Well yes, ideally you should only teach facts and let kids come to their own conclusions as to the validity of anything else. But if you let kids think for themselves they could easily come to very different conclusions than you want them to.
Democracy is all about silencing the minority. They do get a vote, but because they are a minority they get outvoted unless the majority choose to act benevolently towards them.
Nothing about democracy says you have to listen to the minority once they have been outvoted.
The difference is that the US was generally the first to implement a lot of things like online banking etc, and those initial systems used fairly simplistic security with just usernames and passwords so people have gotten used to them and don't want to change anything. In other countries, the online banking implementations have often had 2fa from the start so that's all the users have ever known.
But the service may get exploited, and it's good practice to run as an unprivileged user incase it does... The user may believe that the service runs as an unprivileged user when in fact it does not. If an error like this is encountered the service should refuse to start and display/log a clear error message rather than running as root, so the user can go and correct the situation.
They got their 15 minutes of fame, this story has been covered all over the place. Unfortunately they were allowed to procreate which not only allows them to pass on their clearly below average intelligence, but now those kids will grow up without a father and a mother that's in jail so not a good start for them.
You make it available in source code form, and other people can take that source, compile it themselves and install it on their own devices. All this does is limit your audience to those who are willing and capable of doing that.
Germany was a democracy before 1945 too. The party in power was elected through the democratic process, and the party in power decided what had to be banned. The party democratically elected by the german people was removed from power in 1945 by a foreign invader.
Banning communism and fascism is actually un democratic. The idea of democracy is that the people can vote for the government they want, what if the majority of people actually want a fascist or communist government?
The biggest flaw of democracy is that the people casting the votes are not sufficiently informed or educated about what exactly they are voting for. You don't need to ban fascism, as most well informed and educated people would reject such a system anyway. Communism is a little different, true communism (as opposed to the corrupt dictatorships that have misused the name) is a noble idea but again most well informed people would realise that the utopian ideal of communism is not attainable today.
Well that's the problem, it's a slippery slope.. It started being defined as nazi propaganda, then gradually creeps.. What starts of benign attracts a few complaints and suddenly its hate speech and your going to jail... You end up having to be extremely paranoid about what you say for fear of being jailed!
And what exactly defines "hate" ? I frequently banter with friends where we call each other fat, bald (its true, we're getting old) or use various racial slurs. I don't take offense to it and neither do they.
Depends how much space you have for the panels... Generally AC is more used in hotter countries with stronger direct sunlight, in colder areas with less sunlight you're less likely to want AC.
What you're thinking about already exists and is called "Wine"... It's not as complete or compatible as the linux subsystem for windows, and that's both because windows is massively over complicated as well as being proprietary and closed source. It's much easier to clone the behaviour of linux because you have lots of documentation and source code to study.
I do indeed do software development on a minimalistic text based system... I do some image processing in a text based environment (automated image processing).. And i do media capture in a text based environment...
Windows is aiming to be a jack of all trades, but most organisations only need to use a small subset of its functionality, and often different subsets depending on specific tasks within that organisation. Use a tool which is suited to the task at hand. Any additional functionality that you don't require is an unnecessary overhead and potential weakness.
Unfortunately that's just not true, while you can take steps to mitigate the risks by running old software you will end up running software which has known vulnerabilities that you can't fix. You'll end up having to disable so many features because they have unfixable flaws, that you might as well turn the systems off. A competent administrator is better off running an ancient linux distro, not only can you harden it to a greater degree due to being more modular, but you can also patch the software yourself as required. I have several ancient unix systems where various things have been custom upgraded or patched.
Disallowing admin access doesn't really help in a networked environment (and chances are at such organisations, users never had admin access to begin with).. In order to exploit the smb vulnerabilities you only need the ability to connect to port 445 on a target host. The initial infection may have run as an unprivileged user on 1 workstation, but if other hosts are unpatched it would easily be able to gain privileged access to those. Bitlocker only helps when machines are turned off, a machine thats booted and running has the drive accessible to the host os. If you compromise the running system, you can get to the files. In fact encryption does nothing to stop ransomware, there's no reason ransomware can't take already encrypted data and encrypt it again, achieving the same result from a victim perspective.
