USB FlashDrives The New PC?

olddotter writes "Yahoo has an article about how large capacity USB drives might be redefining the concept of the personal computer. The article is windows specific, but think knopix on a flash drive." From the article: "When you check into an average hotel room and find -- alongside the alarm clock, hair dryer and DVD player that once were bring-your-own items but now are as standard as the furniture -- a cheap PC for guests to plug into, as our truly personal computing environment travels with us."

Don't Forget..

[Pharmboy]

Yea, but you still have to bring your own virus and spyware. It will be years til they provide that.

Right...

[xeon4life]

Yes, because Knoppix is so much more familiar to the Slashdot crowd than Windows...

Re:Right...

[gl4ss]

for being easily booted from usb.. damn right!

would you conduct your business from a windows pc.. sitting in a hotel room? thats like using old sheets.

Re:Right...

[SeventyBang]

Forget the sheets - think about the fact you're reusing the blankets from the previous parties (and the previous parties' leftovers).

Speaking of the drives, Best Buy just finished having a sale of Memorex 2G sticks (retail $199) for $159 at the cash register, then another $30 for the rebate. Granted, you're looking at $10+ in taxes at each level, but it's still a heck of a discount. Not much more than some of the stores' retail prices for 1G, although I don't think anyone is going to pay the upper end of a 1G price scale. Those things were nearly impossible to find using the StoreFinder Inventory. I didn't want to order one and was going to my doctor's office in Chicago a couple of days after they sold out here in Indy, so I placed a pickup order there.

Then, I happened to be picking up some laptops for our DARPA team from a repair shop, and when I went back to my car, there was a Best Buy sack (this was on the far side of the BB parking lot) which was on the passenger side of my car, so I opened it up. There was a 2G stick in it. Unopened. So I figured I'd do the nice nerd thing and track down the new owner. If they paid via credit card or cheque, it shouldn't have been a problem to track them down. Unfortunately, they paid in ca$h???? So I sat there for another hour, sitting & reading, sans A/C as it was fixed, then stopped working and I hadn't had time to take it back to be re-repaired. I don't tolerate heat very well, but I felt it was the decent thing to do. After an hour, I wasn't sure what to do, so I ended up putting it onto my lanyard, feeling badly for not having another way to find the owner.

BTW, it's said you can't (or shouldn't) format NTFS, but both of mine seem to be working fine. I had the handle (which holds it on the lanyard) break off and had to finagle a fix, but also contacted Memorex. They told me to file it as a warranty issue to get a replacement cap. (???)

One of my friends, who has a 512M stick, asked me what I was going to do with 4G of stick memory and I asked him what he did with 512M. He said he rarely comes close to capacity. I thought about marking one of them with tiny lettering: ICE (In Case of Emergency), sort of like the fad with cell phones, but a text file with the important info, in addition to the usual phone numbers (a list, and who they are - more options than a cell phone) as I usually have them around my neck; e.g. I'm allergic to morphine; my pain receptors have been exposed weekly exclusively to methadone for nearly ten years, so other pain meds may not work correctly; what other meds I'm taking; why all of this is so; etc.

Here's an article from PC Magazine detailing how to stock up on what you can carry around, bootable, as well as what utilities you can tote about worrying about (on the Windows side) things which have to have components in specific directories, entries in the registry, etc.

Or you can go one better...

[Afecks]

...check out VirtualPrivacyMachine. DamnSmallLinux made completely anonymous with Tor.

Re:Or you can go one better...

[temojen]

Or just bring your own Laptop. Putting your confidential information in someone else's computer is not safe. ever.

Re:Or you can go one better...

[dcapel]

Booting off a computer that you removed the hard drive, and then booted with Tinfoilhat Linux after disconnecting any contact with the outside world (ethernet, wifi, etc), and setting up your Faraday cage, and turning the impossible-for-cameras-to-read mode on in TFH Linux, then after your done burning another image into the CRT monitor, and after your done whipping the hard disk (just for good measure ;-)), and then inducing a strong electromagnetic field over the whole computer (choose your wavelength, I prefer gamma) before incinerating it, all while wearing your tinfoil hat and using the computer's hardware to generate mindcontrol blocking noise is *BIG BREATH* most definitely safe.

Well, that's great

[the-amazing-blob]

It would be nice to have that accessability in hotels, but I have one small problem with USB drives. They're too freaking small. I keep losing them.

