Or even better than switching users, install something like VirtualBox and install the OS of your choice on that, then create a snapshot of your clean OS installation. Disable auto-run for flash drives in your parent OS.
When someone asks to borrow your machine, run the virtual machine, make it full-screen and let them do whatever they want. When they're finished, restore to the snapshot of the clean installation.
Very minimal risk of your main OS being compromised by malware, and no access to your files and browsing history, unless they figure out how to get out of it - but even then I assume you'll be with your machine at all times to monitor usage. Otherwise, as the rest of the thread says, run virtualbox in a different user account to stop access to your files.
Amen to that. I think we will see this happen gradually, but the market for this sort of thing is too limited to be targeted directly by the mainstream hardware producers; most customers want to buy something that they can turn on and just works. Also bear in mind that if you can customise it too much, you won't need to upgrade to the next version of the hardware or software so quickly.
No love, not yet anyway. Microsoft paid heavily ($50 million?) for DLC exclusivity on the xbox; doubt they're going to let it out onto other platforms in the foreseeable future.
I think your comparison is a bit flawed, as half the backup box problems can also be applied to the DVD (data corruption, police raid, BSA, theft etc).
But you're also ignoring the fact that I said use both anyway. Security of data through depth of solution.
You're misreading my post, because that was exactly my point:
"Certainly keep weekly/monthly off-site offline backups as well, just in case, but I think it's wrong to say you can't have a reasonable expectation for the reliability of an online backup box."
And by not allowing access into the backup box by anyone other than the sysadmin who has the key, you're hardly centralising your assets - there is a very clear division between your primary and backup machines which would be non-trivial for a hacker to overcome.
Sorry, I think we might be talking at cross purposes. You said "why take the risk", and my point was that there was a reason to have an online backup box, namely that by automating it you can avoid any issues such as human holidays or disasters making the data centre inaccessible etc. It's also likely to be faster and easier to restore from an online backup, especially if you don't have little or no physical access to the machines (ie co-located or rented dedicated in a DC in another county or country).
I certainly didn't suggest that you should use online without any offline backup. Like I said, there's a reasonable expectation that online can be secured, and a reasonable expectation that offline can be relied upon, but you have nothing to lose by running both together.
Sorry, I meant that access by key with passphrase would be a corporate policy - it is just one quick command to strip a passphrase from a key, but if only the sysadmin and company director have the key, and both understand the risks of removing the passphrase (or writing the passphrase down on a tag attached to the usb key...), you'd probably be fine.
Uh, because it's totally impractical to ship off a backup tape every hour?
Of course it would depend on your data, but I'd say it was worthwhile being able to back up data at regular intervals at all times of the day, regardless of whether the person in charge is busy with his TPS reports / off sick that week etc.
If you read my post carefully, you'll also see that I said your online backup should also have an offline backup, just in case.
There are problems with shipping tapes offsite (tapes may have write/develop errors, or may get lost in transit etc), so you can't say that's a foolproof solution either.
If no single solution is 100% guaranteed, use multiple solutions to cover different risks.
Err, you'll need to run some kind of service on that machine to allow you to manage it remotely, as it's off-site. Even if the only thing it ever does is connect out, I'd still want to make sure it was patched regularly.
Backup box has SSH daemon with only access by key with passphrase. The only person who needs that key is the system administrator; put it on two USB keys, one held by the sysadmin, one stored in a safe place off-site.
As you said, the backup box will then use SSH clients to access the servers - which is exactly what I said in the first place...
I don't think anyone would disagree that the backup machine has to be at a separate location, but you and the gp poster are saying it's somehow risky if it's internet connected. You should be fine provided:
* the backup box only runs an up-to-date SSH server with key-based access * it's hidden behind a firewall and/or port knocking * it connects out to the primary server to initiate the backup and pull the data (rather than the other way around) * you make incremental backups
That way when your primary machine is compromised, all they can do is corrupt your live data, and your backups from that date.
