I once read an article by a guy who did let them into a VM he had. He had been reviewing something and was about to throw away the VM when they called.
Apparently the "tech support" guy upgraded his version of office for him, emptied the trash, and made some performance related registry changes/ improvements. All apparently legit stuff (even if the software was illegal copies). Then asked for "$20" for his work. The author even compared the Office ISO to a known good copy and couldn't find any illegal payload. This was pre-ransomware (or at the very emergence of it)
Many of these virus tools won't run in a VM - they know that the honeypots are all VMs so the software attempts to detect and remain hidden.
My favorite was a video on YouTube. There's a version of Linux that doesn't store files permanently. The video is of the hackers console as they download files and then can't execute them. They unpack a zip file... "ls" and see results. But then attempt to run the utils and they aren't there. So the guy "ls" again - sees empty folder, does a "cd" thinking he unpacked to the wrong folder. Nope. Downloads again. Checks the version of Linux. Tries again. Repeats many times before giving up.
Yeah - another one goes like this: after slowly stringing them along ("let me climb the stairs to my office" and "wait while I boot my computer") - they tell me to press the Windows key. I ask "hmmm... how about an Apple key?" They immediately hangup - no further discussion on that point.
If I'm particularly busy and not willing to play I start the call with "MS tech support??! I have a Mac." [always - click. their script must say "goto end"]
As a good/. citizen - I didn't read the article. But did he say "batteries?" Vertical takeoff yes.
How about a Railgun? Just shoot the &$#-ers into the sky and let it glide to its destination?
The damn barbarians were good at heaving big rocks long distances via different catapults - and they didn't use batteries. Well - the giant weight and sling arm I suppose stored up energy...but not a battery in the modern sense.
Yes - as tepples replied too -- it is time shifting. When you're done watching it gets deleted.
I was suggesting a (somewhat) simplistic compromise. Consumer can record to a device to watch later - but if said device has an option to upload/share with friends - then those shows with the flag set couldn't be shared.
Of course - taking a VCR tape to a friends house to watch a show is sharing. So how does one do that in our current technology world?!
We just need to balance the rights of the copyright holder with the rights of the consumer - and I think it comes down to Intent.
Phone numbers get reused. I've been buying & agreeing to stuff in your name for 9 of the past 10 years.
In other news - I moved to Google Voice and it has a "press 1" feature for unknown callers - plus they have to state their name. AND it has Google Spam detection which is pretty cool.
Yeah - I have 2 that I play. My time is valuable (to me) so I make it short - but I like to make them uncomfortable.
Old married couple who can't hear what the person is saying. They keep talking angrily back and forth "if you put your hearing aid in like I said" "shut up woman" "you old sob - I should have listened to my mother" "I don't have a good grip - don't drop it" [drop phone] [click]
When the Windows Tech Support people call I use this one:
[Dad voice] "I have a virus on my computer again? hold on - I told my kid to stop messing with the computer. Son!! Get your ass down here now. How many times have I told you... why you S-O-B... I'm going to beat you" [whack some object for effect] [child voice] "Ow Dad, ow ow I'll be good. [waah] stop it please stop it" [Dad voice] "Here - you talk to this mother-f'r and fix the goddamn computer. We're going to have a looong conversation when this is over"
Look - the law in the USA is we can record under fair-use. But - if this flag were to indicate "don't allow people to Share the recording" (for original playback only) --- I can see that. Sort of a mark in the sand - reminding people that Copyright exists. Kind of like those "FBI Warning" on DVD videos. One must enforce trademark/copyright to keep them real. So great - send us the Flag to show that copyright is being enforced.
Now - what they really need is a technology to protect content and control who can see it.:-P
Yup $50 a year is a great & easy solution -....And didn't folks try doing this with GMail back in the day? Google offered unlimited email so somebody figured out a method to "uuencode" their harddrive backup and email it to themselves? Kind of like porn back in the nntp news-group days?
People are having fun building Rube Goldberg machines. Let us all doubt that this is a serious commercial solution - and just admit it is a run "built it on a Raspberry Pi" toy solution.
