be that the almost certainly far more numerous number of potential targets that don't have a competent admin (including most home PCs) or are not all that responsive would be less likely to have a competing botnet muscle in, which is probably more beneficial to the botnet operator in the long run. Presumably there's a tipping point at which securing the host becomes preferable to keeping a low profile, and if the competition between botnets is as heated as TFA implies, then my guess would be that it was passed sometime ago.
Or the writers of the rootkits could try to secure the device they have just owned, something that has already been done by several rootkits and exploits in the past. It's actually very rare to see a genuine 0-day exploit being used to generate a botnet, they far more often tend to rely on exploits that have been released for a while and for which patches are often already available, as we just saw with WannaCry. There's basically a race between the vendors of the rootkits who will need to add a new exploit to their kits once the details go public, then get it deployed in the wild (or sold to those that do via the darknet) first, so they can maximise the yield. In that light, it's probably just a matter of time before we see more advanced defensive mechanisms built into the rootkits to try and prevent a competitor usurping control; things like closing down external admin ports, enabling and configuring any available host based firewalling, and selectively installing any outstanding OS patches that won't compromise the malware.
From what I've read on the Methane (CH4) vs. CO2, it's not at all clear cut. CH4 is indeed a far worse greenhouse gas than CO2 - figures of 20-30x the heat trapping potential are often mentioned - but lingers in the atmosphere for a much shorter span of time than CO2 as natural processes tend to remove it within a decade or so. An additional problem is that those natural processes might be in the process of being overwhelmed by the sheer amount of CH4 being introduced into the atmosphere, both from natural sources (about a third of the total) and human sources like transportation and intensive livestock farming.
Getting back to the question at hand, whether it's better for the environment to burn the CH4 vs. something else, you'd need to take into account exactly what is getting released into the atmosphere for a given amount of energy output. There are already technologies in place to limit CO2 emissions from coal-fired power plants, so if it's possible to do something similar for burning CH4, then there's no reason why it wouldn't be a much cleaner source of power than coal, GWh for GWh.
Absolutely, but the likely order of magnitude this will almost certainly result in is far from typical. Just looking at the NHS, we're essentially talking one of the largest government quangos in the world, so I can't even begin to imagine how many external consultants were involved at whatever ridiculous rates they get to charge for "working around the clock" in order to clean this up. You can almost guarantee that the IT services firms involved with the various NHS Trusts that got hit would have seized the opportunity to get as many billable hours on the clock as possible as well, right down to catering staff necessary to keep the actual hands-on IT workers plied with coffee, not to mention all the management effort on the night and in the post-mortems... And that's just the immediate clean-up effort; factor in the on-going involvement of law enforcement and security services, plus the inevitable Official Inquests and reports to government, and you're going to be well into the tens of millions.
To get back to your analogy, that's like someone smashing a window to grab something left on the seat of an old Ford and the repair bill turning out to be more than a brand new Ferrari... By the time you've included the other major organizations that got hit as well, you're going to be looking at quite the collection of supercars.
"Just think, because it only killed a few valuable targets, this will be the last time we see someone drop a few 100kg of high explosive into a residential zone, how sad..."
It's not the best wording, but Krebs is clearly bemoaning the relative levels of collateral damage here, not the relatively meagre payoff for the perpetrators.
I'm not so sure you can really draw that conclusion, although it's certainly a possibility it was just a "hobbyist", there's no reason why an organized criminal gang wouldn't just launch a malware campaign and let it drift where it would either, and either way they didn't really do so bad on that front, even allowing for the "killswitch" domain registration. As for the $300, yeah, it's low, but that's kind of the point - it's a much more affordable amount that might just tempt a few more people to think it's worth paying vs. trying to recover from whatever viable backups they may have, and much easier to reduce your exposure.
Financially, ~100k random victims paying $300 is still a few times better than a single nation state or major corporation paying several million, especially since it's much less likely to provoke the kind of robust response from law enforcement that a large scale targetted attack will prompt, let alone a ransom demand to a head of state. Of course, if your ~100k random victims also happens to result in major distruption to government organizations and major corporations like this did, you're pretty much guaranteed to get some serious law enforcement attention too, not to mention being made an example of if you get caught. In that light, I suspect the perpetrators - regardless of whether they are a hobbyist or an organized gang - will be sweating buckets over just how well they hid their tracks right now, and might even consider claiming their paid ransoms too much of a risk, and that's also a key point here.
While I agree that things are likely to get a greal deal worse, with a little luck the blowback from this is going to give those behind such attacks some serious pause for thought over the risk vs. reward they have, and should hopefully push that point back a fair way. It's just thrown the whole "spray and pray" approach of such campaigns into stark relief; you have almost zero control over who might get impacted by your campaign, and there's a very real chance you are going to hit some people with the connections to make law enforcement make a real effort to track you down, and all for a few $10k split however many ways? I suspect a lot of hobbyists, and probably a few organized gangs too, are going to be asking themselves whether that is *really* worth the risk of messing up the rest of your life for over the next few days, and will be doing so again if the perpetrators actually get caught.
