German state gov. ditching Windows for Linux, 30K workers migrating
Schleswig-Holstein looks to succeed where Munich failed.
https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/

Good.
Less US spying too.

Jan Panteltje wrote:
> German state gov. ditching Windows for Linux, 30K workers migrating
> Schleswig-Holstein looks to succeed where Munich failed.
> https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/
>
> Good.
> Less US spying too.

This reminds me of the guy who ditched Los Alamos and Caltech "big boy
big iron" back in the days of Cray - 1996. Instead he networked
sixteen Pentium Pro PCs running Linux together to build his own DIY
supercomputer for a fraction of mainframe cost.

Danke,

--
Don, KB7RPU, https://www.qsl.net/kb7rpu
There was a young lady named Bright Whose speed was far faster than light;
She set out one day In a relative way And returned on the previous night.

On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
wrote:

>German state gov. ditching Windows for Linux, 30K workers migrating
>Schleswig-Holstein looks to succeed where Munich failed.
> https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/
>
I'd suggest reading the entire article.

>Less US spying too.

Nah. Linux is no harder for big intelligence agencies than Windows or
MacOS. And Linux is already dominant in the infrastructure, so those
agencies are already there.

Joe Gwinn

On Sat, 06 Apr 2024 11:14:56 -0400, Joe Gwinn <joegwinn@comcast.net>
wrote:

>On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
>wrote:
>
>>German state gov. ditching Windows for Linux, 30K workers migrating
>>Schleswig-Holstein looks to succeed where Munich failed.
>> https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/
>>
>I'd suggest reading the entire article.
>
>
>>Less US spying too.
>
>Nah. Linux is no harder for big intelligence agencies than Windows or
>MacOS. And Linux is already dominant in the infrastructure, so those
>agencies are already there.
>
>Joe Gwinn

.... Unless you roll your own distro and know how to use it
securely....

On Sat, 06 Apr 2024 21:24:14 +0100, Cursitor Doom <cd@notformail.com>
wrote:

>On Sat, 06 Apr 2024 11:14:56 -0400, Joe Gwinn <joegwinn@comcast.net>
>wrote:
>
>>On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
>>wrote:
>>
>>>German state gov. ditching Windows for Linux, 30K workers migrating
>>>Schleswig-Holstein looks to succeed where Munich failed.
>>> https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/
>>>
>>I'd suggest reading the entire article.
>>
>>
>>>Less US spying too.
>>
>>Nah. Linux is no harder for big intelligence agencies than Windows or
>>MacOS. And Linux is already dominant in the infrastructure, so those
>>agencies are already there.
>>
>>Joe Gwinn
>
>... Unless you roll your own distro and know how to use it
>securely....

And are too small potatoes for the big agencies to bother, leaving the
field to various hackers.

Joe Gwinn

On a sunny day (Sat, 06 Apr 2024 17:28:48 -0400) it happened Joe Gwinn
<joegwinn@comcast.net> wrote in <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com>:

>On Sat, 06 Apr 2024 21:24:14 +0100, Cursitor Doom <cd@notformail.com>
>wrote:
>
>>On Sat, 06 Apr 2024 11:14:56 -0400, Joe Gwinn <joegwinn@comcast.net>
>>wrote:
>>
>>>On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
>>>wrote:
>>>
>>>>German state gov. ditching Windows for Linux, 30K workers migrating
>>>>Schleswig-Holstein looks to succeed where Munich failed.
>>>> https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/
>>>>
>>>I'd suggest reading the entire article.
>>>
>>>
>>>>Less US spying too.
>>>
>>>Nah. Linux is no harder for big intelligence agencies than Windows or
>>>MacOS. And Linux is already dominant in the infrastructure, so those
>>>agencies are already there.
>>>
>>>Joe Gwinn
>>
>>... Unless you roll your own distro and know how to use it
>>securely....
>
>And are too small potatoes for the big agencies to bother, leaving the
>field to various hackers.
>
>Joe Gwinn

Well I have been running Linux since 1998 as my systems.
No hacks observed, and that running included an online web server.
There was some hacking group, I challenged them to hack my server,
watched them trying, they gave up.
These day Linux is getting way too complex, the idiot in rathead made tings worse
Many processes I see running I have no clue what they do without looking it up on google.
So maybe time for something different.
But then again, no problem with security in all these years.
Of course I know CIA and who not is reading everything I wrote, the brain damage if causes them is my defense weapon LOL.
But really microsoft windows was dead after win 3.1 when they integrated the GUI with the basic OS to keep DRDOS out
so now they move to Linux too.
rathead and microsore doing a takeover is a possibility.
Maybe some Linux versions that are clean will keep existing
But bloat has taken over, giggle bytes and tera hertz needed to read a website via fiber
content: daily news, israel commits genocide, nobody does anything about it.
Same on teefee.
What is it all worth?
Cannot even buy a return to Mars, in the sixties they did a return to moon.
Its all over now. Dinos!!!
In the old days you could get a collage degree if you were good at playing with a ball,
now you get it for free if your sun lotion did not work.
(ducks) well

On Sun, 07 Apr 2024 05:40:20 GMT, Jan Panteltje <alien@comet.invalid>
wrote:

>On a sunny day (Sat, 06 Apr 2024 17:28:48 -0400) it happened Joe Gwinn
><joegwinn@comcast.net> wrote in <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com>:
>
>>On Sat, 06 Apr 2024 21:24:14 +0100, Cursitor Doom <cd@notformail.com>
>>wrote:
>>
>>>On Sat, 06 Apr 2024 11:14:56 -0400, Joe Gwinn <joegwinn@comcast.net>
>>>wrote:
>>>
>>>>On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
>>>>wrote:
>>>>
>>>>>German state gov. ditching Windows for Linux, 30K workers migrating
>>>>>Schleswig-Holstein looks to succeed where Munich failed.
>>>>> https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/
>>>>>
>>>>I'd suggest reading the entire article.
>>>>
>>>>
>>>>>Less US spying too.
>>>>
>>>>Nah. Linux is no harder for big intelligence agencies than Windows or
>>>>MacOS. And Linux is already dominant in the infrastructure, so those
>>>>agencies are already there.
>>>>
>>>>Joe Gwinn
>>>
>>>... Unless you roll your own distro and know how to use it
>>>securely....
>>
>>And are too small potatoes for the big agencies to bother, leaving the
>>field to various hackers.
>>
>>Joe Gwinn
>
>Well I have been running Linux since 1998 as my systems.
>No hacks observed, and that running included an online web server.
>There was some hacking group, I challenged them to hack my server,
>watched them trying, they gave up.
>These day Linux is getting way too complex, the idiot in rathead made tings worse
>Many processes I see running I have no clue what they do without looking it up on google.
>So maybe time for something different.
>But then again, no problem with security in all these years.
>Of course I know CIA and who not is reading everything I wrote, the brain damage if causes them is my defense weapon LOL.
>But really microsoft windows was dead after win 3.1 when they integrated the GUI with the basic OS to keep DRDOS out
>so now they move to Linux too.
>rathead and microsore doing a takeover is a possibility.
>Maybe some Linux versions that are clean will keep existing
>But bloat has taken over, giggle bytes and tera hertz needed to read a website via fiber
>content: daily news, israel commits genocide, nobody does anything about it.
>Same on teefee.
>What is it all worth?
>Cannot even buy a return to Mars, in the sixties they did a return to moon.
>Its all over now. Dinos!!!
>In the old days you could get a collage degree if you were good at playing with a ball,
>now you get it for free if your sun lotion did not work.
>(ducks) well
>
>

Going back to the substance of your original post, Jan, I'm just
wondering if this is a trend which will spread world-wide as a natural
consequence of the recent phenomenon of de-dollarization as countries
seek to divest themselves of dollar assets in the wake of the
financial sanctions imposed on Russia. We should keep a wary eye open
for further examples of this going forward as it could ultimately have
serious consquences for world peace.

