A long time ago, there was a site in the UK which would make a PGP signed timestamp of anything mailed to it (within reason). The site also published the hashes of everything stamped every week just to ensure nothing got tampered with. Of course, it means nothing legally, but as far as I remember, it never got compromised, so in theory, the timestamps it made could be considered usable.
This virtual notary appears to be as secure, with the hashes posted on Twitter.
Any piece of the puzzle is an improvement, from better solar cells (ones that can make more energy per square foot, ones that work well in shade) to better charge controllers [1], to a "pre-charging" bank of supercap batteries (which can store energy and allow the main bank to charge at the optimal rate, even allowing for some charging to be done when the panels are not making electricity), to denser energy in storage batteries, finally to better quality inverters.
[1]: I don't understand why we even have PWM charge controllers these days. They all should be MPPT, especially with economies of scale.
The 10x storage also gets me wondering. Does this mean 10x as much energy density per weight, or per volume? A 5-6 pound car battery is still taking up a lot of space. However, a battery that takes up 1/10 the volume is something that is almost near the level of gasoline for energy density, and has the possibility of completely changing transportation as we know it.
It looks like battery life will be extended by using crab shell designs, which is an important thing.
A kill switch is not going to affect the theft rate whatsoever, just like adding codes onto car radios didn't affect that, until factory audio heads starting getting on par with the aftermarket... then there was no point in grabbing car radios.
Similar with phones. A dead iPhone looks just the same as a live one [1]. A phone's parts are always worth something, because screens are easily broken, even if the motherboard is chucked. Batteries can be desoldered, screens can be replaced, enclosures can be exchanged, etc. If a thief is too lazy to bother with taking it apart, it can be sold as a parts device.
Kill switches will become more of a problem than they fix, and might just spur more violent crime, similar to how engine disabling systems changed car theft from a passive crime to a violent, active crime with carjacking.
I don't see any advantage of kill switches, as it doesn't devalue the device in the eyes of the bad guys. It only hurts the authorized users of devices, or in Apple's case, perhaps it is just another anti-jailbreaking layer with a happy face painted on it.
[1]: Until Apple comes with some system to have a passive eInk green dot show up if the phone is OK, or red if it isn't... then the bad guys will just crack the phone and paint the dot green.
This is one reason why it doesn't hurt to use a VPN with a profile that restarts the handshake should it get disconnected, so no traffic travels the Net unless it is to the VPN provider.
I just pick a service that has a low latency and has servers near me, use that. The result is that even if the Wi-Fi AP is completely compromised, the only traffic that will be obtained are packets to/from the encrypted tunnel.
Of course, if I use HTTP, traffic from the VPN provider and the destination can still be obtained, but getting access to a trunk switch or router tends to be a lot harder than compromising an AP in public.
Even operating systems have some provisions. Linux has the TARPIT option with iptables which will slow attacks down.
However, what I intended to mean by blocking at the router is if the attack was from one known IP. Of course, the attack would change sources if it is a real intruder.
Honeypots are the best matter of course. An attacker then just not has to deal with trying to get through the usual security measures... but then has to check the veracity of any data they receive. If they get ahold of a web server that is sitting on a VM farm, it is trivial for IDS/IPS software to snapshot the VM for forensics, and immediately roll it back.
On a primitive level, I remember doing this ages ago with the address harvester bots and wpoison. Well behaved Web scrapers would heed the robots.txt file, while the E-mail address scrapers would fall right into the CGI wormholes and be happy slurping up thousands of worthless E-mail addresses.
With the fact that compromised hosts are the first thing an intruder has between them and their target, how can one be sure that the host attacking them is malicious, or just a compromised box being used as a proxy or launching point for attacks?
If it was a compromised box, and it gets retaliated against, there might be a chance that the IDS/IPS system on the compromised network will log the back-strike, which can easily mean civil/criminal charges.
My take: Block them at the router for a couple days and go on. Trying to "counter-hack" can get one in a world of hurt.