I think you're looking at it from a different perspective to Krebs, although I agree that the wording could have been better. My impression is that he's saying he's depressed that those responsible would (presumably) consider the massive cost of cleaning this up for those impacted as collateral damage for their relatively meagre $26k return. Of course, other than the raw numbers, that's no different from any other legal industry where profits rely on basically screwing over others in order to make a buck; you could just as easily level the same charge at any industry with a significant environmental impact, for instance.
Yes, it's a prediction, but one that does seem at least likely to be a general trend, if not the ultimate outcome posited. The US (and the UK, for that matter) seem to be going out of their way to make themselves less attractive a destination for both long and short term visitors, whether for tourism or business. Not just from a general increase in xenophobia amongst the populace that feel a need to keep out all Muslims in case a few might looking to blow them up, or Mexicans in case they take the jobs they're often not willing to do in the first place, but from things like the laptop carry on ban.
We discussed it here a few days ago, but the general reaction to the rumour that the US was considering its ban on laptops as carry-on from the EU (which the UK will no doubt dutifully follow suit on, again), was than many people would reconsider flying into the US. Why would people want to travel to the US/UK for tourism, conferences, or whatever, and go through all that (or force attendees to), when they could just go elsewhere instead and minimise the inconvenience? That's something that is detrimental business, academia, and industry - all things that would start to lead towards the post-intellectual, foreigner-fearing states, that are gradually marginalised by the rest of the world that the OP was predicting.
Screw French though; I suspect Mandarin is going to be much more valuable to have as a secondary language, and a lot sooner than most of us were perhaps expecting.
That's looking like the best option - I've been looking into suitable cases the last few days, because while I'm not actually too fussed about my laptop/tablet compared to my camera gear as I'm seriously into my photography and frequently fly with $40,000+ of camera gear which is also impacted by this, but being without my gear while it's in transit is also a major burden. Assuming that the airlines don't step up to the plate and force a more practical alternative (like optional additional security scanning, for a "small" fee naturally) / get their lobbyists fired up about how this is impacting their business, or other nations threaten en masse to reciprocate against US airlines flying to their countries, then I suspect this is going to become the new global norm. At which point, chances of a rollback are probably right around zero - same as pretty much every other over reaching "because of the terrorists" legislation/regulation passed since 9/11.
All is not lost though; if that global rollout does happen, then I suspect we'll see a cottage industry spring up of "hardware for hire" and "ship to airport" type services (collect your pre-shipped equipment directly from our facility in the Arrivals Hall!). Of course all that is going to involve a lot of expense that, for many, will probably be factored right into the reasons for just not going, or going somewhere else - it doesn't help at all with the problems of increasing isolation from the global community that this policy will foster.
Baggage simply going missing in transit. It happens a lot, despite regulations about planes taking off without a match of luggage to boarded passengers.
Laptops are fragile. Baggage handlers often do not treat checked luggage as if it's remotely fragile, especially if it looks as if can "take it".
Allegations of TSA agents using their magic keys to steal expensive items that show up on x-rays of checked luggage.
Possibilities for espionage - if they know who and why you are travelling (which they do) it's trivial to pull the bag and backdoor the device, but see below.
Laptops/tablets are the majority case, but the ban also applies to other electronics too. $4,000 laptop? Try $40,000+ of pro-camera gear...
It's blatent security theatre that could be removed with more intensive screening of the suspect equipment, using dedicated security aisles if need be.
Yeah, you're missing something. Best solution, assuming you can't afford to risk losing your data/gear, is to freight it in a case with some tamper detection facilities before you travel - that can also include insurance against loss/damage, so you'll get much gentler handling as a result. For instance, put some of that anti-tamper tape that comes apart when you try and remove it over the clasp of your laptop case within the main package - this also works as a countermeasure for the espionage possibility above as you'll at least *know* they might have done something. And no, downloading your data from the cloud doesn't help against TSA inspection of the device if they've managed to backdoor it.
Maybe this fear of laptop bombs is justified, maybe it's actually/also a cover for something else - espionage, airline protectionism, whatever - but there are much better approaches for dealing with this that don't entail the kind of blow-back, passenger confusion, and frustration this will bring. The US (and the UK, who will no doubt dutifully follow suit given May's penchant for overzealous anti-privacy/security legislation) just seem determined to shoot themselves in the foot as a destination that people actually want to travel to from choice - the US at least can probably deal with the fallout of that, but with the UK leaving the EU and looking to forge new relationships with other countries this is about the dumbest thing they can possibly do. Hopefully, the rest of the world isn't going to go along with this - or will adopt a more sane security approach - at which point we'll have an absolute data point to whether or not the approach is justified or not - the terrorists will go after the softer targets, won't they?