On a sunny day (Sun, 07 Apr 2024 10:51:57 +0100) it happened Cursitor Doom
<cd@notformail.com> wrote in <fqq41jpomcrjj73d17kjcuraau6rmu63dn@4ax.com>:

>On Sun, 07 Apr 2024 05:40:20 GMT, Jan Panteltje <alien@comet.invalid>
>wrote:
>
>>On a sunny day (Sat, 06 Apr 2024 17:28:48 -0400) it happened Joe Gwinn
>><joegwinn@comcast.net> wrote in <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com>:
>>
>>>On Sat, 06 Apr 2024 21:24:14 +0100, Cursitor Doom <cd@notformail.com>
>>>wrote:
>>>
>>>>On Sat, 06 Apr 2024 11:14:56 -0400, Joe Gwinn <joegwinn@comcast.net>
>>>>wrote:
>>>>
>>>>>On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
>>>>>wrote:
>>>>>
>>>>>>German state gov. ditching Windows for Linux, 30K workers migrating
>>>>>>Schleswig-Holstein looks to succeed where Munich failed.
>>>>>> https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/
>>>>>>
>>>>>I'd suggest reading the entire article.
>>>>>
>>>>>
>>>>>>Less US spying too.
>>>>>
>>>>>Nah. Linux is no harder for big intelligence agencies than Windows or
>>>>>MacOS. And Linux is already dominant in the infrastructure, so those
>>>>>agencies are already there.
>>>>>
>>>>>Joe Gwinn
>>>>
>>>>... Unless you roll your own distro and know how to use it
>>>>securely....
>>>
>>>And are too small potatoes for the big agencies to bother, leaving the
>>>field to various hackers.
>>>
>>>Joe Gwinn
>>
>>Well I have been running Linux since 1998 as my systems.
>>No hacks observed, and that running included an online web server.
>>There was some hacking group, I challenged them to hack my server,
>>watched them trying, they gave up.
>>These day Linux is getting way too complex, the idiot in rathead made tings worse
>>Many processes I see running I have no clue what they do without looking it up on google.
>>So maybe time for something different.
>>But then again, no problem with security in all these years.
>>Of course I know CIA and who not is reading everything I wrote, the brain damage if causes them is my defense weapon LOL.
>>But really microsoft windows was dead after win 3.1 when they integrated the GUI with the basic OS to keep DRDOS out
>>so now they move to Linux too.
>>rathead and microsore doing a takeover is a possibility.
>>Maybe some Linux versions that are clean will keep existing
>>But bloat has taken over, giggle bytes and tera hertz needed to read a website via fiber
>>content: daily news, israel commits genocide, nobody does anything about it.
>>Same on teefee.
>>What is it all worth?
>>Cannot even buy a return to Mars, in the sixties they did a return to moon.
>>Its all over now. Dinos!!!
>>In the old days you could get a collage degree if you were good at playing with a ball,
>>now you get it for free if your sun lotion did not work.
>>(ducks) well
>>
>>
>
>Going back to the substance of your original post, Jan, I'm just
>wondering if this is a trend which will spread world-wide as a natural
>consequence of the recent phenomenon of de-dollarization as countries
>seek to divest themselves of dollar assets in the wake of the
>financial sanctions imposed on Russia. We should keep a wary eye open
>for further examples of this going forward as it could ultimately have
>serious consquences for world peace.

I was just reading this:
Americans skipping meals to cope with rising costs – poll:
https://www.rt.com/news/595530-poll-americans-struggle-rising-housing-costs/

Cannot believe the rental prices in the US!
For sure inflation at its worst.

So, back to the wigwam
?

On Sun, 07 Apr 2024 11:43:49 GMT, Jan Panteltje <alien@comet.invalid>
wrote:

>On a sunny day (Sun, 07 Apr 2024 10:51:57 +0100) it happened Cursitor Doom
><cd@notformail.com> wrote in <fqq41jpomcrjj73d17kjcuraau6rmu63dn@4ax.com>:
>
>>On Sun, 07 Apr 2024 05:40:20 GMT, Jan Panteltje <alien@comet.invalid>
>>wrote:
>>
>>>On a sunny day (Sat, 06 Apr 2024 17:28:48 -0400) it happened Joe Gwinn
>>><joegwinn@comcast.net> wrote in <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com>:
>>>
>>>>On Sat, 06 Apr 2024 21:24:14 +0100, Cursitor Doom <cd@notformail.com>
>>>>wrote:
>>>>
>>>>>On Sat, 06 Apr 2024 11:14:56 -0400, Joe Gwinn <joegwinn@comcast.net>
>>>>>wrote:
>>>>>
>>>>>>On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
>>>>>>wrote:
>>>>>>
>>>>>>>German state gov. ditching Windows for Linux, 30K workers migrating
>>>>>>>Schleswig-Holstein looks to succeed where Munich failed.
>>>>>>> https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/
>>>>>>>
>>>>>>I'd suggest reading the entire article.
>>>>>>
>>>>>>
>>>>>>>Less US spying too.
>>>>>>
>>>>>>Nah. Linux is no harder for big intelligence agencies than Windows or
>>>>>>MacOS. And Linux is already dominant in the infrastructure, so those
>>>>>>agencies are already there.
>>>>>>
>>>>>>Joe Gwinn
>>>>>
>>>>>... Unless you roll your own distro and know how to use it
>>>>>securely....
>>>>
>>>>And are too small potatoes for the big agencies to bother, leaving the
>>>>field to various hackers.
>>>>
>>>>Joe Gwinn
>>>
>>>Well I have been running Linux since 1998 as my systems.
>>>No hacks observed, and that running included an online web server.
>>>There was some hacking group, I challenged them to hack my server,
>>>watched them trying, they gave up.
>>>These day Linux is getting way too complex, the idiot in rathead made tings worse
>>>Many processes I see running I have no clue what they do without looking it up on google.
>>>So maybe time for something different.
>>>But then again, no problem with security in all these years.
>>>Of course I know CIA and who not is reading everything I wrote, the brain damage if causes them is my defense weapon LOL.
>>>But really microsoft windows was dead after win 3.1 when they integrated the GUI with the basic OS to keep DRDOS out
>>>so now they move to Linux too.
>>>rathead and microsore doing a takeover is a possibility.
>>>Maybe some Linux versions that are clean will keep existing
>>>But bloat has taken over, giggle bytes and tera hertz needed to read a website via fiber
>>>content: daily news, israel commits genocide, nobody does anything about it.
>>>Same on teefee.
>>>What is it all worth?
>>>Cannot even buy a return to Mars, in the sixties they did a return to moon.
>>>Its all over now. Dinos!!!
>>>In the old days you could get a collage degree if you were good at playing with a ball,
>>>now you get it for free if your sun lotion did not work.
>>>(ducks) well
>>>
>>>
>>
>>Going back to the substance of your original post, Jan, I'm just
>>wondering if this is a trend which will spread world-wide as a natural
>>consequence of the recent phenomenon of de-dollarization as countries
>>seek to divest themselves of dollar assets in the wake of the
>>financial sanctions imposed on Russia. We should keep a wary eye open
>>for further examples of this going forward as it could ultimately have
>>serious consquences for world peace.
>
>I was just reading this:
> Americans skipping meals to cope with rising costs – poll:
> https://www.rt.com/news/595530-poll-americans-struggle-rising-housing-costs/
>
>Cannot believe the rental prices in the US!
>For sure inflation at its worst.
>
>So, back to the wigwam
>?

