I know that the tech community who cares about bootloaders, SHX, FXZ files and ROMs is relatively small, but I would definitely purchase a Moto phone if it had an unlockable (preferably with something simple as "fastboot oem unlock", or a similar method to HTC where one registers and gets an unlock code) bootloader.
A self aware phone is nice; a rooted self aware phone with a custom ROM can be the cat's meow.
That is what SELinux and AppArmor are for. They might not be 100% (as there were some kernel exploits that could be used to bypass those), but with proper policies in place, something getting UID 0 would be pretty limited in what it can accomplish.
OS X also has a similar mechanism in place.
Linux also has a bunch of different distributions. A bug that causes SSL keys to be very weak in Ubuntu is not going to affect RedHat systems.
This doesn't mean Linux is worry-free, but it is more secure than people think. To cite an anecdotal example, the proof is in the pudding -- look at all the amateurish Apache servers and LAMP stacks out there. If Linux had major issues in general, there would be major screaming on almost every forum how insecure the OS is.
This is not a knock against the quality of F/OSS. However, I can take a piece of commercial software and show auditors that it is FIPS or Common Criteria certified, which is important for the legal eagles, especially with regs like Sarbanes-Oxley, FERPA, PCI-DSS, and other items.
Say something like a downed production machine or a security breach causes an audit, and the bug that caused it was within the OS or application:
Scenario 1: The software is shown to be commercial, with the pretty ribbons showing it was certified (AES library is officially certified by NIST), etc. Logs were shown that updates were pushed out on schedule, and that there was an IDS/IPS system in place. The auditors find that shit happens, due diligence was done, and head home.
Scenario 2: The software used is solid, but doesn't have the certifications. Even proof of everything well maintained by IT, they go in and report findings that it was "from an untrusted/unknown vendor with an unknown security reputation". Then someone gets sacked because something has to be done or else the company may lose its ability to process credit cards or have the SEC step in.
These certifications have nothing to do with the software's actual security. However, there is a big difference between secure in the eyes of the law and the auditors (CYA), versus actual security.
This is the same exact reason why antivirus software goes on the Solaris, Linux, and AIX machines... not because they will get infected, but so the legal department can tick a check box saying that "all servers have AV software present."
I'm not an embedded system engineer, but I've done a system for low speed monitoring which has worked out well, allowing for information to be obtained, but keeping the private stuff private. It isn't a 100% perfect solution, but for a lot of needs, it functions well.
Create two network segments, one "public" in the sense that it is connected somehow to the Internet, and one "private" in that it has no connections.
Place two machines on each subnet. They are connected by a null-modem cable with the a set of Tx/Rx pins cut, so no traffic can flow back from the public subnet to the private one.
From there, one can use syslog or some other item to cat text data to the serial port on the private network, then on the public side, have something that constantly reads from it to a file.
Yes, this is slow (115200 bits max), but no matter how pwned the system on the receiving, public side winds up, an attack to the private network isn't going to happen without someone onsite to breach the gap.
Of course, there are variants of this that can be considered less secure: Two machines sharing the same iSCSI target that writes logs, and the one on the public network has read-only access while the public one has read-write.
Maybe we will see a "unit" in data centers which are self-contained "pods", which both Oracle and Microsoft have been mentioning, where one has it hauled in, adds power and networking, and it essentially is completely autonomous. This wouldn't work with the racks that have various different appliances, but for the common SAN/racks/enclosures/switches/routers which are the mainstay of the data center, having a "data center in a box" which can automatically spit out cards, blades, drives, or other parts might be an idea.
Only downside -- volume. It is a lot easier to have a person walk up and replace a PSU than to purchase a complete robot system for the task. Robots are not like electronics -- economies of scale that apply to solid state tech don't apply. Were this the case, you would be seeing tape silos for home use as backup appliances as a commodity item.
Businesses also have different data center needs, and there is always the upgrade path. For example, Facebook has their Open Rack specification which is 21 inches. Some equipment might be 24 inches in width, such as some IBM stuff like the POWER 795 CECs. Other equipment is 23 inches in width.