Unfortunately that doesn't really help. The problem then becomes one of how conference attendees from the US bring their laptops with them to overseas venues as, for better or worse, the US currently has a lot of people that are in demand at or need to attend global academic/industry/scientific conferences. The most likely outcome of this is that interaction between US delegates and those of other nations will decline - both through US delegates being unwilling to travel overseas or overseas delegates being unwilling to travel to the US. That, in turn, has a fairly obvious eventual net result that an increasingly isolated US will eventually start to lose out on the benefits that interaction brings.
I'm guessing that if you do have an Android or iOS based smartphone then either Alphabet or Apple will be your indispensable choice accordingly, but if you are an Android user then Apple is probably your most likely first pick for the one you could do without. That was certainly going to be my choice, until I thought about it a bit more. Then I realised that, as an Android user that doesn't care much about Apple, they're mostly harmless since you generally don't need to go near their ecosystem, whereas Facebook will try to track you even if you haven't opted to use their services and they are far more pervasive on third party sites. So, for me, no pain from going without Apple, but a definite upside if Facebook were to just go away.
They're working on it. China is currently the world's largest producer of renewable energy, with more than double the capacity of the US in second place, but due to their huge energy consumption that was still just over 20% of their total production in 2013, increasing to 23% in 2014 due to their rate of deployment. Sure, there's a long way to go, but that's going to change fast as they've made a huge commitment to renewables and, unlike many other countries, are actually delivering on it; China dominates renewable deployments for multiple clean energy technologies over the last few years - although not without a fair share of controversy.
If you limit the C2 servers to those which they are actually capable of detecting, then probably close to 100% of those hosted on IPv4 addresses. They are currently looking for 10 different RATs, and it isn't going to take Shodan all that long to scan the entire IPv4 space given the number of scanners they run and how long it will take to probe each IP that is listening on the relevant port(s). The only thing that is really going to limit things is that it's not too hard to identify scanners like Shodan's and blacklist them, although I doubt many C2 server operators would have thought to do that and, even if they had, there are an awful lot of such scanners out there, and not all of them are on static IPs - transient hosts at VPS providers are used heavily as well.
The real question is, now that these C2 servers have been identified - and will continue to be identified when they get relocated to alternative providers - how reactive the ISPs that are hosting them are going to be in getting them shut down. I suspect several of the "usual suspects" amongst the C2 hosting ISPs on the Shodan list are going to fail quite badly in that regard, but that's all for the good; if this results in concentrating more of the C2 servers into a smaller number of "bullet proof" hosting providers, then the case for a responsible ISP simply adding the relevant AS to a DROP list becomes *sooo* much easier to justify.
Depends on the nature of the complaint, but under no circumstances should they pass on details of the complainer to the website owner - it's always going to be totally irrelevant to the complaint and, in many documented cases, has put the complainer in the crosshairs of some decidedly unpleasant people who are more than prepared to act on it. TFA contains a few examples of this, but the list is exceedingly long and hate speech groups are only the start of it; many of CloudFlare's customers are absolutely running criminal endeavors, as a quick perusal of their leaked partial customer list will confirm. People have suffered real harm because of CloudFlare's approach to abuse reporting, and it's probably just a matter of time before someone actually gets killed when they dox someone who was unaware of what their policy is. (I'm ignoring the actions of various people who have frequented things like the many $group supremacist sites hosted on CloudFlare and then gone on to commit hate crimes, etc. as that's not really on CloudFlare so much as the hosted sites and their viewers).
For the pure free speech issues, CloudFlare could notify the complainer of their policy and leave it at that, or perhaps notify their customer that a complaint had been received, although I suspect many of the site operators would probably just see that as a positive sign they were having an effect on the target(s) of their "message". For the outright criminal sites, that's going to depend on the situation; one of CloudFlare's services is basically a giant reverse proxy - they don't actually host the site itself - so termination of service wouldn't take the content offline, just take out its front-end domain, but it's better than nothing. Once they have been made aware of possible criminality, verifying that and advising local enforcement is probably a good idea too - kind of hard to keep common carrier style protections in place if you don't - but because they often don't host the content directly their approach is basically "don't get involved", so many "DDoS for hire", dubious pharmancies, and other such services reverse proxy their sites via CloudFlare for precisely that reason.
Formalised best practices for this kind of abuse (web hosting) is sketchy - it's far less developed than the RFCs, BCPs and reporting formats that exist for for email service operation and abuse handling - but many of the same principles still apply, and CloudFlare ignores pretty much all of them. It's basically down to that lack of a moral compass again; as long as their customers keep paying and law enforcement isn't banging on the door, CloudFlare will send on any details of complaints and then look the other way, every single time.
