You can buy discs online.

Yes. I wouldn’t be preemptively worried about it, though.

Your scan is going to try to read and maybe write each sector and see if the drive returns an error for that operation. In theory, the adapter could respond with a read or write error even if a read or write worked or even return some kind of bogus data instead of an error.

But I wouldn’t expect this to likely actually arise or be particularly worried about the prospect. It’s sort of a “could my grocery store checkout counter person murder me” thing. Theoretically yes, but I wouldn’t worry about it unless I had some reason to believe that that was the case.

I mean, you can probably create something akin to a god, but I don’t see as to whether it being open source or not would change that.

I don’t really have a problem with this – I think that it’s rarely in a consumer’s interest to choose a locked phone. Buying a locked phone basically means that you’re getting a loan to pay for hardware that you pay back with a higher service price. But I’d point out that:

• You can get unlocked phones and service now. I do. There are some privacy benefits to doing so – my cell provider doesn’t know who I am (though they could maybe infer it from usage patterns of their network and statistical analysis). It’s not a lack of unlocked service that’s at issue. To do this, Congress is basically arguing that the American consumer is just making a bad decision to purchase a plan-combined-with-a-locked-phone and forcing them not to do so.

• Consumers will pay more for cell phones up front. That’s not necessarily a bad thing – it maybe makes the carrier market more competitive to not have a large portion of consumers locked to one provider. But there are also some benefits to having the carrier selecting cell phones that they offer in that the provider is probably in a better position to evaluate what phone manufacturers have on offer in terms of things like failure rates than do consumers.

I don’t see why they wouldn’t, or couldn’t do this

There are only 52 organizations that Firefox trusts to act as CAs. An ISP isn’t normally going to be on there.

https://wiki.mozilla.org/CA/Included_Certificates

https://ccadb.my.salesforce-sites.com/mozilla/CACertificatesInFirefoxReport

If whatever cert is presented by a remote website doesn’t have a certificate signed by one of those 52 organizations, your browser is going to throw up a warning page instead of showing content. KT Corporation, the ISP in question, isn’t one of those organizations.

They can go create a CA if they want, but it doesn’t do them any good unless it’s trusted by Firefox (or whatever browser people use, but I’m using Firefox, and I expect that basically the same CAs will be trusted by any browser, so…)

IIRC Russia was talking about detaching their modules and using them to help bootstrap some new station. So I dunno if those will get brought down.

That being said, that was also when that rather pugnacious guy was running Roscosmos, and I dunno if doing a new space station is the top of Russia’s priority list for their limited budget.

kagis

Dmitry Rogozin.

kagis further

It looks like they canceled the idea of reusing the Russian ISS modules back in 2021. So I guess those are destined for SpaceX’s deorbit too.

https://en.wikipedia.org/wiki/Orbital_Piloted_Assembly_and_Experiment_Complex

The Orbital Piloted Assembly and Experiment Complex (Russian: Орбитальный Пилотируемый Сборочно-Экспериментальный Комплекс, Orbital’nyj Pilotirujemyj Sborochno-Eksperimental’nyj Kompleks;[1][2] ОПСЭК, OPSEK) was a 2009–2017 proposed third-generation Russian modular space station for low Earth orbit. The concept was to use OPSEK to assemble components of crewed interplanetary spacecraft destined for the Moon, Mars, and possibly Saturn. The returning crew could also recover on the station before landing on Earth. Thus, OPSEK could form part of a future network of stations supporting crewed exploration of the Solar System.

In early plans, the station was to consist initially of several modules from the Russian Orbital Segment (ROS) of the International Space Station (ISS). However, after studying the feasibility of this, the head of Roscosmos stated in September 2017 the intention to continue working together on the ISS.[3] In April 2021, Roscosmos officials announced plans to exit from the ISS programme after 2024, stating concerns about the condition of its aging modules. The OPSEK concept had by then evolved into plans for the Russian Orbital Service Station (ROSS), which would be built without modules from the ISS, and was anticipated to be launched starting in the mid-2020s.[4][5]

https://en.wikipedia.org/wiki/Russian_Orbital_Service_Station

The Russian Orbital Service Station (Russian: Российская орбитальная служебная станция, Rossiyskaya orbital’naya sluzhebnaya stantsiya) (ROSS, Russian: РОСС)[3] is a proposed Russian orbital space station scheduled to begin construction in 2027. Initially an evolution of the Orbital Piloted Assembly and Experiment Complex (OPSEK) concept, ROSS developed into plans for a new standalone Russian space station built from scratch without modules from the Russian Orbital Segment of the ISS.[4]

