The problem is their core competencies are in a saturated, maturing and rapidly slowing market... If they don't diversify then they will gradually die.
You don't have to set up the mold from scratch, the car manufacturer will have already produced a large number of these parts for all the cars they sold so they already have the necessary equipment.
A bluetooth keyboard on your lap and a solid mousepad on the chair arm work quite well, some games are much better played with keyboard/mouse but look better on a large tv than a small monitor.
There is no reason for them to provide dongles pre-seeded... And if you buy such devices, you have no proof that the records have been destroyed even if the company claims they have. Customers should be able to seed their own dongles.
Ofcourse i've been saying this for years, asking what happens if rsa get hacked and all the seeds taken... People said that was crazy talk, rsa would never get hacked etc.
It's likely that the issues with DES would have been discovered sooner had they not been fixed, after all an actively used system is far more worthy of study than something thats been superseded and is no longer used.
As for discovering the private key, who's to say Snowden doesn't have a copy of it? And for all we know, that key could have been leaked to others long ago, the US is not the only country that conducts spying...
You'd be better off with a regular wireless access point that includes a built in switch... Drop it in between an existing workstation (or other networked device like a printer) and the wall, legit device keeps working but the lan is now extended outside and you can sit outside or in a nearby coffee shop.
Once your on the internal network, the rest is absolutely trivial... A port scanning tool and a copy of metasploit, you'll have domain admin within a few minutes and chances are even if the important stuff is kept on non windows machines, it will be accessed from windows machines which are part of the domain so you just keylog the right workstations until you get access.
You've hit the nail upon the head right there... A lot of managers are focused purely on the number of hours worked, and not on the efficiency or quality of the work. So someone who does good work, but takes regular breaks and leaves on time will be frowned upon when compared to someone who works extra long hours while achieving less and doing their work to a lower standard.
Personally i think 8 hours is way too long, unless you have regular breaks 8 hours is way too long to concentrate on a single task.
Only when the "Real thing" prices are massively inflated related to the production costs... It's possible to get generic high quality clothes for considerably less than the cost of designer clothes, and possible to get low quality clothes for even less still. Designer clothes, assuming they are high quality, should not be significantly more expensive than unbranded clothes manufactured to a similar quality level.
You can already download the plans for a car, and buy the parts (or manufacture them yourself if you have the appropriate equipment)... The reason people buy cars is because the skills, equipment and resources required to build a car outweigh the cost of buying one.
If it became cheaper to build a car, then i would expect the prices of ready-built cars to drop accordingly. Only if they try to keep the prices artificially high will people resort to building their own at home.
There are also significant additional costs in dealing with counterfeit goods, which make them impractical unless there are ridiculous margins on the goods being counterfeit...
Counterfeit goods can't be marginally cheaper than the originals, they have to be a lot cheaper or people won't consider them. There is always a risk of being caught. There is less economies of scale, both in the production and distribution. Distribution is harder as legit retailers wont touch them, you need to use back channels that will demand a bigger cut.
So the definition of unreasonable margins would be the point at which it becomes profitable to counterfeit, even considering all these things... It's quite telling that the only things which get counterfeit are items priced massively higher than similar items from other brands.
Having temporary files in random places is caused by poorly written programs combined with a poorly configured os... Such programs simply should not have the ability to write files wherever they want.
As for a software keylogger, you would need to shut down the laptop, boot the laptop from your own media or extract the drive, mount the drive and install your malware before rebooting it back and hoping the mark doesn't notice that the system has unexpectedly rebooted and none of his programs are running anymore.
Depending on the hardware type, this can be considerably more time consuming than applying a hardware keylogger... And there is no reason a hardware keylogger couldn't include a gsm radio or similar device for transmitting its logs.
If you're talking about someone who is stupid enough to leave their machine logged in and unattended then an encrypted drive wouldn't help at all anyway.
Use gcc to compile clang.. Use clang to recompile gcc.. Add more compilers to the mix.. The more you do this, the greater the chance of an incompatibility with the backdoor code either resulting in it being removed, or causing unexpected and easily noticed problems.
[1] actually it would be reasonable to assume that at least some source for windows is in the hands of the bad guys...
And that is the worst part...
The malicious groups have more access than the good guys. A legitimate security researcher cannot get to see the source code without complying with the terms dictated by the vendor, while a malicious hacker can obtain copies of the source and go through it freely.
The conventional wisdom is that while open source is not perfect, it's still better than the alternatives - and the same applies to virtually everything.
I would rather have something that i *can* investigate and/or modify to suit my needs, and where multiple unrelated third parties can do the same thing. The chance of a backdoor existing are lower, and the chance of one being found if it were introduced is higher...
And this is for me as an individual, a foreign government is likely to be far more concerned, and also far better funded so they can employ a large number of people to audit the code thoroughly.
