@Mr Young

Your assumption would be incorrect. For quite some time now the number of malicious domains being registered has /far/ outpaces the number of legitimate ones. A true whitelist versus blacklist comparison five years from now would likely find the whitelist an order of magnitude smaller than the blacklist.

It's one of the reasons I vote for the whitelist approach: there's simply no reasonable way to keep up with all the malicious or illegal traffic that's out there. We have reached that point where it’s actually /less effort/ to vet every website in existence than to try heuristics, pre-scanning, or educating users as to the quite literally THOUSANDS of different kinds of threats for MILLIONS of different malicious domains.

If there were only a few thousand, or even a few hundred thousand “bad” domains then a blacklist would make perfect sense. As it stands, even if you subscribe to myriad blacklists simultaneously you are exceptionally lucky if you get 75% coverage. The defences we have – from anti-malware and blacklists to heuristics – are inadequate. They aren’t coping with the onslaught, and if we don’t come up with a different approach they will fail.

That’s not an attempt to be a doomsayer on my part; it’s an observation based on decades of experience. We aren’t winning this war. In fact, despite all the advances in technology I would have to say that we are /less/ secure than we were ten eyen ago. While we are no longer vulnerable to the threats that existed then, there are at least an order of magnitude of new and interesting threats today.

Many of them aren’t even technological. They are social engineering traps. Phishing scams, password scams, or even things to trap you into take an endless series of surveys to pump some scammer’s numbers with a dodgy advertising company.

I believe we honestly are at the point that it is less effort to identify the legitimate traffic and discard all the rest. Even if building that list has to be done one site at a time.

@fishman

Better question:

I wonder if a security firm will be shopping for AMD?

@AC

Dos 6.22

And yes, I still schlep my files off with floppies. I will use it until it dies such that it can't be revived any more. It was my first >personal< computer. Not the family computer...mine. I owe my livelihood to that machine.

Now don’t get me wrong; I certainly have more modern gear…but this is the system that sits on my nightstand and awaits my various ponderings which amazingly, you folks actually read.

Boggles the mind.

@PikeyDawg

Every comment I post here is posted from a VM hosted on that little home server. All my articles are proofed on that server.

It's an AMD Athlon II X3 400e. 45W TDP, but I've only ever seen it hit 90% load under some exceptional circumstances. (Those circumstances being when I am RDPed into a virtual machine hosted on that server, and using VNC from within that RDP session to manipulate VLC playing a 1080p video on the host operating system from teh software RAID 5 of 4 1.5TB disks.)

I think the 4 DIMMs eat more than the CPU on a regular basis.

The motherboard is an ASUS M48785M. Integrated video, decent but not spectacular everything else. No optical, crappy super-low-power single platter 2.5" OS disk, and 4x Seagate 1.5TB Junkers I had laying around that are probably the biggest power draw in the whole system.

PSU is a ridiculous Sea Sonic SS-400FL that I don't think I've ever actually head the fan spin up on. I use a Kill-A-Watt to judge my idle, average and fully loaded power draws.

Operating system is Windows Server 2008 R2 Standard; this raises the cost if you use it, but frankly you could do this on CentOS if you were less lazy. (I have a Technet Subscription, so…)

VMs are hosted using VMWare Server 2, and the native software RAID in Server 2008 R2 blows. (Another good reason to use Linux.) Seriously though, even though both my VMs have their VMDKs hosted off of the software RAID 5, the system is perfectly usable even whilst I am streaming a 1080p movie off of the system.

The chassis in use is an old Chenbro SR-107, for which I just happened to have a pair of hot-swap cages, but really, this rig will fid in a mini-tower that you can pick up at Joe Blow’s crappy electronics for $20.

She’s a little over a year old now, and I haven’t had any grief from her whatsoever. If you’re looking to build yourself a similar system and have any questions, drop me a line!

@Kain

Well, if Carly doesn't win the election, I'm sure she'll be looking for a gig...

*shudder*

@David W.

The PC kind of is dead. Well, not dead...but on life support. It's really been relegated to an enthusiast/highish end workstation role.

Consoles have largely killed off PC gaming. What is left of PC gaming is pretty niche, and a tragic amount of games are just console ports. (I am a PC gamer, and it pains me to admit this.)

Netbooks, Laptops, Smartphone and now Tablets have done for the "casual internet browsing" part. What little remains for "casual internet" consumption that is "PC"-like is being cannibalised by low powered Linux boxen. This category is also doing some brutal clean-up in the “multimedia consumption” space.