Do we really want CDNs and proxies and mirrors to dictate what the public can and cannot see?
Absolutely not. Free speech is free speech, even if it's not necessarily something that you, personally, might agree with, and (when it works) it's a two way street - you can't get them to STFU, but they can't get you to STFU either.
That's completely apart from the doxing of people who complain directly to those that are being complained about though; something that CloudFlare has a considerable track record of doing, often quite openly on the grounds of "so many people use us, so we're too big to block". CloudFlare might be standing up for free speech, and should be applauded for that, but the way that they are doing it has some serious moral issues and has caused people to get into some incredibly ugly situations IRL because of their approach to dealing with often legitimate complaints about their seedier clients. One thing that CloudBleed made perfectly clear was that CloudFlare provides CDN services for a lot of sites with "issues" that go far beyond free speech and into borderline or outright criminality. If they're doing the right thing on free speech, it's almost certainly more by accident than design - this is definitely not a company with a working moral compass.
Amongst others, but it's actually the EU as a whole via the European Commission in Brussels that gets the say on such deals, not specific countries or their representatives to the EU, so whatever cosy relationship might exist between Apple and the Irish government won't help them much in the unlikely event that the EC was looking into a proposed Apple-Qualcomm merger. Other than the US, they'd definitely be the largest player with a veto, but since much of the semi-conductor manufacturing is done in the Far East, I suspect some of the governments with a major role in the chip industry are probably going to want to have at least some say in the matter as well. There are lots of countries with major players in either the smartphone or semi-conductor industries that would probably be adversely impacted by an Apple-Qualcomm merger if you think about.
Fortunately it's not just the US that would get to give the deal a rubber stamp - mostly due to the way Apple has structured itself to avoid paying tax. Even if Apple were to consider it (which I think unlikely), then I suspect other major users of Qualcomm's chips in competition with Apple, Samsung especially, would be lobbying hard in both the US and the EU to get the deal blocked.
Slashdot Mirror
At a guess, SourceForge, or maybe some other third party download mirror site with similar practices, and yeah, AFAIK, it's mostly a Windows thing. SourceForge - and others - went through a period of bundling crapware with tools being downloaded from them, and since they were a popular means for small projects to offset bandwidth costs a lot of projects got bitten until they were forced to provide an opt out - and FileZilla the poster child for projects involved. There was an outcry, as you'd expect, but I have no idea which the mirror sites stopped the practice or not because this pretty much killed my use of them for downloads (sorry, small projects!), but I believe most mirror sites that are claiming to be reputable either no longer do so at all, or at least provide projects an opt out.
While I suppose it's possible that a UK source could have leaked the information to US media where the name and pictures first emerged - or sources, given two different outlets were involved - Trump didn't waste any time in taking responsibility for the leaks and promising to get to the bottom of them. Given Trump's public disdain for the media, I'm not sure their citing of US based sources for the name and images would be enough "evidence" for him to do that, so perhaps there was also either enough of a chain of custody or something specific to the leaked data that further pinned things on a US source. Then again, someone in Trump's team might have had a brainwave and decided to capitalise on a bad situation; if Trump ever wanted an excuse to go on a witch hunt through the intelligence services, then he's now got a really good one.
In some cases, sure. In this one, not so much. What was leaked here was the name of the suspect and images of the device used at a point in the investigation at which the UK was still in the process of rounding up associates of the suspect and risked tipping them off that they needed to run (assuming they had not already done so, of course). At least some of that information would have come out anyway (did we *really* need to see images of part of the device and a bloody backpack though?), but the premature release to stroke someone's ego/wallet/whatever may lead to some members of the suspected network evading capture and successfully carrying out further attacks. Maybe next time that'll be against US interests, or someone won't share information with the US that could have prevented an attack because they didn't want the risk of having it leak.
There's a big difference between blowing the whistle on wholesale survelliance and abuse of legal limits vs. compromising a live investigation for the sake of a little kudos and a scoop, but it can also be an awfully fine line between the two and it's pretty clear those involved in the leaks and reporting them either have no idea - or simply don't care - which is which. This is absolutely the latter and it's a damning indictment of both the leaker(s) *and* the media that published it sense of responsibilty and intelligence - government is far from the only agency that is out of control.
I think it's pretty clear that BTC - and ETH, for that matter - is in a bubble right now, but due to the relatively low trading volumes it's such a volatile entity that does not mean it's too late to buy in; you just won't have the same return as those who got in at a lower price while facing exactly the same risk of a wipe out. The trick - as with any investment bubble - is to sell before it pops and, as I doubt anyone can confidently say when that will occur, "$2,700 or from some place much higher" is probably about as good as it's going to get. Even then, there's no telling what the correction will be or (more importantly, for those that don't get out in time) how long it will take BTC to recover - if you're prepared to play the long game then riding out the correction and eventual recovery is a viable route to a profit as well.
