A Christmas Computer Bug, and the Future of Files
HTML-код
- Опубликовано: 20 дек 2015
- In 1987, a German student wrote CHRISTMA EXEC - a virus whose basic mechanisms still work if you port them to today's desktop computers. Why haven't we changed in nearly 30 years? And what could we do instead?
Merry Christmas to all, and to all a good night.
tomscott.com
FACEBOOK: / tomscott
TWITTER: / tomscott
INSTAGRAM: / tomscottgo
The Park Bench will continue over Christmas: / mattandtom
"It made a generation who could code
A bubble before proper consoles, who all know
That the games you get today,
Well, they might be very flash,
But they'll never beat the thrill of getting through Jetpac"
-- MJ Hibbett and the Validators, Hey Hey 16K:
• Hey hey 16k
"Happily" run programs from 20 years ago. It'll run, but windows will get pretty pissy about it
Tell me about it... 😒
**Image of heavily discolored Diablo 1 goes here**
@@StarshadowMelody * sad cpu noises *
*sad GPU noises*
Dosbox’ll work
"I'll see you in 2016" BRO I'm rewatching this in 2020. That's a weird thing to hear
Given the events 2016 set in motion, it sounds a bit nightmare-ish to me.
Oh I still remember in January when people were thinking it would be a great year
same
@@kalebchoi6372 Oh I remember when people thought 2020 would be a great year.
the whole outro makes perfect sense now
German student: you know what, I'm gonna spread Christmas joy by making a program that shares itself to others, which will show holiday greetings and this cool tree!
the program: (takes down IBM twice)
German student: (surprised pikachu)
silence, redditor
Dead meme.
@@shagarakar it's as if the post was made 8 months ago...
@@shagarakar surprised pikachu will never die in my heart
@@shagarakar it really wasn't it's use was really quite common in July (9 months ago) it was near it's peak usage.
7:42 you can see him jump up in the background and yell "ONE TAKE!"
"Write the future as well as read it." Is that a quote from something in particular? I like it.
_no replies_
@@FoXenthusiast42 😞
@@FoXenthusiast42 oof
Idk
@Jumly same
When we have a locked down, 'silo style' operating system, there really needs to be an option to turn that off.
Bingo.
I understand making a sandbox the default for untrusted app, but it absolutely *must* be optional.
This isn't just some ivory tower notion of ownership/control, it's not even just an issue of allowing people to learn about the tech they use if they want to, though both of those are valid.
It's that walled sandboxes are absolutely suffocating for innovation, and they make it impossible to workaround issues that inevitable crop up with the model.
I'm also not a fan of the implication from so many ivory tower engineers that backwards compatibility is bad - and I say that as a software engineer myself.
That’s the problem with the companies that make these locked down OSes. That’s why jailbreaking has flourished, to enable you to turn that specific thing off.
@@jmiller6066 I don’t think he’s implying backwards compatibility is bad, just that his idea will destroy any current program
*cough* *cough* chromebooks
All I want is the ability to further organize my collection of thousands of edited _Garfield_ strips.
While in theory it's great to have a fancy front end, another issue with having a large portion of people using it, will be an extremely limited support group for the advanced mode, as companies will no longer have hordes complaining if something goes wrong.
Forums filled with enthusiast will do for those advanced-mode users I think.
*looking at you, Arch user*
@@valerianmp btw I use Arch
@@valerianmp hi
ok its ether you watch everything i watch or you watch everything because your every where
we may be biased as techies, but that last point seems key. Let iPhones be iPhones and whatnot, but I don't want my daughter to ever see her desk or laptop as a black box.
+Elliott Collins Most modern PCs are already black boxes and they have to be. Not for sake of security, but for sake of usability. One has to learn how to use one first, before being able to dig through the complexity hidden beneath.
Lorenz Zahn Yeah, there should certainly be a clean and user-friendly front end, with pretty icons, GUI's, etc. But I don't think there should ever be a point where you're unable to dig one layer deeper into the system if you're curious or want to change something.