Android has some very good anti-piracy mechanisms in place, and none of them depend on the presence/absence of root. Not just LVL, but encrypted apks that are individualized to the device on Google's end. Enable the forward-locked flag, and even adb's backup utility will just copy off the app's data and not the apk file.
Depending on the security of one mechanism (the jail) is falling into the "all eggs in one basket" trap. iOS should be able to keep secure regardless if a user has a "#" prompt or not.
This isn't to say that Apple's security doesn't work. I've yet to hear about SMS Trojan malware on iOS for example, but this is due to Apple's toughness as a gatekeeper with the App Store, something Google should consider doing, or at least offering a tier of thoroughly screened apps.
HTC has one of the best compromises -- a signed nonce that is individual to each phone. Give the phone the unlock code, and the bootloader is out of the picture (although the device is likely still S/ON).
HTC's devices have high walls... but turn the key in the lock, the drawbridge plops down allowing you entry.
Jailbreaking is getting pretty tough these days. Even SHSH blobs are not useful, even if one saves activation tickets via Cydia or iFaith.
Jailbreaking is becoming harder and harder. There was only one period of time when it was possible for the iPhone 5, and that time is long gone. Even activation tickets can't be restored (as per Cydia), so if one can't boot the phone into safe mode, one has to DFU restore and kiss the JB goodbye. To boot, known exploits to the top tier Dev Team guys are few and far between... and they have to ration them carefully, only presenting a JB after an OS and hardware release cycle.
This gets old after a while. Things like being able to pull up an app to check which channels are in use via Wi-fi (a great help when setting up an AP) are impossible on iOS.
Android has its warts, but to have complete control of a HTC device from the kernel on up, all it takes is registering for a dev account and getting an unlock code for that phone. Nexus phones are even simpler with "fastboot oem unlock". I prefer iOS's usability, and the fact that app quality seems a notch above Android's, but I much rather have control of the hardware I pay for.
I wouldn't mind if Apple had a compromise, perhaps allowing registered developers to have a way to have a UNIX userland and a root shell, but I doubt that will ever happen.
Apple has a product right under their nose. Right now they have tipped their hat to some auto makers, but in reality, they need to make a 1 DIN audio head with a fold-out screen that connects to the vehicle's CANbus and can offer functions regardless of what make the car is.
The car audio industry is similar to how cellphones were before smartphones got mainstream adoption. Heck, even thieves don't bother stealing car radios these days. Apple could easily send Alpine, Kenwood, and Sony running for the hills if they released a decent audio unit and got car makers to install it from the factory.
At best, one can use a Thunderbolt external RAID drive. Of course, good luck using this with a SAN, not many Thunderbolt 4-8 GB fiber channel HBAs, or 10gigE cards with CNAs on them.
At the minimum, it should have come with space for a SSD, and bays for 2-3 2.5" drives. At least with that, there could be some software (or hardware) RAID. As it stands, it appears that replacing the HDD may be a task. I'm hoping the RAM is upgradable and not a permanent fixture of the motherboard as well.
Security is a layered process. Airgaps do help a lot, but then you have to beef up your physical security.
I'll give one example. There was one company that I did an unpaid internship during my college days whose guys gave me a tour. They bragged about their mantraps, their electronic access control mechanisms, and what measures they had in place. I pointed out that the manual override lock on the door was one that was fairly easy to bump, so unless someone is watching the CCTV cameras and sends security at once, an intruder can be in fairly quickly.
They updated those to actual high security locks that have some actual pick resistance.
It doesn't take much to cause a whole data center to go down for a long time (EPO button), so even if an intruder can get five seconds inside a DC, they can cause immeasurable harm to a large company.
One of the best defense measures is segmentation. What machines do the vendors need access to, if you can, put them on their own network segment, firewalled away from everything else. Combine this with limiting outside access.
Not rocket science, but does take time and expense. Good firewalls (Cisco ASA) are not cheap, but they do the job and do it right.
