when the future is clearly meant to be families handing down jobs from generation to generation working in buggy whip factories or mining beautiful clean coal

if you're really into tinkering with stuff, sure you can build your own and you will have fun doing that. Most people don't need ridiculous spec hardware at home, you are not running data center storage loads and your network speed is likely to be slower than anything the NAS itself can do internally anyway.

I'm not really into tinkering at that level anymore and so I just use a synology NAS that backs up to backblaze B2. It's all automated, works great. I have a small VM that I use to collect logs and do a couple other minor things that I can run on it, it has Surveillance Station which I can use for cameras, etc. It's been a great way to combine a few utility devices into one central thing that has vendor support if I need it. The offsite backup works perfectly and is very fast over residential gigabit fiber.

The main downside I've found is replacing disks to increase volume size can be kind of a slow process depending on how full your NAS is and how large the disks are that you're replacing, so if you plan to replace smaller disks with larger ones you need to plan for about 1 day between disks with about 5 minutes of actual work per day to hot swap them. But this is a pretty infrequent activity for most people.

Prior to that I had used Drobo (RIP but also for fairly good reason) and sorta cobbled together stuff. Synology works better and has been more reliable than either one for me.

1) people are storing data now that needs to be protected past the time that "quantum" hits. So safe algorithms are needed even now.
2) large scale systems with lots of parties etc. take forever to effect change. You have to get everyone to agree that something needs to be done, then get them to agree on what to do, then get them to actually do it. Barring a worldwide disaster/alien attack/etc., this just won't happen in a matter of weeks, or months, or even years in some cases. It can take decades to get industries to move off of unsafe algorithms even when you can demonstrate an actual danger. If something's going to be a problem in 8 years in those industries, and you aren't actively trying to solve it now, you are not gonna fix it in time.

https://www.iana.org/dnssec/ce...

Here is a link. The ceremonies are performed to do any cryptographic operations which require a Root Signing Key. When you need to use such a key, you usually have to get a number of people called "key custodians" who each have independent physical access to one part of the cryptographic key, usually stored on a smart card or other secure token device. You will usually have an overall number of custodians and a certain quorum of them will need to be there for a given operation. Like, six of ten, three of seven, etc.

They all have to get their fragment of the key (their assigned device) which is usually stored in a safe which only they have access to. Then they all need to be in the same room, usually a SCIF (think a bank vault with a data center inside it). Whatever process they run will ask for their components individually, and then once the required number of components have been entered, the system will reassemble the master crypto keys and do whatever it needs to do.

The process is designed to make sure that fraud is very difficult and cannot happen without being detected. All the systems and physical access along the way will typically be monitored, controlled with biometrics and other secure mechanisms, and easily auditable. Any activity requires an intentional quorum of people to agree to do it, so you can't just get one guy to go do something bad.

It is kind of like nuclear missile launching, the root of a certificate authority, the root of a financial processing crypto scheme, etc.

In this case, sounds like something broke down and they can't get into a safe or some other secure location to retrieve key components. Usually these systems are designed to fail secure except in the case of life safety (i.e. you can get out if there's a fire, it just creates a huge audit nightmare).

You're looking at one aspect of the budget. Non-labor expense is usually stuff like paying consulting firms, "cloud services," buying advertisements, paying for training, etc. Capital expense is where you typically book things like servers, enterprise software, storage, etc. So this could be a company who spends a ton of money on marketing crap, or it could just be a company that spends more on external advertising buys and focus studies than it does on sending IT guys to training and outsourcing business apps. Without looking at the total picture it's hard to say what they really invest in.

You say that you are "connected to" the network but you don't say what this relationship actually is. If you are hosted by the hospital (i.e. actually part of their network), then they may have an information security department who is checking all the hosts that are on their network. This may or may not be part of the contract, either as a service provided or something that is required by the contract or hosting arrangement.

If you are not actually part of their network or hosted by them, there may still be something in the contracts that says that they can do this sort of penetration testing with partner companies. It isn't the best idea to accept this as a contract term, but I have seen it requested before and it may have been in there with nobody to notice it.

I would say that whoever handles the arrangement with the hospital should probably talk with their counterpart on the hospital's side about this and learn more about why it is happening and what is done with the information.

With respect to the various posts that have/will happen about HIPAA, I would say that it's totally possible (and desirable) to have a proactive information security policy that can still comply with regulations. Proactive penetration testing is not prohibited.

That's not exactly the point. Sure, if a switch is sparking, then it is broken. The point of this gear is that it has been built such that if it breaks, it won't be able to emit dangerous sparks that might do something like cause an explosion in the presence of a buildup of gas or whatever. It still has to be replaced, just like the non-hardened switch, but it is less risky to deploy in an environment where such hazards might be present.

You have the same backup problem with a mishmash of drives that you cobble together on your own...

You don't even need junked-together tin can wi-fi. Assuming there is something in the air to talk to, you could probably just set up a satellite uplink/downlink and not need to worry about distance or anything. The technology for this is readily available and has been deployed all around the world.

The problem is that the government would probably not like this and is also probably very likely to find it and "deal with it" in the same way that they deal with any other communications channel they don't approve of.

And that's part of the point. Why would you want your radiology machines on any sort of main network, regardless of whether they can or can't be updated? There's no reason for them to be widely available and the technology to firewall it off is not expensive when compared to the cost of, say, a collection of medical imaging systems that will sit behind it.

I don't see how this translates to a conflict with net neutrality.

They aren't saying you can't use Usenet, that they are going to block it somehow or that you have to use their Usenet servers at a premium price. They're just saying they aren't going to host it and offer it as part of their service package.

Regardless of whether this is a nice thing to do or not, it doesn't have anything to do with net neutrality.

So the article basically says that they have a machine room with four somewhat standard racks. That's pretty small. Figure that at some point you'll need some network gear which will likely take up at least one of the racks (switches, patch panels to other areas of the building, routers/firewalls), hopefully some UPS gear, a few servers.. four 48U racks doesn't go very far. And it only makes sense nowadays to have a couple larger servers hosting a bunch of virtual machines for mundane things. They would be wise to do that no matter what OS they run, and that more than anything is why you can cut down on the number of physical machines that are installed.

If you read it, you'll see that it's basically an explanation of what information they do and do not have, how their various properties work and what information they store, and how much it will cost an agency to have certain information requests addressed. It doesn't represent some sort of sinister pipeline of information directly from their users' keyboards to the "evil government." If anything it's useful to everyone because it shows exactly what they do and don't save, and it might act as a deterrent for the casual or clueless investigator who watches too much CSI and thinks sending a request off will instantly pinpoint the bad guy by backtracking his DNS through the GPS IP address of his netbook's MAC module or whatever.

That sort of disclosure is on almost every statement that is issued by companies that are regulated by the SEC or some other regulatory body. Go look at any company's annual report, quarterly SEC filings, etc. Even press releases might have that sort of language on it. You basically have to try to spell out everything that could possibly go wrong so that stupid investors who don't understand that every business carries potential risks don't sue you later.

...but I personally would not think it was acceptable for them to edit a resume without collaborating with the candidate. If they want to suggest changes and work with them, that's one thing, but changes without the candidate's knowledge are a totally different matter.

Also, from the interviewer's point, they probably don't have the time or interest to weed through "why" it's wrong. And yeah, they may check in the future, and if stuff does not line up you might be held accountable for it. So even from an interviewer's point of view, it creates a potential problem. I would find another recruiting firm if you think it is beneficial to use one (I don't, necessarily, but it depends on your career and the types of companies you are looking for).

P.S. To question 3 - the recruiter is not your friend.