And, I return to the sentiment, if the corporation cares so little for their data (or, perhaps would be happier if it were lost), then they get what they deserve.
My main point is that backup storage is so ridiculously cheap now, compared to 10 or 20 years ago, and you get "working storage" instead of some flaky, slow tape drive.
I do realize that: a) The $99 investment is vulnerable when it is mounted, not when it is inaccessible b) Attackers are unlikely to dig so deep into the system that they find locally developed backup schema, and then demonstrate the patience to wait for the backup to come online or the creativity to figure out if/how to force backups online for encryption c) I've set up two such $99 drives at home to do daily mirror backup of each-other, it took about 2 hours of internet research to learn how to do this "from scratch" and the solution is set-and-forget for the last 3 years. When I put a file on one, it automagically appears on the other the next morning. This isn't exactly the kind of schema I would use for mission-critical business data - physically, one backup copy should be remote-located and multiple versions should be retained incase of accidental corruptions. When I did set such a thing up for a business purpose, it took about 3 hours of research plus 2 hours of testing, and was also set-and-forget for years.
how is this different from all states that pay everytime a national with some connections is kidnapped in crappystan, do you really think everytime an american is kidnapped they send steven seagull to rescue that person?
the dont negotiate with terrorists is just a movie sentence
It goes beyond movies to most media outlets - it's the repeated mantra, even though it's not 100% followed.
The basic problem with tracing bitcoin is that you get to make up your own version of the "government issued ID number" that most banks require, combined with the fact that - even though there are far fewer BTC exchanges than places to trade cash or cash equivalents, they are located in virtually every jurisdiction and non-extradition zone on the planet and inherently accessible within a fraction of a second from anywhere else on the planet.
As you imply above, any legal crackdown on how BTC operates will require global cooperation.
Anyone who has over 1GB of "valuable business information" is either archiving video, or doing it wrong. The age old strategy of hourly backups for 24 hours, daily backups for a week, weekly backups for a month, monthly backups for a year, and annual backups beyond 12 months only requires 45x the storage space of the original, and backups can be compressed.
A $99 2TB drive should be able to easily store 25GB of valuable data, backed up hourly - for all the hours that matter to anyone.
I'd be willing to bet they _thought_ they had one and just got showned how inadequate it is. Of course, patient care was not compromised - that would make them (relatively more) vulnerable to lawsuit from all the bad outcomes that happened during the service outage...
One needy doctor can occupy 25%+ of an IT support FTE when they get "in the zone." If you've got a research program on-campus with 20+ docs, an admin + assistant will not keep the hungry fed.
With the omnipotent view, Tor doesn't work either - and there are few enough Tor nodes that it would not be surprising for most of them to be monitored and recorded.
The Bitcoin blockchain is inherently public knowledge - key component of how the system works. If you want to do a transaction, you have to interact with the blockchain - infact, if you want to "act normal and blend in" you advertise your proposed transaction publicly. The coins paid as ransom are known to the persons who gave them away... only trick is to trace back to whoever accepted ownership of them.
Anybody who accepts 40 coin and does not immediately take ownership of them in the blockchain is begging to have them spent by the person who gave them to them. I'd see a timeline like: 1) Hospital gives coin, 2) Blhackmailers take ownership of coin in blockchain, 3) Blhackmailers transfer ownership of coin to 3rd party in exchange for something of value, 4) Blhackmailers release Hospital assets.
Steps 3) and 4) could be reversed, but both steps 2) and 3) require revelation of a consistent identity.
If data hasn't been accessed for over 100 years, is it really of any value, anyway? If nobody cares to hot-swap in new "limited lifetime" backup media into the RAID array as elements fail, then the value of data in the array is pretty suspect. Sure, it's cool to think you're writing indelible graffiti on the sidewalks of the universe for all who come after you to ponder, but of all the yottabytes of crap that we're generating today, how much of that will anybody really care enough about in the year 3015 to bother to scan it?
Voyager encoded binary on an optical disc, this is just making wild claims about how much longer a crystal based structure might last - for all they know, when Planet X returns (once every 70,000 years) it could totally mangle their fine scale crystal structures.
So being able to shift perspective is something smart people don't do?
It's not about smart, it's about appetite for risk. Plenty of smart people work for big, successful, conservative companies. For the most part, they don't stay employed there by suggesting wild approaches to established problems. There are lots of creative people in the world, companies that embrace that creativity in an attempt to create new, disruptive and potentially highly valuable technologies are not as common.
