Yottabytes: Storage and Disaster Recovery


November 30, 2019  9:28 PM

Another Bitcoin storage fraud, this time in China

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Bitcoin, privacy, Security

The CEO of a Chinese Bitcoin exchange, International Data Access Exchange (IDAX), has vanished with the keys, leaving all its balances inaccessible — to anyone but himself, presumably.

“Following the official announcement ‘Announcement of IDAX withdrawal channel congestion’ on November 24, We announce Urgent notice about current situation of IDAX Global,” noted the company’s website. “Since we have announced the announcement on November 24, IDAX Global CEO have gone missing with unknown cause and IDAX Global staffs were out of touch with IDAX Global CEO. For this reason, access to Cold wallet which is stored almost all cryptocurrency balances on IDAX has been restricted so in effect, deposit/withdrawal service cannot be provided.”

The action may be linked to crackdowns by the Chinese government in the cryptocurrency market, reported BeInCrypto. “The news from IDAX comes just days after the exchange suddenly announced its withdrawal from the Chinese market entirely,” writes Rick D. “Citing ‘policy reasons,’ a statement on November 25 explained that the company would no longer provide its services to China. Although not explicit, the sudden announcement seems almost certainly linked with recent news of a further clampdown on digital currency trading venues by the Chinese government.” However, as of yet, no bitcoin were reported missing, he added.

If this sounds familiar, it’s because in December 2018, Gerald Cotton, CEO of crypto exchange QuadrigaCX, reportedly died in India on his honeymoon without leaving access to the keys to anyone including his new wife, Jennifer Robertson. Whether he’s not actually dead has never been ascertained, but since then, a report by Ernst & Young has stated that much of the money was taken out of the exchange and used privately.

“In the course of its investigation, the Monitor identified significant transfers of Fiat from Quadriga to Mr. Cotten and his wife,” the report noted. “The Monitor understands that in the last few years, Mr. Cotten and his wife, either personally or through corporations controlled by them acquired significant assets including real and personal property. The Monitor also understands that they frequently travelled to multiple vacation destinations often making use of private jet services. The Monitor has been advised that neither Mr. Cotten nor his wife had any material source of income other than funds received from Quadriga.”

That real and personal property includes land in Canada, airplanes, and cars, amounting to about $12 million Canadian, or $9 million US, which the report said would be sold to help repay creditors.

The report noted a number of other accounting and financial problems with the company, adding, “In addition, the Monitor understands passwords were held by a single individual, Mr. Cotten and it appears that Quadriga failed to ensure adequate safeguard procedures were in place to transfer passwords and other critical operating data to other Quadriga representatives should a critical event materialize (such as the death of key management personnel).”

You think?

As it turns out, Quadriga might have been intended to be a fraud from the beginning, and Cotten might have started defrauding people as early as 15.

In fact, Cotten might not even be dead. “The RCMP and the FBI have refused to comment, but some of their interview subjects have gotten the impression that they believe Cotten might not be dead,” writes Nathaniel Rich in Vanity Fair. “’They asked me about 20 times if he was alive,’ says one witness who has intimate knowledge of Quadriga’s workings and has been questioned by both agencies. ‘They always end our conversations with that question.’ QCXINT, the creditor and blockchain expert, said that the FBI’s Vander Veer told him that with hundreds of millions of dollars missing and no body, ‘it’s an open question.’ The only way to verify that the body Robertson brought home from India was Cotten is to exhume it. The RCMP, which has jurisdiction over the case, has thus far not done so.”

November 27, 2019  10:05 PM

32,768-Hour Hard Disk Drive Failure Strikes HPE

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Storage

People creating a new system sometimes underestimate how long it’ll be around. That was the core of the “Y2K Problem,” which is when people were concerned that computer programs around the world would fail because the designers had never considered the idea of a year after 1999.

Boy, that feels like a long time ago.

Most of the Y2K bugs got worked out before everything went poof at midnight on December 31, 1999, but it’s not unusual for there to be similar bugs related to data fields that get filled up. In addition, hackers have learned to create and exploit these bugs by putting a system into a vulnerable state through a buffer overflow, such as with the “heartbleed” bug from about five years ago.

