... when there's much more energy in light or heat? Solar cells power calculators and garden lights pretty well. Domestic lights put out 5-100 watts of power distributed around a room. Wifi power levels are much lower - 0.15 watts or so.
Amazingly security, secure programming, defensive programming, security testing don't make the list. Maybe that's why there are so many code vulnerabilities out there.
Maybe it will, especially if people have high bandwidth connections. But I suspect most people will be on ADSL or cable.
Now the default zmap syn scan uploads 432 bits (54 bytes) per packet, that's 14 bytes Ethernet frame, 20 bytes IP and 20 bytes TCP. Which means the full 2^32 IPv4 address range needs 1.855 Terabits upload. That's 0.51 hours at 1 Gbit/sec, or 5.15 hours at 100 Mbit/sec, or 51.5 hours at 10 Mbit/sec, or 515 hours (21.5 days) at a more common ADSL uplink of 1 Mbit/sec. Remember the A in ADSL is for Asymmetric - uplinks are much slower than downlinks.
(These are not quite right - times could be faster if large parts of the address space are black-listed, also there's no need to transmit all the Ethernet header on the uplink, the actual number of bits depends on connection technology.)
They make computers specifically designed for novice and more elderly users. You can either get full computer systems, or a USB "homekey" to boot other computers. It's based on Linux Mint, by the way.
(You don't mention whether you volunteer or get paid to service computers. If you get paid, avoid this approach as you might be out of a job! But if you volunteer, it should cut your maintenance workload.)
A lot of people think that PGP encryption is unbreakable and that the NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly mistake. In Idaho, a left-wing activist by the name of Craig Steingold was arrested _one day_ before he and others wee to stage a protest at government buildings; the police had a copy of a message sent by Steingold to another activist, a message which had been encrypted with PGP and sent through E-mail.
Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to allow the NSA to easily break encoded messages. Early in 1992, the author, Paul Zimmerman, was arrested by Government agents. He was told that he would be set up for trafficking narcotics unless he complied. The Government agency's demands were simple: He was to put a virtually undetectable trapdoor, designed by the NSA, into all future releases of PGP, and to tell no-one.
After reading this, you may think of using an earlier version of PGP. However, any version found on an FTP site or bulletin board has been doctored. Only use copies acquired before 1992, and do NOT use a recent compiler to compile them. Virtually ALL popular compilers have been modified to insert the trapdoor (consisting of a few trivial changes) into any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft, Borland, AT&T and other companies were persuaded into giving the order for the modification (each ot these companies' boards contains at least one Trilateral Commission member or Bilderberg Committee attendant).
It took the agency more to modify GNU C, but eventually they did it. The Free Software Foundation was threatened with "an IRS investigation", in other words, with being forced out of business, unless they complied. The result is that all versions of GCC on the FTP sites and all versions above 2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC with itself will not help; the code is inserted by the compiler into itself. Recompiling with another compiler may help, as long as the compiler is older than from 1992.
While there are lots of reports of bad updates from the various AV vendors in news articles, does anyone consistently track the history of these bad updates by vendor, date, and ideally impact?
Enables you to build your very own battery powered Electronic Enigma machine. Does NOT include wooden case. Requires only basic soldering experience. Extensive easy to read 60+ page manual.
Note this won't necessarily work when writing zeros - you might get a file with a "hole" in it. Been there, done it, noticed the problem when getting ridiculously fast transfer times for the dd command.
Back in the old days of floppy disks, though, it was fun to demonstrate recovery of data, especially when they had been written on a 40-track drive and read on an 80-track drive.
ccleaner for Windows http://www.piriform.com/CCLEANER has an option for overwriting free space. So you could delete all your files, profile, user registry, temp files. Empty waste bin, then use the ccleaner wipe free space option. And hope you remembered everything that needed deleting.
Once is probably enough, but not always for SSDs. (Not that the original poster has those on a 10 year old machine;-) Some of those may de=duplicate identical blocks. Under some circumstances, writing zeros with dd (e.g. to a file) will result in the creation of a file with "holes" rather than overwriting the file.
A reasonably safe process is to write changing pseudo-random data to all blocks, then write zeros to all blocks. Won't necessarily delete any reallocated bad blocks, but you can't read those through normal drive operations. A pass of zeros makes it easy to check the disk is clean and is nice to later users of disk imaging software, as that software has no need to copy zero blocks. But that's bordering on OCD tidiness!