+Lorenz Zahn bloody windows 8
6668084747 I don't know what you're talking about, but be civil, chief.
6668084747 Nah, you're just being mean. It's lazy and annoying and you're better than that (probably, statistically speaking).
Along with the "can't write Iphone apps on an Iphone" bit, I'd also like to point out that the whole file system thing you were talking about makes for a smoother transition towards computer literacy. Rather than having to take a class for the kind of computers we have now, I was able to learn a lot about how certain programs work through experimentation, trying things out and seeing what works, what files could and couldn't be used in certain programs, which I couldn't do in the system Tom described.
That kind of locked-down system would be a nightmare not only for programmers, but for a lot of musicians and filmmakers.
Not necessarily. Current creative programs still use the directory system, but if they didn't, then this shift wouldn't be an issue. It seems like you are assuming most complex programs will still present the directory system to the user, when that may not be the case when by the time these changes becone widespread.
@@wyatttomlinson3475 I think their point was that a sandboxed filesystem would make it hard to organize projects, as well as make it a pain in the ass to import files between programs, especially if those programs didn't all have a consistently well implemented "share" feature to push the files between the sandboxed spaces. Which I very much agree with btw, the ability to have one folder that holds everything for a project, finish modifying a file in one program, and just being able to open it in another immediately after without moving anything around is very handy for working quickly on a project. So, yes, this theoretical shift would be one hell of an issue, even if it's more secure, even if it doesn't make things impossible, it would just make things more annoying than they have to be.
They don't want you to be a musician or filmmaker; they want you to be strictly a consumer.
7:44 I can almost hear you scream "one take!"
I quite often access the file system on my Android phone directly, because for me it's the easiest and fastest way of getting things done.
I guess Tom's just hoping for more red t-shirts under his tree!
take my upvote
@@jan_sipiki ok
@@chiefhydropolis not op but cool
Forget system application sandboxing and such. If windows had a unified installer/package manager where the windows OS kept track of which program owns which files, that would go a long way.
That would help. But would have to force it's use and that will be unpopular.
+Richard Collins Microsoft would obviously force that, but it's not necessary. Linux distros have both
+Richard Collins I am not so sure about that. With a nice ui it would be significantly easier to use. Problem is more that windows has so damn many sources and microsoft won't deal with that mess.
They do have a package manager manager, which gives one command line interface and then you can add packange managers to it, like pip or chocolatey or nuget or what else.
+Charles Miller I would love that! I have been yearning for this and it would solve sooo many problems.
That and file explorer with tabs, except efficient and non-crashy.
***** You know what that's called? Windows 8. And how many people really loved that?
Many of today's so-called 'advanced' users began by messing around on their cheap, consumer hardware and learning more and more how the system worked.
To 'lockdown' a machine fully would rob the next generation that potential for tinkering and therefore, maybe, stumbling into being advanced users themselves over time.
Being protected and being imprisoned are very similar situations.
Watching in 2020 and wondering if this is a prophecy.
Not even just the next generation of software engineers.
Locking everything down without the ability to opt out is suffocating for innovation as a whole, and gives users no recourse when problems arise - as they inevitably do, arguably more than ever with how pervasive the "move fast and break things" attitude has become in tech, and how disconnected from reality many software designers have become
throwback to the time i managed to delete my old computer's bootloader
The locked down file system you talk about at the end sounds like it would be absolutely terrible for computer literacy.
Using a car does not mean one wants to be a mechanic.
And even a mechanic wants to use his car without having to open the hood.
@@musaran2 just saying, if your car's hood is welded shut permanently, you'll probably wonder what's inside at some point.
"You can't write iPhone apps on an iPhone"
Challenge accepted
I can compile C(++) and run Python(3) on my Android phone, but I'd rather have something like ubuntu on it tbh
You can install Ubuntu on an Android phone. You can install Android Studio on Ubuntu. You can write code on Android Studio. Challenge finished.
@Stef 😞 i lost my iphone
challenge completed
@@stephen9849 You don't need to install ubuntu to write android apps on android. Just install the necessary tools in Termux and build your apk files.