But more recently, there’s a doozy.

“Bulletin: HPE SAS Solid State Drives – Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation,” reported the Hewlett Packard Enterprise Support Center earlier this month.

If that seems like an odd number, it’s not – literally, that is. It’s 2 to the 15th power.

So let’s take a guess – some field associated with the solid state drive is 15 bits long, and when the hour count gets beyond that (which is about 1,365 days, or 3 ¾ years), the field fills up and the system is froached.

The power-on counter in the affected drives uses a 16-bit Two’s Complement value (which can range from −32,768 to 32,767). Once the counter exceeds the maximum value, it fails hard,” writes Marco Chiappetta in Forbes.

And it gets really froached.

After the SSD failure occurs, neither the SSD nor the data can be recovered,” HPE notes. “In addition, SSDs which were put into service at the same time will likely fail nearly simultaneously.”

Chiappetta goes into more detail about that aspect. “This issue can be particularly catastrophic because the affected enterprise-class drives were likely installed as part of a many-drive JBOD (Just A Bunch Of Disks) or RAID (Redundant Array of Independent Disks), so the potential for ALL of the drives to fail nearly simultaneously (assuming they were all powered on for the first time together) is very likely.”

Oh goody.

HPE said that one of its vendors had discovered the problem. “HPE was notified by a Solid State Drive (SSD) manufacturer of a firmware defect affecting certain SAS SSD models (reference the table below) used in a number of HPE server and storage products (i.e., HPE ProLiant, Synergy, Apollo, JBOD D3xxx, D6xxx, D8xxx, MSA, StoreVirtual 4335 and StoreVirtual 3200 are affected).

One wonders how this bug presented itself. Did someone happen to run across it just in time? How long have HPE drives been crashing and burning until this bug was tracked down and repaired?

And which vendor was this? HPE doesn’t say, but one would guess that HPE might not be using that vendor again in the future.

“This HPD8 firmware is considered a critical fix and is required to address the issue detailed below. HPE strongly recommends immediate application of this critical fix.”

You don’t say.


November 20, 2019  11:25 PM

Cops Now Using Warrants to Gain Access to Genetic Databases

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Database, Storage

As you may recall, last year police officers were able to track down a murderer through relatives in a genetic database. Now, it’s gone one step further: Police have succeeded in using warrants to gain access to genetic databases to search for suspects.

Police first started using genetic databases for law enforcement in 2015. In fact, in some cases, they started asking people for DNA samples to prove they weren’t suspects in cases.

In response to the 2018 case, genetic database companies started writing and following best practices guidelines regarding the use of their data in law enforcement. (The agreement, however, didn’t cover GEDMatch, the open source database used by law enforcement to track down the alleged “Golden State Killer.”) Even before that, in response to the 2018 case, people started making their genetic records private.

In September, the U.S. Department of Justice issued a policy limiting searches by federal law enforcement agencies to violent crimes and DNA profiles with user consent, writes Jocelyn Kaiser in Science. But that wasn’t enough.

“What experts really worry about is that police may seek warrants to access all of GEDMatch’s data,” Tina Hesman Saey wrote – presciently, as it turns out – in Science News in June.

Now, a police officer in Florida actually has gotten a search warrant for all the records in a GEDmatch database – including the ones that had made themselves private.

“A Florida detective announced at a police convention that he had obtained a warrant to penetrate GEDmatch and search its full database of nearly one million users,” write Kashmir Hill (who’s been writing about genetic databases since at least 2010) and Heather Murphy, in the New York Times. “Legal experts said that this appeared to be the first time a judge had approved such a warrant, and that the development could have profound implications for genetic privacy.”

You think?

While GEDmatch has about a million users, other genetic databases are much bigger, and now that a precedent has been set, law enforcement may go after those other databases as well, Hill and Murphy write. “DNA policy experts said the development was likely to encourage other agencies to request similar search warrants from 23andMe, which has 10 million users, and Ancestry.com, which has 15 million,” they write. “If that comes to pass, the Florida judge’s decision will affect not only the users of these sites but huge swaths of the population, including those who have never taken a DNA test. That’s because this emerging forensic technique makes it possible to identify a DNA profile even through distant family relationships.”