Re:Well, that's great

[Xeo+024]

I don't think over-sized USB drives would sell very well.

Think about it, if you had a USB drive that was the size of your car, you'd look really stupid if you lost it.

"Damn! Where did I park my USB drive again?"

Re:Well, that's great

[nizo]

One solution would be to sell flashdrives with a builtin lcd monitor and keyboard; not only would they be hard to lose but the extra functionality would be awesome!

Re:Well, that's great

[HermanAB]

So? Just add a chain and a paint bucket filled with cement on the other end. You'll never lose the key again. BTW, I saw that on a farm...

I like this concept

[technoextreme]

I have always been fascinated by the programs that can boot off a flash drive because I don't own a computer yet. These programs are quite useful and so far I know of three. (Open Office, Mozilla, and an HTML editor) Does anyone else know what programs can be booted off such a drive?

Re:I like this concept

[tepples]

You boot an os off of a flash drive and then run those programs off of the bootable os.

Or you boot an "oe" (operating environment) off a flash drive. An oe is an os plus some bundled applications. If you load an oe advertised as containing OpenOffice.org Suite, Mozilla Firefox, and Nvu, then it doesn't matter whether it's running a FreeBSD or Linux os; what matters is that your apps run.

Flash drives don't last forever

[heptapod]

They crap out after so many read/writes. If a company can make a better flash drive all the better.

Re:Flash drives don't last forever

[big+daddy+kane]

With a a proper and flash specific file system the write limit problem is almost non-existant. Wear leveling can allow the memory to last for years. One of the reasons for the semi-crappy performance/dependibility of these flash drives is because they use FAT over a flash translation layer, which uses more writes than nessesary and doesnt include wear leveling. A real flash filing system such as YAFFS is far more robust. The only problem is it requires support in the OS, which isn't included by default in any popular desktop operating system.

Re:Flash drives don't last forever

[00110011]

Another question would be how secure would it be to even consider using swap space on someone else's hard drive? Think about it...your entire program's memory could be swapped out, without notice, including any sensitive information stored in there such as passwords and encryption keys and such.

Re:Flash drives don't last forever

[v1]

There are "spare" cells in flash drives just the same as there are "spare" blocks on hard drives. There are usually two controller chips in a USB drive (plus the flash chips) - they include the memory controller and a usb (or firewire if you happen to have one) bridge. The memory controller manages the memory and remaps cells that go bad, transparent to the usb/fw bridge. Anyone with a flash drive probably has some bad cells in it, just like hard drives 10 years ago that came with a label printed on the top listing all the bad blocks the new drive shipped with.

Parent talks about "wear balancing" - interesting concept though I have not heard of it used on flash drives before... would be a nice idea but not too fun to implement.

I use my flash drive several times a day at least, it's a 4gb SanDisk Cruzer Mini. Perfect for hauling around all the maintenance, repair, and update software that I use daily. I don't know why people buy those giant drives that don't fit well in a pocket and block adjacent USB ports. SanDisk also has a lifetime guarantee on their drives, so if mine ever does use up all its spares, I'll just trade it for a new one. Lacks a write protect switch though, which would kinda be nice.

Also a less known factoid about USB drives... the fast ones - USB 2.0 "High Speed" (not to be confused with the "Full Speed" snails) only work in powered USB hubs. Can't plug them into the keyboard ports. I wish they'd fix that. I'm tired of having to crawl behind a computer to jack into one of the powered ports. Thankfully most manufacturers are placing a powered usb port on the front of their machines nowadays. (sometimes two)

Would be nice too if Apple would fix OS X so it didn't reset all the #@*& USB buses 1.5 seconds into boot, so we could boot X off our flash drives.

Re:Flash drives don't last forever

[NanoGator]

"Another question would be how secure would it be to even consider using swap space on someone else's hard drive? Think about it...your entire program's memory could be swapped out, without notice, including any sensitive information stored in there such as passwords and encryption keys and such."

Isn't that equivalent to saying "Your house isn't very secure. Somebody with a bulldozer could easily get in." ...?

No no, I'm not trying to use the time dis-honored method of using faulty metaphores to shoot your point down. Rather, I really am asking a question here. Wouldn't it take somebody with a snazzy computer mind and the right tools to actually go in and retrieve useful information? Wouldn't they have to know precisely what they're looking for to actually obtain that data? In that case, would it really be all that likely you'd fall victim to something like that?