VDI and SaaS have basically done for the “general office work” category; hell, my network’s Wyse thin client deployment to covers exactly that is proof it works well. (60 VMs on 3 two-year-old servers, no problems at all.)

What does that leave? Workstation stuff like CAD, video editing, some audio editing and possibly programming. Higher-end video gamin or enthusiast stuff. The big “mainstream” uses of computing just don’t need PCs any more, and people are starting to drift away from them in droves. Even a lot of the workstation stuff can cheerily be done on mid-range notebooks today, and I am starting to see more and more of this work moving onto these more portable platforms.

So the PC isn’t completely dead, but we definitely witnessing its final decline. There are the golden years of the PC; savour them for they will not return. Computing has become so commoditised that it simply becoming an appliance, as found in smartphones or thin clients.

As to switching to SSDs…it will happen. Hell, it’s happening already. We long ago reached the point where you just don’t need the kind of space available in a modern magnetic drive to run your PC or computing appliance. Somewhere there has to be a big old bank of storage…but less and less that storage has to be in your laptop, your PC or your phone. More and more that can be in a NAS device at home or even in “the cloud.”

I don’t think Magnetic spindles will disappear, but the storage tiers of today will be redefined. I can be quite happy with 160GB of storage on my notebook or desktop, so long as I have a NAD somewhere to dump my media on. 160GB will run my OS and applications, even when it’s almost all Microsoft’s bloatware.

All new PCs, notebooks or compute appliances I have deployed in the past 6 months or so have SSD primary storage, and only a few of them have been backed by Magnetic spindles. Why? Because I don’t care if a client computer drops its disk. I can always reimage it, and frankly SSDs are cheap enough to use for these low-demand situations.

Just as we are watching the twilight years of the PC, magnetic are moving starkly into the realm of “bulk data provisioning” whilst SSDs take over primary systems provisioning roles.

For that matter, have you noticed Android? It’s a Linux distro…and it’s kicking some royal ass. Sure, not on desktops (yet,) but this is definitely “the year of Linux,” as we see Android take a Linux distro into the hands of millions of ordinary non-nerd consumers for the VERY FIRST TIME. It’s historic, and it’s gone unnoticed by the kind of people who believe that if it’s not desktop PC dominance, it doesn’t matter.

Desktop PC dominance is what doesn’t matter, because people are abandoning that form factor in droves.

We’ll see about the videophone thing. I’ve just picked up a set of wicked Asus Skype videophones and was duly impressed. They are seeing a lot of use now, and I suspect Apple’s facetime will make a dent there too. If for no reason other than it’s Apple and it has a captive audience of millions of sheeple.

Understand that I don’t say any of the above lightly. I am not a web 2.0 Silicon Valley new tech lover with a shiny hat. I’m a grumpy old luddite curmudgeon who is still bitter about the damned ribbon bar, and uses a 386 notebook running Word Perfect 5.1 and Lotus 123 to write my articles on. (I proof them on my Windows VM before submitting them, natch.)

Much as I lament, the 90s are dead. Neat shit happened in the 2000s, and a lot of us refuse to admit it largely because we can’t currently afford it. Step back though, and take a look at what other people are buying. Not the nerds with decades of jaded views on how things “should be,’ but Jow Bloe average consumer and Large Enterprise CTO. It is their choices which determine where the volume market is, and where all tech companies will focus their efforts.

Those efforts don’t lie in the PC, or any of the traditional ways of doing things to which we have grown so accustomed.

More’s the pity.

@Malcom Boura

That's not true.

First off, if you take a look at the OpenVPN or UltraDNS full-on enterprise setups, they offer some really granular control over what will or won't be banned. They also offer both custom white and blacklists so that you can ban or unban websites as you feel is appropriate.

NortonDNS is young, but will most likely offer similar features; they are a commercial entity after all, and can't go around arbitrarily banning things without the ability to unban selectively or no one will buy their product.

Malwaredomains.com offers you a flat list of domains. What you choose to do with it is up to you; you can write a script that removes domains of your choice from that list. All of these organisations offer methodologies to have your domain removed from the list if you can prove you aren’t offering up Malware.

So it’s a form of VOLUNTARY censorship then. You can choose what you do and don’t want to be able to access through each of these methods, none of which you are forced to use in the first place.

Now, GoogleDNS on the other hand offers no such features. It simply is, and you either trust Google to know best, or you don’t. You don’t have to use GoogleDNS, but simultainiously you cannot customise what it delivers you. THERE lies your gaping hole through which true censorship might creep, and the big reason that it GoogleDNS didn’t make it into this article.