Requiring foreign companies to host data on servers inside brazil isn't going to achieve anything... They are still foreign corporations, and will be able to access those servers and/or copy data off them at any time they want.
What's really needed, is instead of large centrally controlled services like facebook there should be a large number of distributed but openly interoperable services.
This is how the internet has always worked, and how core services like web and email work - anyone can run their own servers, and anyone's servers can talk to anyone else's. If you are worried about foreign spies, you can ensure that you use services operated in countries you trust.
Don't agree with the bug fixes bit, but feature requests seem fair enough... If you get people to pay for bug fixes, then people will intentionally write buggy code. Also if i paid for a feature request, i would be very unhappy to be given a buggy implementation of that feature and then asked to pay again for bug fixes.
Similarly while a developer who's developing code for their own use, they have an incentive to fix bugs that affect their own use, but they have no direct incentive to fix features developed for someone else's use.
Swap can and should be stored on a separate partition, and encrypted using a randomly generated key so its completely lost after a reboot.
On a properly configured system, only a very small number of locations will be writable by the user, typically the user's home directory and a temporary area... The temporary area can be stored in ram/swap since it doesn't matter if its contents are lost and home can be encrypted.
It's trivial to add a hardware key logger to virtually any system irrespective of how the software is configured, if someone untrusted has had unescorted physical access to the system then the system should be considered compromised anyway. A hardware keylogger is also os independent, doing it on software requires the malicious party to know what os you're using in advance in order to have a compatible keylogger, and also to work around any non standard configuration you might have.
That's an inherent risk of doing that kind of business, and when your business involves making copies and selling them at huge margin then someone else making copies and selling them is also a risk.
Notice you only ever get "counterfeit" goods when the originals are sold with unreasonable margins... Designer clothes don't cost more to produce than generic ones, they are just sold for a much higher price. If they were sold at a reasonable price relative to their production cost then there would be no profit to be made selling copies.
Slashdot Mirror
Two completely different pieces of hardware released under the same branding... MS have lumped them together in the same bucket.
The problem is their core competencies are in a saturated, maturing and rapidly slowing market... If they don't diversify then they will gradually die.
You don't have to set up the mold from scratch, the car manufacturer will have already produced a large number of these parts for all the cars they sold so they already have the necessary equipment.
A bluetooth keyboard on your lap and a solid mousepad on the chair arm work quite well, some games are much better played with keyboard/mouse but look better on a large tv than a small monitor.
Well, using a known flawed system is also going to make you in violation of sarbanes-oxley...
So what do you do?
There is no reason for them to provide dongles pre-seeded... And if you buy such devices, you have no proof that the records have been destroyed even if the company claims they have.
Customers should be able to seed their own dongles.
Ofcourse i've been saying this for years, asking what happens if rsa get hacked and all the seeds taken... People said that was crazy talk, rsa would never get hacked etc.
It's likely that the issues with DES would have been discovered sooner had they not been fixed, after all an actively used system is far more worthy of study than something thats been superseded and is no longer used.
As for discovering the private key, who's to say Snowden doesn't have a copy of it? And for all we know, that key could have been leaked to others long ago, the US is not the only country that conducts spying...
You dont need pass through, just a vga splitter...
You'd be better off with a regular wireless access point that includes a built in switch...
Drop it in between an existing workstation (or other networked device like a printer) and the wall, legit device keeps working but the lan is now extended outside and you can sit outside or in a nearby coffee shop.
Once your on the internal network, the rest is absolutely trivial... A port scanning tool and a copy of metasploit, you'll have domain admin within a few minutes and chances are even if the important stuff is kept on non windows machines, it will be accessed from windows machines which are part of the domain so you just keylog the right workstations until you get access.
You've hit the nail upon the head right there...
A lot of managers are focused purely on the number of hours worked, and not on the efficiency or quality of the work. So someone who does good work, but takes regular breaks and leaves on time will be frowned upon when compared to someone who works extra long hours while achieving less and doing their work to a lower standard.
Personally i think 8 hours is way too long, unless you have regular breaks 8 hours is way too long to concentrate on a single task.
Only when the "Real thing" prices are massively inflated related to the production costs...
It's possible to get generic high quality clothes for considerably less than the cost of designer clothes, and possible to get low quality clothes for even less still.
Designer clothes, assuming they are high quality, should not be significantly more expensive than unbranded clothes manufactured to a similar quality level.
You can already download the plans for a car, and buy the parts (or manufacture them yourself if you have the appropriate equipment)...
The reason people buy cars is because the skills, equipment and resources required to build a car outweigh the cost of buying one.
If it became cheaper to build a car, then i would expect the prices of ready-built cars to drop accordingly. Only if they try to keep the prices artificially high will people resort to building their own at home.