All and all, a backend robot can work with the "podular" design, but in a regular data center, it isn't that feasible/economical with today's technology. Hiring someone for $8/hour to "rack 'em and stack 'em" is pretty cheap.
I remember this with the Clipper Chip, and FBI Director Freeh. It is understandable that they want this -- makes their job a lot easier, and makes a lot more material to sift through.
However, there were the same issues with this wiretap stuff as with the Clipper Chip:
1: Bad guys getting access to the backdoor, just like back then, bad guys getting access to the LEAF (law enforcement access field, part of the key escrow mechanism.) When (not if) this happens, every single endpoint is wide open, and this becomes a national security issue when companies start getting hacked wholesale and there is nothing they can do except power off and unplug.
2: Abuse. Of course, this would allow anyone with access to this a lot of material they can scoop up, and sell.
3: There would be -billions- spent by rogue nations, criminal organizations, and others to get at those master keys. When the money is at stake, it will turn into a game of finding out what people are even close to the master keys, and kidnapping their family. The billions spent on compromising an update repository in order to get backdoored programs into the target would reward the rogues with trillions.
Securing the master keys is one thing. Keeping them secure while in use for massive eavesdropping and protecting them from leaks is a very difficult task. Someone in the chain can be compromised eventually, which leads us to point #1.
Plus, we already have a shitload of ways that an endpoint can be compromised. A lot of software updaters send a unique computer ID. It doesn't take much to have a certain ID get a slightly modified signed update while everyone else gets something else.
There are always client certificates, but that means every web browser you use has to have a copy of your private key handy.
Another authentication system mentioned would be one that would have some random text, and would ask the user to select it, sign it with their private key, and paste the clearsigned text. Very simple and fairly platform independent, although PGP/gpg support can vary greatly depending on platform.
It was more of a "bug fix" type of I/O announcement, which are some of my favorites. It means stuff gets fixed or works better. Android Key Lime Pie is going to almost certainly be 4.3.
The next Nexus phone is a rebranded Samsung Galaxy 4S, which means the next Android version doesn't require much in the way of new hardware.
The music service is going to be something to fill in the gaps. Although it is more like Pandora mixed with Rdio as opposed to something like Amazon or Apple's "scan 'em then download 'em elsewhere" services.
I'm going to guess that this is MS's way of making service packs more palatable -- call them free minor version upgrades.
Assuming this is the case, they likely will have a MSI or some.exe which can have its component files extracted for speed reasons to a share and machines pointed there for updates.
I hope for a WIM or a way to slipstream this into an install image, so if a box needs reinstalled, W8.1, perhaps with the latest Windows Update patches can be done in one pass.
It is obvious that once the data leaves your gateway, it is open season, perhaps even sooner if a router or switch gets compromised and a custom firmware uploaded. The endpoint is where the main security should lie.
Ideally, you want people using PGP or GnuPG with some sort of WOT in the company, and some mechanism of securing private keys (Self generated eTokens, or even just a USB flash drive.) For SOX reasons, an ADK might be needed, but it will be obvious that key is added to E-mail exchanges, and hopefully it is stored somewhere secure.
The second decent client utility is using S/MIME. Thunderbird and Outlook happily support it. Other mail programs have various degrees of support from complete to none. Done right, this is decently secure, but it falls into the same trap SSL does -- it is easier to admin than a WoT by having the usual CAs in a root cert, but that means a third party can easily get in and start a MITM attack.
Their mistake was going public. That means they have to answer to the lash of threatened shareholder lawsuits should they do anything but focus on what profits are coming on the next quarter.
FB should not have IPO-ed. Instead, they should have kept to themselves and worked on honing their backend technologies, perhaps offering things for sale to the enterprise. For example, all their magic and redundancy lies in the top level app layer. A server failure isn't handled by a HA mechanism or a hypervisor sitting on a blade chassis, but the application running on the hardware deals with this. Enterprise stuff that doesn't care about clustering, SAN status, or what it is sitting on can be a hot seller, as it would compete ferociously against the high priced IBM/EMC/Oracle offerings.