If GEDmatch isn’t very big, why did law enforcement professionals start there? Because GEDmatch is open source and was easiest to access, they add. (In fact, for the 2018 case, police didn’t even alert GEDmatch they were doing so.)

That said, one researcher was surprised that GEDmatch didn’t fight back against the warrant, and felt that bigger genetic database companies would probably protest such warrants more strongly.

And, in fact, 23andMe did write a blog post saying it would fight such warrants. “If we had received a warrant, we would use every legal remedy possible,” writes Kathy Hibbs, the company’s chief legal and regulatory officer.

But not even that might help, Kaiser writes, quoting Natalie Ram, a law professor at the University of Maryland’s Carey School of Law in Baltimore.

It’s not clear whether the DNA company or a criminal defendant would have the right kind of interest in the DNA and privacy rights at issue to even be able to challenge the warrant effectively. (That is, it’s not clear either has ‘standing’),” Ram says. “So, we might discover that this is a situation in which, as a practical matter, there is no one who can effectively challenge this warrant. And that’s not a good place for the law to be.”

What makes that an issue? “Last year, researchers calculated that a database of about 3 million people would allow for the identification of virtually any American of European descent,” Saey writes. With access to those two companies’ databases, law enforcement would be solving cases every day, she quotes one genetic genealogist as saying.

Moreover, at around the same time, a University of Washington study found that genetic databases were subject to fraud. In other words, it was possible to create a fake person who was related to a real person.

“Researchers at the University of Washington have found that GEDmatch is vulnerable to multiple kinds of security risks,” writes Sarah McQuate for UW News. “An adversary can use only a small number of comparisons to extract someone’s sensitive genetic markers.”

How many? Just 20 – and it would take about ten seconds to do, she writes.

“The team played a game of 20 questions: They created 20 extraction profiles that they used for one-to-one comparisons on a target profile that they created,” McQuate writes. “Based on how the pixel colors changed, they were able to pull out information about the target sequence. For five test profiles, the researchers extracted about 92% of a test’s unique sequences with about 98% accuracy.”

It doesn’t stop there. “A malicious user could also construct a fake genetic profile to impersonate someone’s relative,” McQuate writes. “Once someone’s profile is exposed, the adversary can use that information to create a profile for a false relative. The team tested this by creating a fake child for one of their experimental profiles. Because children receive half their DNA from each parent, the fake child’s profile had their DNA sequences half matching the parent profile. When the researchers did a one-to-one comparison of the two profiles, GEDmatch estimated a parent-child relationship.An adversary could generate any false relationship they wanted by changing the fraction of shared DNA,”

Now, put those two things together. Will we have police creating fake relatives to justify gaining access to the DNA records of real suspects? The September policy is supposed to forbid that, but it applies only to federal searches, Kaiser writes.

 


November 14, 2019  9:56 AM

Laptop Border Searches Now Require Probable Cause

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
government, privacy, Security

It’s safe to bring your cell phones and laptops into the United States again.

The Electronic Frontier Foundation (EFF) has for some time been pushing for a case to expand the provisions of the Riley case, which stated that law enforcement officials needed a warrant to search someone’s cell phone, to Customs and Border Patrol (CBP) searches. “We are eager to further the law in this area—to make it clear that the Riley decision applies at the border,” the organization wrote at the time, urging people to let it know when they undergo a border search.

Now, it got it, with a summary ruling from the U.S. District Court in the District of Massachusetts, in Boston.

The result is that border officers must now demonstrate individualized suspicion of illegal contraband before they can search a traveler’s device, writes the EFF, which has published a guide on border searches and in general has collected information about such cases.

“The ruling came in a lawsuit, Alasaad v. McAleenan, filed by the American Civil Liberties Union (ACLU), Electronic Frontier Foundation (EFF), and ACLU of Massachusetts, on behalf of 11 travelers whose smartphones and laptops were searched without individualized suspicion at U.S. ports of entry,” the EFF writes.