I'm afraid RT is blocked in my jurisdiction so I can't see the article
- and I don't use a VPN. Likewise their TV news channel (which was
*very* good) has also been blocked. Seems the Globalists are keen to
ensure they retain exclusive rights to Western 'news' broadcasts and
don't want any dissenting views heard. And that includes domestic
dissenters as well, as GB News is finding out!

https://www.theguardian.com/media/2023/jul/07/ofcom-investigates-gb-news-dont-kill-cash-campaign

Joe Gwinn <joegwinn@comcast.net> wrote:

> On Sat, 06 Apr 2024 21:24:14 +0100, Cursitor Doom <cd@notformail.com>
> wrote:
>
> >On Sat, 06 Apr 2024 11:14:56 -0400, Joe Gwinn <joegwinn@comcast.net>
> >wrote:
> >
> >>On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
> >>wrote:
> >>
> >>>German state gov. ditching Windows for Linux, 30K workers migrating
> >>>Schleswig-Holstein looks to succeed where Munich failed. >
> >>https://arstechnica.com/information-technology/2024/04/german-state-gov-
> >>ditching-windows-for-linux-30k-workers-migrating/ > I'd suggest reading
> >>the entire article.
> >>
> >>
> >>>Less US spying too.
> >>
> >>Nah. Linux is no harder for big intelligence agencies than Windows or
> >>MacOS. And Linux is already dominant in the infrastructure, so those
> >>agencies are already there.
> >>
> >>Joe Gwinn
> >
> >... Unless you roll your own distro and know how to use it
> >securely....
>
> And are too small potatoes for the big agencies to bother, leaving the
> field to various hackers.

There are two extreme approaches to security:

1) Put a major effort into designing a universal high-security system
that can be sold worldwide to cover its development costs.

2) Have every small operator design their own system, which is
reasonably secure but may not be foolproof.

The first option is the one which most people and businesses take, but
it results in a prize that every hacker feels is worth breaking because
of the results it will yield. Sooner or later someone will find a
weakness and exploit it. A major update is then required.

The second option is theoretically weaker, so very few major players
would consider it, but it would take a lot of time and effort to hack
into the pecularities of each individual system and simply wouldn't be
worthwhile if it only results in a tiny yield. Small changes to the
system can be made easily and will involve the hacker in an inordinately
large amount of work for small returns.

--
~ Liz Tuddenham ~
(Remove the ".invalid"s and add ".co.uk" to reply)
www.poppyrecords.co.uk

On 4/7/2024 9:35 AM, Liz Tuddenham wrote:
> There are two extreme approaches to security:
>
> 1) Put a major effort into designing a universal high-security system
> that can be sold worldwide to cover its development costs.

That assumes you want to DIRECTLY recover its development costs.
E.g., the military thinks of "recovering" costs by avoiding future
LOSSES. The same can apply to many other industries.

> 2) Have every small operator design their own system, which is
> reasonably secure but may not be foolproof.

Define "reasonably secure". Given that most "small operators" lack
the technical skills to undertake such an effort, they will end up
piecing together a system using bits of a relatively few number of
"available" (free or otherwise) systems -- the security of each of
those being relatively unknown.

And, again a result of lack of knowledge, they will likely not understand
the risks that those systems bring to their applications/deployments.

Developers often treat security as window dressing so tend not to
design truly secure devices/appliances; yet want to convince themselves
that they've addressed those needs ("I put a lock on the front door to
my house so I'm now secure!")

Adversaries, OTOH, can accumulate lists of exploits and their associated
targets. Then, fingerprint systems of interest to get a reasonably good
idea of which vulnerabilities might apply. ("The center stile in some
windows can be removed with a single screw thereby allowing the window to
be removed from its frame and providing a person-sized opening into the
house")

All this from the comfort and (legal?) safety of some remote location.

> The first option is the one which most people and businesses take, but
> it results in a prize that every hacker feels is worth breaking because
> of the results it will yield. Sooner or later someone will find a
> weakness and exploit it. A major update is then required.
>
> The second option is theoretically weaker, so very few major players
> would consider it, but it would take a lot of time and effort to hack
> into the pecularities of each individual system and simply wouldn't be
> worthwhile if it only results in a tiny yield. Small changes to the
> system can be made easily and will involve the hacker in an inordinately
> large amount of work for small returns.

That's the fallacy. It costs relatively little to probe (and fingerprint)
every accessible IP. Then, throw a set of exploits *already* deemed LIKELY
to compromise such a system at it and note the results. The process can
be automated (and likely would be given the sheer number of potential
targets!)

[A colleague always thought he was "safe" because he ran an out-facing
Solaris/SPARC host. No, just because so few people do so doesn't mean
the known exploits for such hosts are no longer available to the hacker!]

Because there are so few truly different systems "out there", the likely
locations (in the permanent store) of any "goodies" are known or easily
identified -- because the SYSTEM has to know where these things have been
placed!

As damn near ALL of these "systems" are available to an adversary to
probe and explore "offline", he's already figured out how he's going to get
what he needs -- unlike trying to break into some proprietary system that
he's no first-hand prior experience "observing".

I.e., give me a VALID login for some "institution" and I'll have to poke
around to figure what MIGHT be accessible, then where/how. Point me at a
Windows/Linux/OSX/BSD host and I'll already have a headstart!

With the proliferation of appliances with none/poor/laughable security,
your system is no longer the sole attack surface. Each of these appliances
can be attacked, compromised and then used as a beachhead to poke at your
other system(s) -- as it is now "inside" your peripheral defenses!
As they all want to have their software updatable ("to keep current with the
latest security fixes" -- really? exploits are announced every month; how
often do you push updates to your appliances??), they are all routable and
EXPECTED to access the outside world.

So, open a connection to a WAITING hacker on the outside and let him serve
as C&C while you (the appliance) are the dutiful soldier behind enemy lines...

How many devices in your home/organization are "undocumented" (i.e.,
effectively black boxes)? Can you speak to the levels of their security?
Ever have a friend bring their phone/laptop to your home and connect to
the internet using your connection? Are you sure his device wasn't
also probing your hosts -- without HIS knowledge?

Consider the number of "complimentary wifi" APs that most phone users
eagerly connect with. Are they sure there have been no exploits hosted
behind those APs?

Can you enumerate all of the potential security vulnerabilities that
you *have*? Today? Tomorrow??

On Sun, 7 Apr 2024 17:35:11 +0100, liz@poppyrecords.invalid.invalid
(Liz Tuddenham) wrote:

>Joe Gwinn <joegwinn@comcast.net> wrote:
>
>> On Sat, 06 Apr 2024 21:24:14 +0100, Cursitor Doom <cd@notformail.com>
>> wrote:
>>
>> >On Sat, 06 Apr 2024 11:14:56 -0400, Joe Gwinn <joegwinn@comcast.net>
>> >wrote:
>> >
>> >>On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
>> >>wrote:
>> >>
>> >>>German state gov. ditching Windows for Linux, 30K workers migrating
>> >>>Schleswig-Holstein looks to succeed where Munich failed. >
>> >>https://arstechnica.com/information-technology/2024/04/german-state-gov-
>> >>ditching-windows-for-linux-30k-workers-migrating/ > I'd suggest reading
>> >>the entire article.
>> >>
>> >>
>> >>>Less US spying too.
>> >>
>> >>Nah. Linux is no harder for big intelligence agencies than Windows or
>> >>MacOS. And Linux is already dominant in the infrastructure, so those
>> >>agencies are already there.
>> >>
>> >>Joe Gwinn
>> >
>> >... Unless you roll your own distro and know how to use it
>> >securely....
>>
>> And are too small potatoes for the big agencies to bother, leaving the
>> field to various hackers.
>
>There are two extreme approaches to security:
>
>1) Put a major effort into designing a universal high-security system
>that can be sold worldwide to cover its development costs.
>
>2) Have every small operator design their own system, which is
>reasonably secure but may not be foolproof.
>
>The first option is the one which most people and businesses take, but
>it results in a prize that every hacker feels is worth breaking because
>of the results it will yield. Sooner or later someone will find a
>weakness and exploit it. A major update is then required.