There is I think a distinct difference from the kind of censorship you are worried about, “they can just ban a domain and there’s nothing you can do about it if you use their service” (GoogleDNS) and the voluntary censorship offered by the services discussed in the article. Furthermore, it should be noted that each of these services publishes a list of which new domains are added on a regular basis such that you can identify any you wish to whitelist and do so.

For all of the above reasons, I don’t think you can wave the censorship banner at any of the services mentioned in the article.

@moonface

Conventional warfare? You mean the type now being fought by robots? I’d not worry too much about being cannon fodder. I would fret about being collateral damage however…

Hear, Hear!

<3 XBMC. Only use I ever had for an XBox.

@Apophys

I still haven't forgiven them for the rootkit incident. Or for that matter, killing the excellent minidisc format through greedy attempts to keep it totally proprietary. As the most backwards member of the RIAA and MPAA they also earn some hatred in my books for holding digital distribution business models back about three decades.

The PS3 thing wasn't even a blip on my radar as I had long since decided "no Sony ever."

@Mad Dave

The point here is that of people getting in deep poo when someone says something UNTRUE about them. Someone accuses me of sexually harassing Jane Doe. In a court of law I theoretically am innocent unless proven guilty. In the court of public opinion, the lynch mob would be outside my door ready to string me up before I had my coffee and figured out what the hell was going on.

What would be my alternatives in this case? Sue the individual for defamation of character? That would Streisand effect me something fierce. Sure, I might get a few bent coppers out of the twatdangle in question, but I'd have to change my name and move to another province to get away from the media circus simply because our society has next to no privacy, libel or slander laws for regular Joes.

Now, if we had legislation that basically said “if you say something untrue about Joe that ruins his life, Joe gets to CLEAN YOU OUT” then this problem would be a little less one sided. I am not big on suing people as a solution to any problem, but the threat of being financially erased from existence might well prevent a few people from spreading lies and propaganda. Might even (though I doubt it) have a diminishing effect on bullying.

Hell though, we live in the GOOGLE ERA. Change your name at 21 and enjoy everyone knowing everything about you forever!

I am giving some serious thought to burning my PC and going to live in the woods.

@RichardRich

Have you read any of the other threads about wikileaks? By your definition, I'm a "conspiracy nut and lunatic" and I work here...

@PT

I wholeheartedly agree the AMERICANS shouldn't be in Afghanistan. Pretty much exactly for the reasons you outlined. I’m Canadian, NOT American. I don’t have any faith whatsoever in America’s ability to any good even in their OWN country. If you read back in this thread I think you’ll find that my personal preference is to boot the Americans the hell out of that country.

I would prefer that Canada, the UK and various other allied nations returned to Afghanistan as UN Peacekeepers. The US could help with some funding, aid, supplies or even parking a carrier or two offshore for the nations in theatre to do their job. I honestly believe that if Canada, the UK and the rest were serving as UN Peacekeepers with the SOLE GOAL of shoring up the country enough that they can take care of themselves we could be done with Afghanistan in two years and be able to walk away knowing we did our best.

If the allies simply leave now the result will be a small holocaust. If we stay and let the Americans continue being cowboys the result might very well be the same. As you might find by actually reading my posts in this thread, my opinion on the Afghanistan issue isn’t black and white. There is a lot of nuance here because I am actually pretty well informed on the whole thing.

I don’t think the American government involvement has anything at all to do with helping the Afghani. That doesn’t mean that Canada, the UK or other allies don’t have different agendas. Sure, there’s a large helping of “the US said ‘jump’ and we said ‘how high.’” That said, there’s also differences in the overall national approach to things military. America is a very aggressive nation, and that plays out in their military presence. Canada by contrast is largely a peacekeeping nation. We prefer to do nation building and forge stable alliances rather than conquer or “project presence.”

The only problem with this is that if the Americans did leave, Canada the UK and all the others simply don’t have the resources to stabilise Afghanistan with out them. It’s a “damned if you do, and dammed if you don’t” problem. The locals don’t want us there, and they don’t want the Taliban there. They want both parties to GTFO, but they don’t have the training or the resources to secure their nation on their own.

The best way to stop screwing the Afghani isn’t to leave right now. It’s to hold the line long enough to train a local military and police force, hand then a heap of weaponry so they can defend themselves, put some time and effort into ensuring they have a working communications and education infrastructure, and then phase out our presence with the locals taking over the duties of protecting the local populace. An organised withdrawal rather than simply packing it all up tomorrow and leaving them to the wolves.