Ten of the plaintiffs were U.S. citizens, while the other was a lawful permanent resident.

The U.S. has had a policy since 2009 that border agents can demand access to a smartphone within 100 miles of the border – which covers much more U.S. territory than you’d think. According to the American Civil Liberties Union (ACLU), as of 2006, more than two-thirds of the U.S. population lived within 100 miles of the border. Altogether, it meant that anyone in that area with a laptop could have that laptop seized without a warrant, at any time, taken to a lab anywhere in the U.S., have its data copied, and searched for as long as Customs deemed necessary. And despite their objections, the policy has largely been upheld.

In 2015, a judge ruled that – following the lead of the Supreme Court ruling on the Riley case– customs officials needed to have probable cause before it could search someone’s laptop. The problem with that ruling is it applied just to that one case, not overall.

This new filing applies to everyone – at least, for now. Presumably the federal government could appeal the case to the Supreme Court.

This case was filed in 2017, which is when a number of people started reporting anecdotally that they had had their devices searched. In one case, a US-born NASA engineer who worked with the federal government and was also a part of the Customs and Border Protection Global Entry program was told he couldn’t re-enter the U.S. until he unlocked his encrypted NASA phoneSeveral other incidents have also happened over that summer, reported the Electronic Frontier Foundation.

In particular, this happened with the press. Even a Canadian journalist was denied entry to the U.S. for refusing to unlock his phone, and a Wall Street Journal reporter had the same experience, though customs agents backed down when she told them to call the paper. A BBC reporter also had to turn over his phone.

One of the plaintiffs, an incoming Harvard freshman, not only had his phone searched but had his visa denied because of what border officials said were anti-American posts in his social media.

In April, the ACLU and the EFF reported that searches were becoming so egregious that they asked for a summary judgment without a trial. That is what happened here.

In general, the number of searches has increased sharply in recent years. Last year, CBP conducted more than 33,000 searches, almost four times the number from just three years prior.


October 31, 2019  10:56 PM

Drivers Deal With Tesla Flash Memory Problem

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Flash memory

One of the criticism about flash memory is that, while it’s fast to read, writing on it multiple times wears it out and its performance decays. Flash memory vendors have been saying that this is a problem they’ve been working on. But they might have a bit of a problem after a recent incident.

It turns out that Tesla cars, which use flash memory, log so much data that it froached the cars’ memory and bricks the cars, which requires a repair that can cost $1,800 or more.

Oops.

The problem first started being reported in May, when a video was posted to YouTube describing the problem, writes Jason Koebler in Vice.

Three different auto shops reported the problem, writes Gustavo Henrique Ruffo in Inside EVs. “They aim to warn Tesla owners that the clock is ticking for all of them,” he writes. “Regardless of your car, the logging will require replacing your MCU sooner or later.”

The problem is that the size of the firmware has grown, and it’s now starting to compete with the logs, Ruffo writes. That means there’s no extra space on the chip to write data when it’s trying to write the data more evenly, he writes.

“Apparently, Tesla is overworking these systems (at least on some models) to a point where they can’t take it anymore,” writes Matt Posky in The Truth About Cars. “It’s basically the same thing that would happen if you filled and wiped a USB drive hundreds of times every day. One morning you’d plug it in and find that it’s no longer functional due to being burnt out from overuse.”

Each of the three repair shops said they had encountered at least a dozen cars with the problem in just the last couple of months.

Drivers have also been reporting the problem, which, in an annoying coincidence, apparently tends to happen around the time that the warranty runs out, after about four years or so.

Moreover, it’s not a problem that’s getting better with newer models, because the newer models do even more logging than older ones, Ruffo writes.

The other part of the problem is that the chip is soldered to the board, meaning the whole board has to be replaced. Some of the auto shops reported that they were creating sockets on the board to make it easier to replace the chips in the future.

In response to one Twitter discussion of the problem, Tesla founder Elon Musk said the problem should be “much better at this point,” Posky writes.

