What do you mean I paid for cracked Windows? The CDs with cracked Windows and other soft are being sold in millions of copies right now.
The computers, which run these non-updateable non-patchable cracked OSs, can be used by about any criminal group or any intelligence service, who manage to install an exe with a spy software. What is not that difficult snce there are vulnerabilities, which are, well, not patched. I think the PCs in the FSU is the "playground" for many international criminal groups and intelligence services.
It is sort of a half-official free version of an OS, when one wants to move to the "full" paid version, which is updated and secure, one buys the official DVD.
The problem is that there are hundreds of millions of PCs with theses cracked OSs, which practically destroy the Internet with DDoS, trojans, spam, etc. But is it not a good thing for a company which is being damaged by the Internet development, which rely on the Desktop?
By the way, these DDoS attacks coming from the IPs in Russia and FSU could be originated from anywhere. Because the PCs in these parts, which run non-updateable non-patchable Windows, are easy prey for any malicious individual or group around the world.
What I mean is that this problem is of a commercial origin, non political. In the past even cracked versions of Windows could be updated via Windows update, but now there is the authenticity check. And if the OS is not authentic - highway.
Windows was made on purpose to be easily crackable and was updated in those years to make it spread around the world. Now they stopped updating the cracked OS installations, in hope that people like me, who need a PC for work, will search and buy the authentic Windows DVD. Bu it left a huge immense base of un-patched PCs.
A lot of computers in Russia run cracked version of Windows. I do not know the exact figure, but I would think 99%. A CD with a cracked Windows, PhotoShop, AutoCad, etc. costs about USD 3.- at a street market. The same is for other countries of the FSU.
So what is installed from these CDs is anybody's guess. No need even to infect, a hidden program may come right from an installation CD. The groups that crack Windows sometimes even write their own copyright notice on CDs.
The disk with an authentic Windows is possible to buy only in large cities. Very few shops sell authentic Windows DVD, as they seem to be too expensive for majority of users. I could find out and buy there only a "gray" OEM Windows Vista Russian version for an equivalent of several hundred USD.
No need to say that these Windows installations do not update via Windows update. WTO makes Russian government to fight cracked software. So sometimes militiamen come to the places, where cracked software is sold and break DVDs and CDs. Then these markets just move into more obscure places.
So what have we got? Millions and millions of PCs, which run OS that cannot be patched or updated. So, guess what, these millions PCs neither patched, not updated.
Whose fault is this? When I try to use an alternative OS, like Linux, a lot of scanners, USB devices, video-cards, etc. just do not work, as drivers either non-existent or bad, made by rear-engineering. Because the hardware vendors provide drivers only for 1 and only OS.
Now we blame Russia for DDoS attacks. But what Russian government can do? Can it lower the price on the monopoly OS? Can it write drivers for peripheral devices so that people move away from the mono-OS culture?
It is easy to blame people in Eastern Europe for being of criminal persuasion, but for an average PC user in that parts there is absolutely no choice. Even if someone wants to buy the legal OS or software there are no shops which sell such, but the cracked soft is sold on every corner. Why is it so easy to crack by the way, if there is strong encryption around?
So someone imposed the worldwide OS monopoly of easily cracked software via convoluted drivers policies. The cracked versions of this software are easily infected as they do not update. Hundreds of millions of PCs run this s*** and the blame is on the Russian government and "bad" people of the East, of course.
The problem with this approach is that there are hiring managers who may think that taking part in, say, sport competition is bad. I personally encountered such a case. The man told me that he needs someone who will go out and drink with clients. He needed someone with drinking habits, believe it or not. Go figure...
One can make life easier for an employer by providing in a cover letter links to a good stuff. For example, participating in a sport competition usually leads to the name appearing in the web list with results. Participating, say, in a photography exhibition provides a link to the web version of this exhibition. The same about conferences, seminars, etc.
Or a link to the page with all one's training certificates on own website (if this link is obscure no one except the intended audience will see them).
I would say not a fake stuff, but take care that there is real serious good stuff on Internet and have the links ready.
Really? What is cheaper and more effective? To cover a soldier with a body armor 100%, covering every slightest hole, or just make him immortal? It is impossible to make 100% secure web application, but to make it re-installable on a short notice from back-up is quite possible.
What wrong in advice to use the Vernam encryption algorithm? It is 100% secure. It's proven in sort of a mathematical theorem. In some cases it is just what's needed. And it's not that difficult to implement it in PHP-JavaScript.
I would add as a security measure to be able to reinstall a web application from a recent backup immediately. Any place, any time, on a very short notice. Just have the recent backup ready to upload. Or even several of them, if one for some reason is corrupted.