Fail fast works better for sales calls. Talk to as many people as possible to overcome the fear, doubts and frustrations about selling. The faster you fail at selling, the more likely to get a sale.
Absolutely true, and it's the same kind of personality test: you've got to be resilient. There are different ways of getting that resilience, a common one in sales is magical or delusional thinking - which would be a not so great fit for product development engineering, but in sales the key is never giving up - believing in your product, and transferring that enthusiasm into your mark (potential customer's) mind. That and incessantly reminding them about the "opportunity to purchase."
I worked for a much less well funded "idea house" in the 1990s, we developed a couple of concepts from scratch into products, and the times we failed fast and followed up with better approaches were key to our progress. We also had several years of stagnation, where we tied into "reliable contracts" that guaranteed us work and income - not nearly as exciting when you look back on those years, but it did keep the lights on.
And like most things, the sane answer is somewhere in the grey area.
The sane answer is the boring answer - no risk no reward...
Of course, serious R&D, whether it's insane spoiled children in California today, or gentleman scientists at Bell Labs in the 1950s and 60s, basically requires a lot of input capital... many ideas will fail to prove their worth, and once in awhile you'll get something like the transistor.
Google brought in a marketer who worked at "Calvin Klein, Swatch, Coach, The Gap, Old Navy," etc. And now I think Tony Fadell is now at the top of the project's leadership.
That fits with the biggest criticism of Google Glass $1500 edition.
I'm fairly sure your friend's project wasn't a fail-fast investigation, but rather a sure thing development.
I think the best line in the talk was "shifting perspective is more powerful than being smart, if you're coming at an established problem from an established approach, you're competing with all the other smart people who came before you, and that's a terrible place to be competitively." So, what do they do? They try unusual approaches, they fail, they try again, they fail better next time, and most importantly: they identify when they fail to free up resources to try something else.
Yes, it's a deep pockets approach, a lot like Vulture Capital investing, but without the traditional conservative threats of hellfire and damnation when you fail - as most people do most of the time in this type of R&D. VCs praise serial success stories, just like Wall Street glorifies analysts who have gotten it right the past 3 consecutive years... most of these people fail to realize that luck plays into success more than skill - not that you don't need skill to succeed, but simply that luck is a better component.
In an organization like X, they'll have other methods to identify and reward skill besides successful productization of lunatic ideas. As they stressed in the article, identifying objective evidence of failure early in an approach is a valuable skill.
But Java is shit, and anything that compiles to JVM bytecode is going to have in indelible odor to it.
What I don't understand is: in today's landscape, why we can't use C++ and C++ style derivatives for compiled code (cross compiled to many platforms), and then for interpreted needs use javascript, python, or whatever floats your boat on top? You can call the C objective, sharp, or what you like, but compiled object oriented code will be just that, and garbage collected, interpreted, "script" will be what it is.
Java was an interesting concept, in 1999. It quit being interesting about the time that browsers all shut it down as a security risk, or when it got purchased by Oracle, depending on your perspective.
This is why I post on/. early in the morning, instead of doing work that matters. Thanks. I'll document my math this way:
44.1KHz * 30 seconds = 1.323M samples to store. 16 bits per sample, stereo, so 42.336MBit required, round to 48Mbit of storage, 6MBytes - so that math makes $144, after coffee time. (yes, two ticks up from 1 on a log scale graph is 3...)
I guess that roughly adds up, full PC systems built in 1993 were shipping with 4 or 8MBytes of RAM (even in 1987 my workstation had 640Kbytes, all you'll ever need),
Maybe back in the day I was wishing for 10 seconds of buffer ($48) instead of the 2 (or less) that they were providing. It's been awhile.
1993 DRAM costs were ~$2/Mbit, so ~$8 for 4MByte. I suppose I was remembering 1997 or so pricing before they finally started putting in decent sized buffers, and a whole CD/MP3 player unit sold for less than $100 retail.
Still, call it $30 system cost - in a 10 disc CD changer that retailed for $900+ they couldn't increase system cost by 3% of retail to have a player that doesn't skip?
Slashdot Mirror
And, I return to the sentiment, if the corporation cares so little for their data (or, perhaps would be happier if it were lost), then they get what they deserve.
My main point is that backup storage is so ridiculously cheap now, compared to 10 or 20 years ago, and you get "working storage" instead of some flaky, slow tape drive.