But people were dubious, writes Dan Robitzski in Futurism.com. “Without specifying how or why, Musk replied that the problem should ‘be much better at this point’ – drawing immediate skepticism from the engineer and others who didn’t see any evidence of a fix,” he writes.

Mechanics and drivers are suggesting that the company should reduce the amount of logging that the car does.

Tesla owners who are still under warranty are urged to try to update the faulty part.

Ultimately, it’s not only bad for Tesla cars on their own, but for flash memory in general.


October 26, 2019  11:51 PM

A $176 Million Victory in HP Optical Disk Drive Case

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
HP, Storage

HP’s back in court again, but unlike its battles with Autonomy, it’s pretty clear that it’s in the right in this case.

As it turns out, “Quanta Storage and Quanta Storage America participated in a massive conspiracy to fix and maintain artificially inflated prices for optical disk drives (ODD),” writes Natalie Posgate for the Dallas Business Journal.

A Houston federal jury recently awarded HP a $176 million verdict after determining the Taiwanese Quanta and its U.S. affiliate violated U.S. antitrust laws, Posgate writes. Moreover, because the jury found that Quanta knowingly and intentionally violated U.S. antitrust laws, HP’s lawyers will ask the judge to triple the verdict amount, she adds.

Quanta isn’t alone. A number of manufacturers reportedly worked together to on price fixing – to the extent that they exchanged email with each other, with the subject line “price fixing,” writes Michelle Casady in Law360. “Other emails used slightly more coded language, calling for meetings among the sales representatives to discuss ‘consensus on price protection,’” she writes in a different Law360 article.

“HP sued Quanta and several tech giants in 2013, alleging the group carried out their price fixing conspiracy, which lasted between 2004 and 2010, by rigging bids for ODDs during procurement events that HP conducted,” Posgate writes. “As a result, HP alleged, it paid higher prices for ODDs than it would have paid in a competitive market.”

But most of the companies originally named in the lawsuit in 2013 — including Toshiba Corp., Hitachi-LG Data Storage Inc., Panasonic Corp., Sony Optiarc Inc., NEC Corp. and Samsung Electronics Co. Ltd. — had entered confidential settlement agreements with HP by 2017, leaving only Quanta to face trial, Casady writes.

HP’s not alone. ODD vendors also defrauded individual purchasers at the same time, writes Melissa Daniels in Law360. Direct purchasers, as well as indirect purchases, also brought claims in the MDL, which resulted in a $37 million settlement proposed in November 2015, she writes. A settlement fund for the indirect purchasers totaled around $175 million, she adds.

In fact, as long ago as 2011, three South Korean executives of Hitachi-LG Data Storage Inc. not only agreed to plead guilty but also to serve prison sentences in the U.S. for conspiring to fix prices for optical disk drives sold to Microsoft Corp. and others, including Dell and HP, writes Melissa Lippman in another Law360 article. Two of them agreed to serve eight-month sentences, while the other was to serve a seven-month sentence, plus they needed to pay a $25,000 fine, she writes.

Hitachi-LG itself agreed to pay $21.1 million and cooperate with the investigation in order to resolve similar charges, Lippman adds.

Obviously, this sort of thing has been going on for years with a wide variety of vendors.

So open-and-shut was the HP case that the jury reportedly deliberated for less than five hours before returning their verdict, Casady writes.

That’s a big difference from the Autonomy case – which is still going on – where HP has been made fun of by not only opposing counsel but also the judge, such as being told the deal failed because of its incompetence.


October 22, 2019  9:36 AM

Nuclear Missiles No Longer Controlled by 8-inch Floppy Disks

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Security

As you may recall, back in 2014 the Air Force came under some derision when it was revealed that they still used 8-inch floppy disks to control nuclear missiles.

At the time, this was revealed to us by 60 Minutes’ Lesley Stahl, in an awestruck are-all-these-your-guitars piece about who’s minding the nuclear store.