I was able to gleen from the text, without understanding the acronyms, Flights tracked via seemingly surreptitious data gathering methods.
But - I'll give you this -- without clicking the link --- why should I care? So what that they grabbed license plate numbers?
Actually - after reading the article it seems more of a cool DYI traffic monitoring system. Still don't understand why it is important. Collected Data, analyzed data, created US-Today info graphs from data. The story?! You can do cool things with a Rasp Pi.
oh right - I forgot about that angle. What is the exposure to fines vs cost of doing it right? Gosh wasn't that a/. topic a few weeks ago - can't sue if there aren't any actual damages from identity theft. Just pay for monitoring and all is right with the world.
The ol' bean counter clause.
hmm... remember those companies that were experimenting with publishing all salaries of employees for full (internal) view? What if all of our personal details were just out in the open? It would reduce the value of it. Banks would pay loss insurance - and find better ways to reduce loss - and the world would be a better place.
yeah I know. I'm aware of several policies that data on external drives must be encrypted. And data sent via common carrier must also be encrypted. And signed for - life cycle management - including erasure and limited access documentation.
Our data center guys (not even handling PHI - just IP) have to use these USB drives that contain push-button PIN passwords right on the device itself. Data can't even leave the room without this level of security.
The number seems reasonable. Normally the person who owns the channel looks for a 60/40 split. Google has nothing without Apple's participation. As the article states it isn't clear who gets the 34%
As for Oracle and the Java API. I wouldn't expect the same financial split. Google should probably pay a "developer license" for Java - but not based on revenue sharing. Java embedded has a per-device license fee (http://www.oracle.com/us/corporate/pricing/price-lists/java-embedded-price-list-1977272.pdf) - fixed per unit. Although lots of units usually gets a discount. So going off and writing your own Java doesn't seem fair - and I think Google lost (or is losing) that battle.
This second one is really interesting (which I can't find the link for - it was a story on a another blog that RL linked to) - how to make bigger fish. Since we catch big fish - natural selection says "you get big - you die soon" - therefore smaller fish reproducing most. So if we want bigger fish - catch the smallish (or medium) sized ones - and let big fish get away. Now - are these fish that could have grown big or fish with "small" genes. Selection is now narrow - there are no Big fish to offer more diversity.
Right now only the "short" genes are reproducing well. Fish that have "tall" genes don't have enough offspring.
So it isn't just overfishing. It is overfishing of the wrong kinds of fish.
I watched my local police slowly drive up & down the lanes of the Home Depot/Walmart parking lot - using his license plate reader to scan the cars. Given that this data is stored for "6-12 months" - what is he doing with it?
So this idea that gov't is going to ignore our plates unless we've been found to be acting unlawfully is total BS. We already know they will collect and store this data for a rainy day --- or apply "big data" and look for patterns of wrongdoing.
State Police have already used historical plate data to track and trend car traffic after a crime was committed to find "who was there." Using "medium data" to build a list of potential suspects. It is hard to argue with the method when they successfully find who raped & killed a single mother of a small child. (created a union between Plates and Possible Suspects).
But - all of us are in the net - and who knows what else is being computed?! There would need to be tight controls on this - real warrants, and not this easily obtained warrantless crap.
Yes - I too wondered about this. But then I realized - how many people actually program their device properly if at all?
I have a basic model which is difficult to program. They've tried to make it easy - but making a change is difficult. If we're home on vacation for a week it is hard to change the set points (I just use Hold). Plus I have two of them in my two story house - so changes must be made twice. Sure, once set I rarely have to make changes (I last made changes a year ago when I got married and the house was deemed... too cold. Not married long enough to say "put on a sweater").
Given the UI and push buttons - I can see Nest's goal - bring energy efficiency to households that aren't technical enough (or aware) to use these devices.
After researching Nest devices a few years ago I decided to stay with my basic model. This "new world" of devices that have to be charged often isn't fun. Plug in my phone every day, my watch everyday, and next a Nest every month?
My Timex watch has had the same battery for 6+ years, and my thermostat goes ~2 years on AA batteries. When Nest runs out you're done (which is what I read that put me off).