If you replace the machines every 3-5 years you have not only the cost of the new hardware and the new software that goes with it, but a whole bunch of other costs like retraining, troubleshooting, compatibility testing, reduced productivity during the transition, replacing of application software that fails on the new systems, replacement of any incompatible peripherals etc. It can be hugely expensive, and costs often spiral out of control as many problems aren't anticipated in advance. Also if you don't replace everything at once you are likely to get compatibility problems between users on the old and new systems.
Gradually as things move towards being web based these problems will clear up, the client supports a given set of standards so is easily replaceable, the servers for each application interact with each other using standard protocols and can be managed separately so theres less inter dependency and thus less breakage.
Upgrading encryption algorithms is easy to do without breaking any software. You upgrade the SSL libraries, and the applications use them so long as the application software doesn't do anything stupid like request specific algorithms. Plenty of old unix based software designed in the openssl 0.x days will happily build against the latest openssl and use modern algorithms if the remote peer supports them.
But that's because ssl is generally well designed with extensibility for adding new algorithms designed in from the start. activex was always poorly designed, and anyone with an understanding of security would have refused to use it in the first place.
What makes a court in Canada any different from a court in Pyongyang? When a court in Pyongyang demands that google remove any references to any media that kim jong un personally dislikes, should they comply? How about when courts in ultra conservative states like saudi arabia demand removal of anything which violates their laws, much of which would be perfectly legal in canada and other countries?
We'd end up with a lowest common denominator internet, containing only things which are legal and acceptable everywhere, which wouldn't be very much.
That's for OS files like executables, which should never change except during patching cycles. User files are expected to change, and users would become annoyed at the extra dialogs every time they saved (or autosaved) their work.
1, if the NSA don't hoard vulnerabilities, then vulnerabilities will still be hoarded by foreign intelligence agencies and criminals. The NSA will be at a disadvantage and the world will be no better off.
3, how would you implement "direct user intervention" as a requirement? unless enforced at the hardware level, ransomware would just need to execute the same instructions that the user-driven deletion confirmation does. Also a lot of software creates and destroys temporary files during its normal operation, saved copies of all these temporary files would rapidly accumulate and regularly require the user to manually confirm their removal.
No, what Posteo did is more like replacing illegal drugs (which *can* be harmful and/or deadly) with cyanide (which is always deadly).
Prior to Posteo's actions those victims had a chance (however slim) of recovering their data, now they have no chance due directly to the actions of Posteo.
Because windows is less modular than other systems that would be more suitable to tasks like this.
You want a tiny embedded system with the smallest possible attack surface, not a large general purpose system like windows with stacks of legacy cruft and features which are totally irrelevant to the task at hand. The less code you have, the less chance of security holes being found. Sure nothing is perfect, but a system which is 10% of the size is going to be far safer.
The other issue is monoculture, if everyone runs the same software everyone has the same vulnerabilities and an attack can cause widespread chaos. If a system is important, you should have a backup which is running on something else (like Chernobyl having a manual system).
They might be motivated solely by a desire to cause chaos and destruction, and reusing existing ransomware code was easier than writing new code for wiping data. Or perhaps they derive a perverse pleasure not only from destroying people's data, but also from giving them false hope that it could ever be recovered. There was at least one ransomware family i read about which encrypted the data using a random key, and then completely discarded the key making the data unrecoverable.
There are plenty of evil and/or crazy people out there, we can't possibly know all of their motives.
Assuming the backup server is correctly configured, and access to it cannot be obtained using credentials acquired from one of the servers being backed up... If the ransomware can spread onto the backup server, then it can encrypt/destroy your backups too unless they're stored on media that has been physically disconnected from it. In most places i've seen, the backup server (if there was one at all) was joined to the same domain as everything else, once you compromise the domain you control the backups too.
Chances are the backup server is also on the same patch schedule, so if your boxes got infected because they were out of date your backup server could easily get infected in the same way.
Depends how big the ransom is... Users may decide that the cost of paying the occasional ransom is easier/cheaper than the hassle and cost of making backups and improving their security practices.
Slashdot Mirror
Well yes, ideally you should only teach facts and let kids come to their own conclusions as to the validity of anything else.