Whether I'm right or wrong, seems to me the best solution to this problem is to not rely on a computer you're not in control of to be secure. I have a hard time imagining students in school, for example, lots of students in school keeping dangerous info on these drives. The simple fact that they could lose the drive, in most cases, would be enough to keep these people in line.

Oh?

[temojen]

I wouldn't trust a hotel (or net-cafe) computer with a USB stick with my private keys, certificates, or banking password. Even if you boot off your USB stick, how do you know it's not booting under Xen? I think it's more likely that the hotel computer has malware already. chambermaids are not sysadmins.

Re:Oh?

[Pharmboy]

This is referring to a computer with NO operating system at all. You have to provide everything, it's completely diskless, just a usb port. If they did anything, it would have to be at the proxy or some kinda tftp boot.

Having a whole operating system on a flash drive isn't that unusual. I have been using Knoppix for years, like a million other people. The flashdrive would just be faster and smaller, and you could write to it and save some files if you chose to.

Re:Oh?

[temojen]

How do you know it has no OS?

Re:Oh?

[Jace+of+Fuse!]

That won't help you one bit if the keyboard has within itself a hardware keylogger.

Some keyboards themselves are keyloggers.

Sometimes keyboards are attached to keylogger adapters or dongles.

KeyGhost.Com

So, remember, either bring your own keyboard or just bring a laptop.

Re:Oh?

[Pharmboy]

Or just hook up as this: USB drive - hidden USB inside box - USB connector. The hidden USB could read yours, but keep or send a copy off somewhere. I'm sure you can do more variations on this. If this gets significantly popular people will find a way and it's popularity will plummet down to nothing.

First, Knoppix doesn't mount any foreign disk by default. Second, if it was a drive that was "interupting" my keydrive, knoppix would likely see that and tell me. No such drive exists today, writing the code to view it would be very trivial, its hardware and knoppix reads ALL the hardware on every boot.

I would be more worried that they have cameras in the smoke detectors and watching your keystrokes. THIS would actually be easier to pull off because the gear exists to do it.

Ironically, I will bet you anything the majority of people who are being all paranoid about this 1) Dont travel anyway 2) Use wireless routers, no password and/or 3) Use Windows XP and the free version of Zone Alarm.

So pardon me if I'm a bit nonplussed by all the "security experts" posting their invalid concerns. Most of these concerns can be easily overcome with about 10 seconds of thought. There ARE some potential issues, but not a single valid one is expressed in the comments.

Re:Oh?

[ComputerSherpa]

You guys are all assuming that your precious data is worth stealing in the first place. You may not be as interesting to other people as you may think.

Re:Oh?

[Mr.+Bad+Example]

> How do you know it has no OS?

Build a bridge out of it!

Oh, wait....sorry. That's witches. Carry on.

Re:Oh?

[fbjon]

Knoppix can only read what the hardware tells it to read. Try running Knoppix in VMWare, you'll notice that you can make it believe anything about your computer. Knoppix cannot detect if there is a keylogger installed in the keyboard. It cannot detect if the signals coming from the USB-key are really from the key, or rather from a device in between, reading the key, and generating the proper response while recording everything. The electronics for both of these can easily be hidden, inside a regular-looking keyboard, and a regular-looking usb port.

In short, Knoppix is a good solution for plain vanilla commodity hardware, as long as you know what it is. But if you have some sensitive data that someone wants, perhaps the hotel you're staying in provides some black-market services you're not aware of?

Re:Oh?

[timeOday]

How do you know it has no OS?

The point is it shouldn't be too hard to make a machine that can't be modified in software by its users, which you can use to boot up from your own memory device.

Does that mean whoever owns the machine in the cybercafe or hotel couldn't trick you? No. But it means a patron of one of these establishments probably could not, which is good enough.

It's like asking "before entering your PIN, how do you know that's a real ATM?" The answer is, you don't, really, but exploints of this extent are too exotic to worry much about.

Re:Oh?

[Pharmboy]

But if you have some sensitive data that someone wants, perhaps the hotel you're staying in provides some black-market services you're not aware of?

When I pay $300-$500 a night to stay at the Sheraton in Brussels, I'm pretty sure they aren't just a front for a credit card fraud ring. After all, I have already GIVEN them a scan of my credit card to put on file during my stay. This is the kind of hotel that would be offering computers. Better quality business class hotels near major airports and travel destinations.

