antipaucity

fighting the lack of good ideas

can you disable encryption on a windows server?

This was asked recently on Server Fault.

I’m asking if there’s a way to prevent files from being encrypted. I’m referring to some extent to ransomware, but specifically I want the following scenario:

  • Windows File server w/ shares (on the E: drive)

I want a way to tell the above server “don’t allow files on the E: drive to ever be encrypted by anyone or any software/process.”

And, of course, the answer to this question is “no”, as I and others said:

No, you cannot prevent files from being encrypted. How is the OS supposed to know if a file is encrypted vs being of some format it doesn’t “know” about?

You can disable OS-level encryption, and perhaps some programs from running via GPO, but that cannot stop every program, nor users uploading already encrypted files.

What you want to do is ensure users are only putting files where they are supposed to – and no where else.

But more interesting is why you would even ask something like this: is it because you really only want “plaintext” files on the share? (Even when the “plaintext” is a binary format (like an EXE, PNG, etc?) I suppose there could be “value” is disallowing even the concept of encrypted files .. but since encrypted files look like files (albeit ones that are not readably openable).

And I think this really belies an exceptionally-poor understanding of what encryption is – and what it is not. Encryption is meant to protect (or hide) specific content (the “specific content” might be the entirety of your phone or hard drive, or an email, or a trade secret, etc) from eyes who shouldn’t be allowed to see what is happening. Yes, there is ransomware that will encrypt or obfuscate files or file systems and demand payment to be decrypted – but attempting to solve for that corner case by attempting to disallow even the concept of encrypted data is highly misguided: the way to prevent/mitigate ransomware is by a combination of good system management practices, solid IDS and IDP software/appliances, sane anti-virus policies, and general good user behavior. (And, maybe, by using OSes less targeted by ransomware authors.)

how to turn a google+ community into a quasi “mailing list”

Spurred by a recent question from an acquaintance in town, I asked on Google+ whether or not you can enable emailed notifications for a Community. This led to the elaborate Settings page for G+.

It turns out that if you combine enabling a Community’s “Community notifications” vertical-ellipsiscommunity-settings (under the specific Community’s settings (which you find by clicking the vertical ellipsis button on the Community page) with the following tree in your general Google+ settings, Notifications -> Email -> Communities -> Shares something with a community you get notifications from, notifications-emailyou get a “mailing list” of sorts from your Community, which, niftily enough, also allows you to comment on the post via email (at least on the first notification of said post)!

more ad blocking extensions

The list of ad blocking extensions I have installed has grown.

Add to the previous two these two:

an even cleaner facebook most recent feed

Several months ago, I wrote-up a brief how-to on just showing the most recent news feed on Facebook.

I added a new Chrome extension today that helps speed-up your Facebook experience – Facebook Flat. It makes your Facebook views “flat” from a design perspective (no pun intended, but the extension falls a little flat when on highres screens with a fully-expanded browser window): it removes ads, reduces the color scheme, and generally makes it smoother.

If you combine this extension with loading https://m.facebook.com/home.php?sk=h_chr as your Facebook view (the mobile web edition in chronological order), the posts no longer fully-fill the screen, but instead stay centered as just a news feed in the middle of your screen.

Combine with something like Auto Refresh, and you can automate a clean view for your Facebook feed.

on ads

My colleague Sheila wrote a great, short piece on LinkedIn about ads recently.

And this is what I commented:

I held off for years in installing ad blockers/reducers.

But I have finally had to cave – been running Flash in “ask-only” mode for months now, and just added a couple blocker/reducer extensions to Chrome recently (in addition to the ones on my iPhone for Safari).

I like supporting a site as much as the next guy (I even run a few highly unobtrusive ones on my sites) – but I agree: when I cann’t tell whether it’s your content or an ad, or even get through all the popovers, splashes, etc, I’m leaving and not coming back

I hate the idea of ad blockers/reducers. But it is coming to such a point where you can’t read much of what is on the web because of the inundation of ads.

And mailing list offers. Oh my goodness the mailing list offers. Sadly, the only way to block those seems to be to disable javascript … which then also breaks lots of sites I need it to work on – and whitelisting becomes problematic with something like javascript, since it’s usefully ubiquitous (in addition to being uselessly ubiquitous).

For Safari on iOS 9, I have three blocker/reducer apps installed (they’re free, too: AdBlock Pro, AdBlock Plus, & Refine (App Store links)). It’d be nice if they worked for Firefox, Opera Mini, and Chrome, too – but alas they do not (yet).

Also run two blocking/reducing extensions in Chrome (my primary web browser) on my desktop – Adblock Plus & AdBlock).

Shame the web has come to this. Schneier’s written about it recently. As has Brad Jones & Phil Barrett.

Wired and Forbes even go so far as to tell you you’re running an ad blocker and ask to be whitelisted or pay a subscription.

Forbes’ message:

Hi again. Looks like you’re still using an ad blocker. Please turn it off in order to continue into Forbes’ ad-light experience.

And from Wired:

Here’s The Thing With Ad Blockers
We get it: Ads aren’t what you’re here for. But ads help us keep the lights on.
So, add us to your ad blocker’s whitelist or pay $1 per week for an ad-free version of WIRED. Either way, you are supporting our journalism. We’d really appreciate it.

If you’re detecting my adblocker, maybe instead of telling me you won’t do anything until I whitelist you (or subscribe), you think about the problem with ads first.

Just a thought.