If you're not already onboard by this point though, the smarter option might be to just wait for the all but inevitable correction, buy in during the panic selling as the price corrects, then ride the next price bubble to profits. Just be sure to sell before that bubble pops too.
Blame the media, but it's not entirely a dupe. The actual story here is that Tabby's star has just started to dim again which means that astronomers are scrambling to do more observations, gather more data, and hopefully figure out some alternative possiblities with supporting evidence for what's going on, natural or otherwise. Unfortunately, we're probably going to have to get used to the Tabby's Star / aliens theory cropping up every time this dimming happens because - unlikely as the alien mega-structure theory might be - it generates clicks and, short of an overwhelming amount of evidence for an alternative solution or a reason why it can't possibly be a Dyson structure, it's still bad science to just rule it out.
That's not going help with the lunatic fringe that see aliens everywhere, or if it actually is some kind of Dyson structure (which is currently still a possibility, no matter how unlikely), of course...
Breathing might be a common trait, but breathing generic atmospheres... probably not so much. Much of the life here on Earth has fairly tight tolerances as to the specifics of the environment it exists in to the point that even a fairly small shift in levels of some trace elements would be lethal. Evolution can deal with global changes if they occur over a sufficiently long period time, and migration if the changes are more localised, but the chances of being able to breathe the unmodified atmosphere of another planet - even with a similar mix of primary elements like nitrogen and oxgen, in our case - is *much* slimmer than SciFi usually depicts.
To be fair, the claims of "aliens" are mostly coming from the media because sensational headlines leads to more readers. What actually happened was that some scientists included the possibility that it could be a Dyson structure in their list of possible explanations for what's going on, stressing that it was unlikely to be the case, and the media ran with it without the emphasis on the last part.
The problem here isn't with the scientists - except in so far as they were naive in their handling of the media - because a good scientist shouldn't discount *any* viable possibility (and a Dyson structure *is* a viable possibility for what's going on, no matter how unlikely) until there is evidence to do so. The problem - as usual - is the media's current bias towards sensationalism over unbiased factual reporting. There's also a world of difference between those who think aliens must be out there somewhere because of the Drake Equation and feel that figuring out a solution to The Great Silence could help us avoid a catastrophe vs. those who jump to unfounded conclusions that LGM as the cause of everything that they can't explain. In practice most (but certainly not all) applicable scientists are going to fall into the former group, but thanks to the media they're tarred with the same brush as those in the latter, with all the problems acquiring funding for potentially useful science that results in.
If the admins are that on the ball with their security then you'd kind of expect them to detect and deal with the infection anyway, assuming that they were even vulnerable in the first place, so at best the rootkit is going to buy its operator a little bit of time by doing the bare minimum necessary to setup the bot, but probably not all that much. The flipside would be that the almost certainly far more numerous number of potential targets that don't have a competent admin (including most home PCs) or are not all that responsive would be less likely to have a competing botnet muscle in, which is probably more beneficial to the botnet operator in the long run. Presumably there's a tipping point at which securing the host becomes preferable to keeping a low profile, and if the competition between botnets is as heated as TFA implies, then my guess would be that it was passed sometime ago.
Or the writers of the rootkits could try to secure the device they have just owned, something that has already been done by several rootkits and exploits in the past. It's actually very rare to see a genuine 0-day exploit being used to generate a botnet, they far more often tend to rely on exploits that have been released for a while and for which patches are often already available, as we just saw with WannaCry. There's basically a race between the vendors of the rootkits who will need to add a new exploit to their kits once the details go public, then get it deployed in the wild (or sold to those that do via the darknet) first, so they can maximise the yield. In that light, it's probably just a matter of time before we see more advanced defensive mechanisms built into the rootkits to try and prevent a competitor usurping control; things like closing down external admin ports, enabling and configuring any available host based firewalling, and selectively installing any outstanding OS patches that won't compromise the malware.
From what I've read on the Methane (CH4) vs. CO2, it's not at all clear cut. CH4 is indeed a far worse greenhouse gas than CO2 - figures of 20-30x the heat trapping potential are often mentioned - but lingers in the atmosphere for a much shorter span of time than CO2 as natural processes tend to remove it within a decade or so. An additional problem is that those natural processes might be in the process of being overwhelmed by the sheer amount of CH4 being introduced into the atmosphere, both from natural sources (about a third of the total) and human sources like transportation and intensive livestock farming.
Getting back to the question at hand, whether it's better for the environment to burn the CH4 vs. something else, you'd need to take into account exactly what is getting released into the atmosphere for a given amount of energy output. There are already technologies in place to limit CO2 emissions from coal-fired power plants, so if it's possible to do something similar for burning CH4, then there's no reason why it wouldn't be a much cleaner source of power than coal, GWh for GWh.