FB also handles a lot of data. I'm sure they could offer technology to have an archiving service (to fulfill the eDiscovery requirements of SOX and other regulations.) Real businesses would pay real cash for this.
FB also handles authentication, as they are oftentimes used as an Internet gatekeeper. Why not add to those services? Offer dedicated SecurID keyfobs or OATH apps, OPIE style one time use password sheets, or perhaps some dedicated biometric device which connects via cellular for a multi-channel authentication method. Why not join the OpenID bandwagon, or perhaps work on some add-on so one can use their personal ID/password [1] to authenticate to a work account, and have a true SSO mechanism?
FB should have gone into enterprise-ready technologies. Amazon did with their cloud, and are vastly reaping the benefits.
[1]: Or ID/passwords, so one can have multiple items attached to various IDs. That way, if one leaves a job, they can kill that ID attached to their work items.
It isn't that tough to leave. Google+ is getting just as entrenched via apps, web pages, "+1" buttons, and many other items. In fact, I know a number of people who keep both G+ and FB running because both are useful.
If FB disappeared entirely, it can be completely replaced. Even if G+ didn't take over completely, messaging could go back to SMS or one of the IM providers, posts/walls could wind up on livejournal, cat pictures would move to Flickr or some other site, phone numbers and contacts could be shared via Yahoo or iCloud, gifts could be given via Amazon, and third party apps like Farmville would end up either becoming standalone websites, or becoming Metro/Android/iOS apps.
FB has only one thing going for it: It is the US's central watering hole. If the beer gets too watered down, people will go find another dive bar to frequent.
While Google Plus is a nice aside for them, Facebook (and the companies that make the apps) are completely dependent on the whims of their product... i.e. their subscribers. Squeeze too much, and FB's stock price will be hurting very hard, very fast.
FB is in a corner. If they don't find a way to dangle a carrot in front of developers and advertisers, they will stop paying money or writing for that platform, and with them being public, there is always the constant lash of the stockholders and the quarterly numbers. However, if FB starts going with animated ads with audio (which are great for the advertisers but will annoy everyone else to no end), people will give them the middle finger. People are already annoyed with them as it is about privacy, and a lot of other things, that it wouldn't take much for people to take their chat and cat pictures (and thus any ad/app revenue) elsewhere.
You are not the only one. Bandwidth isn't growing on trees in the US. Adding streaming video ads that can't be stopped on iOS [1][2], and people will be starting to look elsewhere once the phone bills start rolling in.
I remember in the time frame when people started leaving MySpace to FB, where at first, it was the more educated people who went, then as they left, virtually everyone else followed suit. I'm starting to see the start of the exact same migration to G+.
[1]: Well, if you had a jailbroken phone and Firewall IP or another Cydia app, possibly. However, due to the 6.x SHSH blobs being unusable, it will likely be a year or two before another usable JB is released (iOS and hardware bugs are very rare.)
[2]: Android is a bit easier, as there are utilities for booth rooted devices and Web browser extensions for non rooted ones.
Even better, why not keep the internal machines completely locked down with zero ability to connect to the Internet (and perhaps have the IDS/IPS that monitors that segment set to look for packets that are not that IP range, just to make sure.)
Then have a Citrix server (preferably on a VMWare or other hypervisor for quick snapshot rollbacks) for the Web browsers and anything that connects to the outside world directly?
This isn't rocket science, and I've seen places who used Citrix not just to keep the outside stuff out so a Web browser compromise is on an external machine, but to keep internal use applications on secure servers, and they stood extreme amounts of intrusion attempts without issue.
Microsoft has similar with App-V, but Citrix is nice because one can get receiver software on almost any platform.
That is the irony of it all. Certs tend to have very little correlation with how clueful a person is. A technically savvy IT person knows enough to blow away the smoke, toss a broken machine in front of a candidate, and say "fix it". Either the guy fixes it, makes a good attempt, or obviously fails. No amount of BS is going to magically create a yum repository or ifconfig an adapter up.