As I note earlier, photorec http://www.cgsecurity.org/wiki/PhotoRec will get the data back easily. And it's free. (Working out which recovered files are useful is another matter, most filename information won't be recovered.)
... in a decade far, far away we used to use multi-user operating systems. Which used to keep one user's data private from another - unless they explicitly wished to share. They also let the sysadmin install software packages for everyone to use, or each user could run their own local programs - which could not access other user's data.
Sounds familiar? So why propose a "solution" that only gives application-layer (rather than OS-layer) protection between users? That only protects properly one (corporate) user - isn't my personal data of at least equal value? That can't easily be extended to several users (think "e-banking user" which shares no data at all with "games user")? And there's no inherent reason why the different user programs can't share the same display screen either, with different passwords and screen lock timeouts - so you don't need a password to run Angry Birds, but do to unlock your contacts.
+1 for this. Not at all geeky to use - it's a neat front end to partclone (partclone.org). Compresses the filesystems, so it can be really fast to restore, especially if you clean it up (CCleaner) and defrag it first. You can also put this on a bootable CD/DVD with the restore image.
Also consider how much time and money it takes *you* to install the systems in the first place. Especially if the PCs need to run an office suite, music, video and photo software.
What I've personally done is: a) boot up Ubuntu off USB stick b) wipe the whole hard drive using "dd if=/dev/zero of=/dev/sda bs=10M" (10 secs your time, 20-30 mins elapsed [typically ~2GB/minute]) c) Install Ubuntu (1 min your time, 10 mins elapsed when using USB) d) Install updates (1 min your time, 30 mins elapsed if off internet, 10 mins if off USB).
If you are installing lots of machines, consider updating the USB with all updates. If you have older machines, consider Lubuntu instead. The OEM install is nice if you want the recipient to create the initial account.
If you need to use Windows, the same principles apply. Use a USB drive to install it, it's faster than CD. Download all pieces of software and updates, also to USB. But you will need to run rather more installers than with Ubuntu. How much is your time worth?
Quite right, installing pure Windows 7 on a newish machine is about as easy as installing Ubuntu.
Installing a usable computer system is another matter though. On Ubuntu, you already have office, music and photo software, and a few clicks on the Software Centre menus gets you any other software and codecs you want. On Windows, you will need to find quite a few more applications, each from their own website, and download and install them in a myriad of ways.
Wouldn't it be nice if there was a Windows App Store even half as good as any major distro's repository?
The logical conclusion should be we need to use complex passwords that don't need to be typed manually. That tends to imply some hardware device (since pure software systems run the risk of compromise). We've actually had these for some time - the crypto smartcards / phone SIM cards / etc that perform crypto challenge-response. Some of these use public key crypto, so additionally there is no need to share your secret (i.e. private key) with anyone else.
We may sometimes need two-factor authentication, but the main reason is to ensure that the correct human is using the device, to the necessary level of assurance.
Note we also should not demand high authentication all the time - it tends to lead to social attacks / phishing. So for example it might be appropriate to only need the hardware device to allow access to see the balance of a bank account. (Which is much the same as just needing your cash card to enquire the balance over the counter.) But if you want to withdraw any sizeable sum, then demand a second factor (password/PIN) on each transaction.
I now offer people a Linux Live CD - such as Ubuntu. Tell them it will get their machine working, they can recover the files, and I won't need to see their private stuff.
Now if they are the type who like clicking "yes" to everything including the "install" option, well, that's another problem fixed for good.
Support by email - http://lmgtfy.com/ and http://giyf.com/ are good pointers.
... since LEO, the first commercial business computer, was based on the EDSAC design. Amazingly LEO computers were still in use in 1981. Check out the LEO Computers Society.
Check out Seeed Studio scopes.
They sell JYE Tech scope for $54, DSO Nano for $89. Fine if you don't need high sample rate, they are limited to 5M samples/sec or 1M samples/sec respectively.
Slashdot Mirror
... when there's much more energy in light or heat?
Solar cells power calculators and garden lights pretty well. Domestic lights put out 5-100 watts of power distributed around a room.
Wifi power levels are much lower - 0.15 watts or so.
Metadata? You just let the NSA store it for you.
No mention of how to make professional installation packages which can be maintained in a production environment.
Really the list is "things every coder should aim to know". Need much more to get the "software engineer" label.
Amazingly security, secure programming, defensive programming, security testing don't make the list.
Maybe that's why there are so many code vulnerabilities out there.