Absolutely, but the likely order of magnitude this will almost certainly result in is far from typical. Just looking at the NHS, we're essentially talking one of the largest government quangos in the world, so I can't even begin to imagine how many external consultants were involved at whatever ridiculous rates they get to charge for "working around the clock" in order to clean this up. You can almost guarantee that the IT services firms involved with the various NHS Trusts that got hit would have seized the opportunity to get as many billable hours on the clock as possible as well, right down to catering staff necessary to keep the actual hands-on IT workers plied with coffee, not to mention all the management effort on the night and in the post-mortems... And that's just the immediate clean-up effort; factor in the on-going involvement of law enforcement and security services, plus the inevitable Official Inquests and reports to government, and you're going to be well into the tens of millions.
To get back to your analogy, that's like someone smashing a window to grab something left on the seat of an old Ford and the repair bill turning out to be more than a brand new Ferrari... By the time you've included the other major organizations that got hit as well, you're going to be looking at quite the collection of supercars.
"Just think, because it only killed a few valuable targets, this will be the last time we see someone drop a few 100kg of high explosive into a residential zone, how sad..."
It's not the best wording, but Krebs is clearly bemoaning the relative levels of collateral damage here, not the relatively meagre payoff for the perpetrators.
I'm not so sure you can really draw that conclusion, although it's certainly a possibility it was just a "hobbyist", there's no reason why an organized criminal gang wouldn't just launch a malware campaign and let it drift where it would either, and either way they didn't really do so bad on that front, even allowing for the "killswitch" domain registration. As for the $300, yeah, it's low, but that's kind of the point - it's a much more affordable amount that might just tempt a few more people to think it's worth paying vs. trying to recover from whatever viable backups they may have, and much easier to reduce your exposure.
Financially, ~100k random victims paying $300 is still a few times better than a single nation state or major corporation paying several million, especially since it's much less likely to provoke the kind of robust response from law enforcement that a large scale targetted attack will prompt, let alone a ransom demand to a head of state. Of course, if your ~100k random victims also happens to result in major distruption to government organizations and major corporations like this did, you're pretty much guaranteed to get some serious law enforcement attention too, not to mention being made an example of if you get caught. In that light, I suspect the perpetrators - regardless of whether they are a hobbyist or an organized gang - will be sweating buckets over just how well they hid their tracks right now, and might even consider claiming their paid ransoms too much of a risk, and that's also a key point here.
While I agree that things are likely to get a greal deal worse, with a little luck the blowback from this is going to give those behind such attacks some serious pause for thought over the risk vs. reward they have, and should hopefully push that point back a fair way. It's just thrown the whole "spray and pray" approach of such campaigns into stark relief; you have almost zero control over who might get impacted by your campaign, and there's a very real chance you are going to hit some people with the connections to make law enforcement make a real effort to track you down, and all for a few $10k split however many ways? I suspect a lot of hobbyists, and probably a few organized gangs too, are going to be asking themselves whether that is *really* worth the risk of messing up the rest of your life for over the next few days, and will be doing so again if the perpetrators actually get caught.
I think you're looking at it from a different perspective to Krebs, although I agree that the wording could have been better. My impression is that he's saying he's depressed that those responsible would (presumably) consider the massive cost of cleaning this up for those impacted as collateral damage for their relatively meagre $26k return. Of course, other than the raw numbers, that's no different from any other legal industry where profits rely on basically screwing over others in order to make a buck; you could just as easily level the same charge at any industry with a significant environmental impact, for instance.
Yes, it's a prediction, but one that does seem at least likely to be a general trend, if not the ultimate outcome posited. The US (and the UK, for that matter) seem to be going out of their way to make themselves less attractive a destination for both long and short term visitors, whether for tourism or business. Not just from a general increase in xenophobia amongst the populace that feel a need to keep out all Muslims in case a few might looking to blow them up, or Mexicans in case they take the jobs they're often not willing to do in the first place, but from things like the laptop carry on ban.
We discussed it here a few days ago, but the general reaction to the rumour that the US was considering its ban on laptops as carry-on from the EU (which the UK will no doubt dutifully follow suit on, again), was than many people would reconsider flying into the US. Why would people want to travel to the US/UK for tourism, conferences, or whatever, and go through all that (or force attendees to), when they could just go elsewhere instead and minimise the inconvenience? That's something that is detrimental business, academia, and industry - all things that would start to lead towards the post-intellectual, foreigner-fearing states, that are gradually marginalised by the rest of the world that the OP was predicting.
Screw French though; I suspect Mandarin is going to be much more valuable to have as a secondary language, and a lot sooner than most of us were perhaps expecting.