But if you let kids think for themselves they could easily come to very different conclusions than you want them to.
Democracy is all about silencing the minority. They do get a vote, but because they are a minority they get outvoted unless the majority choose to act benevolently towards them.
Nothing about democracy says you have to listen to the minority once they have been outvoted.
The difference is that the US was generally the first to implement a lot of things like online banking etc, and those initial systems used fairly simplistic security with just usernames and passwords so people have gotten used to them and don't want to change anything.
In other countries, the online banking implementations have often had 2fa from the start so that's all the users have ever known.
But the service may get exploited, and it's good practice to run as an unprivileged user incase it does...
The user may believe that the service runs as an unprivileged user when in fact it does not. If an error like this is encountered the service should refuse to start and display/log a clear error message rather than running as root, so the user can go and correct the situation.
Unfortunately the vast majority of people get away with that particular crime unpunished...
They got their 15 minutes of fame, this story has been covered all over the place.
Unfortunately they were allowed to procreate which not only allows them to pass on their clearly below average intelligence, but now those kids will grow up without a father and a mother that's in jail so not a good start for them.
You make it available in source code form, and other people can take that source, compile it themselves and install it on their own devices. All this does is limit your audience to those who are willing and capable of doing that.
You need to own an expensive apple phone in order to bypass their walled garden too...
Germany was a democracy before 1945 too. The party in power was elected through the democratic process, and the party in power decided what had to be banned. The party democratically elected by the german people was removed from power in 1945 by a foreign invader.
Banning communism and fascism is actually un democratic. The idea of democracy is that the people can vote for the government they want, what if the majority of people actually want a fascist or communist government?
The biggest flaw of democracy is that the people casting the votes are not sufficiently informed or educated about what exactly they are voting for. You don't need to ban fascism, as most well informed and educated people would reject such a system anyway. Communism is a little different, true communism (as opposed to the corrupt dictatorships that have misused the name) is a noble idea but again most well informed people would realise that the utopian ideal of communism is not attainable today.
Well that's the problem, it's a slippery slope..
It started being defined as nazi propaganda, then gradually creeps.. What starts of benign attracts a few complaints and suddenly its hate speech and your going to jail... You end up having to be extremely paranoid about what you say for fear of being jailed!
And what exactly defines "hate" ? I frequently banter with friends where we call each other fat, bald (its true, we're getting old) or use various racial slurs. I don't take offense to it and neither do they.
Depends how much space you have for the panels...
Generally AC is more used in hotter countries with stronger direct sunlight, in colder areas with less sunlight you're less likely to want AC.
Then you can buy the portable tanks of gas and use those for cooking...
What you're thinking about already exists and is called "Wine"...
It's not as complete or compatible as the linux subsystem for windows, and that's both because windows is massively over complicated as well as being proprietary and closed source. It's much easier to clone the behaviour of linux because you have lots of documentation and source code to study.
I do indeed do software development on a minimalistic text based system...
I do some image processing in a text based environment (automated image processing)..
And i do media capture in a text based environment...
Windows is aiming to be a jack of all trades, but most organisations only need to use a small subset of its functionality, and often different subsets depending on specific tasks within that organisation. Use a tool which is suited to the task at hand. Any additional functionality that you don't require is an unnecessary overhead and potential weakness.
Unfortunately that's just not true, while you can take steps to mitigate the risks by running old software you will end up running software which has known vulnerabilities that you can't fix. You'll end up having to disable so many features because they have unfixable flaws, that you might as well turn the systems off.
A competent administrator is better off running an ancient linux distro, not only can you harden it to a greater degree due to being more modular, but you can also patch the software yourself as required. I have several ancient unix systems where various things have been custom upgraded or patched.
Disallowing admin access doesn't really help in a networked environment (and chances are at such organisations, users never had admin access to begin with).. In order to exploit the smb vulnerabilities you only need the ability to connect to port 445 on a target host. The initial infection may have run as an unprivileged user on 1 workstation, but if other hosts are unpatched it would easily be able to gain privileged access to those.
Bitlocker only helps when machines are turned off, a machine thats booted and running has the drive accessible to the host os. If you compromise the running system, you can get to the files. In fact encryption does nothing to stop ransomware, there's no reason ransomware can't take already encrypted data and encrypt it again, achieving the same result from a victim perspective.