“But the equipment is ancient,” reads the transcript. “This, for example, is one of the computers that would receive a launch order from the president. It uses floppy disks! The really old, big ones.” Deputy Dana Meyers, 23, dutifully reported that she had never seen one before working in the missile silo.“

In 2016, there was another flurry of attention over the issue when the Government Accountability Office issued a report mentioning them.

While people mocked them at the time, and there is always the issue of no longer being able to find 8-inch floppy disks (though they’re still available online, even if you’re not the Air Force) the move – or lack of one, as the case may be – made sense for two reasons.

First of all, if it isn’t broke, don’t fix it. Especially with something like missiles. It’s not like it was an operations level database that needed to be kept up-to-date for performance or compatibility reasons. How much would it cost to update that system, just to avoid using 8-inch floppy disks?

Second is security through obscurity. While it’s not impossible to find 8-inch floppy disks, using old technology like that can be more secure simply because people don’t know how to break into it.

This is not universally true, of course. Some older technology doesn’t have any security features at all, such as controllers and utility grid equipment, and that’s being a problem in this day and age of connected everything.

In any event, apparently the Air Force got tired of people making fun of it for this, because it recently announced that it would be phasing out the 8-inch floppy disk-based system.

“At long last, that system, the Strategic Automated Command and Control System or SACCS, has dumped the floppy disk, moving to a “highly-secure solid state digital storage solution” this past June, said Lt. Col. Jason Rossi, commander of the Air Force’s 595th Strategic Communications Squadron,” writes Valerie Insinna in C4ISRNET, a defense technology publication.

The SACCS messaging system has been used with the Minuteman intercontinental ballistic missile (ICBM) system, the land-based nuclear option operated by the U.S. Air Force Global Strike Command, writes Zak Doffman in Forbes. “It is a network of hidden underground missile silos connected by endless secure cabling. All of which has been controlled by a 1970s computer system and those disks.”

“It’s the age that provides that security,” Insinna writes that Rossi said in an October interview. “You can’t hack something that doesn’t have an IP address. It’s a very unique system — it is old and it is very good.”

The downside is the cost. The system cost $61 billion a year to maintain, wrote Conor Allison in Popular Mechanics in 2016. The other issue is that newer airmen joining the Air Force don’t know how to maintain the system, meaning the Air Force has had to rely on grizzled civilians to maintain it, Insinna writes.

Exactly what it’s been replaced with, Rossi wouldn’t say. Perhaps ZIP disks?


October 13, 2019  12:23 PM

Interesting Insights from Video Game Archeology

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Storage, Video games

It’s amazing how much computer scientists of today are learning from the stored data in old video games.

As you may recall, a couple of years ago some British researchers went to all sorts of efforts – including baking old tapes in an oven – to read the data from a series of text-based adventure games called Magnetic Scrolls. Baking the tapes was required because, in the years since the tapes were made, they started accumulating water and got sticky, which meant they weren’t able to play.

Now, there are people called “video game archeologists” who study old video games – not just to relive their childhoods, but to look at  programming techniques of the era. Because of hardware and software limitations, these programs often use remarkably imaginative techniques to work around these limitations.

In this particular case, it was a game for the Atari console called Entombed. It was a pretty obscure game, but that was the point, explained John Aycock at the University of Calgary, in Alberta, Canada, in a 33-page paper explaining the project. He teaches a class in retro game programming, and he wanted to find a game that hadn’t already been extensively studied.

Of course, Aycock and his co-author, Tara Copplestone at the University of York, UK, left out one of the most intriguing aspects of it. “We began by manually reverse-engineering the relevant parts of Entombed’s binary code, via both static and dynamic analysis using the Stella Atari 2600 emulator.” Okay. But how did they get the binary code from the cartridge into the emulator in the first place? No clue. Argh.

Like many games of that era, Entombed used a maze, but not just any maze. “Although the blocky, two dimensional mazes from entombed might look simple by the standards of today’s computer graphics, in 1982 you couldn’t just design a set of mazes, store them in the game and later display them on-screen – there wasn’t enough memory on the game cartridges for something like that,” writes Chris Baraniuk for the BBC. “In many cases, mazes were generated ‘procedurally’ – in other words, the game created them randomly on the fly, so players never actually traversed the same maze twice.”