Too many eggs, too few baskets. Forces everybody into unending
whack-a-mole mode.

>The second option is theoretically weaker, so very few major players
>would consider it, but it would take a lot of time and effort to hack
>into the pecularities of each individual system and simply wouldn't be
>worthwhile if it only results in a tiny yield. Small changes to the
>system can be made easily and will involve the hacker in an inordinately
>large amount of work for small returns.

My instinct is that this second method will likely emerge in some
form, but with larger lumps. Lets say there were twenty totally
independent implementations (think N-version programming) of each of
the partitions, and there were five such partitions. One can arrange
things such that it almost never happens the flaws of all the
partitions line up enough to be useful, and with different large
systems using a random set of partitions, the damage will be
contained.

Joe Gwinn

On 4/7/2024 3:00 PM, Joe Gwinn wrote:
> My instinct is that this second method will likely emerge in some
> form, but with larger lumps. Lets say there were twenty totally
> independent implementations (think N-version programming) of each of
> the partitions, and there were five such partitions. One can arrange
> things such that it almost never happens the flaws of all the
> partitions line up enough to be useful, and with different large
> systems using a random set of partitions, the damage will be
> contained.

That doesn't work. Because machines (and their users) WANT to interact with
other machines and other users.

So, they have standardized protocols, tools, applications, etc.

Are you going to stop using file-sharing protocols (because you need
a server/client to implement those -- on each host)?
<https://nordvpn.com/blog/smb-vulnerability/>

Stop browsing/serving web pages? Resort to a "text only" email MUA/MTA?
<https://www.comparitech.com/blog/information-security/web-browser-attacks/>
<https://www.microsoft.com/en-us/security/blog/2022/07/26/malicious-iis-extensions-quietly-open-persistent-backdoors-into-servers/>
<https://portswigger.net/web-security/host-header/exploiting>
<https://www.forbes.com/sites/daveywinder/2023/03/16/microsoft-outlook-warning-critical-new-email-exploit-triggers-automatically-update-now/>
<https://www.forbes.com/sites/daveywinder/2022/08/04/gmail-warning-as-new-attack-bypasses-passwords--2fa-to-read-all-email/?sh=2b2b49054128>

Stop using MSOffice documents? PDFs?
<https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/>
<https://www.sentinelone.com/blog/malicious-pdfs-revealing-techniques-behind-attacks/>

Hard-code IP addresses (and rely on them to be invariant)?
<https://bluecatnetworks.com/blog/four-major-dns-attack-types-and-how-to-mitigate-them/>

Stop using standard comm protocols?
<https://securityintelligence.com/x-force/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/>
<https://www.usenix.org/conference/usenixsecurity18/presentation/chen-weiteng>

People want machines to make things EASIER to share, not harder. If
you didn't want to "share", then you could adopt a completely proprietary
solution to each of the mainstream issues that are routinely addressed
by COTS products.

And, this doesn't even begin to address "human engineering" exploits!

On a sunny day (Sun, 07 Apr 2024 13:32:39 +0100) it happened Cursitor Doom
<cd@notformail.com> wrote in <tv351jpvnp9jqoko059pmr9c910fl8pbvq@4ax.com>:

>On Sun, 07 Apr 2024 11:43:49 GMT, Jan Panteltje <alien@comet.invalid>
>wrote:
>
>>On a sunny day (Sun, 07 Apr 2024 10:51:57 +0100) it happened Cursitor Doom
>><cd@notformail.com> wrote in <fqq41jpomcrjj73d17kjcuraau6rmu63dn@4ax.com>:
>>
>>>On Sun, 07 Apr 2024 05:40:20 GMT, Jan Panteltje <alien@comet.invalid>
>>>wrote:
>>>
>>>>On a sunny day (Sat, 06 Apr 2024 17:28:48 -0400) it happened Joe Gwinn
>>>><joegwinn@comcast.net> wrote in <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com>:
>>>>
>>>>>On Sat, 06 Apr 2024 21:24:14 +0100, Cursitor Doom <cd@notformail.com>
>>>>>wrote:
>>>>>
>>>>>>On Sat, 06 Apr 2024 11:14:56 -0400, Joe Gwinn <joegwinn@comcast.net>
>>>>>>wrote:
>>>>>>
>>>>>>>On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
>>>>>>>wrote:
>>>>>>>
>>>>>>>>German state gov. ditching Windows for Linux, 30K workers migrating
>>>>>>>>Schleswig-Holstein looks to succeed where Munich failed.
>>>>>>>>
>>>>>>>> https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/
>>>>>>>>
>>>>>>>I'd suggest reading the entire article.
>>>>>>>
>>>>>>>
>>>>>>>>Less US spying too.
>>>>>>>
>>>>>>>Nah. Linux is no harder for big intelligence agencies than Windows or
>>>>>>>MacOS. And Linux is already dominant in the infrastructure, so those
>>>>>>>agencies are already there.
>>>>>>>
>>>>>>>Joe Gwinn
>>>>>>
>>>>>>... Unless you roll your own distro and know how to use it
>>>>>>securely....
>>>>>
>>>>>And are too small potatoes for the big agencies to bother, leaving the
>>>>>field to various hackers.
>>>>>
>>>>>Joe Gwinn
>>>>
>>>>Well I have been running Linux since 1998 as my systems.
>>>>No hacks observed, and that running included an online web server.
>>>>There was some hacking group, I challenged them to hack my server,
>>>>watched them trying, they gave up.
>>>>These day Linux is getting way too complex, the idiot in rathead made tings worse
>>>>Many processes I see running I have no clue what they do without looking it up on google.
>>>>So maybe time for something different.
>>>>But then again, no problem with security in all these years.
>>>>Of course I know CIA and who not is reading everything I wrote, the brain damage if causes them is my defense weapon LOL.
>>>>But really microsoft windows was dead after win 3.1 when they integrated the GUI with the basic OS to keep DRDOS out
>>>>so now they move to Linux too.
>>>>rathead and microsore doing a takeover is a possibility.
>>>>Maybe some Linux versions that are clean will keep existing
>>>>But bloat has taken over, giggle bytes and tera hertz needed to read a website via fiber
>>>>content: daily news, israel commits genocide, nobody does anything about it.
>>>>Same on teefee.
>>>>What is it all worth?
>>>>Cannot even buy a return to Mars, in the sixties they did a return to moon.
>>>>Its all over now. Dinos!!!
>>>>In the old days you could get a collage degree if you were good at playing with a ball,
>>>>now you get it for free if your sun lotion did not work.
>>>>(ducks) well
>>>>
>>>>
>>>
>>>Going back to the substance of your original post, Jan, I'm just
>>>wondering if this is a trend which will spread world-wide as a natural
>>>consequence of the recent phenomenon of de-dollarization as countries
>>>seek to divest themselves of dollar assets in the wake of the
>>>financial sanctions imposed on Russia. We should keep a wary eye open
>>>for further examples of this going forward as it could ultimately have
>>>serious consquences for world peace.
>>
>>I was just reading this:
>> Americans skipping meals to cope with rising costs – poll:
>> https://www.rt.com/news/595530-poll-americans-struggle-rising-housing-costs/
>>
>>Cannot believe the rental prices in the US!
>>For sure inflation at its worst.
>>
>>So, back to the wigwam
>>?
>
>I'm afraid RT is blocked in my jurisdiction so I can't see the article
>- and I don't use a VPN. Likewise their TV news channel (which was
>*very* good) has also been blocked. Seems the Globalists are keen to
>ensure they retain exclusive rights to Western 'news' broadcasts and
>don't want any dissenting views heard. And that includes domestic
>dissenters as well, as GB News is finding out!
>
>https://www.theguardian.com/media/2023/jul/07/ofcom-investigates-gb-news-dont-kill-cash-campaign

Yes, what then remains is a one-sided view of the current club in power
(US Military Industrial Complex sucking the taxpayer and burning clueless Ukrainian and other lives using a CIA controlled comic.