That, or you might find an el cheapo four port switch between a production machine and its normal port where there wasn't one before, so unless you set the max MAC addies to one as a matter of daily business, you may have an ugly surprise.
There are always data centers running in other countries which can be run for cheap because of proximity to polluting coal plants. It might cause legal problems to offshore data to another country, but worst case, the cloud provider can just threaten to go bankrupt, which means the next owner of the servers can do anything with the stored client data, and there is nothing legally a client can do about it.
Server rooms will remain the same, except we might have aisles with a wider rack size from 19 inch to 21 inch or Facebook's OpenRack spec of 537mm. Of course, there will be metal adapters available so the existing 19 inch stuff can be racked in the wider racks.
Companies don't change that much. IT will still be IT, and Dilbert will hold true.
Some E-mail will move to Google. Most will still remain on Exchange due to momentum, regulations requiring physical location of sensitive data, and the fact that Exchange does work and work well, so it will remain in corporations until something better comes along.
We will still be using AD or LDAP. Since most places have all their eggs in those baskets, it will be almost impossible for them to move to any other core authentication/authorization mechanism.
We will be running the same certificate treadmills for Windows Server 2018 and Windows Server 2020 as we do for Windows Server 2012.
There will be fewer discrete computers in the server room racks, as companies move to larger scale rack/blade farms. Plus, a blade/enclosure setup offers an advantage in the CPU/watt statistics.
Technologies like autotiering will become similar to RAID 5 and 6 -- part of almost any disk controller, so one can have both SSD and spindles, and the controller will figure out where data goes by itself.
All and all, IT won't change much. We will have newer and faster stuff occupying the racks, but it won't be a major jump like moving from machines with their own disk arrays to a centralized SAN like we did 5-6 years ago.
I would second the certificates. They are the -only- way (other than maybe references or word of mouth between PHBs) that one can stand out from the competition.
The reason is that cow-orkers notice one's performance, so does one's immediate supervisor... but HR and the top brass? Unless there is a major reprimand, they only see the alphabet soup characters after a candidate's name, perhaps might punch the cert IDs in as validation. The technical guys might at best have a thumbs up or down vote, but it is the HR guys who sign the reqs, and they almost always will go for the person who has never physically seen a switch, but has the Cisco certs over someone who has been in the field, but doesn't have a CCNA/CCIE/whatever.
There are also times when audits happen. I worked at a place that had an auditor have the IT managers people on the spot under the pretext of "no written authority to operate the equipment" if they didn't have their certs up to date.
Get the certs... Then comes the hard part. Getting a niche so you are recognized -by name-, and not the pieces of paper attached. That takes some doing, and it takes specialization... of course, specializing in the right thing that isn't a dead end.
It depends... Robots break, and someone clued enough to know what components need replaced can be fairly difficult to find. With computers, it is fairly easy... something on the motherboard dead, pull the board. HDD dead, pull that. With a robotic install, just ripping the robots out of the factory floor and replacing them if there is a hiccup isn't going to work.
Automation eats jobs, but I don't think it is a bad thing. I'd rather see a robot be turning screws 24/7 than having to force a human get RSI disorders to do the same thing.
However, I have my biases... one of my dreams for retirement is to buy a couple high-tolerance CNC mills, and do precise custom fab work, be it custom engine designs, or making one-offs to show something done and done right. For example, I've always wanted to duplicate some of the insanely complex bank vault locks from the 1800s, and with a CNC machine, it would be a lot easier to carve out the precise levers and the case that holds them. Done right, a well-made lever lock is decently pick resistant, although they fell out of common use due to their size.
The interesting thing is that robotics are something the US is very good at. Vehicle production is mostly automated.
Of course, sometimes robotics get hair-pulling in ironic ways. I was trying to find a maker that could build me the mechanism for a raw hard drive autochanger (where it would take hard disks without any enclosures and mount/dismount them), and the only game in town was Siemens, and they were asking $10,000 a unit.