I remember back in the day when I was an ignorant kid and got an iphone, it was terrible not having a real file manager and everything being sandboxed in its own app
, I had to connect it to a computer to transfer the music from the app it was downloaded in, and then move it to the music folder that the phone had.
So glad proper phones and pc's dont have horrendous limitations like that!
"You can't write iPhone apps on an iPhone" somewhere along the line we lost our way...
You can write Android apps on Android in many different ways. :)
@@eekee6034 I'm wondering, how do you do that? Just as a point of curiosity on what the experience is.
@@nikkiofthevalley it's technically possible if you use termux to run a linux virtual machine and develop your app in that. It would be very slow and annoying to work with though.
the day someone promises me an OS where one program can't access data from another, will be the last day I update my computer
Well what if there was an option called something like "Sandbox mode" where that happens, but it's only an option that you choose when your installing your OS? Let the people who want the Sandbox mode have it, and people who want regular computers have regular computers?
I would rather have regular computers because as long as your not clicking on every ad on Pornhub and going to random shady links from Bots on Discord, you'll be mostly fine, but I like to use AV just to be safe.
I mean, Qubes runs on a similar principle.
Windows 10X will run on that principle when it releases. The idea is no app/program can access data from another without permission from the user.
@@albertjackinson That sounds like a reasonable "inbetween", actually looking forward to when that hits.
I think 'non-techy' casual folks should just get over the fact that technology is advancing and actually try learning how to properly take care of computers. I'm tired of old people knocking desktops just because they don't know how they work and aren't bothered to try to learn. We shouldn't lower the standards of things for the layman's sake, but push everyone to get a little more insightful. I'm sure people grumbled about the complexity of automobiles when they started feeling the pressure of modern society pushing cars in and horse wagons out.
Let them bang on the computer towers all they want, I just hope this doesn't mean the rest of us will start getting toys instead of professional equipment. Windows 10 sure looks like it was made for children however.
It's 2019 and I have a customer about my father's age who hunt-and-pecks out vague iMessages on his iPad to my email address, so I keep getting empty emails with .txt files attached with all lower case sentence fragments and bizarre punctuation as answers to technical questions.
you people need to get out of your cave and stop being so nerd for once
Why haven't you made nuclear fission work? I'm fed up of laymen using fusion to power the grid, it's no excuse learn it and make it work.
Nineth Lion this is true with everything if you really think about it. For example your car, get over the fact that it looks complicated to do basic necessities like changing the oil. Learn it you imbecile, you can’t expect your car to go long without learning to take care of it.
Being a programmer myself, I simply could not support such a system. To me, Mac is too strict of a system. Windows is much better and linux is supreme. That kind of "app" thinking is something I utterly despise. The idea behind the computer is that it is general purpose. To lock it down in such a way seems... horrible to me.
could you give a concrete feature in a linux/windows pc that regular consumers use that need that kind of freedom?
"lINuX iS suPrEMe"
I agree with the Linux part, I can do whatever I want with no question asked
Linux gives you all the power you need to fix the problems you get by running Linux (mint user here)
@@ezekiel0606 your context is cognitively dissonant
The traditional PCs aren't going anywhere. They are indeed more insecure than other devices, but that's not because of bugs or glitches... but because of the freedom they give. And the way we use that freedom.
Merry Christm- oh wait, this isn't a recent video, anyways Merry Christmas
0:17
Noticed the cat chillin' on top of the computer.
You can write iPhone apps on an iPhone if you're jailbroken and insane :P
MrC0MPUT3R what exactly does jail breaking a device do?
@@daniellewilson8527 I'm not an expert, but I believe it inserts or changes the code for the OS in very specific ways to allow different functionality like installing a third party app store
@@daniellewilson8527 exactly what it sounds like. the phone is limited and "in jail" so it can't do thing you would normally do on an Android phone (e.g. install third party apps or change some dangerous options that can harm your phone) and jailbreak practically changes the code a bit so it is not restricted and is able to do those things.
@@daniellewilson8527 It removes the exact thing Tom talked about iPhones. It allows programs to run across the filesystem without having to push all the files.