If only Nest could combine the "old" and "new" design. Use a simple low power device that is a limp-home mode style "keep the furnace running" - a design that could go 2 years on a charge. Then use the fancy "30 day" high-power device to monitor and make changes (if any) to the long term device set points. This way when the 30 day battery fails/crashes the long-term one "just keeps ticking." Monitoring the home is lower priority - and after it learns how often does it make changes?
Maybe my FMEA training kicked in - but this was the first problem I saw with Nest - and living in the North I couldn't justify replacing a system that already works for one that has a known failure mode without mitigation.
I read a case of a summer camp that needed to stay "warm" in the winter - the power went out - and so did the internet. The owner speculated that because the internet was down the Nest kept trying to search for a WiFi signal until its battery died. When the power came back on the Nest was dead and the heat was out permanently. Thankfully the owner had a remote monitoring system that sent him a "cold" alarm.
Thanks for the explanation. Sounds like plenty of failure mode analysis in your system.
I should also point out that he was purchasing unprotected battery cells simply wrapped in a rubber like material - cheap on the internet shipped from an unknown location in China;-) These batteries felt like a block of clay - and he was putting them in a model airplane with only the airframe & velcro protecting them from damage.
Talk about risk taking. We'd all mock-hide when it became obvious he was about to "auger in."
You can't regulate morality. The Representative has his heart in the right place - but the constitution may be in the way (although - we do need to remember that limits can be set).
This is something that society needs to resolve. 20 Years ago I was on a subway in Japan and everyone was silent - I've never experienced anything like this in the USA. Beyond the click-clack of the wheels you could have heard a pin drop. Very little talking - and always in whispers, most cellphone rings were quickly muted and if anybody talked they covered their face and spoke quietly ending the conversation quickly. I can't believe they have a law on the books - rather a deep respect for each other.
I wondered something similar - How do they know it WILL work? Not being a physicist myself - my uninformed-self wonders if they built a hypothetical system to detect a hypothetical material?
My software side wonders: Did they build a unit-test and confirm the system will work as designed?
Dark Matter has this history of just slipping by unnoticed. If they don't know the system works are they attempting to prove a negative?
well - both charging and dis-charging (using them) can trigger the same event. If you draw enough current the battery will get hot - normally the circuit breaker (if you have one) will pop/burn. I believe most Li-on fires are runaway due to impurities or defects in the battery itself. Once they get hot enough they can't stop - kind of a melt down.
A friend of mine has model aircraft that run on batteries - he charges them in a giant tin-can outdoors. He once had one catch fire while charging (guess it got dented when his plane crashed but he charged it anyhow). It was a spectacular fire from such a small device - more like fireworks spraying up & out - made an impressive hole in the lawn.
As for the ammo box - I don't know if it will contain the fire. It would seem it could but these things burn pretty darn hot and could melt a hole depending upon the size of the battery. I wouldn't charge them in the basement.
I have a timer on my chargers - apparently some of these (cheap-o) chargers don't stop when the battery is full.
I guess they needed that section - we have several local schools that don't offer bus service in and around neighborhoods immediately adjacent to the school.
Except for small kids (kindergarten through maybe 3rd grade) - then they get out the short-bus. Parents are responsible for dropping kids off if they feel walking to school is dangerous or don't trust their kids. Cross-walk people are scattered all around to make sure kids safely cross busy roads.
School policy might have put parents in peril with the laws of the homeland.
Slashdot Mirror
that would be evil. After giving the support guy a hard time he SWATs you on the way out.
I once read an article by a guy who did let them into a VM he had. He had been reviewing something and was about to throw away the VM when they called.
Apparently the "tech support" guy upgraded his version of office for him, emptied the trash, and made some performance related registry changes/ improvements. All apparently legit stuff (even if the software was illegal copies). Then asked for "$20" for his work. The author even compared the Office ISO to a known good copy and couldn't find any illegal payload. This was pre-ransomware (or at the very emergence of it)
Many of these virus tools won't run in a VM - they know that the honeypots are all VMs so the software attempts to detect and remain hidden.