The Model 6 on the edge of town where the crack whores stay isn't gonna start having free computer access anytime soon.

Come on, a little perspective goes a long way folks. You guys must not travel much.

Re:Oh?

[thrillseeker]

When I pay $300-$500 a night to stay at the Sheraton in Brussels, I'm pretty sure they aren't just a front for a credit card fraud ring.

You, and others that can afford to stay there, are the perfect people to collect private data from. Credit card numbers, passwords to corporate accounts, banking information, whatever. The person doing the collecting doesn't have to tell Sheraton he's doing he, does he? He just has to impose his malware into the system you're going to be using while fat, dumb, and happy (it's an expression - don't take it personally). Somebody, somewhere, will be happy to collect and somebody else, somewhere, will be happy to buy that data, and somebody, somewhere, will be happy to put that data to use in subtle and Step 3 (profit!) manners, all facilitated at the whatever the cracker equivalent of ebay is.

Security is not just your pendrive - it's also your OS and your hardware, and your data connection and whatever man-in-the-middle setups may have been quietly arranged. Unless you know it's safe - and a little misdirection can mislead even the otherwise competent - treat it like it's compromised.

Re:Oh?

[jrockway]

In that case, please explain all these SPAMs that say "please give me you paypal password", "please give me your bank password", etc. My data is important simply because some scammer can make money off of it.

Re:Oh?

[myov]

One of my clients runs an internet cafe. Partially as a result of the machines constantly failing, I set the machines up so that they refresh each time the machine is rebooted. But, from a security perspective all you need to do is reboot, wait 7 minutes, and you have a clean system. No spyware, no viruses. It's been almost a year and there have been 0 problems since.

The image was made after a clean windows install and uses parted to restore. It's stored on a partition that is hidden by grub at system boot. About the only thing that can be messed up (with a lot of effort) is finding the hidden grub files on the fat partition, and all that means is a manual boot into linux.

Obviously system updates can't be applied so I refresh the image once a month or so.

Re:Oh?

[TheSloth2001ca]

one way to get around this is to re-install everything from an image when a guest checks out.

I would assume that this could be done semi-automaticly with IT staff only needed when something goes wrong

Re:Oh?

[Molochi]

This just makes the parent's post more insightful. Any unsupervised, publicly accessable computer should be considered comprimised by default. It doesn't matter much if you VPN into your banking sight if some asshat has plugged an undetectable keylogging keyboard into the system

Re:Oh?

[Pharmboy]

Your comment made more sense than 90% of the others. This is the point I was trying to make, that while there is always security risks, it would be pretty easy to make the system reasonably secure.

Amazing how security conscience people are on Slashdot, when in reality their wireless hubs are not password protected, their AV is 2 months out of date, and they go to questionable websites regularly, and their pirated copy of XP is out of date, thus more vulnerable.

This could have been a great group of threads about a this very interesting idea of diskless hotel access. Instead it was filled with paranoid wankers who don't have a pot to piss in, and couldn't afford to go to a hotel that would have this system. Most of the security related "concerns" clearly demonstrate that the average slashdot poster is NOT as nerdy as some would believe, worring about the wrong things, and ignorant of the current risks. Totally fucking amazing.

On a more positive note, I finally figured out what the hell your sig means.

The key issue

[putko]

There's nothing magical about USB, or even a local disk.

The key issue isn't that the data is on a USB disk, but that it is easy enough for you to carry around all your data (including OS and apps). E.g. compact flash would suffice. Or serial flash.

Furthermore, just having secure access to the data (perhaps over the internet) would suffice. Imagine a system where to boot up, the PC fetches your data off the web. Perhaps you use a kind of use-once key to access some of the data, with which the PC computes.

The thing I've not been satisfied with yet is the idea that the PC itself would engage in a man-in-the-middle attack. E.g. it stores a copy of whatever data you've accessed (off your USB, compact flash or network storage) -- and the bad guy gets that stuff later. There's no defense against this attack, because the PC is doing the processing.

E.g. imagine a compromised PC running something like bochs. It emulates a real PC, but gives away your secrets.