As to 'RT blocked', I found it did not work on my Linux system until I switched to the google nameserver.
So I made a text file /etc/resolv.conf.GOOGLE
That contains this:
nameserver 8.8.8.8
nameserver 8.8.4.4

Then after I go online I basically do:
cp /etc/resolv.conf.GOOGLE /etc/resolv.conf
Note that the system will screw it up, so you need to copy the file every time after you get the net connection
Your ISP may block rt, but this still works...

Script I uses activated from command line:

#!/usr/bin/bash

if [ "$1" == "off" ]
then
echo "ececuting ifconfig eth1 down"
ifconfig eth1 down
echo
elif [ "$1" == "on" ]
then
echo "executing ifconfig eth1 up"
ifconfig eth1 up
echo

echo "executing cp /etc/resolv.conf.GOOGLE /etc/resolv.conf"
cp /etc/resolv.conf.GOOGLE /etc/resolv.conf
echo

echo "executing cat /etc/resolv.conf"
echo

cat /etc/resolv.conf
echo
else
echo "Usage: set_google_nameserver on | off"
fi

I could get RT via satellite, now they moved to a different sat that I get not much signal from since across the road they insulated the roofs, likely some metal foil in there
Need to put the dish higher, but it is already too high for comfort, blocks my QO100 channels too.

Anyways satellite is cool,
if I want to see Cuba or NASA tv or Al Jazeera .. just a click away.
You can search for your satellite station here:
https://en.kingofsat.net/

Anyways here is the original RT text:

----------------------------------------------------------------------------------------------------------------------------------------------------
A new survey has found that half of US homeowners and renters are struggling to afford their housing payments

A "for rent" sign is posted last July in Miami, Florida.
© Getty Images / Joe Raedle
Half of Americans are struggling to afford their rising housing costs, and the financial squeeze is so severe for many that over one in five skip meals to get by, a new poll has revealed.

The survey, commissioned by Seattle-based real estate brokerage Redfin and released on Friday, showed that 50% of US homeowners and renters have had difficulties making their housing payments.
Many respondents said they had to make sacrifices to cope with inflationary pressures.
For instance, 22% reported that they had skipped meals, 21% sold some of their belongings, and a combined 37% either worked extra hours or took on additional jobs.

“Housing has become so financially burdensome in America that some families can no longer afford other essentials, including food and medical care, and have been forced to make major sacrifices, work overtime and ask others for money so they can cover their monthly costs,” said Redfin’s economic research chief, Chen Zhao.


Read more Biden’s approval rating drops to all-time low
Home prices and rents have risen sharply in many US cities, and mortgage rates remain elevated after reaching a 23-year high last October.
Redfin said the typical US household income is about $30,000 a year lower than the level needed to afford a median-priced home.

Nearly 35% of poll respondents said they were taking fewer vacations, or none at all, to keep up with their housing payments.
About 18% borrowed money from friends and family or dipped into their retirement savings.
For 16%, the cash crunch was so difficult that they had to delay or forgo needed medical care.

Don Y <blockedofcourse@foo.invalid> wrote:

>... It costs relatively little to probe (and fingerprint)
> every accessible IP. Then, throw a set of exploits *already* deemed LIKELY
> to compromise such a system at it and note the results. The process can
> be automated (and likely would be given the sheer number of potential
> targets!)
[...]

I was thinking of a slightly different approach from the usual one.
With automated coding and decoding it is a relatively simple matter to
concatenate various processes such as:

Direct encipherment
Rearrangement by character or block
Insertion of dummy characters
Codes
Languages

Each of these could be broken individually, but used in succession they
become much more difficult. This would be a system that was suitable
for small organisations where the daily arrangements could be
distributed by a separate communication -- for instance:

Today: Shift by 5 letters - Reverse each block of 11 letters - Insert a
random character every 3rd and 17th position - shift back 7 letters -
Represent every 19th letter with it's Vail Cipher equivalent - Arrange
letters on a 12 x 12 grid in rows and read them out by column.

Tomorrow: Double a character every 7th position - Arrange letters on a
10 x 19 grid in rows and read them out by columns -Represent every 13th
letter with its ASCII equivalent -Reverse alternate blocks of 11
characters - Shift back 3 letters - Add a random character every 12th
position - Arrange letters on a 9 x 17 grid in rows and read them out
by columns

Anyone trying to break into the system, even if they could guess at some
of the elements or intercept one of the distributions, would be faced
with a lot of work for very small returns. The elements could be
changed around and new ones added to the repertoire quite easily.

> Can you enumerate all of the potential security vulnerabilities that
> you *have*? Today? Tomorrow??

No, but I can make life very difficult for would-be hackers in the hope
that they will turn to easier targets with better rewards. For some
years I have had to store databases of personal information on computers
that are connected to the Web, so I have given the problem a lot of
thought. Without access to the decoding programs (which are in an
obsolete format running on an obsolete OS) there is little chance of
anyone else decoding the information.

--
~ Liz Tuddenham ~
(Remove the ".invalid"s and add ".co.uk" to reply)
www.poppyrecords.co.uk

PS
that rt link has this image:
https://i.postimg.cc/0N6gZ28S/6611a85385f54068471f6ba4.jpg

Look at he prices, that sign is from Miami now they say
Could be AI generated but maybe not?

On 4/8/2024 1:38 AM, Liz Tuddenham wrote:
> Don Y <blockedofcourse@foo.invalid> wrote:
>
>> ... It costs relatively little to probe (and fingerprint)
>> every accessible IP. Then, throw a set of exploits *already* deemed LIKELY
>> to compromise such a system at it and note the results. The process can
>> be automated (and likely would be given the sheer number of potential
>> targets!)
> [...]
>
> I was thinking of a slightly different approach from the usual one.
> With automated coding and decoding it is a relatively simple matter to
> concatenate various processes such as:
>
> Direct encipherment
> Rearrangement by character or block
> Insertion of dummy characters
> Codes
> Languages
>
> Each of these could be broken individually, but used in succession they
> become much more difficult. This would be a system that was suitable
> for small organisations where the daily arrangements could be
> distributed by a separate communication -- for instance:
>
> Today: Shift by 5 letters - Reverse each block of 11 letters - Insert a
> random character every 3rd and 17th position - shift back 7 letters -
> Represent every 19th letter with it's Vail Cipher equivalent - Arrange
> letters on a 12 x 12 grid in rows and read them out by column.
>
> Tomorrow: Double a character every 7th position - Arrange letters on a
> 10 x 19 grid in rows and read them out by columns -Represent every 13th
> letter with its ASCII equivalent -Reverse alternate blocks of 11
> characters - Shift back 3 letters - Add a random character every 12th
> position - Arrange letters on a 9 x 17 grid in rows and read them out
> by columns
>
> Anyone trying to break into the system, even if they could guess at some
> of the elements or intercept one of the distributions, would be faced
> with a lot of work for very small returns. The elements could be
> changed around and new ones added to the repertoire quite easily.

Where is the cleartext version stored? Or, are you perpetually re-recoding
the data (so the cleartext never exists on the store)?

Are you relying on some third party in any way (in which case, his
system expands the attack surface).

What happens if I hack your system and mirror your display elsewhere?

What if I coerce some staff member to telling me something they
shouldn't (by claiming to be someone's little old grandmother who
forgot his phone number, birth date, etc; "Could you please give
it to me, Deary?").