Maybe it will, especially if people have high bandwidth connections. But I suspect most people will be on ADSL or cable.
Now the default zmap syn scan uploads 432 bits (54 bytes) per packet, that's 14 bytes Ethernet frame, 20 bytes IP and 20 bytes TCP. Which means the full 2^32 IPv4 address range needs 1.855 Terabits upload. That's 0.51 hours at 1 Gbit/sec, or 5.15 hours at 100 Mbit/sec, or 51.5 hours at 10 Mbit/sec, or 515 hours (21.5 days) at a more common ADSL uplink of 1 Mbit/sec. Remember the A in ADSL is for Asymmetric - uplinks are much slower than downlinks.
(These are not quite right - times could be faster if large parts of the address space are black-listed, also there's no need to transmit all the Ethernet header on the uplink, the actual number of bits depends on connection technology.)
Check out http://www.simplicitycomputers.co.uk/.
They make computers specifically designed for novice and more elderly users. You can either get full computer systems, or a USB "homekey" to boot other computers. It's based on Linux Mint, by the way.
(You don't mention whether you volunteer or get paid to service computers. If you get paid, avoid this approach as you might be out of a job! But if you volunteer, it should cut your maintenance workload.)
As mentioned in alt.privacy in 1993:-
A lot of people think that PGP encryption is unbreakable and that the
NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly
mistake. In Idaho, a left-wing activist by the name of Craig Steingold was
arrested _one day_ before he and others wee to stage a protest at government
buildings; the police had a copy of a message sent by Steingold to another
activist, a message which had been encrypted with PGP and sent through E-mail.
Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to
allow the NSA to easily break encoded messages. Early in 1992, the author,
Paul Zimmerman, was arrested by Government agents. He was told that he
would be set up for trafficking narcotics unless he complied. The Government
agency's demands were simple: He was to put a virtually undetectable
trapdoor, designed by the NSA, into all future releases of PGP, and to
tell no-one.
After reading this, you may think of using an earlier version of
PGP. However, any version found on an FTP site or bulletin board has been
doctored. Only use copies acquired before 1992, and do NOT use a recent
compiler to compile them. Virtually ALL popular compilers have been
modified to insert the trapdoor (consisting of a few trivial changes) into
any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft,
Borland, AT&T and other companies were persuaded into giving the order for the
modification (each ot these companies' boards contains at least one Trilateral
Commission member or Bilderberg Committee attendant).
It took the agency more to modify GNU C, but eventually they did it.
The Free Software Foundation was threatened with "an IRS investigation",
in other words, with being forced out of business, unless they complied. The
result is that all versions of GCC on the FTP sites and all versions above
2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC
with itself will not help; the code is inserted by the compiler into
itself. Recompiling with another compiler may help, as long as the compiler
is older than from 1992.
While there are lots of reports of bad updates from the various AV vendors in news articles, does anyone consistently track the history of these bad updates by vendor, date, and ideally impact?
From Bletchley Park http://www.bletchleypark.org.uk/shop/view_product.rhtm/133066/238531/detail.html
£119.99
Enables you to build your very own battery powered Electronic Enigma machine. Does NOT include wooden case. Requires only basic soldering experience. Extensive easy to read 60+ page manual.
Just install GRUB to the MBR! Usually automatic when installing Linux.
Note this won't necessarily work when writing zeros - you might get a file with a "hole" in it. Been there, done it, noticed the problem when getting ridiculously fast transfer times for the dd command.
http://computer-forensics.sans.org/blog/2009/01/15/overwriting-hard-drive-data/ has some experimental stats on recovering known bits of data from drives. Note "bits" - longer strings have rapidly diminishing probability of getting anything back.
Back in the old days of floppy disks, though, it was fun to demonstrate recovery of data, especially when they had been written on a 40-track drive and read on an 80-track drive.
ccleaner for Windows http://www.piriform.com/CCLEANER has an option for overwriting free space. So you could delete all your files, profile, user registry, temp files. Empty waste bin, then use the ccleaner wipe free space option. And hope you remembered everything that needed deleting.
Once is probably enough, but not always for SSDs. (Not that the original poster has those on a 10 year old machine ;-)
Some of those may de=duplicate identical blocks. Under some circumstances, writing zeros with dd (e.g. to a file) will result in the creation of a file with "holes" rather than overwriting the file.