If you replace the machines every 3-5 years you have not only the cost of the new hardware and the new software that goes with it, but a whole bunch of other costs like retraining, troubleshooting, compatibility testing, reduced productivity during the transition, replacing of application software that fails on the new systems, replacement of any incompatible peripherals etc. It can be hugely expensive, and costs often spiral out of control as many problems aren't anticipated in advance. Also if you don't replace everything at once you are likely to get compatibility problems between users on the old and new systems.
Gradually as things move towards being web based these problems will clear up, the client supports a given set of standards so is easily replaceable, the servers for each application interact with each other using standard protocols and can be managed separately so theres less inter dependency and thus less breakage.
Upgrading encryption algorithms is easy to do without breaking any software. You upgrade the SSL libraries, and the applications use them so long as the application software doesn't do anything stupid like request specific algorithms. Plenty of old unix based software designed in the openssl 0.x days will happily build against the latest openssl and use modern algorithms if the remote peer supports them.
But that's because ssl is generally well designed with extensibility for adding new algorithms designed in from the start. activex was always poorly designed, and anyone with an understanding of security would have refused to use it in the first place.
What makes a court in Canada any different from a court in Pyongyang?
When a court in Pyongyang demands that google remove any references to any media that kim jong un personally dislikes, should they comply?
How about when courts in ultra conservative states like saudi arabia demand removal of anything which violates their laws, much of which would be perfectly legal in canada and other countries?
We'd end up with a lowest common denominator internet, containing only things which are legal and acceptable everywhere, which wouldn't be very much.
That's for OS files like executables, which should never change except during patching cycles.
User files are expected to change, and users would become annoyed at the extra dialogs every time they saved (or autosaved) their work.
1, if the NSA don't hoard vulnerabilities, then vulnerabilities will still be hoarded by foreign intelligence agencies and criminals. The NSA will be at a disadvantage and the world will be no better off.
3, how would you implement "direct user intervention" as a requirement? unless enforced at the hardware level, ransomware would just need to execute the same instructions that the user-driven deletion confirmation does. Also a lot of software creates and destroys temporary files during its normal operation, saved copies of all these temporary files would rapidly accumulate and regularly require the user to manually confirm their removal.
No, what Posteo did is more like replacing illegal drugs (which *can* be harmful and/or deadly) with cyanide (which is always deadly).
Prior to Posteo's actions those victims had a chance (however slim) of recovering their data, now they have no chance due directly to the actions of Posteo.
Because windows is less modular than other systems that would be more suitable to tasks like this.
You want a tiny embedded system with the smallest possible attack surface, not a large general purpose system like windows with stacks of legacy cruft and features which are totally irrelevant to the task at hand. The less code you have, the less chance of security holes being found. Sure nothing is perfect, but a system which is 10% of the size is going to be far safer.
The other issue is monoculture, if everyone runs the same software everyone has the same vulnerabilities and an attack can cause widespread chaos. If a system is important, you should have a backup which is running on something else (like Chernobyl having a manual system).
They might be motivated solely by a desire to cause chaos and destruction, and reusing existing ransomware code was easier than writing new code for wiping data. Or perhaps they derive a perverse pleasure not only from destroying people's data, but also from giving them false hope that it could ever be recovered.
There was at least one ransomware family i read about which encrypted the data using a random key, and then completely discarded the key making the data unrecoverable.
There are plenty of evil and/or crazy people out there, we can't possibly know all of their motives.
Assuming the backup server is correctly configured, and access to it cannot be obtained using credentials acquired from one of the servers being backed up...
If the ransomware can spread onto the backup server, then it can encrypt/destroy your backups too unless they're stored on media that has been physically disconnected from it. In most places i've seen, the backup server (if there was one at all) was joined to the same domain as everything else, once you compromise the domain you control the backups too.
Chances are the backup server is also on the same patch schedule, so if your boxes got infected because they were out of date your backup server could easily get infected in the same way.
Depends how big the ransom is...
Users may decide that the cost of paying the occasional ransom is easier/cheaper than the hassle and cost of making backups and improving their security practices.