Anyway, as it turns out, the game has one of those sections of code that many of us remember, that basically are commented “We don’t know how this section of code works, but don’t change it or it breaks the program.” The game uses a table to generate the maze, and neither today’s researchers nor the original writers – several of whom they tracked down and interviewed – know how the table works or how it came to be created. (Especially since, in this particular case, there weren’t even any comments, Aycock writes.)

“The best guess the pair have is that the programmer behind the maze algorithm must have manually fine-tuned the table values until the game worked as desired, but that still doesn’t really explain the logic behind it,” Baraniuk writes.

Alcohol may have been involved.

Aycock got two different stories about how the maze generation section of the code was created. “Regardless of which version of events is followed, it seems fair to say that some level of intoxication was involved in the development of the maze algorithm,” he writes.

Curious about video game archeology? As it happens, there’s a section of the Internet Archive called the Internet Arcade, which includes almost 2,000 arcade games, dating back to the 1970s, which have been emulated and can be run from a browser.

Good luck, Indiana Jones.


September 30, 2019  11:01 PM

Why You May Not Want to Sign Up for the ‘Storage for Life’ Deal

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
Storage

The other day, everywhere I looked, I saw an article about the same product.

5 terabytes of cloud storage! For $99! 89% off! For life!

As an indication of how awesome that deal is, I pay $99 for 2 terabytes from Google now. And that’s per year, not for life.

Yet I didn’t jump all over this deal. Why not? What’s wrong with me?

“For life” is a long time. (Hopefully.) And I’ve been covering storage long enough to know that “unlimited” – whether it’s time or size –doesn’t last forever.

Back in the day, when personal cloud storage was just getting going, a number of major providers were offering unlimited data storage. And, one by one, they all quit, because they found out that, for some people, “unlimited” storage is like the buffet at Golden Corral, and they just hadn’t figured how much some people could eat.

And “forever” is worse.

I don’t want to pick on these people. The Polar Backup people – it’s called that presumably because it’s based in Finland – may be very nice and completely aboveboard. They may genuinely believe that they can promise to offer data storage for life.

But I wouldn’t want to bet on it. Because a lot of things can happen to a computer company.

In looking at the Polar Storage website – I had never heard of the company before – it turns out they’ve been around for all of two years. At least, that’s how long they’ve been developing this service.

And they’re promising forever?

If you read the FAQs and the terms and conditions and such – you know, the stuff that nobody ever reads – it starts sounding even more dicey. It’s not like it’s particularly out of the ordinary for cloud storage companies, but it doesn’t sound like forever.

“In the event of a change in ownership, or a direct merger or acquisition with another entity, we reserve the right to transfer all of Polar Backup User information, including Personal Data, to a separate entity. We will use commercially reasonable efforts to notify you (by posting on our website or an email to the email address you provide when you register) of any change in ownership, merger or acquisition of Polar Backup assets by a third party, and you may choose to modify any of your registration information at that time.”

“Polar Backup reserves the right in our sole discretion to revise, amend, or modify this policy and our other policies and agreements at any time and in any manner.”

“Polar Backup may (i) automatically update Polar Backup Products installed on your computer without your prior notice, (ii) upgrade, enhance, change and modify (collectively, the “Enhancements”) Polar Backup Products, or (iii) discontinue or retire Polar Backup Products or any aspect or feature of Polar Backup Products, including the types of files and data that are backed-up (not every file on your computer is backed-up) or the availability of Polar Backup Products on any particular device or communications service at any time and from time-to-time in its sole discretion. “

“Polar Backup will use reasonable efforts to provide notice of material changes to the Polar Backup Products or changes to these Terms by posting them to Product Agreement. It is your responsibility to periodically check Polar Backup website to inform yourself of any such modifications. Changes to these Terms, which may be made in Polar Backup sole and exclusive discretion, will be effective upon acceptance of these Terms (as described herein) for new subscriptions and effective for all existing users thirty (30) calendar days after the posting of the new Terms on Polar Backup website at Product Agreement You agree to be bound to these Terms, as modified.”

