Posts by doublelayer 9408 publicly visible posts • joined 22 Feb 2018
Either the previous set of tapes needs to stay on site for earlier backups, it is stored in a safe inside the security door perimeter, or someone else is responsible for moving it to wherever it is going. In the last case, they probably have a similar problem though there might be some administrative level key that deactivates the weight check that the previous poster did not have available.
I think they end up with a nice scar on that part of their hand after their chips have been repeatedly inserted and removed. Either that, or they end up willing to demonstrate their appreciation for the external access token by using their previous chip and its container to smash the hand-slicer.
But the statement was about blogs. Those methods of releasing information that are often entirely self-hosted, require little in the way of data release, and can be done anonymously. I think security blogs are useful; they alert people who are not security focused about important things they should consider, while the more technical ones allow security focused people to obtain more information about specific events or research they haven't studied exhaustively. This without requiring the editing. that would be needed if these posts were to be published on a news site. I fail to see the security vulnerability here.
Hence the footnotes. This is not an accurate calculation. A technical person could redo those numbers to the satisfaction of many a finance person, but that doesn't matter if the finance person does an inaccurate initial calculation and decides not to ask a technical person on the basis of that calculation.
But zcash and monero are anonymous, hence my saying that bitcoin might get switched out for those. Bitcoin is not anonymous, that is correct, but it is pseudonymous and can be difficult to track until it is exchanged. If it is paid to someone else before they exchange it, it may well be that they don't know who originally obtained it, making tracing the payment very difficult. In addition, there are plenty of ransomware stories where crypto was deposited into a wallet and it's still there. Why the authors chose to do that is anyone's guess, but tracking them down, even if the various law enforcement bodies were to try, will be hard if that's the only evidence available.
Not exactly. I'm not saying I would never pay the ransom under any circumstances whatsoever. I can imagine a situation in which 1) I know I'll get the data back if I pay, 2) there is a confirmed bad result if I don't such as all the employees losing their jobs immediately, and 3) I don't have the alternative of restoring from backup. Even then, I'd have to consider very carefully.
I'm pretty sure I will never face this situation, though, because I do back things up responsibly. If, for example, some quick math tells me that it might be cheaper to pay the ransom than restore from backups, which was mentioned in the article as if that's a good reason, I would then never accept paying the ransom. For one thing, I would require performing a clean reimaging of every affected machine at the very least, so we'd be paying that bill one way or another.
If I didn't have backups for some reason, I'd have to ask what the costs would be if we didn't pay the ransom. They'd have to be extremely high for me to decide to pay it. As I said above, "Every employee will definitely lose their jobs tomorrow" is strong enough that I'd have to consider it. However, lots of other things would not be so strong. I care much less about the investors or owners than I do about the employees, so "We'll lose a lot of money" almost certainly wouldn't cut it. If I was the person involved, the reason there are no backups is almost certainly an incompetent superior who rejected my suggestions for backup or violated the policy, and once again, I have no sympathy for that. So "that person will lose their job" wouldn't matter to me either. If this was a small company without employees, E.G. a company run by a few people who all own part, I would probably be willing to let it fold rather than do something this unethical. If they're going to pay, they can do so without me.
"You assume the crims will plough all their ill-gotten gains back into their business."
I assume nothing of the kind. I only assume that they like money, so getting it would convince them that they should keep up with this plan rather than doing something else to get it. Or, for example, that stories of lots of people paying will convince other people to start writing and distributing ransomware because they too like money.
The anonymity of cryptocurrencies makes this difficult. While the currency of choice remains bitcoin, which is public, there is a little chance, but the criminals can switch to closed cryptocurrencies (zcash and monero come to mind) to make this difficult or impossible. In addition, a lot of these strains are being written in countries whose attitude toward international cooperation is not so positive. WannaCry and NotPetya, for example, were government projects of North Korea and Russia respectively.