I still wouldn't mind making a hard disk library that didn't have to have special enclosures around the HDDs, then software on the "head" to do whatever the user wants, be it a VTL, HSM with storage "swapped" in and out, or even a way to snapshot existing SAN volumes and store them independent of what data sits on them. Encryption would be as basic or as fancy as one wants (from a simple password where a hash is used as the key, to a key manager using RSA keys, and each drive having its own session key, etc.)
I still have a 365XD with an old RedHat distro with custom pcmcia-cs code. Still has a 1.5 MB (yes, megabyte) PCMCIA flash disk from Sun drive (not Sandisk), and a combo 10baseT Ethernet card/modem that worked quite well as a smart firewall for a couple years until DSL was available.
I would pay a price premium for something as solid as those old laptops, although I want one with a TPM chip [1], and Macbooks don't have that available.
[1]: The technology cuts two ways, but with BitLocker, I can just enable TPM + USB, and if the laptop is ever stolen, if I have the usb flash drive (which will be on my keychain), I know that laptop isn't going to be decrypted by a thief barring them having the resources of a big company or major government. If I ever lose the USB flash drive, I pull up my phone, SSH into my home machine [2], copy/paste the recovery code, and be still able to access data.
[2]: Google Authenticator two factor protection comes in handy if one isn't using RSA keys for SSH. Doesn't work with AD, but for logging locally to a machine, it is good enough.
Don't forget transportation costs. Fuel prices are in no ways stable, so we are hitting the point where it is cheaper for places to set up shop here in the US just so that things made are sent by rail or semi, compared to the cost of shipping them from the factory, then all the work with getting them on a ship and all the diesel the freighter uses.
I wouldn't be surprised to see this happening more and more as fuel costs go up.
Slashdot Mirror
A long time ago, there was a site in the UK which would make a PGP signed timestamp of anything mailed to it (within reason). The site also published the hashes of everything stamped every week just to ensure nothing got tampered with. Of course, it means nothing legally, but as far as I remember, it never got compromised, so in theory, the timestamps it made could be considered usable.
This virtual notary appears to be as secure, with the hashes posted on Twitter.
Maybe even ditch the whole assembly and go with LED bulbs that replace the fluorescent tubes?
People argue about LED lighting and if 120 Hz is a headache inducer compared to 150 Hz. However, I'll take either over the 60Hz ballasts of old.
Any piece of the puzzle is an improvement, from better solar cells (ones that can make more energy per square foot, ones that work well in shade) to better charge controllers [1], to a "pre-charging" bank of supercap batteries (which can store energy and allow the main bank to charge at the optimal rate, even allowing for some charging to be done when the panels are not making electricity), to denser energy in storage batteries, finally to better quality inverters.
[1]: I don't understand why we even have PWM charge controllers these days. They all should be MPPT, especially with economies of scale.
The 10x storage also gets me wondering. Does this mean 10x as much energy density per weight, or per volume? A 5-6 pound car battery is still taking up a lot of space. However, a battery that takes up 1/10 the volume is something that is almost near the level of gasoline for energy density, and has the possibility of completely changing transportation as we know it.
It looks like battery life will be extended by using crab shell designs, which is an important thing.
A kill switch is not going to affect the theft rate whatsoever, just like adding codes onto car radios didn't affect that, until factory audio heads starting getting on par with the aftermarket... then there was no point in grabbing car radios.
Similar with phones. A dead iPhone looks just the same as a live one [1]. A phone's parts are always worth something, because screens are easily broken, even if the motherboard is chucked. Batteries can be desoldered, screens can be replaced, enclosures can be exchanged, etc. If a thief is too lazy to bother with taking it apart, it can be sold as a parts device.
Kill switches will become more of a problem than they fix, and might just spur more violent crime, similar to how engine disabling systems changed car theft from a passive crime to a violent, active crime with carjacking.
I don't see any advantage of kill switches, as it doesn't devalue the device in the eyes of the bad guys. It only hurts the authorized users of devices, or in Apple's case, perhaps it is just another anti-jailbreaking layer with a happy face painted on it.