Or, some stupid staff member who doesn't realize that it's NOT a good
idea to send around a memo to the department staff with a list of
every employee's birthdates. (SWMBO had to intercept a memo that
listed every department member's SSN! What idiot thought THAT
was a good idea?)

Is there a way to pass information OUT of your organization?
How do you ensure that cleartext is always re-encoded before being
distributed to other parties? After all, the people who consume
that information need to see it in its unencrypted form...

Plus, security is more than just protecting your secrets. What if I
prevent you from accessing that store -- by deleting it, encrypting it
(with MY key), or simply eating up the bandwidth that you need to
access it?

Or, the early days where the adversary's goal was just to crash your system
or render it unbootable. Clearly, these aren't activities that you would
WANT someone to be able to undertake; you would want to *secure* your
system AGAINST them!

[Hard to imagine anyone NOT running a web browser and using "web apps".
How secure is that option? (Firefox is ~20+M SLoC!) MULTICS was
considered "bloated" inspiring the creation of "UNIX". MULTICS was
~300K SLoC; Linux is ~50M SLoC! How many millions of lines of code
are involved in your accessing this USENET post?]

I've protected my *switch* from folks wanting to impose "lightning strikes"
on the "exposed" network drops. Because failing to include such protection
would mean a key component (the switch) could be subverted from a single
attack point.

My neighbor's alarm system is completely wireless (selling point: no
nasty wires to run through your home). But, I could (illegally) subvert
it with an RF jammer. Of course, the legality of that jamming wouldn't
bother me if I was already intent on breaking the law to steal from him.

>> Can you enumerate all of the potential security vulnerabilities that
>> you *have*? Today? Tomorrow??
>
> No, but I can make life very difficult for would-be hackers in the hope
> that they will turn to easier targets with better rewards. For some

"Standing out" is one way to get hackers' (i.e., individuals) attention.
"Why is this person/entity going to such lengths to make their
systems/data so difficult to access?"
You won't fall to a boilerplate attack but may merit a *focused*
attack by someone who looks at you as a "challenge" (and, possible harbinger
of new defenses to which they will have to adapt).

Being different also sacrifices anonymity (presumably, privacy has SOME value
to you). When I had a non-stealth server, I did my best to hide its
configuration by changing all the banner messages, etc. Of course, that
made it stand out -- because it WASN'T one of the (relatively few) known
system characterizations at the time.

[I also learned that these obvious changes don't prevent the system
from being identified as there are all sorts of characteristics that
can be profiled/fingerprinted to deduce what's running, there]

> years I have had to store databases of personal information on computers
> that are connected to the Web, so I have given the problem a lot of
> thought. Without access to the decoding programs (which are in an
> obsolete format running on an obsolete OS) there is little chance of
> anyone else decoding the information.

So, what do you do when *I* encrypt your encoded data? Or, bring down
the (remote) system that is hosting it?

You also would be surprised at how much information "leaks" from naive
encoding strategies. E.g., if you know (or suspect) the format of the
content, you can often deduce the coding algorithm.

E.g., sign up for your service and then watch to see how you store
my information "remotely". Now I know what that information maps to.
Or, go hunting for something that I know (or suspect) is already encoded
in your data. And, I know the distribution of letters/words in prose,
names, etc.

History is littered with failed encryption/security algorithms that seemed
to be unbreakable. Because people rise to the challenge of subverting
them! ("That's where the money is" -- Willie Sutton)

Who'd have thought of breaking into a vehicle's CAN network (by forcefully
removing something easily accessible -- like a headlight!) to impress the
"Unlock doors" command on the bus? Gee, maybe you should design the
system so it doesn't blindly assume every message is legitimate?!
<https://www.autoblog.com/2023/04/18/vehicle-headlight-can-bus-injection-theft-method-update/>

Intentional reprogramming of pacemakers? (Why would anyone deliberately
do that?)
<https://www.ahajournals.org/doi/full/10.1161/CIRCULATIONAHA.118.037331>

Airline flights?
<https://www.theregister.com/2024/02/03/researchers_remotely_exploit_devices_used/>

What are the chances "one of many" solutions has addressed all of the
vulnerabilities that affect its implementation?

On Mon, 8 Apr 2024 08:53:11 -0700, Don Y <blockedofcourse@foo.invalid>
wrote:

>On 4/8/2024 1:38 AM, Liz Tuddenham wrote:
>> Don Y <blockedofcourse@foo.invalid> wrote:
>>
>>> ... It costs relatively little to probe (and fingerprint)
>>> every accessible IP. Then, throw a set of exploits *already* deemed LIKELY
>>> to compromise such a system at it and note the results. The process can
>>> be automated (and likely would be given the sheer number of potential
>>> targets!)
>> [...]
>>
>> I was thinking of a slightly different approach from the usual one.
>> With automated coding and decoding it is a relatively simple matter to
>> concatenate various processes such as:
>>
>> Direct encipherment
>> Rearrangement by character or block
>> Insertion of dummy characters
>> Codes
>> Languages
>>
>> Each of these could be broken individually, but used in succession they
>> become much more difficult. This would be a system that was suitable
>> for small organisations where the daily arrangements could be
>> distributed by a separate communication -- for instance:
>>
>> Today: Shift by 5 letters - Reverse each block of 11 letters - Insert a
>> random character every 3rd and 17th position - shift back 7 letters -
>> Represent every 19th letter with it's Vail Cipher equivalent - Arrange
>> letters on a 12 x 12 grid in rows and read them out by column.
>>
>> Tomorrow: Double a character every 7th position - Arrange letters on a
>> 10 x 19 grid in rows and read them out by columns -Represent every 13th
>> letter with its ASCII equivalent -Reverse alternate blocks of 11
>> characters - Shift back 3 letters - Add a random character every 12th
>> position - Arrange letters on a 9 x 17 grid in rows and read them out
>> by columns
>>
>> Anyone trying to break into the system, even if they could guess at some
>> of the elements or intercept one of the distributions, would be faced
>> with a lot of work for very small returns. The elements could be
>> changed around and new ones added to the repertoire quite easily.
>
>Where is the cleartext version stored? Or, are you perpetually re-recoding
>the data (so the cleartext never exists on the store)?
>
>Are you relying on some third party in any way (in which case, his
>system expands the attack surface).
>
>What happens if I hack your system and mirror your display elsewhere?
>
>What if I coerce some staff member to telling me something they
>shouldn't (by claiming to be someone's little old grandmother who
>forgot his phone number, birth date, etc; "Could you please give
>it to me, Deary?").
>
>Or, some stupid staff member who doesn't realize that it's NOT a good
>idea to send around a memo to the department staff with a list of
>every employee's birthdates. (SWMBO had to intercept a memo that
>listed every department member's SSN! What idiot thought THAT
>was a good idea?)
>
>Is there a way to pass information OUT of your organization?
>How do you ensure that cleartext is always re-encoded before being
>distributed to other parties? After all, the people who consume
>that information need to see it in its unencrypted form...
>
>Plus, security is more than just protecting your secrets. What if I
>prevent you from accessing that store -- by deleting it, encrypting it
>(with MY key), or simply eating up the bandwidth that you need to
>access it?
>
>Or, the early days where the adversary's goal was just to crash your system
>or render it unbootable. Clearly, these aren't activities that you would
>WANT someone to be able to undertake; you would want to *secure* your
>system AGAINST them!
>
>[Hard to imagine anyone NOT running a web browser and using "web apps".
>How secure is that option? (Firefox is ~20+M SLoC!) MULTICS was
>considered "bloated" inspiring the creation of "UNIX". MULTICS was
>~300K SLoC; Linux is ~50M SLoC! How many millions of lines of code
>are involved in your accessing this USENET post?]
>
>I've protected my *switch* from folks wanting to impose "lightning strikes"
>on the "exposed" network drops. Because failing to include such protection
>would mean a key component (the switch) could be subverted from a single
>attack point.
>
>My neighbor's alarm system is completely wireless (selling point: no
>nasty wires to run through your home). But, I could (illegally) subvert
>it with an RF jammer. Of course, the legality of that jamming wouldn't
>bother me if I was already intent on breaking the law to steal from him.
>
>>> Can you enumerate all of the potential security vulnerabilities that
>>> you *have*? Today? Tomorrow??
>>
>> No, but I can make life very difficult for would-be hackers in the hope
>> that they will turn to easier targets with better rewards. For some
>
>"Standing out" is one way to get hackers' (i.e., individuals) attention.
> "Why is this person/entity going to such lengths to make their
> systems/data so difficult to access?"
>You won't fall to a boilerplate attack but may merit a *focused*
>attack by someone who looks at you as a "challenge" (and, possible harbinger
>of new defenses to which they will have to adapt).
>
>Being different also sacrifices anonymity (presumably, privacy has SOME value
>to you). When I had a non-stealth server, I did my best to hide its
>configuration by changing all the banner messages, etc. Of course, that
>made it stand out -- because it WASN'T one of the (relatively few) known
>system characterizations at the time.
>
>[I also learned that these obvious changes don't prevent the system
>from being identified as there are all sorts of characteristics that
>can be profiled/fingerprinted to deduce what's running, there]
>
>> years I have had to store databases of personal information on computers
>> that are connected to the Web, so I have given the problem a lot of
>> thought. Without access to the decoding programs (which are in an
>> obsolete format running on an obsolete OS) there is little chance of
>> anyone else decoding the information.
>
>So, what do you do when *I* encrypt your encoded data? Or, bring down
>the (remote) system that is hosting it?
>
>You also would be surprised at how much information "leaks" from naive
>encoding strategies. E.g., if you know (or suspect) the format of the
>content, you can often deduce the coding algorithm.
>
>E.g., sign up for your service and then watch to see how you store
>my information "remotely". Now I know what that information maps to.
>Or, go hunting for something that I know (or suspect) is already encoded
>in your data. And, I know the distribution of letters/words in prose,
>names, etc.
>
>History is littered with failed encryption/security algorithms that seemed
>to be unbreakable. Because people rise to the challenge of subverting
>them! ("That's where the money is" -- Willie Sutton)
>
>Who'd have thought of breaking into a vehicle's CAN network (by forcefully
>removing something easily accessible -- like a headlight!) to impress the
>"Unlock doors" command on the bus? Gee, maybe you should design the
>system so it doesn't blindly assume every message is legitimate?!
><https://www.autoblog.com/2023/04/18/vehicle-headlight-can-bus-injection-theft-method-update/>
>
>Intentional reprogramming of pacemakers? (Why would anyone deliberately
>do that?)
><https://www.ahajournals.org/doi/full/10.1161/CIRCULATIONAHA.118.037331>
>
>Airline flights?
><https://www.theregister.com/2024/02/03/researchers_remotely_exploit_devices_used/>
>
>What are the chances "one of many" solutions has addressed all of the
>vulnerabilities that affect its implementation?