That's looking like the best option - I've been looking into suitable cases the last few days, because while I'm not actually too fussed about my laptop/tablet compared to my camera gear as I'm seriously into my photography and frequently fly with $40,000+ of camera gear which is also impacted by this, but being without my gear while it's in transit is also a major burden. Assuming that the airlines don't step up to the plate and force a more practical alternative (like optional additional security scanning, for a "small" fee naturally) / get their lobbyists fired up about how this is impacting their business, or other nations threaten en masse to reciprocate against US airlines flying to their countries, then I suspect this is going to become the new global norm. At which point, chances of a rollback are probably right around zero - same as pretty much every other over reaching "because of the terrorists" legislation/regulation passed since 9/11.
All is not lost though; if that global rollout does happen, then I suspect we'll see a cottage industry spring up of "hardware for hire" and "ship to airport" type services (collect your pre-shipped equipment directly from our facility in the Arrivals Hall!). Of course all that is going to involve a lot of expense that, for many, will probably be factored right into the reasons for just not going, or going somewhere else - it doesn't help at all with the problems of increasing isolation from the global community that this policy will foster.
Baggage simply going missing in transit. It happens a lot, despite regulations about planes taking off without a match of luggage to boarded passengers.
Laptops are fragile. Baggage handlers often do not treat checked luggage as if it's remotely fragile, especially if it looks as if can "take it".
Allegations of TSA agents using their magic keys to steal expensive items that show up on x-rays of checked luggage.
Possibilities for espionage - if they know who and why you are travelling (which they do) it's trivial to pull the bag and backdoor the device, but see below.
Laptops/tablets are the majority case, but the ban also applies to other electronics too. $4,000 laptop? Try $40,000+ of pro-camera gear...
It's blatent security theatre that could be removed with more intensive screening of the suspect equipment, using dedicated security aisles if need be.
Yeah, you're missing something. Best solution, assuming you can't afford to risk losing your data/gear, is to freight it in a case with some tamper detection facilities before you travel - that can also include insurance against loss/damage, so you'll get much gentler handling as a result. For instance, put some of that anti-tamper tape that comes apart when you try and remove it over the clasp of your laptop case within the main package - this also works as a countermeasure for the espionage possibility above as you'll at least *know* they might have done something. And no, downloading your data from the cloud doesn't help against TSA inspection of the device if they've managed to backdoor it.
Maybe this fear of laptop bombs is justified, maybe it's actually/also a cover for something else - espionage, airline protectionism, whatever - but there are much better approaches for dealing with this that don't entail the kind of blow-back, passenger confusion, and frustration this will bring. The US (and the UK, who will no doubt dutifully follow suit given May's penchant for overzealous anti-privacy/security legislation) just seem determined to shoot themselves in the foot as a destination that people actually want to travel to from choice - the US at least can probably deal with the fallout of that, but with the UK leaving the EU and looking to forge new relationships with other countries this is about the dumbest thing they can possibly do. Hopefully, the rest of the world isn't going to go along with this - or will adopt a more sane security approach - at which point we'll have an absolute data point to whether or not the approach is justified or not - the terrorists will go after the softer targets, won't they?
Unfortunately that doesn't really help. The problem then becomes one of how conference attendees from the US bring their laptops with them to overseas venues as, for better or worse, the US currently has a lot of people that are in demand at or need to attend global academic/industry/scientific conferences. The most likely outcome of this is that interaction between US delegates and those of other nations will decline - both through US delegates being unwilling to travel overseas or overseas delegates being unwilling to travel to the US. That, in turn, has a fairly obvious eventual net result that an increasingly isolated US will eventually start to lose out on the benefits that interaction brings.
I'm guessing that if you do have an Android or iOS based smartphone then either Alphabet or Apple will be your indispensable choice accordingly, but if you are an Android user then Apple is probably your most likely first pick for the one you could do without. That was certainly going to be my choice, until I thought about it a bit more. Then I realised that, as an Android user that doesn't care much about Apple, they're mostly harmless since you generally don't need to go near their ecosystem, whereas Facebook will try to track you even if you haven't opted to use their services and they are far more pervasive on third party sites. So, for me, no pain from going without Apple, but a definite upside if Facebook were to just go away.
They're working on it. China is currently the world's largest producer of renewable energy, with more than double the capacity of the US in second place, but due to their huge energy consumption that was still just over 20% of their total production in 2013, increasing to 23% in 2014 due to their rate of deployment. Sure, there's a long way to go, but that's going to change fast as they've made a huge commitment to renewables and, unlike many other countries, are actually delivering on it; China dominates renewable deployments for multiple clean energy technologies over the last few years - although not without a fair share of controversy.