[1]: Until Apple comes with some system to have a passive eInk green dot show up if the phone is OK, or red if it isn't... then the bad guys will just crack the phone and paint the dot green.
This is one reason why it doesn't hurt to use a VPN with a profile that restarts the handshake should it get disconnected, so no traffic travels the Net unless it is to the VPN provider.
I just pick a service that has a low latency and has servers near me, use that. The result is that even if the Wi-Fi AP is completely compromised, the only traffic that will be obtained are packets to/from the encrypted tunnel.
Of course, if I use HTTP, traffic from the VPN provider and the destination can still be obtained, but getting access to a trunk switch or router tends to be a lot harder than compromising an AP in public.
Even operating systems have some provisions. Linux has the TARPIT option with iptables which will slow attacks down.
However, what I intended to mean by blocking at the router is if the attack was from one known IP. Of course, the attack would change sources if it is a real intruder.
Honeypots are the best matter of course. An attacker then just not has to deal with trying to get through the usual security measures... but then has to check the veracity of any data they receive. If they get ahold of a web server that is sitting on a VM farm, it is trivial for IDS/IPS software to snapshot the VM for forensics, and immediately roll it back.
On a primitive level, I remember doing this ages ago with the address harvester bots and wpoison. Well behaved Web scrapers would heed the robots.txt file, while the E-mail address scrapers would fall right into the CGI wormholes and be happy slurping up thousands of worthless E-mail addresses.
With the fact that compromised hosts are the first thing an intruder has between them and their target, how can one be sure that the host attacking them is malicious, or just a compromised box being used as a proxy or launching point for attacks?
If it was a compromised box, and it gets retaliated against, there might be a chance that the IDS/IPS system on the compromised network will log the back-strike, which can easily mean civil/criminal charges.
My take: Block them at the router for a couple days and go on. Trying to "counter-hack" can get one in a world of hurt.
Android has some very good anti-piracy mechanisms in place, and none of them depend on the presence/absence of root. Not just LVL, but encrypted apks that are individualized to the device on Google's end. Enable the forward-locked flag, and even adb's backup utility will just copy off the app's data and not the apk file.
Depending on the security of one mechanism (the jail) is falling into the "all eggs in one basket" trap. iOS should be able to keep secure regardless if a user has a "#" prompt or not.
This isn't to say that Apple's security doesn't work. I've yet to hear about SMS Trojan malware on iOS for example, but this is due to Apple's toughness as a gatekeeper with the App Store, something Google should consider doing, or at least offering a tier of thoroughly screened apps.
HTC has one of the best compromises -- a signed nonce that is individual to each phone. Give the phone the unlock code, and the bootloader is out of the picture (although the device is likely still S/ON).
HTC's devices have high walls... but turn the key in the lock, the drawbridge plops down allowing you entry.
Jailbreaking is getting pretty tough these days. Even SHSH blobs are not useful, even if one saves activation tickets via Cydia or iFaith.
Jailbreaking is becoming harder and harder. There was only one period of time when it was possible for the iPhone 5, and that time is long gone. Even activation tickets can't be restored (as per Cydia), so if one can't boot the phone into safe mode, one has to DFU restore and kiss the JB goodbye. To boot, known exploits to the top tier Dev Team guys are few and far between... and they have to ration them carefully, only presenting a JB after an OS and hardware release cycle.
This gets old after a while. Things like being able to pull up an app to check which channels are in use via Wi-fi (a great help when setting up an AP) are impossible on iOS.
Android has its warts, but to have complete control of a HTC device from the kernel on up, all it takes is registering for a dev account and getting an unlock code for that phone. Nexus phones are even simpler with "fastboot oem unlock". I prefer iOS's usability, and the fact that app quality seems a notch above Android's, but I much rather have control of the hardware I pay for.
I wouldn't mind if Apple had a compromise, perhaps allowing registered developers to have a way to have a UNIX userland and a root shell, but I doubt that will ever happen.