There are also significant additional costs in dealing with counterfeit goods, which make them impractical unless there are ridiculous margins on the goods being counterfeit...
Counterfeit goods can't be marginally cheaper than the originals, they have to be a lot cheaper or people won't consider them.
There is always a risk of being caught.
There is less economies of scale, both in the production and distribution.
Distribution is harder as legit retailers wont touch them, you need to use back channels that will demand a bigger cut.
So the definition of unreasonable margins would be the point at which it becomes profitable to counterfeit, even considering all these things... It's quite telling that the only things which get counterfeit are items priced massively higher than similar items from other brands.
Having temporary files in random places is caused by poorly written programs combined with a poorly configured os... Such programs simply should not have the ability to write files wherever they want.
As for a software keylogger, you would need to shut down the laptop, boot the laptop from your own media or extract the drive, mount the drive and install your malware before rebooting it back and hoping the mark doesn't notice that the system has unexpectedly rebooted and none of his programs are running anymore.
Depending on the hardware type, this can be considerably more time consuming than applying a hardware keylogger... And there is no reason a hardware keylogger couldn't include a gsm radio or similar device for transmitting its logs.
If you're talking about someone who is stupid enough to leave their machine logged in and unattended then an encrypted drive wouldn't help at all anyway.
Use gcc to compile clang..
Use clang to recompile gcc..
Add more compilers to the mix..
The more you do this, the greater the chance of an incompatibility with the backdoor code either resulting in it being removed, or causing unexpected and easily noticed problems.
[1] actually it would be reasonable to assume that at least some source for windows is in the hands of the bad guys...
And that is the worst part...
The malicious groups have more access than the good guys. A legitimate security researcher cannot get to see the source code without complying with the terms dictated by the vendor, while a malicious hacker can obtain copies of the source and go through it freely.
The conventional wisdom is that while open source is not perfect, it's still better than the alternatives - and the same applies to virtually everything.
I would rather have something that i *can* investigate and/or modify to suit my needs, and where multiple unrelated third parties can do the same thing. The chance of a backdoor existing are lower, and the chance of one being found if it were introduced is higher...
And this is for me as an individual, a foreign government is likely to be far more concerned, and also far better funded so they can employ a large number of people to audit the code thoroughly.
That's because those sites are designed that way, not to interoperate with others because they want to lock users in.
I run my own email server, it has ~10 users on it, and yet i can communicate with users on any other email service connected to the public internet.
Requiring foreign companies to host data on servers inside brazil isn't going to achieve anything... They are still foreign corporations, and will be able to access those servers and/or copy data off them at any time they want.
What's really needed, is instead of large centrally controlled services like facebook there should be a large number of distributed but openly interoperable services.
This is how the internet has always worked, and how core services like web and email work - anyone can run their own servers, and anyone's servers can talk to anyone else's. If you are worried about foreign spies, you can ensure that you use services operated in countries you trust.
Don't agree with the bug fixes bit, but feature requests seem fair enough...
If you get people to pay for bug fixes, then people will intentionally write buggy code. Also if i paid for a feature request, i would be very unhappy to be given a buggy implementation of that feature and then asked to pay again for bug fixes.
Similarly while a developer who's developing code for their own use, they have an incentive to fix bugs that affect their own use, but they have no direct incentive to fix features developed for someone else's use.
Temporary files and swap aren't a problem...
Swap can and should be stored on a separate partition, and encrypted using a randomly generated key so its completely lost after a reboot.
On a properly configured system, only a very small number of locations will be writable by the user, typically the user's home directory and a temporary area... The temporary area can be stored in ram/swap since it doesn't matter if its contents are lost and home can be encrypted.
It's trivial to add a hardware key logger to virtually any system irrespective of how the software is configured, if someone untrusted has had unescorted physical access to the system then the system should be considered compromised anyway. A hardware keylogger is also os independent, doing it on software requires the malicious party to know what os you're using in advance in order to have a compatible keylogger, and also to work around any non standard configuration you might have.
Backdoors have to be sufficiently hidden, something as trivial as a default password will get abused by random hackers on the internet...
And lawful interception only works within your area of jurisdiction, whereas you could access backdoors anywhere.
Cubes worked just fine for the Borg...
So you plan to arrest the weather?
That's an inherent risk of doing that kind of business, and when your business involves making copies and selling them at huge margin then someone else making copies and selling them is also a risk.
Notice you only ever get "counterfeit" goods when the originals are sold with unreasonable margins... Designer clothes don't cost more to produce than generic ones, they are just sold for a much higher price. If they were sold at a reasonable price relative to their production cost then there would be no profit to be made selling copies.
And how can it be expensive? latex2html seems to work just fine...