Re:The key issue

[Kjella]

The thing I've not been satisfied with yet is the idea that the PC itself would engage in a man-in-the-middle attack. E.g. it stores a copy of whatever data you've accessed

Or if your USB key is your computer (I presume some of these can be offline), why not just copy the entire USB drive? At 512mb each, you'd fit 500 on a 250gb drive (actually you wouldn't since 2^10 != 10^3), then just search... any interesting jpgs? videos? license keys? confidential data? certificates? Take your pick.

Trust?

[wtown]

Assuming that you are willing to trust that this machine isn't (either by design or by tampering) just grabbing and logging all of your data.

Granted, I'm sure protection mechanisms would be built in to address this, but I think I'd still be a bit skeptical.

Re:Trust?

[hweimer]

The biggest problem is the changeover. You could probably do it in 15 minutes or so, but getting to each keyboard with a soldering iron for that time in a busy hotel would be difficult if you don't want to rent each room in turn.

Nice idea. Wouldn't be it much easier to just use a USB keylogger? However, keystrokes (i.e. username and password combinations) are probably not that valuable information so that the earnings would cover your expenses.

How about this: knock at an occupied hotel room (preferably dressed like the hotel staff) and say that you have to take the PC to do some maintenance work. Take one of those WiFi devices with two USB ports and put it inside of the computer's case. Replace the PC's USB connectors so they lead to your WiFi box and attach the second USB port to a "real" port.

If the WiFi box is running a customized kernel that simply routes the USB communication to the PC, you could sniff the traffic. Even better would be to read out the whole USB disk and send it over the wireless link to a machine that stores all the data. Do that for every room and you recieve all confidential data from every person that uses one of these PCs

Is the network the flashdrive?

[cgrand]

I'm puzzled: once I was told the network is the computer and now I learn the flashdrive is the computer.
I'm totally at a lost.

Windows?

[Libor+Vanek]

Now only if Windows can correctly boot on completely different box... Author probably never tried to take his Windows XP disk and boot in different box with different mainboard, video and network card...

Re:Windows?

[Pharmboy]

Author probably never tried to take his Windows XP disk and boot in different box with different mainboard, video and network card...

Piece of cake. Just install flashdrive, answer Yes and NO alot, reboot 12 times, download two drivers each time, then call for authorization to activate your computer yet again. Setup time would be less than two hours each time. This is much better than bringing your own laptop....

Subnotebooks ...

[gst]

I already have my "Personal Computer" in form of a 1.2kg subnotebook. While 1.2kg is still not the ideal weight the new models get better each year (unlike some years ago when notebook manufacturers only cared about the performance and not about the size). All I need is an open accesspoint so that I'm able to check my mails when traveling. If there's no AP nearby I can still use bluetooth to connect to my mobile and then use GPRS to get onto the net. And when I'm at home I just put the notebook into the docking station and I have a "normal PC" with a large monitor and a connected soundsystem.

USB would need a security layer.

[G4from128k]

This sounds like a security/privacy nightmare. What stops the host PC from copying the drive or infecting it with malware from the prior user. Even if the USB drive uses an encrypted filesystem, once you type your password into the PC to access any file on the user data partition, you have no guarantee that it won't access every file on the drive. I can also see this giving corporate security managers the screaming heebie jeebies over the thought of returning road-warrior executives bringing infected USB drives inside the the corporate firewall (yes, you can scan for malware but you're still susceptible to zero-day attacks and delays in AV updates).

Perhaps this would work if the client machine were truly memory-less (no HD, no NVRAM, no flash ROM, etc.). Then the machine could be a secure blank slate for whatever the USB user needed to do. Given the prevalence of flashable firmware on everything (and the need for persistent machine configuration data), I doubt this is very feasible.

Re:USB would need a security layer.

[misleb]

Definitly the ideal would be to run the whole OS off the flash drive and have no storage or OS on the computer itself. Of course, this would currently only work with Linux (limited by Linux hardware support) and Macs. And Macs already have a good head start by being able to boot off of USB. And they don't generally have problems booting the same OS on different hardware. There are many modern PCs that cannot boot from a USB memory stick. And even if you could, we all know how picky Windows XP is about its hardware. I once wrote DamnSmallLinux and the Debian base installer to a USB stick hoping it woudl prove to be a universal recovery/install media. I was horribly disappinted to find that most of the PCs that I tried to boot just couldn't. They didn't have the option in the BIOS. Back to static data on CDs...

-matthew

Re:USB would need a security layer.