I still dunno if they’re gonna get the money for a new space station. Like, deciding to have a war in Ukraine may have kind of killed off the viability of doing a new space station.

https://www.amazon.com/Logitech-Farm-Vehicle-Side-Panel/dp/B07QZVT1DJ/

Apparently USB tractor control panels are a thing in the farm sim world.

If ISP routers are anything like the west that means they control the DNS servers and the ones on router cannot be changed, and likely it blocks 1.1.1.1 and 8.8.8.8 and so on, as Virgin Media does (along with blocking secure DNS) in the UK for example, which definitely opens up a massive attack vector for an ISP to spin up its own website with a verified cert and malware and have the DNS resolve to that when users try to access it to either download the software needed to access this Grid System or if it’s a web portal - the portal itself.

Browser page integrity – if you’re using https – doesn’t rely on DNS responses.

If I go to “foobar.com”, there has to be a valid cert for “foobar.com”. My ISP can’t get a valid cert for foobar.com unless it has a way to insert its own CA into my browser’s list of trusted CAs (which is what some business IT departments do so that they cans snoop on traffic, but an ISP probably won’t be able to do, since they don’t have access to your computer) or has access to a trusted CA’s key, as per above.

They can make your browser go to the wrong IP address, but they can’t make that IP address present information over https that your browser believes to belong to a valid site.

I’d also add, on an unrelated note, that if the concern is bandwidth usage, which is what the article says, I don’t see why the ISP doesn’t just throttle users, based entirely on bandwidth usage. Like, sure, there are BitTorrent users that use colossal amounts of bandwidth, will cause problems for pricing based on overselling bandwidth, which is the norm for consumer broadband.

But you don’t need to do some kind of expensive, risky, fragile, and probably liability-issue-inducing attack on BitTorrent if your concern is bandwidth usage. Just start throttling down bandwidth as usage rises, regardless of protocol. Nobody ever gets cut off, but if they’re using way above their share of bandwidth, they’re gonna have a slower connection. Hell, go offer to sell them a higher-bandwidth package. You don’t lose money, nobody is installing malware, you don’t have the problem come right back as soon as some new bandwidth-munching program shows up (YouTube?), etc.

I don’t really understand the attack vector the ISP is using, unless it’s exploiting some kind of flaw in higher-level software than BitTorrent itself.

A torrent should be identified uniquely by a hash in a magnet URL.

When a BitTorrent user obtains a hash, as long as it’s from an https webpage, the ISP shouldn’t be able to spoof the hash. You’d have to either get your own key added to a browser’s keystore or have access to one of the trusted CA’s keys for that.

Once you have the hash, you should be able to find and validate the Merkle hash tree from the DHT. Unless you’ve broken SHA and can generate collisions – which an ISP isn’t going to – you shouldn’t be able to feed a user a bogus hash tree from the DHT.

Once you have the hash tree, you shouldn’t be able to feed a user any complete chunks that are bogus unless you’ve broken the hash function in BitTorrent’s tree (which I think is also SHA). You can feed them up to one byte short of a chunk, try and sandbag a download, but once they get all the data, they should be able to reject a chunk that doesn’t hash to the expected value in the tree.

I don’t see how you can reasonably attack the BitTorrent protocol, ISP or no, to try and inject malware. Maybe some higher level protocol or software package.

If you require people to use it to start the thing, you can probably use it as a hardware dongle for DRM.

From the Hacker’s Jargon File, for those who haven’t seen it.

https://github.com/PDP-10/its/issues/1232

Some years ago, I (GLS) was snooping around in the cabinets that housed the MIT AI Lab’s PDP-10, and noticed a little switch glued to the frame of one cabinet. It was obviously a homebrew job, added by one of the lab’s hardware hackers (no one knows who).