@@daniellewilson8527 I did that to an iPod it broke the system
I would absolutely hate, hate, *hate* my desktop to be locked down like an iphone. In a perfect world where people wrote perfect applications that do exactly what I need in the way that I need it then it _might_ work. But in a perfect world there wouldn't be any malware.
I would take the risk of an exploit physically destroying my machine over being unable to rewrite bits and pieces and intentionally making things work the way they weren't intended. I don't need other people telling me how my software is going to run - what _I_ want. And I definitely don't need to be unable to remove malware myself when someone inevitably figures out a way to break the new system.
If you want to dummy-proof anything the only thing you need is regular backups.
@John Doe I think that if "we" as "technical people" were to actually educate people in how computers work, etc, there would be no idiots that you speak of (or greatly decreased). The problem is that many people are scared of computers and think of them as a black box, and we need to change that.
P.S. I swear we've met before, but maybe it's just my memory tricking me.
if it can go wrong, it will
This is even more important than most people think. Just ask the accessibility community how often they have to modify or workaround software issues for example.
Or literally the entire concept of game modding.
Another problem with the locked-down environment is that it makes development difficult to impossible. Regular application development would certainly be possible, but, say, OS development or embedded development would be effectively impossible.
1987 file names where indeed limited to 8 characters. At least if you don't count files of a system other than MS-DOS as, well, files.
+Jörg Wessels This was on VM/CMS - not MS-DOS. I deliberately didn't mention the actual OS - it's just a string of letters to most folks!
+Tom Scott ... isn't that a mainframe system?
+frumbert That rings a bell with the spectrum +3 And it's disks. but could just be my old memory. :)
+Tom Scott It's funny you talk about how we have non-siloed systems for legacy reasons, when VM/CMS was a VM! I realise you mean per app, rather than per OS, and of course the hardware was quite a different market. But I enjoy the irony anyway :)
I ran into issue where file path is too long on Windows 7... I never ever thought that can happen, and it did... Node.js modules has such a complex folder path that you can only add 20-ish characters to its path.
"It can still encrypt all the files in your personal directory, all your photos and your business invoices, and lock them away..."
Tom, stop giving me flashbacks!
I've spent (and will spend) a long time making OpenOS, an operating system built to solve problems like this one. It's still under development but essentially gives each program dedicated folders for their files, but allows files to be written to outside their folder, asking the user if they want to allow it and telling the user exactly what the program needs to do. It's mostly secure, features automatic snapshots, backing up the whole system with high compression and also has a built in Windows, Mac and Linux app emulator, allowing compatibility with all programs, and provides safe environments to do so. It aims to fix security problems while maximizing compatibily and user-friendliness.
Hopefully we will solve these problems!
how did that turn out?
Curious as well. How's it going?
My Dad actually thinks he knows the guy who wrote christma Exec. I mean he is not sure But "yeti" (the guy who apparently did it) was the only one band from the Computerlab at the University of Clausthal-Zellerfield. :D
And one and half years later. Everyone is hating on Windows S.
@Deon Denis
If you have to rely on an operating system to prevent you from getting a virus, then you've already lost.
@Deon Denis Just use mac and linux
Of course the worm in Hawaii was known as KALIKIMA EXEC :P
unfortunately a lot of pages and games DO still need flash, but some companies forget that there's actual people using the devices they make, and remove it.
Did you just predict browsers removing Flash?
@@adjoint_functor looks like it haha
How did you know this 4 years ago wtf, tell me your secrets .
@@binayak8648 because using flash was still considered out of the loop ~5 years ago even though browsers were supporting it. devs had moved on to the html5 standard and there was no need for flash web pages on web 2.0 sites. i would argue that there never has been a need for macromedia flash in pages other than for video playback but it certainly used to be easier than doing things properly with how flash was supported by every browser out there for such a long time.
this hits diffrent in 2022
"The BCC Micro and ZX Spectrum made a generation that could code" This is so true. My dad and his colleagues all started by writing games for the zx sprectrum and all went on to be successful programmers.