If you limit the C2 servers to those which they are actually capable of detecting, then probably close to 100% of those hosted on IPv4 addresses. They are currently looking for 10 different RATs, and it isn't going to take Shodan all that long to scan the entire IPv4 space given the number of scanners they run and how long it will take to probe each IP that is listening on the relevant port(s). The only thing that is really going to limit things is that it's not too hard to identify scanners like Shodan's and blacklist them, although I doubt many C2 server operators would have thought to do that and, even if they had, there are an awful lot of such scanners out there, and not all of them are on static IPs - transient hosts at VPS providers are used heavily as well.
The real question is, now that these C2 servers have been identified - and will continue to be identified when they get relocated to alternative providers - how reactive the ISPs that are hosting them are going to be in getting them shut down. I suspect several of the "usual suspects" amongst the C2 hosting ISPs on the Shodan list are going to fail quite badly in that regard, but that's all for the good; if this results in concentrating more of the C2 servers into a smaller number of "bullet proof" hosting providers, then the case for a responsible ISP simply adding the relevant AS to a DROP list becomes *sooo* much easier to justify.
Depends on the nature of the complaint, but under no circumstances should they pass on details of the complainer to the website owner - it's always going to be totally irrelevant to the complaint and, in many documented cases, has put the complainer in the crosshairs of some decidedly unpleasant people who are more than prepared to act on it. TFA contains a few examples of this, but the list is exceedingly long and hate speech groups are only the start of it; many of CloudFlare's customers are absolutely running criminal endeavors, as a quick perusal of their leaked partial customer list will confirm. People have suffered real harm because of CloudFlare's approach to abuse reporting, and it's probably just a matter of time before someone actually gets killed when they dox someone who was unaware of what their policy is. (I'm ignoring the actions of various people who have frequented things like the many $group supremacist sites hosted on CloudFlare and then gone on to commit hate crimes, etc. as that's not really on CloudFlare so much as the hosted sites and their viewers).
For the pure free speech issues, CloudFlare could notify the complainer of their policy and leave it at that, or perhaps notify their customer that a complaint had been received, although I suspect many of the site operators would probably just see that as a positive sign they were having an effect on the target(s) of their "message". For the outright criminal sites, that's going to depend on the situation; one of CloudFlare's services is basically a giant reverse proxy - they don't actually host the site itself - so termination of service wouldn't take the content offline, just take out its front-end domain, but it's better than nothing. Once they have been made aware of possible criminality, verifying that and advising local enforcement is probably a good idea too - kind of hard to keep common carrier style protections in place if you don't - but because they often don't host the content directly their approach is basically "don't get involved", so many "DDoS for hire", dubious pharmancies, and other such services reverse proxy their sites via CloudFlare for precisely that reason.
Formalised best practices for this kind of abuse (web hosting) is sketchy - it's far less developed than the RFCs, BCPs and reporting formats that exist for for email service operation and abuse handling - but many of the same principles still apply, and CloudFlare ignores pretty much all of them. It's basically down to that lack of a moral compass again; as long as their customers keep paying and law enforcement isn't banging on the door, CloudFlare will send on any details of complaints and then look the other way, every single time.
Absolutely not. Free speech is free speech, even if it's not necessarily something that you, personally, might agree with, and (when it works) it's a two way street - you can't get them to STFU, but they can't get you to STFU either.
That's completely apart from the doxing of people who complain directly to those that are being complained about though; something that CloudFlare has a considerable track record of doing, often quite openly on the grounds of "so many people use us, so we're too big to block". CloudFlare might be standing up for free speech, and should be applauded for that, but the way that they are doing it has some serious moral issues and has caused people to get into some incredibly ugly situations IRL because of their approach to dealing with often legitimate complaints about their seedier clients. One thing that CloudBleed made perfectly clear was that CloudFlare provides CDN services for a lot of sites with "issues" that go far beyond free speech and into borderline or outright criminality. If they're doing the right thing on free speech, it's almost certainly more by accident than design - this is definitely not a company with a working moral compass.
Amongst others, but it's actually the EU as a whole via the European Commission in Brussels that gets the say on such deals, not specific countries or their representatives to the EU, so whatever cosy relationship might exist between Apple and the Irish government won't help them much in the unlikely event that the EC was looking into a proposed Apple-Qualcomm merger. Other than the US, they'd definitely be the largest player with a veto, but since much of the semi-conductor manufacturing is done in the Far East, I suspect some of the governments with a major role in the chip industry are probably going to want to have at least some say in the matter as well. There are lots of countries with major players in either the smartphone or semi-conductor industries that would probably be adversely impacted by an Apple-Qualcomm merger if you think about.
Fortunately it's not just the US that would get to give the deal a rubber stamp - mostly due to the way Apple has structured itself to avoid paying tax. Even if Apple were to consider it (which I think unlikely), then I suspect other major users of Qualcomm's chips in competition with Apple, Samsung especially, would be lobbying hard in both the US and the EU to get the deal blocked.