And we should be setting about that RIGHT NOW.

@Vanburen re: clearcloud

I have absolutely no idea; never heard of it until jsut now. Time to find out...

*sigh*

Everyone adds an S. you'd think I'd be used to it by now, but it still causes some sort of involuntary twitch.

That said: CHANGE IS BAD. Maybe not for you or me, or even for the majority, but for every change that occurs SOMEONE loses out. That is why there is always someone fighting change. Think about it: the people with all the power and money right now have that money because of how the world works today. Change how the world works and they might well lose out.

Or, they might change it so that the milled masses lose out a little bit more, and they gain. Either way, Change is always bad for SOMEONE. The question is simply…

…who?

Re: Balmer and failure to execute.

I don't believe that Microsoft's business model absolutely requires high churn. I do believe it requires the ability to promptly react to threats from competitors or new markets. That requires nothing more than a strong R&D and probably a few isolated skunkworks projects in addition to that. Microsoft has the talent to go “oh, Apple released an iPad,” and then turn around 8 months later and absolutely wreck them.

The failure to do so is a failure to execute. There should have been Windows CE based ARM Microsoft Tablets making the rounds this July showing what hot shit they are in preparation for ruining Apple this Christmas. Do not bullshit me that it isn’t possible, the entire group that worked on the Kin project they just binned was available, and perfectly capable of taking their Kin OS to the next level, even if the Windows Phone 7 team were a being a giant sacks about keeping their code to themselves.

Windows Phone 7: To little too late. Microsoft should have seen that coming YEARS ago, but simply failed to devote the necessary resources. They didn’t have to act FIRST in this market, but they will be pummelled for acting LAST.

Microsoft’s failure to execute is huge. Vista? Office 2007? Exchange 2007 (festering pile of shite that it was, and so much more. A whole generation of products were released from this company, all of which left me deeply wanting to boil some people in oil.

Microsoft is broken into warring fiefdoms that are unable to co-operate with eachother, lack a single unifying vision and don’t have the ability to rapidly respond to change. There needs to be a slow, steady advancement of technology within the company that moves the colossus forward with frightening inevitability. There also needs to be a series of outlier R&D and consumer electronics groups the run around making REALLY COOL stuff that doesn’t quite have the enterprise polish on it yet. The version one guys.

These groups would produce something aimed at the consumer. It would have less features than a full blown enterprise product, but it would get out in time to match Apple, Google or whomever else was getting mindshare. That version one product then goes back to the “serious business” departments for Enterprise treatment and gets some serious polish. It gets rolled into the “frightening inevitability” update group by version three and becomes simply another cog in the Microsoft machine.

Similarly, if someone radically shakes up a market, (say tablets,) then Microsoft needs the ability to kick something OUT of the Enterprise steamroller and dump it right back into the hands of the frenetic consumer groups. Here they can pick up the ball and run it through some radical R&D in a short timeframe, reinvent the dochicky or application, release a product to match the competition and kick it back to the enterprise group.

Is Microsoft even REMOTELY capable of that? Hell no. They are disorganised and chaotic with no clue what’s going on. The whole company is completely disconnected from their customers and their reaction time is measured in decades.

Ballmer is the disease. If he wasn’t a complete tool he’d have recognised his company’s failure to execute and reorganised the whole bloody thing in order to compensate. Instead he’s shifted the deck chairs on the titanic a few times to absolutely zero effect. Every “reorganisation” hasn’t really done much to change company culture, and certainly hasn’t dealt with the “warring fiefdoms” issues.

@Robert Carnegie

The widget that Norton DNS installs on your system would qualify. The proper term must have escaped me while writing the article. Thanks for the catch!

@rahul re: Google DNS.

I have gotten a few e-mails on the subject of Google DNS. I will post into the comments what has been my cut-and-paste response so far:

Google’s DNS is relatively new. And it’s Google; privacy concerns abound when anything involves them. (Do no evil my ASCII.) Even putting the tinfoil hat aside, Google DNS is a completely different animal than all the rest. With OpenDNS or DNS Advantage you get some pretty decent control over what the DNS presented you looks like, from companies that specialise in the field. They have every reason to work together with everyone else to make their DNS the best it can possibly be. With Symantec, you have the results of all of Symantec’s various security arms as well as their crowdsourced and human-vetted site listing rolled out into a DNS source. If there is any one malware list I can trust pretty absolutely to be accurate, it’s Symantec. Similarly, malwaredomains.com has made a name for itself in the field and deserves respect and trust.