I'm Watching This Exactly 5 Years Later- Dec 21, 2020
And He's Saying- "I'll See You In 2016"
Is this the set vsauce filmed at?
Great video btw
+Joshua Warner It's the set that pretty much every RUclips creator in London's been filming at. The RUclips Space team have done a really good job with it -- and I'm filming some more stuff in a "de-Christmassed" version of it at the start of next month :)
+Tom Scott hmm, why? I mean it's cool looking and all. And it is cool when youtubers share and collaborate. but one of the best things about RUclips is the individual nature of the producers.
+veggiet2009 My guess: Decent lighting and sound... people don't want to listen to echoes and watch videos with weird color and shadows...
+Joshua Warner I thought the set looked really familiar.
+Tom Scott That's pretty cool, would you be allowed to make a video on how the collaboration is done and maybe a set tour?
if you just learn about computers you can avoid must of the viruses. The problem is that people are not educated on how to use a pc and what you should not do.
+Jack Roberts Agreed. I think the OS should allow the "Open library" setup once the user knows how to deal with the system, which will come naturally, because no new user would even know there was this option.
+Jack Roberts The issue is, this isn't always the case (although it does help a large amount). There are plenty of viruses that can hit techies simply by using an exploit that the end user has no control over. Look at the stage fright exploit on android. All the malicious person had to do was send a malicious MMS to the target and they could essentially take over he phone.
But this is the OS devs' problem, because THEY have to make sure this won't happen.
I remember when I was running Windows, if anything felt fishy at all, I would open the PE in HIEW to see if they were doing so shady tricks.
I've seen only 2 of your videos and I have to say I'm amazed. You explain things that normally someone would fall asleep in 7 minutes, but the way you articulate your ideas makes me want to never stop watching. I know its a bit weird that I'm saying all this but I don't think I've ever experienced something so oddly exciting and fascinating right out of the blue. Keep up the good work!
I enjoy how you touch on both sides of an argument and let people come to their own conclusions based on that information, that's what makes your channel so great.
"build the systems for non-techies like that"
Then the non-techies will never become techies and the whole system fails due to nobody knowing what anything dose.
If you make a system so simple an idiot can use it, only an idiot will.
+Jeffery Liggett
I don't know about that. Pencils are pretty good!
+Modus Ponens and yet there are reasons why we give wax crayons to kids, the younger the kid, the thicker the crayon, and not pencils
666Tomato666
Because crayons are cheap?
*****
I don't think operating systems are pencils...
We might be on to something.
+Jeffery Liggett A
common mistake that people make when trying to design something
completely foolproof is to underestimate the ingenuity of complete
fools.
- Douglas Adams
You got me at 3:05 Tom, great work :)
+MysticalMagicDude Same, and I'm on a mac.
Tom: "I'll see you in 2016"
Me: **laughs in 2020**
Me: **cries in 2020**
It's a little spooky watching this now as I've recently seen reports about how the prevalence of that iPhone/tablet style of working is causing problems. Apparently a lot of young people that have grown up really only using that style are now going to college/university and are unable to do a lot of required computer work because they don't know how to find files.
Metaphorically speaking, if someone shoots himself in a leg, we shouldn't develop a gun that shoots everywhere except for the user's legs, instead we should educate the fool, or take his gun away if he's a complete bonehead.
weird metaphore, but ok
I'm not even particularly tech savy... And even I prefer the way it works presently for what I do.
Merry Christmas, Tom. Thanks for all the education and entertainment this year and here's to much more in 2016.
Merry Christmas, Tom Scott, and thanks for all the... videos.
Merry Christmas Tom! And everyone in the chat!
This was like the Queen's Christmas Message but about computers. Pretty awesome!
I was so pleased to find your channel this year. And I'm still pleased to be a subscriber. Happy Holidays to you and yours and may you continue to make wonderful and entertaining videos in 2016!
Thank you Tom for this beautiful talk! It made me think a lot. And Merry Christmas to you too!
Yep, I definitely want to rely on every program I use having a compatible exporter to every other program I would want to have access to it's data./s
I'll stick with files.