I do realize that:
a) The $99 investment is vulnerable when it is mounted, not when it is inaccessible
b) Attackers are unlikely to dig so deep into the system that they find locally developed backup schema, and then demonstrate the patience to wait for the backup to come online or the creativity to figure out if/how to force backups online for encryption
c) I've set up two such $99 drives at home to do daily mirror backup of each-other, it took about 2 hours of internet research to learn how to do this "from scratch" and the solution is set-and-forget for the last 3 years. When I put a file on one, it automagically appears on the other the next morning. This isn't exactly the kind of schema I would use for mission-critical business data - physically, one backup copy should be remote-located and multiple versions should be retained incase of accidental corruptions. When I did set such a thing up for a business purpose, it took about 3 hours of research plus 2 hours of testing, and was also set-and-forget for years.
Clients who waste breath about whether or not $99 is "worthwhile" to spend to safeguard their data deserve what they lose.
how is this different from all states that pay everytime a national with some connections is kidnapped in crappystan, do you really think everytime an american is kidnapped they send steven seagull to rescue that person?
the dont negotiate with terrorists is just a movie sentence
It goes beyond movies to most media outlets - it's the repeated mantra, even though it's not 100% followed.
The basic problem with tracing bitcoin is that you get to make up your own version of the "government issued ID number" that most banks require, combined with the fact that - even though there are far fewer BTC exchanges than places to trade cash or cash equivalents, they are located in virtually every jurisdiction and non-extradition zone on the planet and inherently accessible within a fraction of a second from anywhere else on the planet.
As you imply above, any legal crackdown on how BTC operates will require global cooperation.
Anyone who has over 1GB of "valuable business information" is either archiving video, or doing it wrong. The age old strategy of hourly backups for 24 hours, daily backups for a week, weekly backups for a month, monthly backups for a year, and annual backups beyond 12 months only requires 45x the storage space of the original, and backups can be compressed.
A $99 2TB drive should be able to easily store 25GB of valuable data, backed up hourly - for all the hours that matter to anyone.
Here's the key:
usable backup strategy
I'd be willing to bet they _thought_ they had one and just got showned how inadequate it is. Of course, patient care was not compromised - that would make them (relatively more) vulnerable to lawsuit from all the bad outcomes that happened during the service outage...
One needy doctor can occupy 25%+ of an IT support FTE when they get "in the zone." If you've got a research program on-campus with 20+ docs, an admin + assistant will not keep the hungry fed.
With the omnipotent view, Tor doesn't work either - and there are few enough Tor nodes that it would not be surprising for most of them to be monitored and recorded.
The Bitcoin blockchain is inherently public knowledge - key component of how the system works. If you want to do a transaction, you have to interact with the blockchain - infact, if you want to "act normal and blend in" you advertise your proposed transaction publicly. The coins paid as ransom are known to the persons who gave them away... only trick is to trace back to whoever accepted ownership of them.
Anybody who accepts 40 coin and does not immediately take ownership of them in the blockchain is begging to have them spent by the person who gave them to them. I'd see a timeline like: 1) Hospital gives coin, 2) Blhackmailers take ownership of coin in blockchain, 3) Blhackmailers transfer ownership of coin to 3rd party in exchange for something of value, 4) Blhackmailers release Hospital assets.
Steps 3) and 4) could be reversed, but both steps 2) and 3) require revelation of a consistent identity.
And, can the FBI monitor the blockchain to get IP addresses where these coins were accessed from when the hospital handed them over?
If data hasn't been accessed for over 100 years, is it really of any value, anyway? If nobody cares to hot-swap in new "limited lifetime" backup media into the RAID array as elements fail, then the value of data in the array is pretty suspect. Sure, it's cool to think you're writing indelible graffiti on the sidewalks of the universe for all who come after you to ponder, but of all the yottabytes of crap that we're generating today, how much of that will anybody really care enough about in the year 3015 to bother to scan it?
Voyager encoded binary on an optical disc, this is just making wild claims about how much longer a crystal based structure might last - for all they know, when Planet X returns (once every 70,000 years) it could totally mangle their fine scale crystal structures.
Wasn't this called microfische in the 1970s?
Yeah, awesome 5D digital data - that's gotta be good stuff.
So being able to shift perspective is something smart people don't do?
It's not about smart, it's about appetite for risk. Plenty of smart people work for big, successful, conservative companies. For the most part, they don't stay employed there by suggesting wild approaches to established problems. There are lots of creative people in the world, companies that embrace that creativity in an attempt to create new, disruptive and potentially highly valuable technologies are not as common.