[Pharmboy]

Again, who is going to install this keylogger? The hotel? The FBI? Some "bad guy/thief"?

I'm pretty sure Holiday Inn won't, and the FBI could get the info using an easier method. I mean, if I'm trying to screw you over and get your data, this would be the most expensive and difficult way to do it.

What am i going to do, install keyloggers on all hotel rooms? Normally, you don't get your room number until you show up, so how can I install it in advance to just screw you over, if I was going after you individually? If I just install it to catch ANYONE, there is a record that I was there, so it could be traced back to me.

Or the maid could install it perhaps? There are much easier ways to rip people off than CREATING this hardware, test it, get the job, find the time to get in and install it, and hope like hell you don't get caught because you have to show your drivers license and social security card to get hired. So whenever they find it out, you WILL be a suspect. It is not that it is impossible, it is just that it is the least likely of the security concerns.

This is a theoretical problem that has no bearing in reality short of the FBI, and if they want your data, they will get your data. Possible, yes, but you and I have a much larger chance of getting hit by lightening, but you aren't fretting about that.

The REAL potential is at the hotel's proxy server / router, where the vendor's IT guy could be recording all nonencrypted traffic, which would include most webmail. This is in software, and would be easier to cover up. Then you have access to the email, and can go from there. This could be secured, but would require users are not dumb. THIS is the main security issue. This is a concern NOW, not in the future, and not theoretical.

vmware with no HD image perhaps?

[tepples]

Then how do you know it's not a virtual machine that's emulating a diskless PC?

Re:vmware with no HD image perhaps?

[fbjon]

How about a battery backed-up PSU, with the battery inside the PSU itself? The host OS detects that AC power drops out, simulates no-power. When AC power returns, "start computer". Yes it's unlikely, but not particularly difficult, and some people need to worry about it actually.

If you can find a way to easily make sure that the thing has no power left inside, and it looks like commodity hardware, then it's probably ok. But even then, what if it doesn't have a normal BIOS, but instead boots straight into an emulator?

The possibilities are endless...

Re:vmware with no HD image perhaps?

[DavidTC]

So, you think computers in hotel rooms are just going to have their cabling laying around where people can get to it?

Cause we all know they do that with the phones and TVs.

Oh, wait, no they don't. They build them into things or at the very least have the cables non-detachable.

Gee, if they do that with a 30 dollar phone and a two dollar cable on it, I wonder if they'll do it with a 300 dollar computer and a two dollar cable on it. Not to mention the 15 dollar keyboard and 5 dollar mouse they don't want people making off with.

I'm sure they'll leave all that accessable where we can just unplug it at will, instead of putting in those computer cases that are sold exactly for the purpose of blocking access to the cabling while leaving the front accessable.

Just for laughs, at the next hotel you stay in that has an internet connection, try unplugging the TV. See how far you get. You can unplug them at cheap places that just buy a TV and put it on a table, but those are not the places that will be offering computers.

Re:vmware with no HD image perhaps?

[DavidTC]

Yeah, I'm not exactly sure why I'm even arguing this. Who the heck even says the box sitting by the desk even is the computer? Maybe the monitor (and the power switch) runs through the wall to some other computer elsewhere. When the power goes 'out' they just send no signal to the screen and reset the VM. When it comes 'on' they start up the VM again.

In fact, that's how I'd do it anyway. I'd have a monitor, keyboard, mouse, and USB port on the keyboard or monitor, and nothing else visible. Stick the computer up in the ceiling or behind a wall or something.

If they were intelligent, there'd be the end of a USB KVM laying out, so people could plug laptops into the keyboard/monitor, or flip a switch to use the build-in computer, including booting off a USB stick if there is one. (Or a basic install of Windows if not.) Use repeaters to go to a rack in the basement.

And if you do that, you can even charge people for computers, and have less than one a room. Free for laptops, or they can pay to have one of the hotel computers hooked to their room.

If they were really clever, these 'racks' in the basement would actually be VMs. Not for spying, but simply for cost. Sadly, at that point, you're off standard hardware, even standard rack hardware.

And, like I said, if they want to spy on you, getting a USB drive/keyboard/mouse dump via a hacked hub (residing inside the computer) might be easier and more useful. (Have it write to, heh, a second hard drive that's hooked up via said hub. You know, there has to be some 'drive imager' type thing that does this already.)