I experienced an SQL attack which destroyed one of MySQL tables. I reinstalled it from backup and corrected the breach a month later. I mean a hacker most probably will not be watching your website day and night and attack it as soon as it is back online. Have it up online from a backup and correct the security issue later.
I would also question the mantra "security by obscurity". Sort of, never use home-made encryption, as it is "security by obscurity", use instead 3 or 4 existing implementations of encryption. Then I read about Vernam's algorithm http://en.wikipedia.org/wiki/One_time_pad . I tried to implement it in PHP and JavaScript. It is like 25 lines of code. And it is mathematically absolutely secure. What I think is that an existing encryption solution, which contains thousands lines of a convoluted code, may as well contain a hidden backdoor. While if one understands the mathematical model of an encryption algorithm and implement it himself, it makes it probably more reliable. I trust mathematics more then a vendor, even if seemingly reputable.
I mean they listen to phone conversations (it's the fact), would not it be a thing to expect that they read encrypted strings? I have nothing against it, until these eavesdropping capabilities diffuse to petty tugs next door.
If only the US leaders and population could listen to the lessons of history and could move at long last from the archaic imperial measurement system to the scientific metric system. As bible teaches us building a technology house on the quick sand foundation of the medieval imperial measurement system is not right. There should be the unified standard scientific metric system of measurements.
Otherwise we will have what we have now, dropping from the sky aircraft, hanging PCs, global economical crisis. When the foundation is not right, nothing is right. What Barak is waiting for?
He kept all on one hard disk? Even I know that it is wrong. I presented my spouse a PC on her birthday with the hard disk of 500 GB, I mean it s not that hard to back up 500 GB nowadays.
You know what? Iranians, Brits, Koreans, etc. all this division was created by the geographical barriers, which are disappearing due to transport and communication technology. So the differences will be untraceable sooner than one might expect.
But we shall not destroy the planet with nukes until then. That was my point.
Why did they go into the Atlantic in the first place? To hunt Somalian pirates? To frighten poor Ukrainian and Russian peasants? To fight spam and phishing problems, which are overwhelming the civilization? What do the want to solve with the nuclear ballistic rockets??
At least it could be one submarine there. But why they swarming in the ocean to the point of collisions? In this economic situation I would not think it is a good way of spending our money.
I agree. I would make the basic computer security as a part of the school curriculum. We teach children about penguins in Arctics, but not about what will be an essential part of their daily life (not that I am against penguins).
Any door can be broken with a sledgehammer and an oxygen torch. It is not the door that protects. It is people inside and outside, and also the moral and written laws, which make the door work.
Training police around the world, international effort, WTU-world telecommunication union, UN, Interpol, legislature update in all 200 countries, this is what will make the network more secure. And also eradicating the reasons of crime.
I realize that this particular robot cannot fly without air. What I meant is that small robotized machines can research hostile places better, cheaper and faster. They can be sent to the planet by rocket 100 times smaller that needed for a human to fly. And they do not need air to breath.
Sending bills by snail mail to a house is not safe, as in case of absence, the snail mail accumulates in the mailbox well indicating that the house is not occupied.
This system came from 50s when people did not lock the houses and did not care about personal security. But now it is the main breach in personal security.
Tell the mailman to suspend the snail mail delivery? To a mailman with a petty salary and a lot of pals in the neighborhood? It is even more unsafe.
Scaling when a hard disk was 6MB was a serious matter. But scaling when HD is 10 TB, when server has got 4 processor, 12 GB RAM. How many websites are there to overwhelm such a server?
Fix with a construction foam all holes where a rat may get through. A general rule is if one can put a finger through a hole - a rat can get through. One may put a part of a stainless steel scrub for washing dishes into a hole before filling it with a foam.
Well, then we are to remake C compiler. It will not be "C" anymore by the way. But why we should build our OS with Latin keywords? If one tries to write in Latin, instead of Cyrillic, letters at Russian forums, it results in a ban. It is not the state, people themselves are seek of seeing Latin characters.
Or when I write an application for Russian audience I make a special effort not to have a single Latin letter visible. Cyrillic alphabet is our identity, our culture. We should develop it first of all.
I do not see any difference why it should not be the same in an OS. Russian government should organize multibillion effort, and we are to build our OS right.
I think the task of policing the network is of, well, the police, Interpol, UN WTU world telecommunication union, but not by a small secret army unit.
We do need a protection of our websites and services, but not by a small secret army unit.