Fail fast works better for sales calls. Talk to as many people as possible to overcome the fear, doubts and frustrations about selling. The faster you fail at selling, the more likely to get a sale.
Absolutely true, and it's the same kind of personality test: you've got to be resilient. There are different ways of getting that resilience, a common one in sales is magical or delusional thinking - which would be a not so great fit for product development engineering, but in sales the key is never giving up - believing in your product, and transferring that enthusiasm into your mark (potential customer's) mind. That and incessantly reminding them about the "opportunity to purchase."
I worked for a much less well funded "idea house" in the 1990s, we developed a couple of concepts from scratch into products, and the times we failed fast and followed up with better approaches were key to our progress. We also had several years of stagnation, where we tied into "reliable contracts" that guaranteed us work and income - not nearly as exciting when you look back on those years, but it did keep the lights on.
And like most things, the sane answer is somewhere in the grey area.
The sane answer is the boring answer - no risk no reward...
Of course, serious R&D, whether it's insane spoiled children in California today, or gentleman scientists at Bell Labs in the 1950s and 60s, basically requires a lot of input capital... many ideas will fail to prove their worth, and once in awhile you'll get something like the transistor.
What I was saying flew right over your head, didn't it? All that education, and you never learned a thing.
Don't worry about it, the stuff they talk about at TED obviously doesn't apply in your life.
Google brought in a marketer who worked at "Calvin Klein, Swatch, Coach, The Gap, Old Navy," etc. And now I think Tony Fadell is now at the top of the project's leadership.
That fits with the biggest criticism of Google Glass $1500 edition.
The inventor of Google Glass either left Google or was asked to leave. But, in either case, I don't see how that fits this narrative.
Sounds like he might not have been a good fit for the fail and try again culture.
I'm fairly sure your friend's project wasn't a fail-fast investigation, but rather a sure thing development.
I think the best line in the talk was "shifting perspective is more powerful than being smart, if you're coming at an established problem from an established approach, you're competing with all the other smart people who came before you, and that's a terrible place to be competitively." So, what do they do? They try unusual approaches, they fail, they try again, they fail better next time, and most importantly: they identify when they fail to free up resources to try something else.
Yes, it's a deep pockets approach, a lot like Vulture Capital investing, but without the traditional conservative threats of hellfire and damnation when you fail - as most people do most of the time in this type of R&D. VCs praise serial success stories, just like Wall Street glorifies analysts who have gotten it right the past 3 consecutive years... most of these people fail to realize that luck plays into success more than skill - not that you don't need skill to succeed, but simply that luck is a better component.
In an organization like X, they'll have other methods to identify and reward skill besides successful productization of lunatic ideas. As they stressed in the article, identifying objective evidence of failure early in an approach is a valuable skill.
Safe pointers have been available in C++ libraries for ~10 years now.
But Java is shit, and anything that compiles to JVM bytecode is going to have in indelible odor to it.
What I don't understand is: in today's landscape, why we can't use C++ and C++ style derivatives for compiled code (cross compiled to many platforms), and then for interpreted needs use javascript, python, or whatever floats your boat on top? You can call the C objective, sharp, or what you like, but compiled object oriented code will be just that, and garbage collected, interpreted, "script" will be what it is.
Java was an interesting concept, in 1999. It quit being interesting about the time that browsers all shut it down as a security risk, or when it got purchased by Oracle, depending on your perspective.
This is why I post on /. early in the morning, instead of doing work that matters. Thanks. I'll document my math this way:
44.1KHz * 30 seconds = 1.323M samples to store.
16 bits per sample, stereo, so 42.336MBit required, round to 48Mbit of storage, 6MBytes - so that math makes $144, after coffee time. (yes, two ticks up from 1 on a log scale graph is 3...)
I guess that roughly adds up, full PC systems built in 1993 were shipping with 4 or 8MBytes of RAM (even in 1987 my workstation had 640Kbytes, all you'll ever need),
Maybe back in the day I was wishing for 10 seconds of buffer ($48) instead of the 2 (or less) that they were providing. It's been awhile.
1993 DRAM costs were ~$2/Mbit, so ~$8 for 4MByte. I suppose I was remembering 1997 or so pricing before they finally started putting in decent sized buffers, and a whole CD/MP3 player unit sold for less than $100 retail.
http://phe.rockefeller.edu/Log...
Still, call it $30 system cost - in a 10 disc CD changer that retailed for $900+ they couldn't increase system cost by 3% of retail to have a player that doesn't skip?