Predicted about 10 years ago

[Flying+Purple+Wombat]

About 10 years ago, an engineer from our systems vendor predicted that one day, our computers would be the card-sized. We were looking at a PCMCIA flash card at the moment. Keyboard/mouse/display terminals would be everywhere, and we would just carry the cards around and plug them in wherever. PDA type terminals would be available for portable use. Sounds like it's coming to pass. Wonder if the guy got a patent out of that idea?

Look at Internet Suspend/Resume

[Doodhwala]

ISR has exactly these goals. It is essentially the concept of running a Virtual Machine that can migrate between different computers. Migration can happen via the network or via portable storage devices such as USB keychains. The ISR project was also covered in a previous Slashdot story here.

the NeXT big thing...

[ross_winn]

This is, for all intents and purposes, what NeXT tried to do in the late 80s. The optical drive they used was ruinously expensive. The software was limited. Now, twenty years later, theidea is coming into its own. Devices like the USB key, the microdrive, and the Palm LifeDrive are actually spacious enough to make all of this work. Twenty years ago Jobs said you should be able to walk up to any personal computer and make it your own. Ten years ago Ellison said that you could access anything from anywhere. In five to ten years these visionary things may just really happen. Funny how the world works, isn't it...

Direction?

[Mashdar]

Why wouldn't there just be a monitor and keyboard?

The article assumes that the processor/memory etc are bulky by definition. Movement towards miniturization and disposable computing mean that having an entire system may become nearly as cheap and small as the stick of memory you are booting off of.

The only way to be truly secure is to have full control over the system you are using, so bringing your own entire machine will be a necesity for the crowd for whom inovations in hotels are usually designed for: business people.

Also a USB key with an OS compiled for an alternative archetecture would be useless in a hotel box.

The only two things which a handheld device cannot offer are a full sized display and interface. Why not just make everyone's handheld device interface with a monitor/keyboard/mouse console? Leave architecture compatibility issues to the user. Leave security to the user. Just provide a pleasant work environment.

We used to do that with floppy disks

[HermanAB]

Geez, I must be getting old. These young whipper snappers are so used to networked computers that they all think removable media is a new idea...

Re:We used to do that with floppy disks

[HermanAB]

Hmm, never underestimate the bandwidth of a station wagon full of punch cards... ;-)

Re:We used to do that with floppy disks

[MS_leases_my_soul]

In the mid-80s, FidoNet was it. I had a whopping 2 line BBS - 2400 baud on the subscription line and 1200 baud on the public line. I had a massive 10 MB hard drive that I used to run the system.

Well, with over 8 MB of the 10 MB dedicated to file areas for the BBS, 8 MB across 2400 baud is a slow transfer, particularly at long-distance rates. So how did we swap files?

Every 2-4 weeks, us sysops would all meet someplace, usually a state park where we would grill some dogs and shoot the crap. We would all put in requests to each other, spend a few evenings before each get-together copied to disk, and you would show up with a box of floppies. I mean a long cardboard box with 100 floppies, not a box of 10 here.

100 1.44 MB floppies driven 1 hour across the state line - I couldn't touch that kind of bandwidth online.

Re:I'm confused

[NapalmMan]

USB Flash Drives don't mount like say, a CD would, meaning you can't autorun anything. I believe that's what this U3 Technology does, it more or less adds autorun capabilities to the drive. I learned this tidbit about Flash Drives when my roommate and I tried to build a USB Game Controller, with a drive with some games on it. The idea was: plug it in and go. Unfortunately, we had the wrong kind of USB drive.

You are talking about trust.

[twitter]

The thing I've not been satisfied with yet is the idea that the PC itself would engage in a man-in-the-middle attack.

That's why I'm going to keep carrying my laptop. I don't trust non-free software, especially Microsoft junk. I'll use a windoze box in a pinch, but I won't put a password into it. There are just too many key loggers out there and the platform is too open to abuse. As long as there's a network, I have full OpenSSH access to my data from my cable box. It's rare that I need all of it, but what I need is unpredictable. That's not something the average Windoze box can do and I would not trust it if it could.

Would I trust a free computer? That depends on my trust of the owner. I trust my friends and their computers. Do I know a hotel chain? No, and so the laptop saves the day again.

My trust in businesses has been shattered by the last decade of data mining they have done. The grocery store tracks my spending and spits out coupons. The credit card company tracks my spending even the gas station want's a piece of the "action". This is only the tip of the database nation iceburg.