My favorite was a video on YouTube. There's a version of Linux that doesn't store files permanently. The video is of the hackers console as they download files and then can't execute them. They unpack a zip file... "ls" and see results. But then attempt to run the utils and they aren't there. So the guy "ls" again - sees empty folder, does a "cd" thinking he unpacked to the wrong folder. Nope. Downloads again. Checks the version of Linux. Tries again. Repeats many times before giving up.
Yeah - another one goes like this: after slowly stringing them along ("let me climb the stairs to my office" and "wait while I boot my computer") - they tell me to press the Windows key. I ask "hmmm... how about an Apple key?" They immediately hangup - no further discussion on that point.
If I'm particularly busy and not willing to play I start the call with "MS tech support??! I have a Mac." [always - click. their script must say "goto end"]
As a good /. citizen - I didn't read the article. But did he say "batteries?" Vertical takeoff yes.
How about a Railgun? Just shoot the &$#-ers into the sky and let it glide to its destination?
The damn barbarians were good at heaving big rocks long distances via different catapults - and they didn't use batteries. Well - the giant weight and sling arm I suppose stored up energy...but not a battery in the modern sense.
Yes - as tepples replied too -- it is time shifting. When you're done watching it gets deleted.
I was suggesting a (somewhat) simplistic compromise. Consumer can record to a device to watch later - but if said device has an option to upload/share with friends - then those shows with the flag set couldn't be shared.
Of course - taking a VCR tape to a friends house to watch a show is sharing. So how does one do that in our current technology world?!
We just need to balance the rights of the copyright holder with the rights of the consumer - and I think it comes down to Intent.
Phone numbers get reused. I've been buying & agreeing to stuff in your name for 9 of the past 10 years.
In other news - I moved to Google Voice and it has a "press 1" feature for unknown callers - plus they have to state their name. AND it has Google Spam detection which is pretty cool.
Yeah - I have 2 that I play. My time is valuable (to me) so I make it short - but I like to make them uncomfortable.
Old married couple who can't hear what the person is saying. They keep talking angrily back and forth "if you put your hearing aid in like I said" "shut up woman" "you old sob - I should have listened to my mother" "I don't have a good grip - don't drop it" [drop phone] [click]
When the Windows Tech Support people call I use this one:
[Dad voice] "I have a virus on my computer again? hold on - I told my kid to stop messing with the computer. Son!! Get your ass down here now. How many times have I told you... why you S-O-B... I'm going to beat you"
[whack some object for effect]
[child voice] "Ow Dad, ow ow I'll be good. [waah] stop it please stop it"
[Dad voice] "Here - you talk to this mother-f'r and fix the goddamn computer. We're going to have a looong conversation when this is over"
It is just a Flag - "Please be honest!"
Look - the law in the USA is we can record under fair-use. But - if this flag were to indicate "don't allow people to Share the recording" (for original playback only) --- I can see that. Sort of a mark in the sand - reminding people that Copyright exists. Kind of like those "FBI Warning" on DVD videos. One must enforce trademark/copyright to keep them real. So great - send us the Flag to show that copyright is being enforced.
Now - what they really need is a technology to protect content and control who can see it. :-P
Yup $50 a year is a great & easy solution - ....And didn't folks try doing this with GMail back in the day? Google offered unlimited email so somebody figured out a method to "uuencode" their harddrive backup and email it to themselves? Kind of like porn back in the nntp news-group days?
People are having fun building Rube Goldberg machines. Let us all doubt that this is a serious commercial solution - and just admit it is a run "built it on a Raspberry Pi" toy solution.
ha ha ha ha.... your employer doesn't know?
My employer has deployed MiM SSL certs to all equipment and we access the web via a proxy. But Chrome happily displays the Green Secure Icon!
ha ha ha -- "my employer isn't watching me." [snork] that's a good one.
I was able to gleen from the text, without understanding the acronyms, Flights tracked via seemingly surreptitious data gathering methods.
But - I'll give you this -- without clicking the link --- why should I care? So what that they grabbed license plate numbers?