However, when you get to the levels above the IT people, they don't see how good/bad people are at the jobs unless the blamestorming downstairs is so loud that someone gets tagged with something nasty. They don't see Alice in the context of her competency, they see Alice and a list of certs behind her name... and that is their basis for judging promotions as well as hires/fires.
It only seems to be getting worse. It has become not out of the ordinary to expect the "ticket taker" appearing up at IT's doorstep one day. Said person will go to each and every person and demand they show what certs the employees have, or hand in their badge on the spot. This started with Sarbanes Oxley, but seems to becoming a matter of routine, perhaps to hire H-1Bs in their stead. I've seen people who are true giants in the field tossed out on their ear, just to hire someone who has no IT skills [1], but who managed to get the MCSE tests done.
[1]: IT skills are the meta stuff that you learn, that isn't taught anywhere. Passing by a server, and hearing the "tick, tick, tick" of a trashed drive that isn't on an array so it doesn't have a light showing it failed, or making a signed internal repository mirror so you don't have to justify connecting each machine to the outside world, or knowing the right decision to make when the sales guy wants domain admin rights "just to show a customer an ad-hoc demo".
One lesson I learned the hard way: Certifications seem meaningless to the IT person and the people immediately surrounding them. However, out of the direct hierarchy, the only thing that matters are those colorful pieces of paper with alphabet soup abbreviations on them.
In fact, I've had jobs where some muckety-muck comes in, demands every single IT person produces certificates to "prove they are capable of operating the equipment." Ironically the most experienced guy in the bunch who has been in the industry since I was in third grade got axed on the spot because he didn't bother with keeping his MC-ITP or RHCE current.
People think certificates don't matter, but saying, "RHCE, cert id " means *far* more on a resume than almost any interview questions/answers. In fact, I've sat on interviews where the HR person asked the candidate the very first thing:
"Do you have a MC-ITP? No? Exit is to the right. Please fetch the next candidate in line."
You hit the nail on the head. The e-book providers have a vested interest in having their device locked down in some way, either to help reinforce their e-book DRM, or so they can have their device not lumped in with general-purpose tablets when it comes to hardware performance (allowing cheaper hardware to be used.)
A Nook or a Kindle Fire is tempting, but with the price of a Nexus 7 with built in 4G around three C-notes, it is hard to go wrong with that, as it is as open as any Android device can get. One more $100 and I can get a N10.
Why worry about "nooting" or dealing with various rooting/bootloader exploits when one can get a very solid tablet for an inexpensive price which does everything the non e-ink Kindle/Nook models do?
There are other gains as well. There is loss of voltage through long distance power lines, so 5KW of electricity coming from solar/batteries is a lot less than what is needed to be pushed from a substation to a house, through a number of step-up and step-down transformers in order to overcome the resistance in the wires. This is something that isn't thought of -- someone might think $5 in solar may not recoup $5 in energy, but realistically, it saves far more electricity.
Solar is constantly improving. Supercap batteries can be used as a front-end (fast charging, lower energy density) for the regular ones, to allow charging to continue even after there is no usable sunlight, as well as take advantage of peaks (cloud edge effects) that a normal charger wouldn't be able to use.
This doesn't say that even distinct solar panels have to be used. There are roofing shingles that might make less wattage, but make up for it by no need to install brackets and such.
Solar does have its detractors. When RV-ing, solar is a must have for anyone who decides to do camping that isn't at a full hookup resort. However, outside of the RV world, there are always people who complain that the energy it takes to make a complete solar panel (frame, cells, wires, etc.) are far more than the panel will ever generate in its usable lifetime. It is hard to change that attitude.
I agree with the above, perhaps even tossing a bone to the gas/coal industries with a subsidy, so they can produce less, but not dent their bottom line. In the long run, it would be a win/win for everyone involved.