You don’t touch an unknown switch on a computer without knowing what it does, because you might crash the computer. The switch was labeled in a most unhelpful way. It had two positions, and scrawled in pencil on the metal switch body were the words ‘magic’ and ‘more magic’. The switch was in the ‘more magic’ position.

I called another hacker over to look at it. He had never seen the switch before either. Closer examination revealed that the switch had only one wire running to it! The other end of the wire did disappear into the maze of wires inside the computer, but it’s a basic fact of electricity that a switch can’t do anything unless there are two wires connected to it. This switch had a wire connected on one side and no wire on its other side.

It was clear that this switch was someone’s idea of a silly joke. Convinced by our reasoning that the switch was inoperative, we flipped it. The computer instantly crashed.

Imagine our utter astonishment. We wrote it off as coincidence, but nevertheless restored the switch to the ‘more magic’ position before reviving the computer.

A year later, I told this story to yet another hacker, David Moon as I recall. He clearly doubted my sanity, or suspected me of a supernatural belief in the power of this switch, or perhaps thought I was fooling him with a bogus saga. To prove it to him, I showed him the very switch, still glued to the cabinet frame with only one wire connected to it, still in the ‘more magic’ position. We scrutinized the switch and its lone connection, and found that the other end of the wire, though connected to the computer wiring, was connected to a ground pin. That clearly made the switch doubly useless: not only was it electrically nonoperative, but it was connected to a place that couldn’t affect anything anyway. So we flipped the switch.

The computer promptly crashed.

This time we ran for Richard Greenblatt, a long-time MIT hacker, who was close at hand. He had never noticed the switch before, either. He inspected it, concluded it was useless, got some diagonal cutters and diked it out. We then revived the computer and it has run fine ever since.

We still don’t know how the switch crashed the machine. There is a theory that some circuit near the ground pin was marginal, and flipping the switch changed the electrical capacitance enough to upset the circuit as millionth-of-a-second pulses went through it. But we’ll never know for sure; all we can really say is that the switch was magic.

I still have that switch in my basement. Maybe I’m silly, but I usually keep it set on ‘more magic’.

Now that I think about it, that’s how I’d like to start everything on my desk. Turning on my lamp? Use a key. Starting my PC? I absolutely want to turn a key to do that, too. Unlocking my iPhone? Okay, that would probably just get annoying. But the other stuff I definitely want keys for.

I mean, your PC’s power switch is just closing a connection between two wires. I’m sure that someone makes a key lock switch that can do that.

kagis

Apparently the term is “key switch” rather than “key lock switch”.

https://en.wikipedia.org/wiki/Key_switch

A key switch (sometimes called a keyswitch or lock switch) is a key-operated switch.[1] Key switches are used in situations where access to the switch’s functions needs to be restricted.[2][3]

https://www.amazon.com/Key-Switch/s?k=Key+Switch

Though the first entry for sale on Amazon calls it a “key lock switch”, so YMMV.

I need a vibrating seat to get the full tractor engine experience!

What hardware and Linux distro would you use in this situation?

The distro isn’t likely to be a factor here. Any (non-super-specialized) distro will be able to solve issues in about the same way.

I mean, any recommendation is going to just be people mentioning their preferred distro.

I don’t know whether saltwater exposure is a concern. If so, that may impose some constraints on heat generation (if you have to have it and storage hardware in a waterproof case).

Five Guys does milkshakes with bacon. I’d think that bacon ice cream would work.

Make a wiki, point people at the wiki, I suppose.

One thing I did like about Reddit was the wiki feature.

Faster isn’t always better – there’s software from the era that relied on hardware limitations to throttle itself – but I’d think that emulators probably have pretty good support for such throttling.

I can see people wanting to use retro software, but what surprises me is this being preferable to modern hardware running old software in emulation.

Especially a laptop, because I doubt that power management is that amazing on DOS.

Maybe there is something out there for which this addresses compatibility problems, but…

Too much Balatro.