What we need is training the civil police in every country, in every city, in every village all over the world to take care of vandals, extortionists, etc. by an organized international effort. With the participation of the programmers' community.
Instead they invented the wheel again, a small isolated secret unit. Instead of the global work, which is indeed to be done, they do nothing and cover it up by a pseudo-news.
Slashdot Mirror
The computers, which run these non-updateable non-patchable cracked OSs, can be used by about any criminal group or any intelligence service, who manage to install an exe with a spy software. What is not that difficult snce there are vulnerabilities, which are, well, not patched. I think the PCs in the FSU is the "playground" for many international criminal groups and intelligence services.
It is sort of a half-official free version of an OS, when one wants to move to the "full" paid version, which is updated and secure, one buys the official DVD.
The problem is that there are hundreds of millions of PCs with theses cracked OSs, which practically destroy the Internet with DDoS, trojans, spam, etc. But is it not a good thing for a company which is being damaged by the Internet development, which rely on the Desktop?
What I mean is that this problem is of a commercial origin, non political. In the past even cracked versions of Windows could be updated via Windows update, but now there is the authenticity check. And if the OS is not authentic - highway.
Windows was made on purpose to be easily crackable and was updated in those years to make it spread around the world. Now they stopped updating the cracked OS installations, in hope that people like me, who need a PC for work, will search and buy the authentic Windows DVD. Bu it left a huge immense base of un-patched PCs.
This is the real origin of this problem.
So what is installed from these CDs is anybody's guess. No need even to infect, a hidden program may come right from an installation CD. The groups that crack Windows sometimes even write their own copyright notice on CDs.
The disk with an authentic Windows is possible to buy only in large cities. Very few shops sell authentic Windows DVD, as they seem to be too expensive for majority of users. I could find out and buy there only a "gray" OEM Windows Vista Russian version for an equivalent of several hundred USD.
No need to say that these Windows installations do not update via Windows update. WTO makes Russian government to fight cracked software. So sometimes militiamen come to the places, where cracked software is sold and break DVDs and CDs. Then these markets just move into more obscure places.
So what have we got? Millions and millions of PCs, which run OS that cannot be patched or updated. So, guess what, these millions PCs neither patched, not updated.
Whose fault is this? When I try to use an alternative OS, like Linux, a lot of scanners, USB devices, video-cards, etc. just do not work, as drivers either non-existent or bad, made by rear-engineering. Because the hardware vendors provide drivers only for 1 and only OS.
Now we blame Russia for DDoS attacks. But what Russian government can do? Can it lower the price on the monopoly OS? Can it write drivers for peripheral devices so that people move away from the mono-OS culture?
It is easy to blame people in Eastern Europe for being of criminal persuasion, but for an average PC user in that parts there is absolutely no choice. Even if someone wants to buy the legal OS or software there are no shops which sell such, but the cracked soft is sold on every corner. Why is it so easy to crack by the way, if there is strong encryption around?
So someone imposed the worldwide OS monopoly of easily cracked software via convoluted drivers policies. The cracked versions of this software are easily infected as they do not update. Hundreds of millions of PCs run this s*** and the blame is on the Russian government and "bad" people of the East, of course.
The problem with this approach is that there are hiring managers who may think that taking part in, say, sport competition is bad. I personally encountered such a case. The man told me that he needs someone who will go out and drink with clients. He needed someone with drinking habits, believe it or not. Go figure...
One can make life easier for an employer by providing in a cover letter links to a good stuff. For example, participating in a sport competition usually leads to the name appearing in the web list with results. Participating, say, in a photography exhibition provides a link to the web version of this exhibition. The same about conferences, seminars, etc.
Or a link to the page with all one's training certificates on own website (if this link is obscure no one except the intended audience will see them).
I would say not a fake stuff, but take care that there is real serious good stuff on Internet and have the links ready.
What wrong in advice to use the Vernam encryption algorithm? It is 100% secure. It's proven in sort of a mathematical theorem. In some cases it is just what's needed. And it's not that difficult to implement it in PHP-JavaScript.
I would add as a security measure to be able to reinstall a web application from a recent backup immediately. Any place, any time, on a very short notice. Just have the recent backup ready to upload. Or even several of them, if one for some reason is corrupted.
I experienced an SQL attack which destroyed one of MySQL tables. I reinstalled it from backup and corrected the breach a month later. I mean a hacker most probably will not be watching your website day and night and attack it as soon as it is back online. Have it up online from a backup and correct the security issue later.