I wish there were some way to convert natural gas into propane. Propane has a lot of nice qualities as a fuel, from being able to be stored as a liquid (which means it approaches gasoline for energy density), to not being a greenhouse gas, to being extremely useful as a refrigerant (R-290.) A vehicle with a propane tank would have almost as much range as a normal gasoline vehicle. To boot, if propane spills on the ground, it goes downhill and disperses, and doesn't make a mini-Superfund site like gasoline does.
Solar Blvd is having specials for panels at 70 cents per watt. With a decent controller (for RVs, I use MPPT controllers, but houses are a different beast) and battery bank, it can at least take the edge off consumption. At the minimum, it allows an additional circuit to be installed in a house/building to power low-wattage appliances. To boot, with a PSW inverter, the power will be very clean.
Solar is becoming a "why are you not implementing it" as opposed to "why implement?" with the price of panels falling, combined with more wattage per square foot.
For most people, it wouldn't enable them to be completely off-grid, but it will take the edge off of consumption during peak times, and that is the important thing.
I used to have a very good slider phone around '06, when the hot device was the Motorola RAZR V3, and smartphones were mainly the geek/exec crowd, ran Windows Mobile, BlackberryOS, or PalmOS, and cost $400-$600 with a 1-2 year plan.
They can be done. The problem is that the Android makers think they are aiming towards the old Sidekick market. Those people have long since flocked to the iPhone, so that market is definitely gone. Instead, a slider should be marketed to people who are professionals, and who want a real keyboard. One can type some text on a phone's touch screen, but for anything but a short note, it can get slow. A good physical keyboard can improve that, and even allow decent touch typing.
I'm sure there are other people out there who would buy a quality slider phone, and really don't care about the thinner craze (assuming a relatively thin device to begin with.) With the slightly larger form factor, a bigger battery, more SSD, more cores (high and low power cores, and hopefully both CPU and GPU), a better camera, and other items can be fitted in. Plus, with the bigger screens, making larger keys becomes easier. Motorola has done some advances in this, but their mistake was aiming them towards the low end as opposed to execs who are used to Blackberries and typing out longer memos.
For the enterprise, it essentially is a "pick your poison" choice. RIM devices and relatively expensive BES, in return for security [1] that is actually enterprise level. Or go with ActiveSync and relatively little control, other than iOS with its pushed policies. Maybe Windows Phone 8 has usable GPOs.
It would be nice to have an ability for more Android devices to have partitions separating work stuff from home stuff. With BYOD definitely becoming more common, this will be a great thing for all parties involved, perhaps with dual SIMs to completely separate things.
[1]: Only Blackberries have the feature to erase themselves if they have not checked in with a server after a period of time, or if an unauthorized SIM card get put in.
What would be nice is if investigations would either conclude with an arrest, or they are shelved as not sufficient, and the person investigated is let known.
However, realistically, even with the investigation loophole, that is better than what we have now, which is keep all data that is generated forever, and be able to sell it to all comers at any time, forever. One small step is better than nothing when it comes to tagging data with an expiration date.
Slashdot Mirror
I know that the tech community who cares about bootloaders, SHX, FXZ files and ROMs is relatively small, but I would definitely purchase a Moto phone if it had an unlockable (preferably with something simple as "fastboot oem unlock", or a similar method to HTC where one registers and gets an unlock code) bootloader.
A self aware phone is nice; a rooted self aware phone with a custom ROM can be the cat's meow.
That is what SELinux and AppArmor are for. They might not be 100% (as there were some kernel exploits that could be used to bypass those), but with proper policies in place, something getting UID 0 would be pretty limited in what it can accomplish.
OS X also has a similar mechanism in place.
Linux also has a bunch of different distributions. A bug that causes SSL keys to be very weak in Ubuntu is not going to affect RedHat systems.
This doesn't mean Linux is worry-free, but it is more secure than people think. To cite an anecdotal example, the proof is in the pudding -- look at all the amateurish Apache servers and LAMP stacks out there. If Linux had major issues in general, there would be major screaming on almost every forum how insecure the OS is.