So are you prepared to log into Polar Backup once a month, for life, just in case the company has changed its terms?

“These Terms, your license and your subscription to the Polar Backup Products will automatically terminate or expire upon the earlier of (i) non-renewal, cancellation, or expiration of your subscription or your failure to pay invoices when due, (ii) Polar Backup discontinuance of the Polar Backup Products, or (iii) failure to comply with these Terms. If any third party makes an intellectual property infringement claim relating to the Polar Backup Products,”

Yes, if they discontinue the products, they won’t work anymore.

“At any time during the term of a product’s life cycle, Polarbackup may increase or decrease its prices for any of its products without notice.”

About that price:

“Polar Backup’s cloud storage plans usually start at $390, but right now you can buy peace of mind and easy file management for 89% off.”

Now why in the world would a company do that? If it was trying to seize market share, or if it were in trouble. Otherwise it’d be tough to try to reduce its charges by 89% lest it tick off all its existing users, because this deal is only good for new users.

And 89% is quite a discount. It’s going to have trouble raising prices ever, or people will start asking why they can’t get the discount anymore.

Sadly, none of the dozen or more websites that advertised this deal brought up any of this. It was all, hey! Look at this deal! Wow!

And they may be right.

But when something sounds too good to be true, it probably is. And I will be interested to see how long Polar Backup stays around.


September 29, 2019  12:06 AM

Baltimore Ransomware Attack Still Causing Problems

Sharon Fisher Sharon Fisher Profile: Sharon Fisher
government, Security

While a number of cities have been hit by ransomware in the past year, few have been hit as hard as Baltimore – but as time goes on, it‘s starting to sound like the city has no one to blame but itself.

It all started in May when several city services went down and the city received a ransom note. Baltimore was then told it needed to pay 13 bitcoin – about $76,000 – to get its data back.

However, city officials refused to pay. That wasn’t to save it money, though. “City officials expect to spend about $10 million rebuilding and replacing affected systems, and take an additional $8 million hit from lost revenue,” writes Benjamin Freed in StateScoop.

Naturally, Baltimore has been trying to understand how this all happened – and it’s asking itself some pretty hard questions. Sadly, it mostly seems to be trying to come up with pretty good excuses.

In the process of this introspection, city officials discovered that Baltimore didn’t have a disaster recovery plan, and that it would take nine months to develop one.

It didn’t have cyber insurance, either. Though hey! It’s considering it!

As it turns out, the city hadn’t been backing up employee hard disk drives anywhere, and data was stored only on individual PCs – which meant it got wiped out in the ransomware attack.

That also meant that the city had trouble during a recent audit.

“Baltimore’s IT agency could not prove that it was meeting certain performance metrics in a recent audit because the relevant data had been stored locally on employees’ computers that were corrupted by a ransomware attack that crippled the city’s municipal networks earlier this year,” Freed writes.

One member of the city council – who chaired the audit committee – was also a former federal IT auditor.

“Wow. That’s mind-boggling to me,” he said, Freed writes. “Do they really understand that’s an issue? Because they’re the agency tasked with educating people that that’s the problem.”

It’s especially mind-boggling because not only had Baltimore had been hit by ransomware just the year before, but the city was warned that it was vulnerable to such an attack a couple of years before. “The risk assessment — which appears to be from before September 2017, when the Baltimore City Information & Technology office took its current name — focused on a pair of servers responsible for more than 100 applications operating on a version of Microsoft Windows that is no longer supported by the technology giant,” writes Freed in a different StateScoop article.

“Despite the two attacks, [IT Director Frank] Johnson said that the city’s computer systems have strong defenses,” wrote the Baltimore Sun in May.

Not surprisingly, Johnson – the highest-paid executive in Baltimore city government — was out of office on leave by September. The new IT director started as Johnson’s deputy one day before the May attack.

But things are better now, right?

Well, except for last week, when county computers went down, reportedly due to a storage issue.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: