|
|||||
|
Noting the âunintended but disconcertingâ link between nation-state activity and criminal activity, Smith adds that governments need âto consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploitsâ. The âDigital Geneva Conventionâ Redmond recommends would therefore require governments âto report vulnerabilities to vendors, rather than stockpile, sell, or exploit themâ. Unintended? Not so sure about that. May 15th, 2017 | 7 comments - (Comments are closed)
 [A slightly unusual topic for this blog, but I was assured by the powers that be that it was of interest.] For my friends who don’t know much about computers: I do computer security work professionally. People always ask in the wake of yet another internet attack “what should I do to protect myself.” The advice is always the same. Do what computer professionals do. Don’t do what you imagine computer professionals do, because you’re probably wrong.
Every professional security person does those things. If you ignore my advice, you’re going to get screwed one day, period. You might still get screwed even if you do follow my advice because the world is dangerous, but I can guarantee you’ll get screwed if you don’t. Every organization that got infected recently by the ransomware worm was ignoring (1) and (2). Their suffering was avoidable. Do you want to suffer like them? Those that forgot (3) are really suffering because they have no way to recover. Why do you want to suffer? Every day, people get badly, badly screwed because the password that they use everywhere gets stolen and it is de facto impossible to remember every place you use it. Why set yourself up to suffer? As to the question “who would attack me? No one is going to attack my computer, I’m unimportant”, the answer is that it isn’t individuals doing the attacks, it’s machines that are programmed to try to attack other machines by the hundreds of millions. You’re not being personally targeted, but that hardly matters when everyone on earth is being attacked. Your obscurity will not protect you. Even if you think there is nothing for the attacker to gain by taking over your machine, they’ll want it anyway, so they can set up a botnet to send spam from it, or use it to bring down other people’s web sites, or to take over yet more people’s machines. And some corollaries: 1a. If your machine is too obsolete to run the latest OS, replace it. Quit being the jerk who won’t replace their eight or twelve year old computer and complains that the manufacturer “owes” you updates as you shake your fist at heaven. It isn’t even possible for them to support everything they ever made forever, let alone sane. Stop being that person. 1b. When Microsoft kept offering to give you Windows 10 for free, and you got angry at them for offering to give you a much more secure system FOR FREE, and when you got onto Facebook to post “stop bothering me, Microsoft, I don’t want to get a free, much more secure update to my buggy older OS”, you were the one who was being annoying and stupid, not Microsoft. 2a. When you get upset that the phone or computer that asked you to update is asking you to update, and you refuse to update because you find it “irritating”, what you’re basically saying is “I find it irritating that the manufacturer is trying to protect me from getting my machine taken over and all my work destroyed. I’ll show them, I’ll refuse so that some asshole in Kazakhstan can steal the contents of my bank account. That will teach Microsoft a thing or two!” Quit being an idiot. If someone pulled you out of the way of an oncoming car you wouldn’t get angry with them for it, so don’t get angry with the vendor for doing the equivalent for you. 3a. Backing up your computer can be done automatically. It isn’t even painful to get going. If you find this irritating to set up, imagine how irritating it will be to have none of your data after you have lost everything. 4a. No, your really clever password is not actually unguessable to a machine that can check tens of millions of passwords a second. And finally, every once in a while, I hear from someone, generally an older person, that they’re just unable to keep up with new software and the like. “The new version looks different. I don’t want to update because the buttons might be in different places.” My advice, my sincere advice, is that if you can’t keep up with small changes like that, or if you can’t figure out how to use two factor authentication for your bank account and the like, get rid of your computer. It’s not safe for you to use one. Really. People still can live good lives without them. You can get the news by newspaper, you can talk to your grandchildren on the telephone. Not being able to keep up with this stuff is kind of like not being able to safely drive a car. If you’ve got a problem with your eyesight and can’t drive safely, the answer isn’t that you keep driving and kill people on the road, the answer is you stop driving. May 14th, 2017 | 67 comments - (Comments are closed)
Ah what a gem this is:
Unlike the not-so-dark net, which is never used by criminals? March 7th, 2017 | 22 comments - (Comments are closed)
I wanted to believe that Hillary Clinton would lose the recent US presidential election, so when I started reading Scott Adams saying that she was indeed going to lose, to Trump, I kept on reading him. Like so many others, I like to read within my bubble, as well as outside it. That means I also now read Scott Adams on every other subject he deals with in his blog. I am now digging back into his archives for more wise and witty verbiage. I am surely not the only one doing this now. Scott Adams has a girlfriend called Kristina Basham, who, it would appear, is working and working at becoming one of those people who is famous for being famous. This is one of those labels that most people seem to assume is an insult. But being famous is a skill and a job, like any other skill and job. Your basic skill is that you know how to attract attention, and you basic job is that you sell this ability and live with the adverse consequences of it as well as the benefits. Scott Adams describes very well the sort of work that goes into becoming one of these F4BF people, as I will call them from now on. Kristina Basham is not, you see, outstandingly good at anything in particular. She is just pretty good at a whole “stack” of things, which, when you combine them, are making her into someone F4BF. I say: good for her. The claim that people who are F4BF contribute nothing to the world is the latest iteration of that very old and very bad idea that there is a “real” economy, consisting of work that people are used to doing and which their ancestors even did, like farming and then after that factory working; and then there is the “unreal” economy, consisting of silly things that add nothing to the “real” economy, but instead just leach off it, like financial services (which actually make farming and industry massively more productive by telling farmers what to farm and industrialists what to industrialise), and more recently jobs like being F4BF. (Even being a factory worker was once upon a time denounced as being unreal.) Being a celeb, and in particular being nothing but a celeb, an F4BF, which is to say being good at attracting attention to oneself but for no single and obvious reason, but still being good at it, is a vital part of the modern economy. Celebs, including F4BFs, enable attention to be diverted away from major economic investments, while the work of creating or building them is being done and needs not to be disturbed, in the secure knowledge that when attention is finally demanded, and you need to attract a lot of business very quickly or else a lot of money will be lost while the word spreads by mere unassisted word of mouth. For that grand opening of whatever it is that you have been quietly working on for however long it has been, you hire a bunch of celebs. Including maybe some of that particular sort of celeb who are F4BF, pure and distilled celebs who are nothing but celebs. Discuss. December 28th, 2016 | 66 comments - (Comments are closed)
The case is very simple indeed. Do you believe in freedom of speech or not? If you do then Stormfront gets to have a website detailing whatever it is that it misunderstands about the world. As does every other vile and hateful group from left and right. There is no shortage of sites insisting that Stalin had nothing to do with the Holodomor, that it was disease not starvation, that the starvation was just bad weather, that there was no campaign against Ukrainians and anyway, it never happened did it? December 14th, 2016 | 46 comments - (Comments are closed)
Samizdata is being moved to a newer, more lush, perhaps more louche server. This will also provide for freshening-up of the blog software, and a gradual migration to HTTPS. Impact: Samizdata will be irregularly-offline this upcoming Monday, December 5th, starting from an estimated 3pm London time (10am Eastern, 1600h CET) for an estimated 4-to-6 hours, perhaps a little longer depending on how long the DNS bookkeeping takes. If the migration fails we’ll fall back to the existing machine and continue, but it’s likely to be okay. Assuming that everything goes well, you may still expect a little flakiness when accessing the blog for up to 24 hours afterwards; after that time it’s a “bug”, or else we dropped something in transit. “Fortune favours the bald!”, or something like that… December 3rd, 2016 | 11 comments - (Comments are closed)
October 5th, 2016 | 14 comments - (Comments are closed)
First they came for Robert Stacey McCain but I had no idea who he was… A little earlier today Instapundit’s Twitter account got blocked. Due to Twitter’s Orwellian… no, Kafkaesque censorship policy it was not initially clear which tweet or tweets had earned Twitter’s ire. There was certainly no question of Glen Reynolds (Instapundit’s webmaster) being allowed to defend himself. At least not to Twitter – to the rest of the world Reynolds is most robust. This is serious stuff. Instapundit was one of the original blogs. Although I was not present at it’s conception, my belief is that if it hadn’t been for Instapundit there wouldn’t have been a Samizdata. Certainly, Instapundit blazed a trail for hundreds, if not thousands of others and crucially Reynolds is not a nutter. If they can ban him they can ban us all. Worse still, it is not as if Twitter is alone. It is remarkable how quickly internet stalwarts like Google, Facebook and Twitter have gone from being dynamic, “don’t be evil”, believers in freedom to being fully paid up members of the bansturbationary elite. The question is what do we do now? Rob attempted to answer this very question earlier this week and I am happy to give gab.ai a go. The key question is if anyone else is prepared to. These things need critical mass and right-wingers are not known for engaging in collective action. Like many I had high hopes for the internet. I thought it would lead to a renaissance of freedom. Instead it is quickly coming to resemble the very MSM I hoped it would check. And what have we got to show for our 15 years or so of being able to say what we think? September 22nd, 2016 | 49 comments - (Comments are closed)
Every political vision is a method of not seeing other political visions. Hayekianism calls for multiplicities instead of a singular political chorus. For those singing this tune, Hayek is an existential threat. September 19th, 2016 | 7 comments - (Comments are closed)
There are alternatives to Twitter, but it is difficult for them to gather enough users. Perhaps Gab.ai will succeed where others are failing. Its founder seems to be adept at attracting attention. This is important. Update: Wired are calling Gab an echo chamber. This could be a bug or a feature, I suppose. Multiple such sites with various policies and good aggregation tools would not be a bad endgame. September 14th, 2016 | 12 comments - (Comments are closed)
The Equation Group hack underscores the fact that the NSA is not a perfect fortress. A future leak like the Shadow Brokersâ could lead to even more harmful security vulnerabilities being made public. Or perhaps disclosure wonât happen publicly online: powerful nation-states may hack into NSA systems to steal this informationâor offer significant financial compensation to insiders willing to pass on secretsâand then use it secretly. Even if that doesnât happen, without public data on the so-called rate of âbug collisionâ, we have to take the NSAâs word that the security vulnerabilities it uncovers will never be discovered by an unfriendly government and used for spying, or by criminals and used for malicious hacking. September 7th, 2016 | 3 comments - (Comments are closed)
Is a decentralised web the way ahead? Is it even feasible? I certainly hope so, but I cannot imagine governments will make it easy. It will be interesting to see what comes out of the summit today. June 8th, 2016 | 18 comments - (Comments are closed)
|
   |
||||
All content on this website (including text, photographs, audio files, and any other original works), unless otherwise noted, is licensed under a Creative Commons License. |
|||||