This is not a knock against the quality of F/OSS. However, I can take a piece of commercial software and show auditors that it is FIPS or Common Criteria certified, which is important for the legal eagles, especially with regs like Sarbanes-Oxley, FERPA, PCI-DSS, and other items.
Say something like a downed production machine or a security breach causes an audit, and the bug that caused it was within the OS or application:
Scenario 1: The software is shown to be commercial, with the pretty ribbons showing it was certified (AES library is officially certified by NIST), etc. Logs were shown that updates were pushed out on schedule, and that there was an IDS/IPS system in place. The auditors find that shit happens, due diligence was done, and head home.
Scenario 2: The software used is solid, but doesn't have the certifications. Even proof of everything well maintained by IT, they go in and report findings that it was "from an untrusted/unknown vendor with an unknown security reputation". Then someone gets sacked because something has to be done or else the company may lose its ability to process credit cards or have the SEC step in.
These certifications have nothing to do with the software's actual security. However, there is a big difference between secure in the eyes of the law and the auditors (CYA), versus actual security.
This is the same exact reason why antivirus software goes on the Solaris, Linux, and AIX machines... not because they will get infected, but so the legal department can tick a check box saying that "all servers have AV software present."
I'm not an embedded system engineer, but I've done a system for low speed monitoring which has worked out well, allowing for information to be obtained, but keeping the private stuff private. It isn't a 100% perfect solution, but for a lot of needs, it functions well.
Create two network segments, one "public" in the sense that it is connected somehow to the Internet, and one "private" in that it has no connections.
Place two machines on each subnet. They are connected by a null-modem cable with the a set of Tx/Rx pins cut, so no traffic can flow back from the public subnet to the private one.
From there, one can use syslog or some other item to cat text data to the serial port on the private network, then on the public side, have something that constantly reads from it to a file.
Yes, this is slow (115200 bits max), but no matter how pwned the system on the receiving, public side winds up, an attack to the private network isn't going to happen without someone onsite to breach the gap.
Of course, there are variants of this that can be considered less secure: Two machines sharing the same iSCSI target that writes logs, and the one on the public network has read-only access while the public one has read-write.
Maybe we will see a "unit" in data centers which are self-contained "pods", which both Oracle and Microsoft have been mentioning, where one has it hauled in, adds power and networking, and it essentially is completely autonomous. This wouldn't work with the racks that have various different appliances, but for the common SAN/racks/enclosures/switches/routers which are the mainstay of the data center, having a "data center in a box" which can automatically spit out cards, blades, drives, or other parts might be an idea.
Only downside -- volume. It is a lot easier to have a person walk up and replace a PSU than to purchase a complete robot system for the task. Robots are not like electronics -- economies of scale that apply to solid state tech don't apply. Were this the case, you would be seeing tape silos for home use as backup appliances as a commodity item.
Businesses also have different data center needs, and there is always the upgrade path. For example, Facebook has their Open Rack specification which is 21 inches. Some equipment might be 24 inches in width, such as some IBM stuff like the POWER 795 CECs. Other equipment is 23 inches in width.
All and all, a backend robot can work with the "podular" design, but in a regular data center, it isn't that feasible/economical with today's technology. Hiring someone for $8/hour to "rack 'em and stack 'em" is pretty cheap.
I remember this with the Clipper Chip, and FBI Director Freeh. It is understandable that they want this -- makes their job a lot easier, and makes a lot more material to sift through.
However, there were the same issues with this wiretap stuff as with the Clipper Chip:
1: Bad guys getting access to the backdoor, just like back then, bad guys getting access to the LEAF (law enforcement access field, part of the key escrow mechanism.) When (not if) this happens, every single endpoint is wide open, and this becomes a national security issue when companies start getting hacked wholesale and there is nothing they can do except power off and unplug.
2: Abuse. Of course, this would allow anyone with access to this a lot of material they can scoop up, and sell.
3: There would be -billions- spent by rogue nations, criminal organizations, and others to get at those master keys. When the money is at stake, it will turn into a game of finding out what people are even close to the master keys, and kidnapping their family. The billions spent on compromising an update repository in order to get backdoored programs into the target would reward the rogues with trillions.