Certainly keep weekly/monthly off-site offline backups as well, just in case, but I think it's wrong to say you can't have a reasonable expectation for the reliability of an online backup box.
After all, plenty of things can go wrong with offline backups, but there's a reasonable expectation that they will be fine.
Spot on with Judge Judy - I meant the way there are no lawyers and the people just present the facts, rather than the way she shouts them down and makes a seemingly arbitrary decision based on little more than whether she likes the person or not. I was certainly not suggesting we clone her in order to restock the legal system:)
No, my immediate reaction to the wikipedia article was that this could have been written a lot more clearly. The legal profession tends to use excessively verbose language to explain things, and unless you're used to dealing with it (ie a lawyer), it is difficult to decode the true meaning. I stand by my comment that the wikipedia page is a perfect example of how the constant need for the syntax of law to tie down the semantic meaning has led to legal documents being difficult for the layman to understand.
As for estoppel, my understanding based on my initial reads of the wikipedia article was that it's for the specific circumstance where Person A says something to Person B, and Person B makes a decision based on that; Person A was wrong or changes their mind, and holds Person B responsible. That would certainly seem to be covered by "Be honest" and "Honour your promises" under wealthychef's system - and those are a hell of lot easier for people to understand.
I think we've got away from the main point, which was that by writing incredibly detailed and verbose documents you cannot reliably stop people without integrity breaking the spirit of the law while you rule by the letter of the law.
There are plenty of cases where people get away with a crime due to a legal technicality. Although clearly not without issues, you can solve a lot of problems by writing relatively high-level moral guidelines and then using the integrity of a panel of impartial laymen to pass judgement, rather than by tying their hands with specific legal rules that allow someone who is clearly guilty to walk free.
Like I said, it's pretty clear you'd have to go into a bit more detail. "Do not kill" would have sub-clauses like "Intending to kill someone is worse than accidentally killing someone", "Killing in self defence may be warranted, depending on circumstances" etc.
The point is that rather than explicitly going into details, morals that the government/judicial system holds the population to are described in simple terms, and the details are decided by the judge and jury. Judgements are based on the facts, a handful of moral points, and what seems right.
Think Judge Judy, only without the attitude, and with a jury to avoid individual bias. Like I alluded to, the challenge would be to figure out how to avoid social bias - but the principle of the idea does appeal to me.
As an aside, I'd never heard of estoppel. I went to the wikipedia page to find out more, and I'm still not much clearer. It seems a perfect example of how the feedback loop in the legal system has made the system too closed to the layman. It seemed to be using very verbose language to lay down the details of a specific circumstance, which could just be handled by saying "Be honest" and "Honour your promises", and leaving the details of a judgement to the people listening to the facts.
I may have misunderstood, but I think wealthychef was suggesting simple clear rules should be applied to everyone by people with integrity, rather than hoping everyone will have integrity.
Rather than having to explicitly cover every little corner of human nature in laws, you have simple guidelines (don't kill, don't steal etc), and leave it down to a panel (ie a judge and jury) to decide whether the actions of the defendant were right or wrong, based on the guidelines set down.
It's pretty clear you'd have to go into a bit more detail than "do not kill", and some work would need to be done figuring out how to ensure consistency etc, but I like the idea in principle.
It was clearly sarcastic, both on its own and in the wider context of my full comment. I even went so far as to add an ellipses. It's not my fault the internet is awash with stupid people.
While on the subject, linking to an xkcd post is not clever either, especially as that particular one has nothing to do with sarcasm or my ability to communicate; it is about how using a play on words to trick someone into giving an incorrect answer purely for you to correct them does not prove your intellectual superiority, whereas sarcasm is merely about humour and irony, hiding insults within praise.
Wow, that's pretty special, but sadly not surprising. I've noticed that sort of thing on my girlfriends trashy magazines - front page headline quotes often completely opposite to what the person says in the "articles" inside.