And the next step will happen when the following discussion occurs. The IT staff, of course, are not present. This version as written from the perspective of a small business:
Finance: "We had to pay four grand to get our data back."
Operations: "Our technical advisor says we should hire a systems administrator and pay for a backup system so this can't happen again."
Finance: "How much will that cost?"
Operations: "The salary for the IT person plus whatever a backup costs. How much does a backup system cost?"
Finance: [Types in Google search box] "Well, this says that backups can be done to tapes. You need a reader and some tapes. Readers cost ... about three grand. Tapes cost ... about fifty. They recommend taking an incremental backup every day and a full one every week. I think that means we need a tape for every weekday and another two every week, or about seven a week."*
Operations: "How much will that cost a year?"
Finance: "Well, three thousand plus three hundred fifty a week comes to about twenty thousand a year not including the salary of the administration guy."*
Operations: "Yikes. That's quite a lot."
Finance: "Yes it is. That's why I've written a small Excel spreadsheet to calculate how often an attack like this will happen. Based on the number of ransomware attacks per annum for the last ten years and the number of other victims in the world, I anticipate that we'll probably see one of these every four years or so. This means paying the ransom will cost us on the order of one thousand per year, while backing up will cost a lot more."**
Operations: "Let's do that then."
Finance: "You should know that there is some chance of being hit with multiple ransomware attacks in one year, so you can't be guaranteed a low level of risk. However, we can weather at least eight of them and still have less costs than a backup system by my Google math."**
*This is obviously not how backups work. However, I've heard people do that type of mathematics before to try to estimate costs.
**I'm presenting a rather unintelligent finance and operations staff. Plenty of companies wouldn't get into this type of situation. However, not every company is run competently, and you don't need a lot of incompetent companies of this nature to fund even more ambitious and sophisticated ransomware that will in fact destroy someone else's company, government, or infrastructure system.
Actually, since that drive is probably left disconnected a lot and few ransomwares attack small removable drives (not unheard of but most I've seen only attack internal drives), that spreadsheet is probably safe. The IT department should have informed the finance person concerned that the spreadsheet should be stored in compliance with policies, but assuming they did that, they shouldn't be held responsible if it is later lost because it wasn't.
And it's very good they didn't, as it was WannaCry, which DID NOT return any data. Just like the case mentioned in the article several times, Maersk. The article fails to mention that Maersk was hit with NotPetya, which was meant as a warfare tool and wouldn't have returned their information in any case. The multiple millions they spent were going to have to be spent, there was no option to try their luck with the fake criminals involved. Yet that critical detail didn't get mentioned. I usually like your articles, El Reg, as they're carefully researched by technical people, but that hole is far too big to be left unexplained.
On the topic of taxpayers paying for ransom, it has happened in the case of SamSam malware attacks on various cities, most of which are American ones. The higher-profile ones like Atlanta chose not to pay, but SamSam has obtained several thousand taxpayer dollars from America and will probably continue to target governments because they're found to be behind the times and potentially willing to pay up.
I'll go on record as saying I don't want my autodrive to do that. While Dickens was a wonderful writer, I don't want a car to:
1. Choose his advice, which applies to a vehicle that travels off-road rather than mine, which must remain on the road;
2. choose his advice,, which applies to a vehicle drawn by horses and going at much lower speeds than mine;
3. choose his advice about muddy English roads when I'm on an Australian road which is probably very dry but may have other problems like disrepair, sand, etc.;
4. choose his advice that includes information about specific directions when I am not in the location concerned;
5. consider, in any way, the writings of a fiction author who never drove a car as advice on automotive safety;
6. waste time looking for a piece of text that sort of kind of a little matches my situation instead of trying to use rules or experiential learning to get out.
That's not how that works. If I have an object, I am allowed to collect information about that object. I couldn't steal and distribute the plans without permission, but I can take lots of detailed photographs and measure every line segment I can find unless I've specifically agreed not to do so (E.G. NDA on an upcoming product). Once I've done that, the data I've collected is data I can choose not to give to people. Data can be created freely, but you sometimes have to get permission to legally copy or share it.
"For example you can find a cluster in Dickens and add it to Tesla navigation system."
Let's assume all the comments above in this thread are true, or meaningless. What I want to know is what was going through your mind when you made the statement quoted above. By "Tesla navigation system" do you mean the auto-driving technology in Tesla cars? Why does that need any passages, from Dickens or anyone else? When I use your miracle code to clusterize a passage from Dickens, how do I insert it into my Tesla navigation system, and what will it do. If it mentions a place name, will it try to take me there? If that place is fictional, what does it do then? If the part is a quote from one of Dickens's more unpleasant characters, will the car start driving at walls to get me killed? Or is this some type of firmware replacement that removes my autopilot but replaces it with a literary critic? Help me out here. What in the world does this mean.
Also, if you want us to read your patents, perhaps you would be so kind as to provide the patent numbers so we can find them? That would really help us to decide one way or another whether we agree with you.
AI works with data. In fact, AI is so ill-defined that you can have any type of input and do something generally called AI to it. I think we're mostly talking about machine learning. Machine learning has no requirement for text input. It has no requirement for questions, statements, etc. You simply provide some data, a method of training some model of some type, and some method of determining whether it is correct or not. This is why this data is so important, as it seems to have been created with attention to details that make it easier to use in machine learning without painful preprocessing.
I also have no clue how your statement would impact this situation if it was in fact correct. Let's say that they did need to provide questions. The collectors of the data could have provided those. Even if they didn't and, as before, questions were required (let me reiterate that they are not), obtaining the data sans questions in violation of terms would still be against those terms and thus illegal.
I don't see that it matters that much. As long as you have a backup, you can get some benefits from using the cloud as the primary. For example, I run my website on a cloud service because it's not that important and I don't need that server in my house. Also, the electricity people around here aren't great about getting to my house when their line fails until after several hours. With that said, a server located off site and where the provider handles the power and network means it's less likely to go down. If they should delete my account, I have all the files I need right here to restore it.
I didn't vote either way, but let's try this argument: the article wasn't talking about treating diabetes. Perhaps these examples will help make the point.
"Ketosis is potentially useful for treating diabetes, according to some studies.": Correct statement.
"Ketosis is not useful under any circumstances.": Incorrect statement.
"Ketosis is a healthy thing to do and will offer many benefits.": Incorrect statement as it is too broad
"Ketosis was attempted by Steve Jobs when he obtained pancreatic cancer.": Correct statement, with many available sources
"Ketosis did not fix his pancreatic cancer.": Correct statement.
Phrase any correct statement with sarcasm to make a point, and it's still a correct statement. However, you focus on a statement the writer never made, and start saying some other things, some correct (such as the benefits for diabetes), and some incorrect (such as there being digestion benefits to a ketosis-inducing diet) that have nothing to do with the statements in the article. Are we on the same page now?
I'm very confident that a substitute stand will hit aliexpress about two days after the screen is released. However, I don't think you'd want to test your luck putting something heavy like this off the front of something that comes out of a home 3D printer. I haven't seen a 3D printer capable of producing something with enough integrity for this purpose. It works fine for lighter things, or if the monitor was simply placed on top, but I don't envy those who attach the monitors to their ABS or PLA stands to hear a disconcerting creaking sound.
In addition to nobody being likely to go into the middle of the stream to find it, the sentence "Apple edits out developers' discontent about prices" is too obviously asking for a Streisand effect. Even those people who tried to take down these youtube videos realizes that editing a live stream looks shifty and doesn't end well for them.
I'm not an Apple hater. Proof: I'm typing this on a Mac, running Mac OS. I don't feel hatred toward Apple for this. I do find it laughable, a bit sad, and pathetic. There's a major difference. I'm in that category that includes a lot of people who neither love nor hate everything Apple does. They're a company. We support them when they do something we like; we acknowledge facts like their equipment coming with a much larger profit margin than certain competitors, but we still buy it if it has value for us; when they're in a reality distortion field and we're not, we laugh and say they're making a mistake; when they make us angry by, for instance, causing me a lot more trouble trying to install a Mac OS update than it really should be, we say things like "I am much less likely to buy another Mac unless they fix this reliability problem". It's fun not to have to love or hate a company.
You seem to be misunderstanding or misstating my points. I do not contend that change is impossible. I contend that change of the type suggested is infeasible. I do not contend that anti-ad technology is impossible, unpopular, or the like. I contend that Google will not help with it. We seem to disagree strongly about the ease with which users can be convinced to change their DNS settings, and the enthusiasm for such a system on the part of businesses and other site operators. Your counterpoints to mine do not address this, unfortunately.
Of course that's possible. And it's been attempted before. I know of only one system at all like that that has buy-in, that being Tor's onion addresses (added privacy on that one, but an alternate way of naming sites). The reason: people don't want to fragment the internet when they don't have a good reason. The goal of changing the DNS system in this case is to reduce the power held by the operators and registrars of the .uk domains, but if it only works on a privacy-focused browser, or if a user changes some configuration settings, or if Google or Apple gets taken over by a mind control system and decides to do something diametrically opposed to all their previous actions, it won't succeed. Nontechnical users won't be able to access a new site in their favorite browser or operating system without doing some work they don't want or know how to do. Companies won't see the point in reserving a new domain name. Semitechnical users who could set this up won't have any domains they care about, so they won't bother adding the domain to their systems. Small organizations won't see the point in reserving a new domain name. Technical people who clearly know what they're doing will set it up, and never use it because only a few people have chosen to put domains there, the rest having chosen that the .uk people aren't that bad or having just moved to a different TLD that actually exists in the normal internet.
That is quite true. In addition, you sometimes end up with situations where someone sues another someone over their domain name and it is hard to tell who should have the rights to it. For example, a year ago, someone who had the domain france.com which was used to organize tourism to France was sued by the French government, who wanted it for I don't really know why. You could make an argument that the tourism guy didn't have the right to get the domain in the first place because France already had the name, or that France didn't have the right to take it from him after he had been using it. Who is right?
You're of the belief that Google will set up an anti-advertising DNS system? Well, I can't argue with that.
I don't think the root servers are required for a DNS system. I think they are required for a DNS system that gets used by the general public. You're trying to get something that replaces .uk or at least comes to dominate it so the .uk people don't have any power. That requires convincing people to get domains in your .gb or whatever new DNS space, which requires users to be able to access it. Not just users who are willing and know how to change their DNS settings, but users in general. Somehow, you think that's a possibility. I'll note that the first comment implied that it would be a utopian decentralized dream, and now the suggestion has changed to getting openDNS or Google to lend their weight, which isn't going to happen.
Riiiiight. How exactly are we to coordinate the replacement of the .uk registry if the U.K. government doesn't want us to do so? Because that will require either convincing all the ISPs to go along with us, convincing the root servers to change their records, or every citizen who uses the internet to perform a manual configuration check. Adding an entry to the DNS for a small group is doable though pointless, but replacing an existing one or adding a replacement without external support will not be feasible.
In my mind, a country should either do a purely third-level domain structure or a purely second level. Mixing them is asking for trouble. The main reasons for choosing to do only second level domains are to attract international purchases (for example, randomstartup.co.io wouldn't catch on as well as randomstartup.io) and to simplify the categorization of sites (for example, whether a personal site gets placed in .me.uk or .org.uk or .co.uk, all of which I've seen). The third level doesn't give those benefits, but clearly classifies the sites. Doing both results in a patchwork mess where domain impersonation is made far too easy.
And in spirit, it is. Legally, however, it's an organization that has been given a supported monopoly because that's pretty much the only way to run a registry that has decided on the system, not the market leaders. Their decision just happens to look like one that was set up by collusion. So an investigation into the registrars would likely come to the conclusion that they're fine, and an investigation into the registry would say that they have the right to set policies such that they get a bunch of money and then pay that money to themselves. There really should be some method for calling their motives into question or removing them entirely, but I don't think there is. Unless there's a class of law I don't know about that says "Institutions must not abuse their market position", they'll probably get off in that valley between letter and spirit of the law.
"And one tape drive/robot/tape subsystem, which typically lasts until next version(tm) of tape is available, 10 years."
First, tape generations come more quickly than that, so they must be skipping a few. Second, your need for tape readers and writers is directly proportional to your requirement for tapes, after a given point. If you have multiple petabytes to back up, you will need more than a single tape drive. You will need at least a large automatic tape library, and quite possibly multiple smaller automatic tape libraries for different locations. You will also need a backup reader, because they might not make these readers after three more generations have been released.
However, even if you don't have multiple petabytes and are using many fewer tapes, you still need a drive. That's why there is a point at which a certain amount of data storage in disk is cheaper than that amount in tape, because the equipment required to use the storage is so much cheaper for disk than tape.
For example, a post below has stated prices for 30 GB of LTO7 at $400 and the same amount of disk at $1300. If you add in the $3000 reader for the tapes, you get
Price of tape = 3000+(400/30)*t where t=number of terabytes stored
Price of disk = (1300/30)*t
In other words, the price of disk is lower than the price of tape below a hundred terabytes. If we conclude that we need twice as much disk as tape because you consider disk extremely unreliable, it's still cheaper under fifty terabytes. And that's why there is very little use of tape in small business or places that don't generate a lot of data. A local business can keep eight copies of their data on disk and still be even with the price of a tape backup system. The problem is that the increasing price of tapes and readers due to these legal disputes and the decrease in manufacturers while disk prices are falling is pushing that boundary higher. Of course tape is going to be used when the company is large enough and has a very large dataaset. While I don't run our backup systems at [current employer, which has a very large amount of data], I'm entirely certain there are rooms full of tapes around me.
"I pity future generations of historians when so much of todays information will no longer be available."
I think they'll be fine on that score. We certainly make it hard to get at some data, stored on hardware that might not be readable, but we also create and preserve a lot more data. First, we print out a lot of completely irrelevant information because paper, ink, and the means to make the ink say something without a lot of human effort are so cheap. Second, we have places whose job it is to keep a lot of data in a decentralized manner. Some of these places have a clear purpose that would be useful to historians, like academic paper storage and wikipedia, but as useful as the Internet Archive is, I doubt they'll really need the multiple identical captures of dead sites.
I pity future generations of historians when they'll have to read so much junk. They'll get a lot of useful accurate information, but they'll have to read a lot of internet users insulting one another, people's social media posts, and mangled or false information on the way.
Then don't use cloud systems. Your options:
1. Tape. Relatively cheap (for now), known as relatively reliable. That said, don't just assume a single tape will last as long as they say, as there is always some variability and you care a lot more than the manufacturer does when you ended up with one that varied too low.
2. Disk, spun down: Cheap and reducing in price. Reading is easy. You'll have to duplicate a bit more because disks are not as reliable as tape, but the people who make claims like the data vanishing in a few years are exaggerating.
3. Disk, spun up locally: Uses power, processing, and internal network bandwidth. However it lets you run a system as described above where your integrity is guaranteed well because drives can be replaced. Your constant availability also makes it easier to take incremental backups more frequently, which is a useful benefit. Access time is also reduced.
4. Flash, spun down. It's known as very reliable, and restoration is very fast once you've connected it. It costs an arm, a leg, and your favorite coworker, though.
That's correct, as well. However, many places use spun down disk for offline backup. It may not have a perfect lifetime, but those who choose it usually fall into one of these categories:
1. They keep backups for emergencies and don't need decades of reliability.
2. They're worried enough that they will have data corruption that they keep several copies of data. Having chosen this, they can get similar reliability with a greater number of hard drives.
3. They want convenient access to data at multiple sites in case of emergency. They choose disk because they can afford to buy several readers and leave them in the backup location unused, or even keep a server that can accept them into a bay so a person at the remote location can load a drive for them to access remotely. Buying that many tape readers would be prohibitively expensive and most locations that specialize in data storage of the kind they just improvised charge a lot more and are in the cloud services group.
Nothing is perfect and will store data forever without risk, but as disk price falls, the price of reliable enough is falling too.
But that's about the same number of tape cartridges shipped, too. In terms of physical size, we're almost exactly the same. The major issue is cost. If you were just to buy that much disk and that much tape, the tape would definitely be much cheaper. Most people, however, are buying tapes and readers. For example, if you bought ten tapes and ten disks, but also needed reader for each, the combined price of the tapes and reader would now exceed the price of the disks and a standalone enclosure. If you scale up to the area where you need more than a standalone single-cartridge reader, the price of a library that can handle a lot of media is once again much more than a multi-disk system.
That's why tape is limited to things at scale. There used to be a time where a small business would back up their local data to a single set of tapes, but that market has almost entirely died to be replaced by disk cartridges or cloud services. Large businesses will eventually reach the point where they're going to obsolete their old LTO systems and have to decide whether they're going to invest in the latest LTO version or something based on disk. If LTO keeps getting more expensive while the increased demand for hot storage keeps disks innovating and being manufactured, the difference in price will fall and may fall enough to lose LTO a big customer.
This really depends on how much data you have. If you're a place that has a relatively small amount of data that you just really don't want to lose (say 20 TB or less), spinning disks are fine, as a few duplicated sets can be placed at all available offsite locations. If you have somewhat more than that, you can do a cost calculation for services like Amazon's Glacier, your own disks, or tape. When you start getting into the area of a bunch of data which was previously a bunch of tapes, you can redo those calculations as most of the cloud storage providers have some extra benefits for storing a very large amount of data there. As decreased number of producers and lawsuits push up the price of tape cartridges, increasing capacity of tapes and disks reduce the utility of massive libraries, and prices for storage fall across disks, SSDs, and cloud storage, the math is going to change.
"There isn't a good, viable alternative to LTO for tape;"
That's true, but disk backup is getting cheaper, and it will start running up against tape's market even more than it already has. Tape's benefit used to be that it was the cheapest way to store a bunch of data per gigabyte. That's still the case, but its margin over hard drives is falling due to innovation in disk and lower demand for disk because SSDs are more popular for hot storage. If the price of tape media is pushed much higher, the margin will become so minimal as to be ignored.
The other problem is that, in order to use the tape, one also needs to purchase readers for the media, and those can be very expensive. Even the standalone LTO tape readers that read only one cartridge at a time and don't load it for you can cost several thousand. That's enough to deny them all of the very small business market and most of the small to medium business market. The last thing they need to do right now is convince large businesses that there will be problems getting media for their drives and replacing that media.
In addition, a corporate-provided device can be managed by the IT department, which has control over the device higher than the individual user. Because the user can't easily subvert these things, some IT departments prefer IOS to Android for corporate-supplied mobile devices. This becomes very different when BYOD is considered, but I shudder at the various implications of that, so I'm going to avoid considering it.
"And there has been absolutely no indication that the trial will not be public."
Response: "He's accused of treason. This will go through a secret court, with proceedings held behind closed doors"
He is not accused of treason. He is accused of conspiracy to break into a computer and crimes under the espionage act. Neither of which has anything to do with treason. Both of these are standard crimes which get tried in public unless there is some reason, like needing to protect the defendant from possible attack, not to. If that occurred, the request to do that would be public. Stating demonstrably untrue things doesn't help make points.
