SoylentNews is people
SoylentNews
from the what's-old-is-still-old-but-they-are-making-more dept.
Submitted via IRC for TheMightyBuzzard
National Audio Co. is the only company in the U.S. that produces cassette tape. Now, as cassette tapes enjoy a resurgence in popularity, National Audio has less than a year's supply left of the stuff, The Wall Street Journal reports.
For the last 15 years, National Audio's co-owner and president Steve Stepp has been clinging to his company's dwindling supply of music-quality magnetic tape. In 2014, National Audio's South Korean supplier stopped making the material, so Stepp bought out their remaining stock before they shuttered — and has been left with a shrinking stockpile ever since.
Although the demand for tape has increased in recent years, the quality and supply has not; National Audio has long relied on outdated gear that Stepp jokes is "the finest equipment the 1960s has to offer." That's why the company — which makes cassettes for everyone from indie bands to Metallica — is planning to build the U.S.'s first high-grade tape manufacturing line in decades.
Crap! Where am I going to store my TRS-80 programs now?
Source: https://theweek.com/speedreads/735269/america-running-cassette-tape
(Score: 5, Insightful) by edIII on Monday November 13 2017, @08:27PM (8 children)
I'll tell you what is impossible with tape. Malware. My fear with using a USB stick handed to me is:
That's the benefit of the analog cassette tape. Very bad medium to transport malware on, and it isn't active in any way. An audio CD can transport malware (Sony Rootkit), but isn't active either.
A USB stick can be an active threat to your computer operating in many different modes. IIRC, one of those modes allows access to the Intel ME now with JTAG access over USB. Being cheap is a threat too. How do I know that the 5000 count I ordered on Alibaba isn't coming my way with less space than spec'd? Or that they come with some malware in it already?
What I would imagine is that most ordinary people at one point or another have shelled out hard earned dollars to get their computers repaired. After you've spent as much money repairing some computer systems as buying computer systems, that you would be hesitant to just put anything into it.
Hence, an audio cassette is fairly non-threatening.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2, Disagree) by Grishnakh on Monday November 13 2017, @09:35PM (7 children)
I'll tell you what is impossible with tape. Malware.
Use Linux and you won't have that problem.
Or just turn off Auto-Run.
(Score: 0) by Anonymous Coward on Monday November 13 2017, @10:41PM (4 children)
This is patently false.
You connect a malicious USB device, it reports itself as a HID class device and bam, Linux and basically any other desktop operating system accepts input from it, treating it as equivalent to input from a "real" keyboard and mouse or whatever else. Then whatever user accounts are logged in at the console are pwned.
And this is essentially unfixable because users reasonably expect USB devices to "just work" when they are connected.
Or if an attacker just wants to cause damage, it's not too hard to make a fake device that, say, massively overvolts the data lines, likely frying at least the USB PHY and any nearby components on the board you connect it to.
(Score: 2) by Grishnakh on Tuesday November 14 2017, @01:57AM (3 children)
This is patently false.
You connect a malicious USB device, it reports itself as a HID class device and bam, Linux and basically any other desktop operating system accepts input from it, treating it as equivalent to input from a "real" keyboard and mouse or whatever else.
Yeah, so what? That isn't going to root a machine unless you somehow know the root password so you can simulate Alt-F1, root, password, commands to do something....
USB is a problem on Windows because of Autorun: you pop in a drive, and Autorun.exe starts running, no questions asked. Linux doesn't do this.
Then whatever user accounts are logged in at the console are pwned.
This is just dumb. You don't know what's going on when the device is plugged in. If it's not at a terminal window, and instead the cursor is at a SoylentNews input box like I'm using now, you'll just get a weird comment on your SN account.
Or if an attacker just wants to cause damage, it's not too hard to make a fake device that, say, massively overvolts the data lines, likely frying at least the USB PHY and any nearby components on the board you connect it to.
This doesn't compromise your data, it's just an annoyance. And good luck fitting that kind of circuitry into a thumb drive that's barely bigger than the USB port.
This is really just a bunch of scare-mongering.
(Score: 0) by Anonymous Coward on Tuesday November 14 2017, @03:45AM
You're lacking in both technical competence and imagination.
(Score: 2) by Pino P on Tuesday November 14 2017, @05:20AM
You don't need to gain administrative access to a PC's operating system to do serious damage. As Randall Munroe pointed out in this infographic [xkcd.com]:
For example, ransomware just needs to encrypt ~ (the logged-in user's profile), not / (the entire file system).
(Score: 0) by Anonymous Coward on Tuesday November 14 2017, @09:57AM
So the device registers as USB hub with a storage and a keyboard attached. You're not surprised about the storage; that's what you expected anyway. The "keyboard" starts a script located on the storage device. The script installs some malware on your account. The next time you use your password (for example, to unlock your screen), the malware catches it. Since today's Linux systems are typically set up with sudo instead of root password (how that is supposed to be more secure on single user systems still evades me), and usually the user has just one account used for both admin stuff (thus having sudo enabled) and general stuff (thus it will be the account that is open when inserting the stick). Thus once the user-local malware has the user password, on the majority of current personal Linux installations it owns root.
(Score: 2) by edIII on Tuesday November 14 2017, @12:13AM (1 child)
That's not going to hold true much longer, if it really does now. Microsoft operating systems are merely the most attractive target since they own the desktop spaces. However, they don't own the server spaces, and own progressively less and less embedded devices. The more successful Linux becomes, the more we will see ugly vulnerabilities come to light. We've seen some already, but I think we look the other way or refuse to acknowledge that remote code exploits are a cross platform problem now.
I believe we will see more exploits against Linux, not less. Then let's add SystemD to the conversation. Whether or not it is a good idea (breaks Unix fundamentals), it represents a far more complex system that requires significantly more resources to perform regression testing. What I believe the last few decades has shown us is that corporations will indirectly fund much of free software and open source, but that it will not, and does not, provide the resources required for testing. All of these years we relied on peer review of code, and it just didn't happen, certainly not at the level of thoroughness and competency we envisioned the community having.
The issue if further compounded by the fact we *want* users to be accessing the server and enjoying services. Every single on them represents a security vector that needs to be addressed. In other words, you can security harden a server all you want, but the moment you put Wordpress on it....
I feel safer working with BSD, which I think is one of the safest, and not even it is immune.
I'm reminded of the gentleman that boasted the Titanic was unsinkable, and the general who thought that the Death Star was the ultimate weapon in the universe that no one would dare stand against. Ironically, in real life it is often a bunch of teenagers causing problems for old white men with expensive platforms.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 0) by Anonymous Coward on Tuesday November 14 2017, @08:35AM
You're missing a point: The big security hole with USB on Windows is not an exploit at all, it's called AUTORUN.
On the other hand, you don't actually need an exploit, USB is inherently unsafe. Google "usb killer". Which by the way is a problem it shared with any electrically connected storage.