My feeling is that this apparent reluctance to get to the truth is industry-wide; you only have to look at the number of times you read something that's later proven to be entirely fictional, or read a story about a story about a quote, written fourth-hand by a journalist who paraphrased a paraphrased story on a wire service, only to find later that the quote was a poorly-translated sentence fragment that actually meant something completely different when taken in context.
When a registered medical doctor stands up in public and says "MMR is dangerous: 2/3 children who get autism get it due to MMR (based on my sample group of 12 people)", and that story is then carried on the front page of irresponsible newspapers, his peers *should* be standing up and attacking his credibility.
Any scientist worth their salt knows that correlation is not causation, and assumptions cannot be made on a sample group of 12. For any scientist to stand up and claim something so important and dangerous based on the facts before him defies belief - either he was incredibly incompetent, or incredibly motivated to come to the conclusion he had drawn. It turned out to be financial motivation that made him suppress the facts, but either way it had turned out, it was incumbent on his peers to discredit him as quickly as possible. Without contradictory investigations, it had nowhere to go other than a personal attack on the man and his methods. And I say fair enough.
Unfortunately it was too juicy a story for the facts to get in the way, so paranoia and sensational headlines meant the story dragged on for years, largely ignoring the many subsequent investigations that disproved Wakefield. This has led to a lot of fud amongst the general public, and has clearly had an effect on immunisation rates.
That is somewhat different to people saying "We've made a scientific breakthrough", others saying "Oh, really, thought that was impossible, let's have a look", then "Ah, yes, see, you're wrong". It's not as if the public would have gone out and gambled their lives on whether or not cold fusion was possible.
I've taken it a step further - I don't trust anything a reporter says about anything. If we know they're inaccurate or just plain lying about stories in a sphere we understand, they're probably doing it about other things as well.
It seems they're like UK parliamentary ministers - usually thrown into an area they have no understanding of or experience in, purely because they've worked their way up and made friends with the right people, and it's about time they were given a position with appropriate power and salary.
Irrelevant - any good journalist knows that 33% is statistically insignificant...
It really frustrates me whenever the media do a science story, especially one regarding medicine. In their desperation to focus on the human angle and "won't anybody think of the children" - and of course, increase number of readers - they completely ignore any basic scientific analysis.
A classic example was the MMR-gives-you-autism scare - they make a sensational headline from a report without investigating the background of Wakefield (the author who made the public statement that started it - he received money from lawyers trying to build a case), without giving any consideration to the statistical significance of his findings (the paper looked at 12 patients), and completely ignoring the fact that the paper said it couldn't link MMR to autism. Even though it has now been proven that there is no link, the doubt lives on in the public mind.
Perhaps this is due to scientific journalists having no real understanding of science. Perhaps they do, but have a better understanding of how their job depends on selling a story. Either way, they must take more responsibility for their power over the public.
Returning to the MMR story, Wakefield has been widely discredited and hauled in front of the GMC and could be struck off. Meanwhile, what has happened to the journalists who built the story into the frenzy that led to measles and mumps outbreaks in the UK? Nothing - they're still writing stories like this.
And you may notice that you missed my point. Not that I particularly agree with my point; the new prisons will not house nearly enough people to make any sizeable dent in the unemployment figures. For that, we have to employ them in local government.
"Your local council is now hiring: chief executive bathroom attendant, PA to the chief executive bathroom attendant, researchers for the chief executive bathroom attendant, bathroom assistants, bathroom assistant managers, bathroom assistant manager rota managers, bathroom secretaries, and bathroom technicians, all for the ground floor male toilets. For the ground floor female toilets we are looking for..."
Err... there's a big difference between trolling and sarcasm. Oh well, at least you didn't have mod points like the idiot mod who marked my great-grandparent post as flamebait.
Slashdot Mirror
Well with the bandwidth bill they'll have after this little venture, I don't think you'll have to worry about them for too long.
Or even better than switching users, install something like VirtualBox and install the OS of your choice on that, then create a snapshot of your clean OS installation. Disable auto-run for flash drives in your parent OS.