Actually - after reading the article it seems more of a cool DYI traffic monitoring system. Still don't understand why it is important. Collected Data, analyzed data, created US-Today info graphs from data. The story?! You can do cool things with a Rasp Pi.
who knew it was Newegg? They sued a probably unknown (to them) company only to find out they were really Newegg.
Their internal policy is probably "don't sue Newegg" and what a surprise when the phone rang and the caller ID displayed "Newegg legal department"
oh right - I forgot about that angle. What is the exposure to fines vs cost of doing it right? Gosh wasn't that a /. topic a few weeks ago - can't sue if there aren't any actual damages from identity theft. Just pay for monitoring and all is right with the world.
The ol' bean counter clause.
hmm... remember those companies that were experimenting with publishing all salaries of employees for full (internal) view? What if all of our personal details were just out in the open? It would reduce the value of it. Banks would pay loss insurance - and find better ways to reduce loss - and the world would be a better place.
Kind of like the Rino hunt story.
yeah I know. I'm aware of several policies that data on external drives must be encrypted. And data sent via common carrier must also be encrypted. And signed for - life cycle management - including erasure and limited access documentation.
Our data center guys (not even handling PHI - just IP) have to use these USB drives that contain push-button PIN passwords right on the device itself. Data can't even leave the room without this level of security.
It is easy these days. You just need to do it.
Can you see Russia from your house?
The number seems reasonable. Normally the person who owns the channel looks for a 60/40 split. Google has nothing without Apple's participation. As the article states it isn't clear who gets the 34%
As for Oracle and the Java API. I wouldn't expect the same financial split. Google should probably pay a "developer license" for Java - but not based on revenue sharing. Java embedded has a per-device license fee (http://www.oracle.com/us/corporate/pricing/price-lists/java-embedded-price-list-1977272.pdf) - fixed per unit. Although lots of units usually gets a discount. So going off and writing your own Java doesn't seem fair - and I think Google lost (or is losing) that battle.
Up next - MobileGo!
Once these backdoors are put in place - hack the hell out of them. Make consumers nervous that their data can be stolen.
Then let's see what the politicians want to do.
Of course - only the data on the phone must be decrypted. If I use, say, Google docs - that data is "in the cloud." does that count?
I don't know - maybe the fish have gone on a diet and just getting smaller - so we have to catch more of them. :-P
RadioLab covered this in two stories (that I'm aware of)
http://www.radiolab.org/story/...
This second one is really interesting (which I can't find the link for - it was a story on a another blog that RL linked to) - how to make bigger fish. Since we catch big fish - natural selection says "you get big - you die soon" - therefore smaller fish reproducing most. So if we want bigger fish - catch the smallish (or medium) sized ones - and let big fish get away. Now - are these fish that could have grown big or fish with "small" genes. Selection is now narrow - there are no Big fish to offer more diversity.
Right now only the "short" genes are reproducing well. Fish that have "tall" genes don't have enough offspring.
So it isn't just overfishing. It is overfishing of the wrong kinds of fish.
I watched my local police slowly drive up & down the lanes of the Home Depot/Walmart parking lot - using his license plate reader to scan the cars. Given that this data is stored for "6-12 months" - what is he doing with it?
So this idea that gov't is going to ignore our plates unless we've been found to be acting unlawfully is total BS. We already know they will collect and store this data for a rainy day --- or apply "big data" and look for patterns of wrongdoing.
State Police have already used historical plate data to track and trend car traffic after a crime was committed to find "who was there." Using "medium data" to build a list of potential suspects. It is hard to argue with the method when they successfully find who raped & killed a single mother of a small child. (created a union between Plates and Possible Suspects).
But - all of us are in the net - and who knows what else is being computed?! There would need to be tight controls on this - real warrants, and not this easily obtained warrantless crap.
Yes - I too wondered about this. But then I realized - how many people actually program their device properly if at all?