Securing the master keys is one thing. Keeping them secure while in use for massive eavesdropping and protecting them from leaks is a very difficult task. Someone in the chain can be compromised eventually, which leads us to point #1.
Plus, we already have a shitload of ways that an endpoint can be compromised. A lot of software updaters send a unique computer ID. It doesn't take much to have a certain ID get a slightly modified signed update while everyone else gets something else.
There are always client certificates, but that means every web browser you use has to have a copy of your private key handy.
Another authentication system mentioned would be one that would have some random text, and would ask the user to select it, sign it with their private key, and paste the clearsigned text. Very simple and fairly platform independent, although PGP/gpg support can vary greatly depending on platform.
Even better, move to a VAT system... far harder to hide physical objects than money trails.
It was more of a "bug fix" type of I/O announcement, which are some of my favorites. It means stuff gets fixed or works better. Android Key Lime Pie is going to almost certainly be 4.3.
The next Nexus phone is a rebranded Samsung Galaxy 4S, which means the next Android version doesn't require much in the way of new hardware.
The music service is going to be something to fill in the gaps. Although it is more like Pandora mixed with Rdio as opposed to something like Amazon or Apple's "scan 'em then download 'em elsewhere" services.
I'm going to guess that this is MS's way of making service packs more palatable -- call them free minor version upgrades.
Assuming this is the case, they likely will have a MSI or some .exe which can have its component files extracted for speed reasons to a share and machines pointed there for updates.
I hope for a WIM or a way to slipstream this into an install image, so if a box needs reinstalled, W8.1, perhaps with the latest Windows Update patches can be done in one pass.
It is obvious that once the data leaves your gateway, it is open season, perhaps even sooner if a router or switch gets compromised and a custom firmware uploaded. The endpoint is where the main security should lie.
Ideally, you want people using PGP or GnuPG with some sort of WOT in the company, and some mechanism of securing private keys (Self generated eTokens, or even just a USB flash drive.) For SOX reasons, an ADK might be needed, but it will be obvious that key is added to E-mail exchanges, and hopefully it is stored somewhere secure.
The second decent client utility is using S/MIME. Thunderbird and Outlook happily support it. Other mail programs have various degrees of support from complete to none. Done right, this is decently secure, but it falls into the same trap SSL does -- it is easier to admin than a WoT by having the usual CAs in a root cert, but that means a third party can easily get in and start a MITM attack.
Their mistake was going public. That means they have to answer to the lash of threatened shareholder lawsuits should they do anything but focus on what profits are coming on the next quarter.
FB should not have IPO-ed. Instead, they should have kept to themselves and worked on honing their backend technologies, perhaps offering things for sale to the enterprise. For example, all their magic and redundancy lies in the top level app layer. A server failure isn't handled by a HA mechanism or a hypervisor sitting on a blade chassis, but the application running on the hardware deals with this. Enterprise stuff that doesn't care about clustering, SAN status, or what it is sitting on can be a hot seller, as it would compete ferociously against the high priced IBM/EMC/Oracle offerings.
FB also handles a lot of data. I'm sure they could offer technology to have an archiving service (to fulfill the eDiscovery requirements of SOX and other regulations.) Real businesses would pay real cash for this.
FB also handles authentication, as they are oftentimes used as an Internet gatekeeper. Why not add to those services? Offer dedicated SecurID keyfobs or OATH apps, OPIE style one time use password sheets, or perhaps some dedicated biometric device which connects via cellular for a multi-channel authentication method. Why not join the OpenID bandwagon, or perhaps work on some add-on so one can use their personal ID/password [1] to authenticate to a work account, and have a true SSO mechanism?
FB should have gone into enterprise-ready technologies. Amazon did with their cloud, and are vastly reaping the benefits.
[1]: Or ID/passwords, so one can have multiple items attached to various IDs. That way, if one leaves a job, they can kill that ID attached to their work items.