When someone asks to borrow your machine, run the virtual machine, make it full-screen and let them do whatever they want. When they're finished, restore to the snapshot of the clean installation.
Very minimal risk of your main OS being compromised by malware, and no access to your files and browsing history, unless they figure out how to get out of it - but even then I assume you'll be with your machine at all times to monitor usage. Otherwise, as the rest of the thread says, run virtualbox in a different user account to stop access to your files.
Amen to that. I think we will see this happen gradually, but the market for this sort of thing is too limited to be targeted directly by the mainstream hardware producers; most customers want to buy something that they can turn on and just works. Also bear in mind that if you can customise it too much, you won't need to upgrade to the next version of the hardware or software so quickly.
No love, not yet anyway. Microsoft paid heavily ($50 million?) for DLC exclusivity on the xbox; doubt they're going to let it out onto other platforms in the foreseeable future.
I think your comparison is a bit flawed, as half the backup box problems can also be applied to the DVD (data corruption, police raid, BSA, theft etc).
But you're also ignoring the fact that I said use both anyway. Security of data through depth of solution.
Ooh, spot the double negative! That'll teach me to not proof-read my comments ;)
You're misreading my post, because that was exactly my point:
"Certainly keep weekly/monthly off-site offline backups as well, just in case, but I think it's wrong to say you can't have a reasonable expectation for the reliability of an online backup box."
And by not allowing access into the backup box by anyone other than the sysadmin who has the key, you're hardly centralising your assets - there is a very clear division between your primary and backup machines which would be non-trivial for a hacker to overcome.
Sorry, I think we might be talking at cross purposes. You said "why take the risk", and my point was that there was a reason to have an online backup box, namely that by automating it you can avoid any issues such as human holidays or disasters making the data centre inaccessible etc. It's also likely to be faster and easier to restore from an online backup, especially if you don't have little or no physical access to the machines (ie co-located or rented dedicated in a DC in another county or country).
I certainly didn't suggest that you should use online without any offline backup. Like I said, there's a reasonable expectation that online can be secured, and a reasonable expectation that offline can be relied upon, but you have nothing to lose by running both together.
Sorry, I meant that access by key with passphrase would be a corporate policy - it is just one quick command to strip a passphrase from a key, but if only the sysadmin and company director have the key, and both understand the risks of removing the passphrase (or writing the passphrase down on a tag attached to the usb key...), you'd probably be fine.
Uh, because it's totally impractical to ship off a backup tape every hour?
Of course it would depend on your data, but I'd say it was worthwhile being able to back up data at regular intervals at all times of the day, regardless of whether the person in charge is busy with his TPS reports / off sick that week etc.
If you read my post carefully, you'll also see that I said your online backup should also have an offline backup, just in case.
There are problems with shipping tapes offsite (tapes may have write/develop errors, or may get lost in transit etc), so you can't say that's a foolproof solution either.
If no single solution is 100% guaranteed, use multiple solutions to cover different risks.
Err, you'll need to run some kind of service on that machine to allow you to manage it remotely, as it's off-site. Even if the only thing it ever does is connect out, I'd still want to make sure it was patched regularly.
Backup box has SSH daemon with only access by key with passphrase. The only person who needs that key is the system administrator; put it on two USB keys, one held by the sysadmin, one stored in a safe place off-site.
As you said, the backup box will then use SSH clients to access the servers - which is exactly what I said in the first place...
I don't think anyone would disagree that the backup machine has to be at a separate location, but you and the gp poster are saying it's somehow risky if it's internet connected. You should be fine provided:
* the backup box only runs an up-to-date SSH server with key-based access
* it's hidden behind a firewall and/or port knocking
* it connects out to the primary server to initiate the backup and pull the data (rather than the other way around)
* you make incremental backups
That way when your primary machine is compromised, all they can do is corrupt your live data, and your backups from that date.
Certainly keep weekly/monthly off-site offline backups as well, just in case, but I think it's wrong to say you can't have a reasonable expectation for the reliability of an online backup box.