I would also question the mantra "security by obscurity". Sort of, never use home-made encryption, as it is "security by obscurity", use instead 3 or 4 existing implementations of encryption. Then I read about Vernam's algorithm http://en.wikipedia.org/wiki/One_time_pad . I tried to implement it in PHP and JavaScript. It is like 25 lines of code. And it is mathematically absolutely secure. What I think is that an existing encryption solution, which contains thousands lines of a convoluted code, may as well contain a hidden backdoor. While if one understands the mathematical model of an encryption algorithm and implement it himself, it makes it probably more reliable. I trust mathematics more then a vendor, even if seemingly reputable.
I mean they listen to phone conversations (it's the fact), would not it be a thing to expect that they read encrypted strings? I have nothing against it, until these eavesdropping capabilities diffuse to petty tugs next door.
Otherwise we will have what we have now, dropping from the sky aircraft, hanging PCs, global economical crisis. When the foundation is not right, nothing is right. What Barak is waiting for?
He kept all on one hard disk? Even I know that it is wrong. I presented my spouse a PC on her birthday with the hard disk of 500 GB, I mean it s not that hard to back up 500 GB nowadays.
You know what? Iranians, Brits, Koreans, etc. all this division was created by the geographical barriers, which are disappearing due to transport and communication technology. So the differences will be untraceable sooner than one might expect.
But we shall not destroy the planet with nukes until then. That was my point.
You call a boat which cannot notice such a huge object just in front of it and rams it "tough"? I would say it is a frivolous boat.
Why did they go into the Atlantic in the first place? To hunt Somalian pirates? To frighten poor Ukrainian and Russian peasants? To fight spam and phishing problems, which are overwhelming the civilization? What do the want to solve with the nuclear ballistic rockets??
At least it could be one submarine there. But why they swarming in the ocean to the point of collisions? In this economic situation I would not think it is a good way of spending our money.
But wouldn't it be a VPN?
:o) And then Web Vista.
I agree. I would make the basic computer security as a part of the school curriculum. We teach children about penguins in Arctics, but not about what will be an essential part of their daily life (not that I am against penguins).
Interesting point. Maybe it is the governments who spam the Internet to make it see insecure and unusable?
Any door can be broken with a sledgehammer and an oxygen torch. It is not the door that protects. It is people inside and outside, and also the moral and written laws, which make the door work.
Training police around the world, international effort, WTU-world telecommunication union, UN, Interpol, legislature update in all 200 countries, this is what will make the network more secure. And also eradicating the reasons of crime.
I realize that this particular robot cannot fly without air. What I meant is that small robotized machines can research hostile places better, cheaper and faster. They can be sent to the planet by rocket 100 times smaller that needed for a human to fly. And they do not need air to breath.
Why send men to where there is no air? Something like this will do the job better: http://www.draganfly.com/
Sending bills by snail mail to a house is not safe, as in case of absence, the snail mail accumulates in the mailbox well indicating that the house is not occupied.
This system came from 50s when people did not lock the houses and did not care about personal security. But now it is the main breach in personal security.
Tell the mailman to suspend the snail mail delivery? To a mailman with a petty salary and a lot of pals in the neighborhood? It is even more unsafe.
Scaling when a hard disk was 6MB was a serious matter. But scaling when HD is 10 TB, when server has got 4 processor, 12 GB RAM. How many websites are there to overwhelm such a server?
Scaling to, like, 50 TB of data? What can it be?
Fix with a construction foam all holes where a rat may get through. A general rule is if one can put a finger through a hole - a rat can get through. One may put a part of a stainless steel scrub for washing dishes into a hole before filling it with a foam.
Well, then we are to remake C compiler. It will not be "C" anymore by the way. But why we should build our OS with Latin keywords? If one tries to write in Latin, instead of Cyrillic, letters at Russian forums, it results in a ban. It is not the state, people themselves are seek of seeing Latin characters.
Or when I write an application for Russian audience I make a special effort not to have a single Latin letter visible. Cyrillic alphabet is our identity, our culture. We should develop it first of all.
I do not see any difference why it should not be the same in an OS. Russian government should organize multibillion effort, and we are to build our OS right.
Our national OS should be written in Cyrillic letters. Not a single Latin letter or word should be present in the code.
Certainly there should be a possibility to switch to a Latin keyboard, if necessary, but the OS should be in our letters, in our language.
We do need a protection of our websites and services, but not by a small secret army unit.
What we need is training the civil police in every country, in every city, in every village all over the world to take care of vandals, extortionists, etc. by an organized international effort. With the participation of the programmers' community.
Instead they invented the wheel again, a small isolated secret unit. Instead of the global work, which is indeed to be done, they do nothing and cover it up by a pseudo-news.