I'll put my evidently unpopular vote in for iTunes. It wasn't the nicest of software, in fact it was mostly a nightmare, but it was one application for the tasks you might want to do, namely controlling one of Apple's portable devices. Syncing with it, backing it up, restoring it from a bricked state, etc. It also organized music and played it, again not perfectly, but it could do that well enough that it helped sell iPods. Now, they have made three applications to do what one did, and I doubt they've actually markedly improved on those things iTunes did wrong.
That would make sense, but as I already chose not to bill them for the time I spent actually writing the app, it's a bit out of character to charge them for something that really doesn't impact me. The server is running anyway, and I'm going to keep it going for my personal website and the various other services I've put on it. Their data doesn't take much disk or bandwidth and I could easily cut it off. I'm still surprised people don't take a look at the address bar and wonder why they've suddenly left the website of the institution concerned and ended up on my site instead, but I guess that, because I have an SSL cert on my site, they just trust the padlock and go ahead and enter the information*.
*The information collected is not personal, so there are no privacy/GDPR issues here. Also, as I wrote the code, I can say with complete honesty that it collects only what is needed and periodically flushes old records from the database.
That really depends on who set up the system and how their chain of command connects to processes. We've probably all been in a similar situation. For example, several years ago, I wrote a simple web application at the request of a friend who worked at a relatively big non-corporate institution that I'm choosing not to name or further characterize here. To clarify, I did not work for this institution, but they needed this functionality and it didn't take me very long. In order to test it and make changes they wanted, I spun up this application on my personal webserver. When we were done, I gave them the code and instructions on how to put it on their webserver.
I think you know what happened next, which is that they did not put it on their webserver and probably lost the code. However, I forgot to take the files off my server. I used almost no javascript or complex images so the files took up little space, and the application did not get a ton of use and was not data intensive, so I didn't see any spikes in disk or bandwidth usage. By the time I realized they'd been using my server, my friend had moved to a different place and couldn't help move it across. My contact there did not respond to my warning email. I had to make the decision of whether I'd turn it off, thus breaking their system (they were still using it heavily), send a bunch of messages to get it moved to their systems meaning I'd have to spend a lot more time on it, or take the easy way and just let them keep using my server until such time as something breaks and I don't fix it.
It's still there. They're still using it. It gets included in my standard backups, and I think it's very unlikely to go down any time soon. I really think it might be a good idea to do something else, but that's work.
"Workers has also introduced a "free" subscription tier, in addition to "professional" and "business", that the company hopes will encourage experiments on the platform, with an allowance of up to 100,000 requests per day."
So soon we'll see just how much cryptocurrency you can make by starting a request every 0.864 seconds. Yes, it's running for periods of a few minutes and has to be written in javascript, or in other words probably one of the least efficient ways to mine crypto or do anything computationally intensive. That will not stop these people.
They don't have complete visibility into what users are doing, as users have private server space. A script can identify things like serially accessing IP addresses, but it would be harder to detect other types of automatic scanning. For example, I run an endpoint for a VPN on a DO-provided server, and it also makes lots of HTTPS connections to sites because it handles my traffic and those of a few friends. The only way to tell this apart from a scanner that is a bit random with the servers it attempts to access is to log my sites and build up patterns that would show that I'm just browsing rather than scanning. If they did that, I'd be a bit unhappy about the privacy implications and I'd probably move my endpoint.
However, they should really check some other types of scanning, like attempts at SSH logins. I see these from lots of places, including Digital Ocean addresses, and those should be very obvious from the traffic. I simply set a rather vigorous fail2ban config, where you get quite a few attempts at first but get locked out for a rather long time (currently 48 hours) when you exceed them. Previously, I saw bots start trying again after a delay, but they usually give up if their retry attempt is likewise rejected.
I'm similarly unimpressed with their competence, and I have little sympathy, but saying things like "they deserve to fail" is victim blaming. They don't deserve to fail because they did something wrong. They deserve to have their problems pointed out to them rather brusquely and to lose business if they don't fix them immediately.
