Calculating the Cost of Full Disk Encryption

Found on Network Computing on Monday, 03 September 2012
Browse Computer

The study found that the most expensive element of FDE is not the hardware or software involved, but the value of user time it takes to start up, shut down and hibernate computing systems while using FDE. Also adding to the cost is the time it takes technicians to complete full disk encryption procedures.

After doing all of the math, Ponemon found that the cost of FDE on laptop and desktop computers in the U.S. per year was $235, while the cost savings from reduced data breach exposure was $4,650.

$235 to click on the checkbox which selects full disk encryption during the installation of a Linux desktop?

Ubisoft Games Won't Work Next Week

Found on ITProPortal on Friday, 03 February 2012
Browse Computer

Several of Ubisoft's biggest titles won't be playable as of next week thanks to a server move by the publisher and the restrictive DRM that was used in their development.

Because Ubisoft thought it would be a smart plan to use always on DRM for even the single player portion of games like Assassin's Creed, even the single player portion of that title won't be playable during the server move.

Those people paid money for your game and they won't be able to play it. If you didn't pay, downloaded illegally, pirated, you'll be able to play fine.

Once again, free wins against paid.

The Death of Booting Up

Found on Slate on Saturday, 13 August 2011
Browse Computer

Remember "booting up"? It was the first thing you did every morning-you waited two minutes, three minutes, sometimes even longer while your computer ran through a series of self-tests, loading screens, and an error prompt or two before settling into any kind of useful state.

Apple's MacBook Air loads up in 16 seconds, and machines based on Google's cloud-based Chrome OS boast boot times of under 10 seconds. Even Windows computers are fast-with the right set-up, your Windows 7 laptop can load just as quickly as a MacBook.

That's nice and spiff, but pretty useless. I wonder if people really sit down in front of their PC and switch it on, waiting for the desktop to come up while gnawing on the desk. In most cases, my system has booted before I return to it; there are always a few things one does between pressing the button and starting to work. Besides, I boot only once a day, so a minute more or less doesn't really shorten my life.

World's servers process 9.57ZB of data a year

Found on Computerworld on Sunday, 08 May 2011
Browse Computer

Three years ago, the world's 27 million business servers processed 9.57 zettabytes, or 9,570,000,000,000,000,000,000 bytes of information.

Researchers at the School of International Relations and Pacific Studies and the San Diego Supercomputer Center at the University of California, San Diego, estimate that the total is equivalent to a 5.6-billion-mile-high stack of books stretching from Earth to Neptune and back to Earth, repeated about 20 times.

Three years. That's pretty ancient data in the IT. Anyway, this amount of data is manageable: ZFS allows 256 zettabytes per zpool, so there would still be some space left. Even if the zpool gets filled, no problem: a ZFS system can have up to 2^64 zpools (that are 8,446,744,073,709,551,616 zpools, or 2,162,366,482,869,645,213,696 zettabytes).

Hadopi's secret 3-strikes security spec leaked

Found on Iptegrity on Tuesday, 03 August 2010
Browse Computer

Government certified security software: the French government's Hadopi wants to spy on everything on your computer, every time you log on, otherwise you cannot defend yourself against breach of copyright allegations.

The measures appear to be 'belt-and-braces' in that the software will be required to monitor all traffic through the Internet access as well as all files on the user's computer and the router configuration.

Most likely it will only run on Windows. So users of other operating systems will be guily by default or have to switch to Windows because everything else will be outlawed unless wiretapping, sniffing and censorship solutions are build in. Not much freedom and equality is left from the old "liberté, égalité, fraternité" slogan it seems.

ZFS gets inline dedupe

Found on The Register on Sunday, 01 November 2009
Browse Computer

Sun's Zettabyte File System (ZFS) now has built-in deduplication, making it probably the most space-efficient file system there is.

The deduplication is done inline, with ZFS assuming it's running with a multi-threaded operating system and on a server with lots of processing power. A multi-core server, in other words.

The beauty of ZFS dedupe is that you don't need special storage arrays to deduplicate data. Ordinary arrays are quite acceptable, and its applicability at a data-set level means that you need only to deduplicate the datasets with redundant data and not the others.

ZFS is probably the best filesystem out there currently; even though there are of course some feature differences with others. Putting that aside, thanks to incompatible licenses (CDDL vs GPL), there won't be a native support in Linux anytime soon. Sometimes Open Source just blocks itself.

Malware probes find a China angle

Found on CNet News on Sunday, 29 March 2009
Browse Computer

China is coming under scrutiny as the possible source of malicious software and Internet attacks directed at foreign governments and other institutions.

Completed separately, both reports--"Tracking GhostNet," from the Munk Centre for International Studies in Toronto, and "The snooping dragon," from the University of Cambridge Computer Laboratory--address the Chinese government's efforts to monitor the activities of the Dalai Lama and the governing of Tibet.

Now if the Great Firewall of China would work both ways. The chinese government does not really care much about outgoing, truly malicious traffic (not just malicious because it's free information).

Major cyber spy network uncovered

Found on BBC News on Saturday, 28 March 2009
Browse Computer

An electronic spy network, based mainly in China, has infiltrated computers from government offices around the world, Canadian researchers say.

They included computers belonging to foreign ministries and embassies and those linked with the Dalai Lama - Tibet's spiritual leader.

There is no conclusive evidence China's government was behind it, researchers say. Beijing also denied involvement.

Of course the chinese government denies being involved. Did anybody honestly think they would say "Oh, you caught us"?

Ex-Fannie Mae worker charged with planting computer virus

Found on The Examiner on Wednesday, 28 January 2009
Browse Computer

A fired Fannie Mae contract employee allegedly placed a virus in the mortgage giant's software that could have shut the company down for at least a week and caused millions of dollars in damage, prosecutors say.

The virus was set to execute at 9 a.m. Jan. 31, first disabling Fannie Mae's computer monitoring system and then cutting all access to the companyâs 4,000 servers, Nye wrote. Anyone trying to log in would receive a message saying "Server Graveyard."

From there, the virus would wipe out all Fannie Mae data, replacing it with zeros, Nye wrote. Finally, the virus would shut down the servers.

Now that's an unhappy employee. Not that Fanny Mae could really go down any further.

MD5 Hack Interesting, But Not Threatening

Found on SecurityFocus on Sunday, 04 January 2009
Browse Computer

Considering that it took the original researchers four tries over at least a month to successfully accomplish their attack against the RapidSSL brand, we're fully confident that no malicious organization had the opportunity to use this information against RapidSSL, or any other certificate authority authorized by VeriSign.

As it happens the most expedient and safest method of mitigating the attack was to switch it out for SHA-1. We had been planning this migration to occur on RapidSSL in January 2009 anyway, so we had a high degree of confidence in accelerating that deployment.

For a migration that's been planned for years, several things are surprising: first of all, the switch to SHA-1, which has already been broken in theory and is not recommended as a secure hashing algorithm since 2005. Instead, they could have switched to the highest level of the SHA-2 class, SHA-512. Also, VeriSign was able to switch from MD5 to SHA-1 "about four hours later". Impressive for a migration that took years of planning. If it was so complex and scheduled for the end of January, how come it was so fast to switch? Especially on a rather sudden notice. I'm not saying that VeriSign is lying, but things like these just catch your attention. No matter if that's just PR talk or really a lucky coincidence: switching was good. Not perfect, but good.