No amount of fiddling will ever fix a fundamentally bad design.

We need a new, totally hardware protected, computer and OS design.

On Mon, 08 Apr 2024 05:25:38 GMT, Jan Panteltje <alien@comet.invalid>
wrote:

>On a sunny day (Sun, 07 Apr 2024 13:32:39 +0100) it happened Cursitor Doom
><cd@notformail.com> wrote in <tv351jpvnp9jqoko059pmr9c910fl8pbvq@4ax.com>:
>
>>On Sun, 07 Apr 2024 11:43:49 GMT, Jan Panteltje <alien@comet.invalid>
>>wrote:
>>
>>>On a sunny day (Sun, 07 Apr 2024 10:51:57 +0100) it happened Cursitor Doom
>>><cd@notformail.com> wrote in <fqq41jpomcrjj73d17kjcuraau6rmu63dn@4ax.com>:
>>>
>>>>On Sun, 07 Apr 2024 05:40:20 GMT, Jan Panteltje <alien@comet.invalid>
>>>>wrote:
>>>>
>>>>>On a sunny day (Sat, 06 Apr 2024 17:28:48 -0400) it happened Joe Gwinn
>>>>><joegwinn@comcast.net> wrote in <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com>:
>>>>>
>>>>>>On Sat, 06 Apr 2024 21:24:14 +0100, Cursitor Doom <cd@notformail.com>
>>>>>>wrote:
>>>>>>
>>>>>>>On Sat, 06 Apr 2024 11:14:56 -0400, Joe Gwinn <joegwinn@comcast.net>
>>>>>>>wrote:
>>>>>>>
>>>>>>>>On Sat, 06 Apr 2024 04:25:32 GMT, Jan Panteltje <alien@comet.invalid>
>>>>>>>>wrote:
>>>>>>>>
>>>>>>>>>German state gov. ditching Windows for Linux, 30K workers migrating
>>>>>>>>>Schleswig-Holstein looks to succeed where Munich failed.
>>>>>>>>>
>>>>>>>>> https://arstechnica.com/information-technology/2024/04/german-state-gov-ditching-windows-for-linux-30k-workers-migrating/
>>>>>>>>>
>>>>>>>>I'd suggest reading the entire article.
>>>>>>>>
>>>>>>>>
>>>>>>>>>Less US spying too.
>>>>>>>>
>>>>>>>>Nah. Linux is no harder for big intelligence agencies than Windows or
>>>>>>>>MacOS. And Linux is already dominant in the infrastructure, so those
>>>>>>>>agencies are already there.
>>>>>>>>
>>>>>>>>Joe Gwinn
>>>>>>>
>>>>>>>... Unless you roll your own distro and know how to use it
>>>>>>>securely....
>>>>>>
>>>>>>And are too small potatoes for the big agencies to bother, leaving the
>>>>>>field to various hackers.
>>>>>>
>>>>>>Joe Gwinn
>>>>>
>>>>>Well I have been running Linux since 1998 as my systems.
>>>>>No hacks observed, and that running included an online web server.
>>>>>There was some hacking group, I challenged them to hack my server,
>>>>>watched them trying, they gave up.
>>>>>These day Linux is getting way too complex, the idiot in rathead made tings worse
>>>>>Many processes I see running I have no clue what they do without looking it up on google.
>>>>>So maybe time for something different.
>>>>>But then again, no problem with security in all these years.
>>>>>Of course I know CIA and who not is reading everything I wrote, the brain damage if causes them is my defense weapon LOL.
>>>>>But really microsoft windows was dead after win 3.1 when they integrated the GUI with the basic OS to keep DRDOS out
>>>>>so now they move to Linux too.
>>>>>rathead and microsore doing a takeover is a possibility.
>>>>>Maybe some Linux versions that are clean will keep existing
>>>>>But bloat has taken over, giggle bytes and tera hertz needed to read a website via fiber
>>>>>content: daily news, israel commits genocide, nobody does anything about it.
>>>>>Same on teefee.
>>>>>What is it all worth?
>>>>>Cannot even buy a return to Mars, in the sixties they did a return to moon.
>>>>>Its all over now. Dinos!!!
>>>>>In the old days you could get a collage degree if you were good at playing with a ball,
>>>>>now you get it for free if your sun lotion did not work.
>>>>>(ducks) well
>>>>>
>>>>>
>>>>
>>>>Going back to the substance of your original post, Jan, I'm just
>>>>wondering if this is a trend which will spread world-wide as a natural
>>>>consequence of the recent phenomenon of de-dollarization as countries
>>>>seek to divest themselves of dollar assets in the wake of the
>>>>financial sanctions imposed on Russia. We should keep a wary eye open
>>>>for further examples of this going forward as it could ultimately have
>>>>serious consquences for world peace.
>>>
>>>I was just reading this:
>>> Americans skipping meals to cope with rising costs – poll:
>>> https://www.rt.com/news/595530-poll-americans-struggle-rising-housing-costs/
>>>
>>>Cannot believe the rental prices in the US!
>>>For sure inflation at its worst.
>>>
>>>So, back to the wigwam
>>>?
>>
>>I'm afraid RT is blocked in my jurisdiction so I can't see the article
>>- and I don't use a VPN. Likewise their TV news channel (which was
>>*very* good) has also been blocked. Seems the Globalists are keen to
>>ensure they retain exclusive rights to Western 'news' broadcasts and
>>don't want any dissenting views heard. And that includes domestic
>>dissenters as well, as GB News is finding out!
>>
>>https://www.theguardian.com/media/2023/jul/07/ofcom-investigates-gb-news-dont-kill-cash-campaign
>
>Yes, what then remains is a one-sided view of the current club in power
>(US Military Industrial Complex sucking the taxpayer and burning clueless Ukrainian and other lives using a CIA controlled comic.
>
>As to 'RT blocked', I found it did not work on my Linux system until I switched to the google nameserver.
>So I made a text file /etc/resolv.conf.GOOGLE
>That contains this:
>nameserver 8.8.8.8
>nameserver 8.8.4.4
>
>Then after I go online I basically do:
> cp /etc/resolv.conf.GOOGLE /etc/resolv.conf
>Note that the system will screw it up, so you need to copy the file every time after you get the net connection
>Your ISP may block rt, but this still works...
>
>Script I uses activated from command line:
>
>
>
>#!/usr/bin/bash
>
>if [ "$1" == "off" ]
>then
> echo "ececuting ifconfig eth1 down"
> ifconfig eth1 down
> echo
>elif [ "$1" == "on" ]
>then
> echo "executing ifconfig eth1 up"
> ifconfig eth1 up
> echo
>
> echo "executing cp /etc/resolv.conf.GOOGLE /etc/resolv.conf"
> cp /etc/resolv.conf.GOOGLE /etc/resolv.conf
> echo
>
> echo "executing cat /etc/resolv.conf"
> echo
>
> cat /etc/resolv.conf
> echo
>else
> echo "Usage: set_google_nameserver on | off"
>fi
>
>
>I could get RT via satellite, now they moved to a different sat that I get not much signal from since across the road they insulated the roofs, likely some metal foil in there
>Need to put the dish higher, but it is already too high for comfort, blocks my QO100 channels too.
>
>Anyways satellite is cool,
>if I want to see Cuba or NASA tv or Al Jazeera .. just a click away.
>You can search for your satellite station here:
> https://en.kingofsat.net/
>
>Anyways here is the original RT text:
>
>----------------------------------------------------------------------------------------------------------------------------------------------------
> A new survey has found that half of US homeowners and renters are struggling to afford their housing payments
>
>A "for rent" sign is posted last July in Miami, Florida.
>© Getty Images / Joe Raedle
>Half of Americans are struggling to afford their rising housing costs, and the financial squeeze is so severe for many that over one in five skip meals to get by, a new poll has revealed.
>
>The survey, commissioned by Seattle-based real estate brokerage Redfin and released on Friday, showed that 50% of US homeowners and renters have had difficulties making their housing payments.
>Many respondents said they had to make sacrifices to cope with inflationary pressures.
>For instance, 22% reported that they had skipped meals, 21% sold some of their belongings, and a combined 37% either worked extra hours or took on additional jobs.
>
>“Housing has become so financially burdensome in America that some families can no longer afford other essentials, including food and medical care, and have been forced to make major sacrifices, work overtime and ask others for money so they can cover their monthly costs,â€? said Redfin’s economic research chief, Chen Zhao.
>
>
>Read more Biden’s approval rating drops to all-time low
>Home prices and rents have risen sharply in many US cities, and mortgage rates remain elevated after reaching a 23-year high last October.
>Redfin said the typical US household income is about $30,000 a year lower than the level needed to afford a median-priced home.
>
>Nearly 35% of poll respondents said they were taking fewer vacations, or none at all, to keep up with their housing payments.
>About 18% borrowed money from friends and family or dipped into their retirement savings.
>For 16%, the cash crunch was so difficult that they had to delay or forgo needed medical care.
>
>The US inflation rate rose to the highest level in more than 40 years in June 2022, prompting the Federal Reserve to boost interest rates in an attempt to tame prices.
>The pace of inflation has slowed since then, but price growth rose to 3.2% from a year earlier in February, higher than economists expected.
>The increase dimmed hopes that the US central bank will soon begin pushing interest rates lower.
>
>READ MORE: Most US adults have given up on ‘American dream’ – poll
>Many young Americans have had to give up their apartments and move back in with their parents.
>A Harris/Bloomberg poll last September found that 45% of 18- to 29-year-olds are living at home with their parents or other relatives, the highest level since the 1940s.
>Most of those had moved back home within the past two years.

On 4/8/2024 8:53 AM, Don Y wrote:
> You also would be surprised at how much information "leaks" from naive
> encoding strategies.  E.g., if you know (or suspect) the format of the
> content, you can often deduce the coding algorithm.

This is my all-time favorite -- laughable -- take on "security":

<https://community.hpe.com/hpeb/attachments/hpeb/hpsc-46/6970/1/UserGuide.pdf>

This is (was) *sold* as "Secure Web Console".

By a "reputable" company with very deep pockets!

The product idea was excellent! Provide a means of accessing the
serial console on a remote computer over the internet. So, you could
troubleshoot boot problems and other issues in cases where the
server/host in question hadn't yet booted *or* had lost IP connectivity.

Essentially, you build a one-port terminal server and glue a web server
on the outfacing side. An administrator can then access the web server
(from any web client) and have his keystrokes passed through to the
attached serial console and the output from said console painted into
his web browser's display.

Easy peasy!

But, the data stream is naively "encrypted" with a simple substitution cipher.
The cipher is stateless so characters can be decoded without regard for where
in the data stream they are encountered. (i.e., a packet sniffer's paradise).

And, the decode operation is:
chat cleartext = crypttext ^ 0x37;

Seriously? What *idiot* thought to put "Secure" in the product's title???

("I locked my front door -- and put the key under the mat so I would
always know where I had left it...")

On 4/9/2024 11:12 AM, Don Y wrote:
> On 4/8/2024 8:53 AM, Don Y wrote:
>> You also would be surprised at how much information "leaks" from naive
>> encoding strategies.  E.g., if you know (or suspect) the format of the
>> content, you can often deduce the coding algorithm.
>
> This is my all-time favorite -- laughable -- take on "security":
>
> <https://community.hpe.com/hpeb/attachments/hpeb/hpsc-46/6970/1/UserGuide.pdf>
>
> This is (was) *sold* as "Secure Web Console".
>
> By a "reputable" company with very deep pockets!
>
> The product idea was excellent!  Provide a means of accessing the
> serial console on a remote computer over the internet.  So, you could
> troubleshoot boot problems and other issues in cases where the
> server/host in question hadn't yet booted *or* had lost IP connectivity.
>
> Essentially, you build a one-port terminal server and glue a web server
> on the outfacing side.  An administrator can then access the web server
> (from any web client) and have his keystrokes passed through to the
> attached serial console and the output from said console painted into
> his web browser's display.
>
> Easy peasy!
>
> But, the data stream is naively "encrypted" with a simple substitution cipher.
> The cipher is stateless so characters can be decoded without regard for where
> in the data stream they are encountered.  (i.e., a packet sniffer's paradise).
>
> And, the decode operation is:
>    chat cleartext = crypttext ^ 0x37;

Grrrr... s/chat/char/

> Seriously?  What *idiot* thought to put "Secure" in the product's title???
>
> ("I locked my front door -- and put the key under the mat so I would
> always know where I had left it...")
>