Anti Virus Needed

Sun Jan 19 22:07:48 CST 2014

I realize my recommendations are not what people want to hear.
I can't help that. It's the same argument when we said
"Don't run Windoze exposed to the Global Internet!"
the answer back was, "No, *you* must do something - we insist
on running Windoze!"

the answer, of course, is that there was nothing that could be done.
that didn't stop the creation of an entire industry of charlatans and faith healers
praying on the bedeviled while many 100s of billions of dollars
have been pissed away as  result of the collective denial.

all I can do is tell people what we are up against and what it takes
to survive it. I cannot control the weather, gravity, or make fools less foolish.
If, however, I had some spell that would fix this mess, I would have done
so already. 

People need to consider carefully the possible fallout of mass abandonment
of the Internet, either forced or voluntary. The economy has embraced
"electronic commerce" like the new addict to crack, and is busily destroying
the alternatives. if the Internet becomes unworkable or sufficiently untrustworthy,
or if continuing to trust it becomes financial suicide, the dislocation will be
unimaginable. whether it is really that bad won't matter. panic drives stampedes
and there are no bigger lemmings than on Wall Street. their panic could easily
be catastrophic even if everyone else is still fine.

my point is that the downstream consequences of these things are very
difficult to either foretell or rule out. the system we have is highly susceptible 
to brittle failure, and all of this silliness like the netrification of things that
do not possibly need it, and doing so in a way guaranteed to cause 
massive heartache, only makes it more and more brittle and
therefore more and more likely to have a catastrophic outcome from
small failures amplified by cross-coupling to other parts and propagating
the brittle collapse.

      -mo

Sent from my iPad so please excuse the jammy fingers.

> On Jan 19, 2014, at 6:19 PM, Andre Kesteloot <andre.kesteloot at verizon.net> wrote:
> 
>> On 1/19/2014 17:37 PM, Mike ODELL wrote:
>> make sure the network of those devices is completely and totally air-gapped
>> from the Global Internet.  even better, turn off the network silliness in those
>> devices. turn off the wifi and disconnect the Ethernet cable. the SNMP Toaster
>> was a joke from long ago. we never imagined anyone would do it seriously.
> thanks !
> That is what we have at my day-job, but that is hardly practical for the every-day home-user.
>> 
>> at CES, there were several "door lock sets" which speak IP over wifi.
>> WTF were they thinking?
>> 
>> the even nastier little secret is that you already have a network box which
>> Could already have already have been compromised: your router/wifi box.
> yes most probably  !
>>  most of
>> them run really old, crufty versions of all the software based on old crufty
>> versions of Linux and the user-level code that runs outside of the kernel.
>> examples: dhcp server, DNS, nat configuration, packet filter configuration, wifi
>> command and control, and the web server stack that provides the
>> user interface.  if your box can run it, OpenWrt is better than most.
> 
> [...]
> 
> 
>> so people go inviting everyone in the whole world into everything
>> they own.
>> 
>> the use of compartmentation like is done using Invincea and containers as done by
>> Solaris/Illumos, FreeBSD, and Linux, and sand boxing as done by OS/X and iOS appear
>> to be gaining the upper hand by providing a way to isolate activities so that compromises
>> can't damage other things while doing so with a tiny fraction of the overhead of, oh, VMware.
>> and because of that, services can be run lightly and the container destroyed regularly
>> and recreated freshly, thereby eliminating various "persistent" attracts.
>> 
>>       -mo
> thanks
> 
> 73
> André
> 
> ---
> This email is free from viruses and malware because avast! Antivirus protection is active.
> http://www.avast.com
> 