After all, plenty of things can go wrong with offline backups, but there's a reasonable expectation that they will be fine.
Spot on with Judge Judy - I meant the way there are no lawyers and the people just present the facts, rather than the way she shouts them down and makes a seemingly arbitrary decision based on little more than whether she likes the person or not. I was certainly not suggesting we clone her in order to restock the legal system :)
No, my immediate reaction to the wikipedia article was that this could have been written a lot more clearly. The legal profession tends to use excessively verbose language to explain things, and unless you're used to dealing with it (ie a lawyer), it is difficult to decode the true meaning. I stand by my comment that the wikipedia page is a perfect example of how the constant need for the syntax of law to tie down the semantic meaning has led to legal documents being difficult for the layman to understand.
As for estoppel, my understanding based on my initial reads of the wikipedia article was that it's for the specific circumstance where Person A says something to Person B, and Person B makes a decision based on that; Person A was wrong or changes their mind, and holds Person B responsible. That would certainly seem to be covered by "Be honest" and "Honour your promises" under wealthychef's system - and those are a hell of lot easier for people to understand.
I think we've got away from the main point, which was that by writing incredibly detailed and verbose documents you cannot reliably stop people without integrity breaking the spirit of the law while you rule by the letter of the law.
There are plenty of cases where people get away with a crime due to a legal technicality. Although clearly not without issues, you can solve a lot of problems by writing relatively high-level moral guidelines and then using the integrity of a panel of impartial laymen to pass judgement, rather than by tying their hands with specific legal rules that allow someone who is clearly guilty to walk free.
Like I said, it's pretty clear you'd have to go into a bit more detail. "Do not kill" would have sub-clauses like "Intending to kill someone is worse than accidentally killing someone", "Killing in self defence may be warranted, depending on circumstances" etc.
The point is that rather than explicitly going into details, morals that the government/judicial system holds the population to are described in simple terms, and the details are decided by the judge and jury. Judgements are based on the facts, a handful of moral points, and what seems right.
Think Judge Judy, only without the attitude, and with a jury to avoid individual bias. Like I alluded to, the challenge would be to figure out how to avoid social bias - but the principle of the idea does appeal to me.
As an aside, I'd never heard of estoppel. I went to the wikipedia page to find out more, and I'm still not much clearer. It seems a perfect example of how the feedback loop in the legal system has made the system too closed to the layman. It seemed to be using very verbose language to lay down the details of a specific circumstance, which could just be handled by saying "Be honest" and "Honour your promises", and leaving the details of a judgement to the people listening to the facts.
I may have misunderstood, but I think wealthychef was suggesting simple clear rules should be applied to everyone by people with integrity, rather than hoping everyone will have integrity.
Rather than having to explicitly cover every little corner of human nature in laws, you have simple guidelines (don't kill, don't steal etc), and leave it down to a panel (ie a judge and jury) to decide whether the actions of the defendant were right or wrong, based on the guidelines set down.
It's pretty clear you'd have to go into a bit more detail than "do not kill", and some work would need to be done figuring out how to ensure consistency etc, but I like the idea in principle.
It was clearly sarcastic, both on its own and in the wider context of my full comment. I even went so far as to add an ellipses. It's not my fault the internet is awash with stupid people.
While on the subject, linking to an xkcd post is not clever either, especially as that particular one has nothing to do with sarcasm or my ability to communicate; it is about how using a play on words to trick someone into giving an incorrect answer purely for you to correct them does not prove your intellectual superiority, whereas sarcasm is merely about humour and irony, hiding insults within praise.
Wow, that's pretty special, but sadly not surprising. I've noticed that sort of thing on my girlfriends trashy magazines - front page headline quotes often completely opposite to what the person says in the "articles" inside.
My feeling is that this apparent reluctance to get to the truth is industry-wide; you only have to look at the number of times you read something that's later proven to be entirely fictional, or read a story about a story about a quote, written fourth-hand by a journalist who paraphrased a paraphrased story on a wire service, only to find later that the quote was a poorly-translated sentence fragment that actually meant something completely different when taken in context.