The theory at this point is that there is evidence of wrongdoing that resulted in lost funds. If the investors can obtain this evidence, they can use it as a rationale to gain more power by trying to have some people held accountable. They can't use this to persuade other shareholders because there is a single majority shareholder, but in the case of a normal company, that'd have been another factor. If they can't get the evidence, the evidence is found not to exist, or Facebook managed this by not creating any evidence, they will have gained nothing by attempting this.
I haven't seen many servers with much in the way of audio capability. None have internal speakers of the type that play audio files, and few have any method for connecting external ones. They all usually have a PC speaker for making beeps, but I've seen quite a few methods for actually using them, usually differing between different manufacturers and none as easy as finding an audio file and piping it somewhere. A good idea, but it might have taken some time to get right.
Me: "For one thing, these controls only started having an effect in relatively recent builds of the operating system, as they were previously just a warning at install time."
Reply: "Hmm, since Android version 6 - quite some time."
Good point. My android devices had a marked lag between the one that never got off version 4.4 and the one I eventually got running version 7 (it's still on version 7). I overestimated the delay in getting that in. I withdraw that objection.
Me: " IOS's policy of not letting apps interact with the file systems of other apps let alone the OS may be limiting in some cases, but prevents one of the more annoying kinds of malware frequently seen on Android. "
Reply: "In Android each app has private file areas by default. [...]"
That's all true, but an application that asks for access to storage can edit any data that is in a public location, including writing malicious files there. Other applications sometimes put data there as well even when they haven't been requested to do so, meaning that a user must be aware of what kind of thing can be read when an app asks for and gets access to read and write storage. There is no mechanism for allowing it to read and write a specific area of storage only, which would be nice. This isn't intrinsically problematic, but it increases complexity for nontechnical users. This is a major point; while most of us here have a good level of security on our devices and are aware of risks to it, difficulty to less technical users weakens their security footprint and can cause extra downsides for us.
Me: " In addition, we have the difficulty in disabling things for built-in applications on Android"
Reply: "No you don't unless the manufacturer has specifically changed the OS to stop that."
Maybe Huawei is great at this, or there is something different in the last Android build that I have not seen yet. However, I have never seen an Android device that was particularly granular about what components could access what data. Frequently, the closest I could get was disabling location and microphone for Google Play Services in its entirety (that wasn't always an option, either). Articles posted here and in other places have informed us that these settings weren't always seen as binding by certain companies, especially Google but some manufacturer-installed facebooks as well. The phones that come with someone else's apps installed often went to great extents to prevent me from doing anything to them (not just removing, but permissions too). That's why I don't buy any device with third-party apps installed, but I've worked with others' devices that are so infected.
Me: ", the permission to use bluetooth also allows an app on android to turn it back on if the user has disabled it"
Reply: "This can be good or bad."
You raise some good points, but I think this is an inadvisable choice. I like the idea of having a set of master switches that allow me to be entirely certain that certain facilities are disabled. My reasons may be privacy or security related, concern about power consumption, or the like, but this is useful. I'd be entirely happy if there were two permissions for each of these: "Use bluetooth inside the app" and "alter the state of the bluetooth settings". Similarly, I'd really like Google to hack apart the various permissions in some of the large permission grants like "read phone state" to increase user control and knowledge.
"Clearly you don't use Apple kit. No matter which <something>OS (watch, mac, i, tv) the user has to approve any such disclosure of personal information in a dialog box."
I'm afraid that's not correct. I've just posted a defense of Apple's privacy protections, but they don't work as you describe. An application must request access to specific types of information, but there is little protection should it choose to disclose the information it is granted. A navigation app that operates entirely offline and a navigation app that also sends a full and complete log to the developer would have the same request, requesting location access. Apple does not require any simplicity in disclosures made by applications. It does nicely allow you to deny access to this data if you already mistrust the app, but the integrity and privacy of the data granted to the app is not guaranteed by Apple in any way.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