I really like Android's implementation of this system, where apps are locked down but you're still given a traditional file explorer in case you know what you're doing, and you could root your phone if you really know what you're doing.
Merry Christmas to you as well Tom. I thoroughly enjoy all your videos. Here's looking forward to watching whatever you're doing in 2016.
you informational videos are the only thing i look forward to on youtube
Dear Gods, this sounds like a hellscape. I'm waiting for my Linux phone so I can actually stop it from running things that spy on me constantly in the background.
Just an Android, root it, install Linux, voilà! (BTW, we should have the fundamental right to root all our devices. We OWN them. They are OURS.)
So, when I download an .mp3 file from the web... which of my players can use it? If I change players, I have to convert the permissions on all my music? Way to facilitate companies utterly locking down all your things with DRM.
technobabble
@@jan_sipiki Not in the slightest, I'm sorry that you possess only the faculty which would perceive it as such, though.
Also, 3 years ago... for that..? Are you quite alright, you troubled little nut?
Merry Christmas mate, yet again a video that makes me take a step back and think. Thanks
Your end statement was very touching. Have a happy holiday season yourself.
This would kill any and all 3 party programs.
A much better use of resources would be teaching people to not click that little OK button.
Got this resurfaced in recommandation exactly five years later, and still somewhat relevent. :/
Maybe container would be the way to go with, I dunno.
Merry Christmas Tom and thank you for all your awesome videos's.
Thanks Tom, marry christmass to you as well.
Stupid computer, it never does what I want only what I tell it to do.
Lol every angry person with computers and simple problems
I feel your pain, but as you know, computers don't work that way (yet?). When operating correctly they always do EXACTLY what you tell them to do. That can be frustrating because unfortunately the details of your instructions sometimes have little relation to what you actually wanted to do (syntax errors, inconsistencies, rule violations, and other errors of omission/commission). Like Tom said in his video they can't read your mind. Yet!
This was a really great video! As a programmer I often wonder if kids who grow up with mobile OSes will be worse at programming because the basic metaphors are increasingly different.
I love your videos, especially the ones that make you reflect and try to change the world, like this one :)
Dear Tom. Thank you for scaring me halfway to death @ 3:05 , thank you (seriously this time) for the videos, and happy holidays! :)
Thanks for the really well done and well-thought out discussion! I appreciated that you considered every viewpoint (it's often quite rare!). However, I think your final point about the lacking ability to program iOS and similar systems is a very important one, because I personally think a future where only an elite few even have _devices_ capable of programming the technology of the masses would be a bleak one for all the great, crowd-sourced content creation we have seen with the internet. I guess this is just another debate for us to think about: security vs. openness. Also, if anyone hasn't heard of it the book "The Future of the Internet and How to Stop It" may be an interesting read on this subject.
I don't think I can trust your videos any more XD
You scared me with the malware pop-up, and when the video stopped buffering, I thought it was your doing...
+Xletricity LOL same here
you are dumb
Happy Christmas and New Year to you, too, Tom!
I have an odd experience in that every time I come back to this video, the sign off “and I’ll see you in 2016” makes me feel more and more visceral nostalgia.
I think your lockdown idea at 3:35 could work, if we allow more "advanced" users to download and install a patch that will revert it to the old central-storage system. Seems to me that the sort of users who would WANT to do that would also be the sort of users who could figure out how to do it without too much hassle.
I keep hearing chromebooks are the most secure option of anything around right now. too limited for me though
That's why they're so secure. If you can't install anything you won't get a virus. I just use windows but I don't download viruses.
MrBadgerMoustache sure? Do you have flash/java/silverlight plugins? Or do you at least always keep them, your browser, and windows up to date? Are you on windows 7 or lower? (7 is ok but 8 and 10 actually do have improvements to security) Do you block sometimes malicious ad networks? Do you run installers directly from the downloads folder? Do you open word documents from random attachments and click enable editing? Do you find flash drives or cds on the ground in public, and put them in to see what is on them? Do you connect to the internet? so on and so on
There's a lot that can go wrong without even an advanced user noticing.