With Google, you get what the algorithm provides or “the competition is just a click away!” I am still trying to gather information about exactly where they get their malware lists, what level of trust to put into their DNS service, and trailing it on a few networks. So far I have had quite a few legitimate sites blocked with GoogleDNS including updates for my anti-malware application!

When I do talk about GoogleDNS, it will be after much through research so that I can do my best to put aside any prejudices or fears I might have about the gigantic goliath that has bought the Internet and focus solely on the technology. Then, given the mammoth size of the organisation backing the project, it will get an article all its own. At the moment however, I have many concerns regarding Google DNS and can’t actually recommend it to anyone just yet.

@AC

Okay: it's late, and I really should be writing an article instead of responding to comments...but I'll bit on this one.

Aren’t all new services, products, business methods or what-have-you generally met with some fierce resistance somewhere and then covered in lawsuits of one variety or another? I’m not defending Google here – after the Googizon debacle they’ve lost my trust forever – but I am having trouble coming up with any remotely popular service or product in the past fifteen years or so that wasn’t covered in lawsuits.

I’d love to be wrong on this, and I whole heartedly admin that it could be a failure of imagination and/or memory on my part…but /CAN/ be innovated that would be both popular and not controversial? (Or alternately: has been innovated in the last 15 years or so and been both popular and not controversial.)

Enquiring minds want to know…

@A J Stiles

"A soldier in a foreign country, wearing the Queen's uniform and acting in the name of Her Majesty, ought to be held to a higher standard of behaviour than a private citizen in their own home, acting in no-one's name but their own."

Hear, hear! I couldn't agree more. Throw politicians and representatives of powerful companies in there too. That said, I again must say that release of any information that may cost lives, (be it about war or anything else) is not properly thought through.

Hold those who represent us to the flame and see if they are worthy, but remember that we don’t actually burn people to death as witches any more. Release of embarrassing information is one thing. Release of information that threatens lives something else entirely.

@veti

I am not going to go dig up names of informants and post them on the internet when the thrust of my entire beef with Ass. is that he posted names of informants on the internet. Think about this carefully for a second.

As for “character assassination of an inconvenient or embarrassing individual” you are completely and utterly wrong. I CACKLE WITH GLEE at the thought of the American government being embarrassed by the kinds of things that show up on Wikileaks. I don’t support US.gov, the American military, large corporations or any of that. The more embarrassing and politically inconvient someone is, the more I want to give my hard earned cash to their cause.

Where I draw the line is the instant anyone is put at risk. This would be no different than publishing a list of known sex offenders. Sure, there is a side that legitimately can say “we deserve a right to know/think of the children!” On the other hand, there are places in this world (even/especially in the US) where having your name on that list will get you lynched. When you consider a country like the US where you can be put on a sex offender’s list for sexting your significant other, then I would have some /very/ serious reservations about the release of that information.

Release a document however about how many sex offenders were living in a given area/the government lost track of/something else that doesn’t include personally identifiable information and I will be the first person to stand up for the right to do so.

Do you understand the difference here? Release of information that is embarrassing is one thing. Release of information that can endanger the lives of others is a different kettle of fish entirely.

At least it is to me: you are of course welcome to your own opinions on the matter.

@AC Re: "star spangled banner"

I think you are making some pretty big assumptions there buddy. I in absolutely /no way/ support US.gov, America or it's policy of capitalism colonialism. I do wholeheartedly support the right of the individuals who make up a country to be allowed to choose their own leaders and political system. If they choose capitalism, I will mourn. If they choose socialism, I will cheer. The choice should be theirs however.

Personally, I suspect that after decades of meddling in their affairs by foreign powers, the emerging regime will be FAR from compliant with the US, the EU, Russia or anyone else. Personally I have zero problem with that. I do have a huge problem with a forced theocracy just as I would a forced dictatorship of any kind.

I support my CANADIAN troops in theatre. Just don’t get me confused with someone who supports US.Gov. My beef with wikileaks is NOT support for US.Gov.

@Alfred

Soldiers come back from their tours knowing that other soldiers will be shipped out in their place. Many of them sign up for more than one tour because of what they see there. I can't speak to the Americans, but i know several Canadians who, upon completion of their tour, volunteered to return with the next group because they felt the job wasn't done.