Even the BIOS is emulated

[tepples]

Because virtual machines still have to boot. Lemme put it this way - reboot and in the BIOS, make sure that flash drives boot before hard drives.

...the BIOS screen you think you see isn't the bare hardware's BIOS screen. It's the virtual machine's.

Re:Even the BIOS is emulated

[_fuzz_]

Because virtual machines still have to boot. Lemme put it this way - reboot and in the BIOS, make sure that flash drives boot before hard drives.
...the BIOS screen you think you see isn't the bare hardware's BIOS screen. It's the virtual machine's.

1. Unplug the computer
2. Plug it back in
3. Be assured that it's not running in VMWare, Xen, etc.

Granted if someone really really wanted to, they could have figured out a way to crack the BIOS or something. But at that point I'd be more concerned about a hardware keylogger or hidden camera.

Forgot about Europe?

[Trurl's+Machine]

Ideas like this one are always based on one assumption: that everybody will be totally happy with the same keyboard layout. While it might be true US-wide for US-only customers, it's not true in Europe. All the European languages require keyboard layouts more or less different than the typical English QWERTY - such as the German QWERTZ or French AZERTY, not to mention all those weird accented characters that the Swedisch chef need to correctly spell his "bork! bork! bork!". Don't get me started with Slavic languages, especially those of Cyryllic alphabet... No European hotel would seriously consider offering this service as it would lock-out foreign visitors. Personally, I'm just totally happy traveling with my powerbook as my personal computer, all I want from the hotel is to have Airport and access to their printers.

Where the heck are you finding...

[Asprin]

Where the heck are you finding hotels that provide a DVD player when in-room PPV movies are $10-$15 each? None of the hotels I've ever stayed in provide that; the TV's don't even have accessible A/V inputs and the cable hookups are protected with a user-proof collar.

I have...

[SeaFox]

On my drive I have:

Firefox (portable version prepared by John Haller)
Thunderbird (also Haller's prepackage)
7-Zip (cause my flash drive is only 256MB)
NetRadio (simple Shoutcast player/ripper)
XMPlay (for other audio files)
Miranda IM (would use GAIM, but don't want to install GTK and the autologging is so useful)
BitComet (more features and half the disk size of the official BitTorrent client)
WinMTR 0.8.7 (if only the Windows shell had this built in)
SSH Secure Shell (there's a free-for-non-commercial-use licensed version somewhere)

Bad example

[Wudbaer]

You chose a really bad example up there ;-). At least in Europe fraud using manipulated or even completely bogus ATMs is not too infrequent according to police reports. Apparently there are a lot of mostly Eastern European gangs that either "enhance" real ATM systems with add-ons for the card reader and the keyboard that, while often not discernible on even closer inspection to the non-expert, can log the users PIN codes and grab the transmitted card data. Sometimes they even use complete real-looking fake-ATMs that trick you into entering your PIN and swallowing your ATM card afterwards. Until you have contacted the bank to get your card back from the presumed read ATM they are already spending your money using your real card and the PIN you gave them.

Re:Bad example

[ScrewMaster]

Here in the U.S. it isn't exactly common, but it has been shown that a convicted felon can not only buy a real ATM from its manufacturer but (contrary to statements made by the ABA) can even get connected to the banking network! There was an ATM ring operating out of New York that got busted last year: apparently they had several hundred ATM machines dotted around the city! They were smart about it: they would capture PIN and account numbers but would only suck a little money from each account now and then. Most people never noticed an occasion $3.95 charge .. probably figured it was some kind of bank fee. I guess they took in about 4.5 million before the cops took 'em down. Nobody knows how many similar groups there are. For my part, I only use ATMs that are from my bank: the offbrand ones I avoid.

Windows driver issues

[TheDarkener]

I can see it now, people completely hosing their Windows installations by going in between "terminals" like these.

Knoppix, I can see...

pretty cool...

[cswiii]

When you check into an average hotel room and find -- alongside the alarm clock, hair dryer and DVD player that once were bring-your-own items but now are as standard as the furniture -- a cheap PC for guests to plug into, as our truly personal computing environment travels with us.

The Doubletree I've been staying at for the past million months recently replaced all the regular clock radios with new ones that, in addition to four other preset "memorised" stations, has a button designated to an input jack -- so that MP3 players can be connected.