+linkviii i do all that but my PC seems fines
I have one for school. It sucks, but you can install SSH, making it 1000x better than any other limited platform, imho.
of course, a proper, unlocked windows machine would be better, but what kind of school would make that?
+linkviii I love the idea for the chromebooks for most people. We are *mostly* done with plugins (even Netflix/Amazon Video aren't requiring it). If all you need to do is the standard Web stuff then I can really see the potential. Windows/OSX is just too bulky for most people in 2015.
And a Merry Christmas to you too Tom!
Love your vids Tom. Have a great Xmas and a video productive new year
"The BBC Micro and the ZX Spectrum made a generation who could code" Was Tom just paraphrasing from "Hey Hey 16k" there?
+DataCab1e Have a look at the bottom of the description :)
ZOMG, somebody else has actually heard/seen that song/video. Then again, that could just be my inherently isolationist left-pondian viewpoint. Perhaps it's wildly popular over there.
+DataCab1e I used to have an Acorn Atom, and a tape recorder. Good times.
Haha, love that "how to patch flash 0-day" tweet XD
Merry Christmas Tom :) Here's to 2016 & all the wonderful things I might not know. Cheers!
Merry Christmas to you too, Scott!
I agree that there should be some sort of "smart mode" (or "dumb mode") on windows for people who understand what they're doing. I'm tired of my computer treating me like it needs to explain what basic operations do in a way that's easy to understand, but doesn't really tell me what's going on...
Did that pop up actually scare anyone?
It got me.
For a few seconds I thought so, then noticed it was Windows 7 and calmed down.
What is that supposed to be, some manner of shield? To protect against... swords... or something?
I use Linux, so I didn't even think about it.
ransomware.
Such a nice knowledgeable guy. Someone who I look up to. Merry Christmas Tom
I've been subscribed to your channel for a while now and if anybody ever told you that you're way to smart & clever, then that's one hell of an understatement. delayed Merry Christmas and a Happy new year!
F for Flash 😥
Tom, the idea you're describing has been implemented before. It's actually normal on basically every Unix-like operating system. Try Antergos-Linux some time. You'd like it.
That was an excellent explanation. Great job, and Merry Christmas. :)
Merry Christmas Tom!
you scared me with that bitcoin popup xd
Tukanen and exactly the same virus is rampaging right now
It popped up for me right after I deleted some possibly sketchy software and I freaked out.
is it possible to have a local mechanical switch or button that requires flipping/pushing before certain drastic changes could be made to software? like have a button on your tower that sends a physical signal that allows all your files to be deleted. I'm not an electronics guy, I'm just curious.
or would that just be translated into code in such a way that it can be manipulated like any other permission?
Yes it would just be manipulated like any other permission, and scarewares would just force the users to push the button (pretending it's an admin asking this, or that their computer will catch on fire if they don't push the button).
The only thing you could lock down (for a few months before it's hacked) would be undocumented firmware-level commands on the storage/motherboard memory controller, but you can't lock any vital command anyway: if the write commands are locked (for the HDD storage), then the user would need to constantly push the button (to write cache, to save document, to let all the OS services updates their files) rendering the lock absolutely useless since a malware would just piggyback ride on all the legitimate services using the write command.
Modern systems read and write so much data and rely on so much services and processes for the most regular usage, that it's impossible for 99% of the users to actually know what is actually going on at a given time.
It's like having 500 people working in an airport platform, taking care of countless services and logistics at the same time, many time-sensitive and crucial for the airport, and you're asking a simple traveler who's just here to catch his/her flight to spot any potential suspect, either by themselves or using a set of CCTV cameras+metal detectors (AV+FW) - basically being a full-time head of security. It's impossible.
...
The idea of having data silos is also a bit... great on paper, but not really useful. Tons of resources still need to be shared between programs (including the OS), and impersonating or hijacking a program is perfectly feasible: for MS Word, the hacker can use an infected Word file to send commands through MS Word, to steal/encrypt/delete other Word documents, or the hacker can spoof/crack the certification system to have its own program be recognized as a legit MS Word (gaining access to all MS Word files).