A reasonably safe process is to write changing pseudo-random data to all blocks, then write zeros to all blocks. Won't necessarily delete any reallocated bad blocks, but you can't read those through normal drive operations. A pass of zeros makes it easy to check the disk is clean and is nice to later users of disk imaging software, as that software has no need to copy zero blocks. But that's bordering on OCD tidiness!
As I note earlier, photorec http://www.cgsecurity.org/wiki/PhotoRec will get the data back easily. And it's free.
(Working out which recovered files are useful is another matter, most filename information won't be recovered.)
Photorec will get it back, do-dah, do-dah
Photorec will get it back, all the do-dah data!
Seriously, http://www.cgsecurity.org/wiki/PhotoRec will recover practically everything after a simple format and re-install.
... in a decade far, far away we used to use multi-user operating systems. Which used to keep one user's data private from another - unless they explicitly wished to share. They also let the sysadmin install software packages for everyone to use, or each user could run their own local programs - which could not access other user's data.
Sounds familiar? So why propose a "solution" that only gives application-layer (rather than OS-layer) protection between users? That only protects properly one (corporate) user - isn't my personal data of at least equal value? That can't easily be extended to several users (think "e-banking user" which shares no data at all with "games user")? And there's no inherent reason why the different user programs can't share the same display screen either, with different passwords and screen lock timeouts - so you don't need a password to run Angry Birds, but do to unlock your contacts.
+1 for this. Not at all geeky to use - it's a neat front end to partclone (partclone.org).
Compresses the filesystems, so it can be really fast to restore, especially if you clean it up (CCleaner) and defrag it first.
You can also put this on a bootable CD/DVD with the restore image.
Also consider how much time and money it takes *you* to install the systems in the first place. Especially if the PCs need to run an office suite, music, video and photo software.
What I've personally done is:
a) boot up Ubuntu off USB stick
b) wipe the whole hard drive using "dd if=/dev/zero of=/dev/sda bs=10M" (10 secs your time, 20-30 mins elapsed [typically ~2GB/minute])
c) Install Ubuntu (1 min your time, 10 mins elapsed when using USB)
d) Install updates (1 min your time, 30 mins elapsed if off internet, 10 mins if off USB).
If you are installing lots of machines, consider updating the USB with all updates. If you have older machines, consider Lubuntu instead. The OEM install is nice if you want the recipient to create the initial account.
If you need to use Windows, the same principles apply. Use a USB drive to install it, it's faster than CD. Download all pieces of software and updates, also to USB. But you will need to run rather more installers than with Ubuntu. How much is your time worth?
Quite right, installing pure Windows 7 on a newish machine is about as easy as installing Ubuntu.
Installing a usable computer system is another matter though. On Ubuntu, you already have office, music and photo software, and a few clicks on the Software Centre menus gets you any other software and codecs you want. On Windows, you will need to find quite a few more applications, each from their own website, and download and install them in a myriad of ways.
Wouldn't it be nice if there was a Windows App Store even half as good as any major distro's repository?
The logical conclusion should be we need to use complex passwords that don't need to be typed manually.
That tends to imply some hardware device (since pure software systems run the risk of compromise).
We've actually had these for some time - the crypto smartcards / phone SIM cards / etc that perform crypto challenge-response.
Some of these use public key crypto, so additionally there is no need to share your secret (i.e. private key) with anyone else.
We may sometimes need two-factor authentication, but the main reason is to ensure that the correct human is using the device, to the necessary level of assurance.
Note we also should not demand high authentication all the time - it tends to lead to social attacks / phishing. So for example it might be appropriate to only need the hardware device to allow access to see the balance of a bank account. (Which is much the same as just needing your cash card to enquire the balance over the counter.) But if you want to withdraw any sizeable sum, then demand a second factor (password/PIN) on each transaction.
I now offer people a Linux Live CD - such as Ubuntu. Tell them it will get their machine working, they can recover the files, and I won't need to see their private stuff.
Now if they are the type who like clicking "yes" to everything including the "install" option, well, that's another problem fixed for good.
Support by email - http://lmgtfy.com/ and http://giyf.com/ are good pointers.
What are they doing wrong?
Switching back to and end-of-life operating system (Windows XP). But why?
... since LEO, the first commercial business computer, was based on the EDSAC design. Amazingly LEO computers were still in use in 1981. Check out the LEO Computers Society.
Check out Seeed Studio scopes. They sell JYE Tech scope for $54, DSO Nano for $89. Fine if you don't need high sample rate, they are limited to 5M samples/sec or 1M samples/sec respectively.