I have a basic model which is difficult to program. They've tried to make it easy - but making a change is difficult. If we're home on vacation for a week it is hard to change the set points (I just use Hold). Plus I have two of them in my two story house - so changes must be made twice. Sure, once set I rarely have to make changes (I last made changes a year ago when I got married and the house was deemed... too cold. Not married long enough to say "put on a sweater").
Given the UI and push buttons - I can see Nest's goal - bring energy efficiency to households that aren't technical enough (or aware) to use these devices.
After researching Nest devices a few years ago I decided to stay with my basic model. This "new world" of devices that have to be charged often isn't fun. Plug in my phone every day, my watch everyday, and next a Nest every month?
My Timex watch has had the same battery for 6+ years, and my thermostat goes ~2 years on AA batteries. When Nest runs out you're done (which is what I read that put me off).
If only Nest could combine the "old" and "new" design. Use a simple low power device that is a limp-home mode style "keep the furnace running" - a design that could go 2 years on a charge. Then use the fancy "30 day" high-power device to monitor and make changes (if any) to the long term device set points. This way when the 30 day battery fails/crashes the long-term one "just keeps ticking." Monitoring the home is lower priority - and after it learns how often does it make changes?
Maybe my FMEA training kicked in - but this was the first problem I saw with Nest - and living in the North I couldn't justify replacing a system that already works for one that has a known failure mode without mitigation.
I read a case of a summer camp that needed to stay "warm" in the winter - the power went out - and so did the internet. The owner speculated that because the internet was down the Nest kept trying to search for a WiFi signal until its battery died. When the power came back on the Nest was dead and the heat was out permanently. Thankfully the owner had a remote monitoring system that sent him a "cold" alarm.
Thanks for the explanation. Sounds like plenty of failure mode analysis in your system.
I should also point out that he was purchasing unprotected battery cells simply wrapped in a rubber like material - cheap on the internet shipped from an unknown location in China ;-) These batteries felt like a block of clay - and he was putting them in a model airplane with only the airframe & velcro protecting them from damage.
Talk about risk taking. We'd all mock-hide when it became obvious he was about to "auger in."
You can't regulate morality. The Representative has his heart in the right place - but the constitution may be in the way (although - we do need to remember that limits can be set).
This is something that society needs to resolve. 20 Years ago I was on a subway in Japan and everyone was silent - I've never experienced anything like this in the USA. Beyond the click-clack of the wheels you could have heard a pin drop. Very little talking - and always in whispers, most cellphone rings were quickly muted and if anybody talked they covered their face and spoke quietly ending the conversation quickly. I can't believe they have a law on the books - rather a deep respect for each other.
I wondered something similar - How do they know it WILL work? Not being a physicist myself - my uninformed-self wonders if they built a hypothetical system to detect a hypothetical material?
My software side wonders: Did they build a unit-test and confirm the system will work as designed?
Dark Matter has this history of just slipping by unnoticed. If they don't know the system works are they attempting to prove a negative?
well - both charging and dis-charging (using them) can trigger the same event. If you draw enough current the battery will get hot - normally the circuit breaker (if you have one) will pop/burn. I believe most Li-on fires are runaway due to impurities or defects in the battery itself. Once they get hot enough they can't stop - kind of a melt down.
A friend of mine has model aircraft that run on batteries - he charges them in a giant tin-can outdoors. He once had one catch fire while charging (guess it got dented when his plane crashed but he charged it anyhow). It was a spectacular fire from such a small device - more like fireworks spraying up & out - made an impressive hole in the lawn.
As for the ammo box - I don't know if it will contain the fire. It would seem it could but these things burn pretty darn hot and could melt a hole depending upon the size of the battery. I wouldn't charge them in the basement.
I have a timer on my chargers - apparently some of these (cheap-o) chargers don't stop when the battery is full.
I guess they needed that section - we have several local schools that don't offer bus service in and around neighborhoods immediately adjacent to the school.
Except for small kids (kindergarten through maybe 3rd grade) - then they get out the short-bus. Parents are responsible for dropping kids off if they feel walking to school is dangerous or don't trust their kids. Cross-walk people are scattered all around to make sure kids safely cross busy roads.
School policy might have put parents in peril with the laws of the homeland.