Given people have bazillion different devices, programs and OS versions, and rarely update them all (because of ignorance, or the update system doesn't work, or failed them before), a lot of tolerance needs to exist in the security system, otherwise most users wouldn't be able to simply use their files. It leaves the door open to all kind of exploits: outdated security systems/versions will have to be kept running to not cut millions of people out of their device and files, and you only need 1 security hole to compromise millions of users.
...
You could also theoretically design a system with an integrated encrypted backup system using biometrics (even if these get cracked now) at the firmware level, so you use your fingerprint to gain access to a write command, to send your valuable files to a vault, with a hash for each batch of writes, but it would require a lot of maintenance to keep it working and most people wouldn't use it anyway.
And how do you control the commands send to the backup disk? Even an authenticator could be compromised, so the writing of your 5 .docx files gives you the hash "x", you saw it appear on the biometrics screen module (hackeable too), confirm the write command, BOOM it's actually randomizing half of your backup drive. There is no safe system that is easily usable by a regular person, it's all just risk mitigation.
...
What the IT companies have been trying to sell to people lately is automatic cloud storage backup of their files, beside the datamining and directly feeding the intel agencies, it would solve two problems at once: valuable data would be safe from ransomwares *and* data loss (theft, house fire, hardware damage) thanks to that backup, and people wouldn't need to implement and manage an entire backup solution themselves (so all the redundancy is handled by security experts, who know their stuff).
The main problem is the lack of trust in these shady companies (who sell personal data on the daily, and regularly refuse to keep their systems' security up-to-date) and the pricing plan of these services vs the low price of home HDDs.
Not really, but you could set up a backup solution to run at the push of a button.
watching this in 2022 feels peculiar but thank you, Tom, Merry Christmas to you, too!
If you segregate computing for casual and advanced users like this, two things are going to happen; The computing solution with less demand is going to become more expensive, or otherwise less accessible in some way, and fewer users are going to jump the gap between the two.
The result is a viscous cycle of computing for advanced users becoming less accessible, less casual users climbing the increasingly steeper curve toward enlightenment, and the lack of more advanced users making marketing to them even less feasible. Eventually some branches of Linux and other open source software will be the only operating systems that still cater to non-professional advanced users in any way, with systems perhaps being designed to only be maintenanced by the companies that produce them, and even then most commercial applications will be based on platforms targeted at purely casual users, including games, word processing software, social media platforms, and most browsers. The social gap between users of different experience levels will also widen, and considering that in the past such technology-based social divisions preceded attempts at the criminalization of phreaking, hacking, reverse engineering, computer security, and piracy in all it's forms no matter how benign, we could likely see open source operating systems and computer security tools being at least stigmatized, if not completely blanket criminalized, beyond the scope of what has ever even been proposed thus far, as this gap continually becomes more and more evident and problematic.
I mean, I guess the path we're going down now also offers a number of dystopian futures that may await us down the road, but advocating for this kind of stuff is what's going to specifically get your ingroup marginalized dude, so maybe cut it out? Just a suggestion.
That's a lot of hypothetical situations.
Ever heard of Qubes OS? You should look it up. It does almost exactly what you're talking about, with this control. Sure, you have various "boxes" of applications, but it's a similar idea.
goose121 Qubes is great for security but it’s hardly non-techie friendly.
Merry Christmas and a Great Yuletide Tom
Merry Christmas Tom
This is the direction windows is headed, with the "advanced mode" being desktop programs, and the windows store being the monolithic package manager for Microsoft approved(tm) sandboxed "apps".
4 years later, this turned out not to be the case. Those "apps" in Windows never caught on.
4:00 You can have centralized locations for everything, just as long as everyone can only modify what they create, while being able to read everything else with system file managers having full access to read and write to every file.
we used to do that in the root directory of the highschool pc's and have lil conversations between eachother
Merry Christmas to you as well, Tom. (-:
Merry Christmas, Tom Scott!
Great and interesting video as always. :)
The virus came before the internet :D :P
Before the Web. Seperate from the Internet.