Apple has a product right under their nose. Right now they have tipped their hat to some auto makers, but in reality, they need to make a 1 DIN audio head with a fold-out screen that connects to the vehicle's CANbus and can offer functions regardless of what make the car is.
The car audio industry is similar to how cellphones were before smartphones got mainstream adoption. Heck, even thieves don't bother stealing car radios these days. Apple could easily send Alpine, Kenwood, and Sony running for the hills if they released a decent audio unit and got car makers to install it from the factory.
At best, one can use a Thunderbolt external RAID drive. Of course, good luck using this with a SAN, not many Thunderbolt 4-8 GB fiber channel HBAs, or 10gigE cards with CNAs on them.
At the minimum, it should have come with space for a SSD, and bays for 2-3 2.5" drives. At least with that, there could be some software (or hardware) RAID. As it stands, it appears that replacing the HDD may be a task. I'm hoping the RAM is upgradable and not a permanent fixture of the motherboard as well.
The Iranians had airgaps for their centrifuges...
Security is a layered process. Airgaps do help a lot, but then you have to beef up your physical security.
I'll give one example. There was one company that I did an unpaid internship during my college days whose guys gave me a tour. They bragged about their mantraps, their electronic access control mechanisms, and what measures they had in place. I pointed out that the manual override lock on the door was one that was fairly easy to bump, so unless someone is watching the CCTV cameras and sends security at once, an intruder can be in fairly quickly.
They updated those to actual high security locks that have some actual pick resistance.
It doesn't take much to cause a whole data center to go down for a long time (EPO button), so even if an intruder can get five seconds inside a DC, they can cause immeasurable harm to a large company.
One of the best defense measures is segmentation. What machines do the vendors need access to, if you can, put them on their own network segment, firewalled away from everything else. Combine this with limiting outside access.
Not rocket science, but does take time and expense. Good firewalls (Cisco ASA) are not cheap, but they do the job and do it right.
That, or you might find an el cheapo four port switch between a production machine and its normal port where there wasn't one before, so unless you set the max MAC addies to one as a matter of daily business, you may have an ugly surprise.
There are always data centers running in other countries which can be run for cheap because of proximity to polluting coal plants. It might cause legal problems to offshore data to another country, but worst case, the cloud provider can just threaten to go bankrupt, which means the next owner of the servers can do anything with the stored client data, and there is nothing legally a client can do about it.
Or in my experience, first, a four letter phrase, "security has no ROI", then another six word phrase, "We can always call Geek Squad."
Breaking it down:
Server rooms will remain the same, except we might have aisles with a wider rack size from 19 inch to 21 inch or Facebook's OpenRack spec of 537mm. Of course, there will be metal adapters available so the existing 19 inch stuff can be racked in the wider racks.
Companies don't change that much. IT will still be IT, and Dilbert will hold true.
Some E-mail will move to Google. Most will still remain on Exchange due to momentum, regulations requiring physical location of sensitive data, and the fact that Exchange does work and work well, so it will remain in corporations until something better comes along.
We will still be using AD or LDAP. Since most places have all their eggs in those baskets, it will be almost impossible for them to move to any other core authentication/authorization mechanism.
We will be running the same certificate treadmills for Windows Server 2018 and Windows Server 2020 as we do for Windows Server 2012.
There will be fewer discrete computers in the server room racks, as companies move to larger scale rack/blade farms. Plus, a blade/enclosure setup offers an advantage in the CPU/watt statistics.
Technologies like autotiering will become similar to RAID 5 and 6 -- part of almost any disk controller, so one can have both SSD and spindles, and the controller will figure out where data goes by itself.
All and all, IT won't change much. We will have newer and faster stuff occupying the racks, but it won't be a major jump like moving from machines with their own disk arrays to a centralized SAN like we did 5-6 years ago.
I would second the certificates. They are the -only- way (other than maybe references or word of mouth between PHBs) that one can stand out from the competition.