When a registered medical doctor stands up in public and says "MMR is dangerous: 2/3 children who get autism get it due to MMR (based on my sample group of 12 people)", and that story is then carried on the front page of irresponsible newspapers, his peers *should* be standing up and attacking his credibility.
Any scientist worth their salt knows that correlation is not causation, and assumptions cannot be made on a sample group of 12. For any scientist to stand up and claim something so important and dangerous based on the facts before him defies belief - either he was incredibly incompetent, or incredibly motivated to come to the conclusion he had drawn. It turned out to be financial motivation that made him suppress the facts, but either way it had turned out, it was incumbent on his peers to discredit him as quickly as possible. Without contradictory investigations, it had nowhere to go other than a personal attack on the man and his methods. And I say fair enough.
Unfortunately it was too juicy a story for the facts to get in the way, so paranoia and sensational headlines meant the story dragged on for years, largely ignoring the many subsequent investigations that disproved Wakefield. This has led to a lot of fud amongst the general public, and has clearly had an effect on immunisation rates.
That is somewhat different to people saying "We've made a scientific breakthrough", others saying "Oh, really, thought that was impossible, let's have a look", then "Ah, yes, see, you're wrong". It's not as if the public would have gone out and gambled their lives on whether or not cold fusion was possible.
Wow, ok, so: http://dictionary.reference.com/dic?q=sarcasm
I've taken it a step further - I don't trust anything a reporter says about anything. If we know they're inaccurate or just plain lying about stories in a sphere we understand, they're probably doing it about other things as well.
It seems they're like UK parliamentary ministers - usually thrown into an area they have no understanding of or experience in, purely because they've worked their way up and made friends with the right people, and it's about time they were given a position with appropriate power and salary.
Irrelevant - any good journalist knows that 33% is statistically insignificant...
It really frustrates me whenever the media do a science story, especially one regarding medicine. In their desperation to focus on the human angle and "won't anybody think of the children" - and of course, increase number of readers - they completely ignore any basic scientific analysis.
A classic example was the MMR-gives-you-autism scare - they make a sensational headline from a report without investigating the background of Wakefield (the author who made the public statement that started it - he received money from lawyers trying to build a case), without giving any consideration to the statistical significance of his findings (the paper looked at 12 patients), and completely ignoring the fact that the paper said it couldn't link MMR to autism. Even though it has now been proven that there is no link, the doubt lives on in the public mind.
Perhaps this is due to scientific journalists having no real understanding of science. Perhaps they do, but have a better understanding of how their job depends on selling a story. Either way, they must take more responsibility for their power over the public.
Returning to the MMR story, Wakefield has been widely discredited and hauled in front of the GMC and could be struck off. Meanwhile, what has happened to the journalists who built the story into the frenzy that led to measles and mumps outbreaks in the UK? Nothing - they're still writing stories like this.
If they start doing that, we'll just have to ban encrypted communication. One way or another, we have to protect the children!
My grasp of history is poor, but even I know that the internet didn't exist in the 18th century.
However, I do know that you still owe us around half a million pounds for destroying our tea (adjusted for inflation, of course).
Well gosh. That is a shocker.
And you may notice that you missed my point. Not that I particularly agree with my point; the new prisons will not house nearly enough people to make any sizeable dent in the unemployment figures. For that, we have to employ them in local government.
"Your local council is now hiring: chief executive bathroom attendant, PA to the chief executive bathroom attendant, researchers for the chief executive bathroom attendant, bathroom assistants, bathroom assistant managers, bathroom assistant manager rota managers, bathroom secretaries, and bathroom technicians, all for the ground floor male toilets. For the ground floor female toilets we are looking for..."
Err... there's a big difference between trolling and sarcasm. Oh well, at least you didn't have mod points like the idiot mod who marked my great-grandparent post as flamebait.