The reason is that cow-orkers notice one's performance, so does one's immediate supervisor... but HR and the top brass? Unless there is a major reprimand, they only see the alphabet soup characters after a candidate's name, perhaps might punch the cert IDs in as validation. The technical guys might at best have a thumbs up or down vote, but it is the HR guys who sign the reqs, and they almost always will go for the person who has never physically seen a switch, but has the Cisco certs over someone who has been in the field, but doesn't have a CCNA/CCIE/whatever.
There are also times when audits happen. I worked at a place that had an auditor have the IT managers people on the spot under the pretext of "no written authority to operate the equipment" if they didn't have their certs up to date.
Get the certs... Then comes the hard part. Getting a niche so you are recognized -by name-, and not the pieces of paper attached. That takes some doing, and it takes specialization... of course, specializing in the right thing that isn't a dead end.
It depends... Robots break, and someone clued enough to know what components need replaced can be fairly difficult to find. With computers, it is fairly easy... something on the motherboard dead, pull the board. HDD dead, pull that. With a robotic install, just ripping the robots out of the factory floor and replacing them if there is a hiccup isn't going to work.
Automation eats jobs, but I don't think it is a bad thing. I'd rather see a robot be turning screws 24/7 than having to force a human get RSI disorders to do the same thing.
However, I have my biases... one of my dreams for retirement is to buy a couple high-tolerance CNC mills, and do precise custom fab work, be it custom engine designs, or making one-offs to show something done and done right. For example, I've always wanted to duplicate some of the insanely complex bank vault locks from the 1800s, and with a CNC machine, it would be a lot easier to carve out the precise levers and the case that holds them. Done right, a well-made lever lock is decently pick resistant, although they fell out of common use due to their size.
China did buy one of the largest hog farm companies in the US, so in a way, that wish is granted, as they now provide our bacon.
The interesting thing is that robotics are something the US is very good at. Vehicle production is mostly automated.
Of course, sometimes robotics get hair-pulling in ironic ways. I was trying to find a maker that could build me the mechanism for a raw hard drive autochanger (where it would take hard disks without any enclosures and mount/dismount them), and the only game in town was Siemens, and they were asking $10,000 a unit.
I still wouldn't mind making a hard disk library that didn't have to have special enclosures around the HDDs, then software on the "head" to do whatever the user wants, be it a VTL, HSM with storage "swapped" in and out, or even a way to snapshot existing SAN volumes and store them independent of what data sits on them. Encryption would be as basic or as fancy as one wants (from a simple password where a hash is used as the key, to a key manager using RSA keys, and each drive having its own session key, etc.)
I still have a 365XD with an old RedHat distro with custom pcmcia-cs code. Still has a 1.5 MB (yes, megabyte) PCMCIA flash disk from Sun drive (not Sandisk), and a combo 10baseT Ethernet card/modem that worked quite well as a smart firewall for a couple years until DSL was available.
I would pay a price premium for something as solid as those old laptops, although I want one with a TPM chip [1], and Macbooks don't have that available.
[1]: The technology cuts two ways, but with BitLocker, I can just enable TPM + USB, and if the laptop is ever stolen, if I have the usb flash drive (which will be on my keychain), I know that laptop isn't going to be decrypted by a thief barring them having the resources of a big company or major government. If I ever lose the USB flash drive, I pull up my phone, SSH into my home machine [2], copy/paste the recovery code, and be still able to access data.
[2]: Google Authenticator two factor protection comes in handy if one isn't using RSA keys for SSH. Doesn't work with AD, but for logging locally to a machine, it is good enough.
Don't forget transportation costs. Fuel prices are in no ways stable, so we are hitting the point where it is cheaper for places to set up shop here in the US just so that things made are sent by rail or semi, compared to the cost of shipping them from the factory, then all the work with getting them on a ship and all the diesel the freighter uses.
I wouldn't be surprised to see this happening more and more as fuel costs go up.
One concern of mine:
310 mph winds != 310 mph debris slamming into the building.