It isn't that tough to leave. Google+ is getting just as entrenched via apps, web pages, "+1" buttons, and many other items. In fact, I know a number of people who keep both G+ and FB running because both are useful.
If FB disappeared entirely, it can be completely replaced. Even if G+ didn't take over completely, messaging could go back to SMS or one of the IM providers, posts/walls could wind up on livejournal, cat pictures would move to Flickr or some other site, phone numbers and contacts could be shared via Yahoo or iCloud, gifts could be given via Amazon, and third party apps like Farmville would end up either becoming standalone websites, or becoming Metro/Android/iOS apps.
FB has only one thing going for it: It is the US's central watering hole. If the beer gets too watered down, people will go find another dive bar to frequent.
While Google Plus is a nice aside for them, Facebook (and the companies that make the apps) are completely dependent on the whims of their product... i.e. their subscribers. Squeeze too much, and FB's stock price will be hurting very hard, very fast.
FB is in a corner. If they don't find a way to dangle a carrot in front of developers and advertisers, they will stop paying money or writing for that platform, and with them being public, there is always the constant lash of the stockholders and the quarterly numbers. However, if FB starts going with animated ads with audio (which are great for the advertisers but will annoy everyone else to no end), people will give them the middle finger. People are already annoyed with them as it is about privacy, and a lot of other things, that it wouldn't take much for people to take their chat and cat pictures (and thus any ad/app revenue) elsewhere.
You are not the only one. Bandwidth isn't growing on trees in the US. Adding streaming video ads that can't be stopped on iOS [1][2], and people will be starting to look elsewhere once the phone bills start rolling in.
I remember in the time frame when people started leaving MySpace to FB, where at first, it was the more educated people who went, then as they left, virtually everyone else followed suit. I'm starting to see the start of the exact same migration to G+.
[1]: Well, if you had a jailbroken phone and Firewall IP or another Cydia app, possibly. However, due to the 6.x SHSH blobs being unusable, it will likely be a year or two before another usable JB is released (iOS and hardware bugs are very rare.)
[2]: Android is a bit easier, as there are utilities for booth rooted devices and Web browser extensions for non rooted ones.
People are already griping about FB. This might be the impetus that gets people looking at alternatives.
Google Plus is quietly waiting in the wings, and there are sites like vk.com which have virtually everything FB does.
Switching to G+ wouldn't be difficult -- most Android devices have a hook for it, and the iOS app is easy downloadable.
Similar with VKontakte and other FB-like sites. It may not be a US social networking site, but Americans are tolerated.
Even better, why not keep the internal machines completely locked down with zero ability to connect to the Internet (and perhaps have the IDS/IPS that monitors that segment set to look for packets that are not that IP range, just to make sure.)
Then have a Citrix server (preferably on a VMWare or other hypervisor for quick snapshot rollbacks) for the Web browsers and anything that connects to the outside world directly?
This isn't rocket science, and I've seen places who used Citrix not just to keep the outside stuff out so a Web browser compromise is on an external machine, but to keep internal use applications on secure servers, and they stood extreme amounts of intrusion attempts without issue.
Microsoft has similar with App-V, but Citrix is nice because one can get receiver software on almost any platform.
That is the irony of it all. Certs tend to have very little correlation with how clueful a person is. A technically savvy IT person knows enough to blow away the smoke, toss a broken machine in front of a candidate, and say "fix it". Either the guy fixes it, makes a good attempt, or obviously fails. No amount of BS is going to magically create a yum repository or ifconfig an adapter up.
However, when you get to the levels above the IT people, they don't see how good/bad people are at the jobs unless the blamestorming downstairs is so loud that someone gets tagged with something nasty. They don't see Alice in the context of her competency, they see Alice and a list of certs behind her name... and that is their basis for judging promotions as well as hires/fires.
It only seems to be getting worse. It has become not out of the ordinary to expect the "ticket taker" appearing up at IT's doorstep one day. Said person will go to each and every person and demand they show what certs the employees have, or hand in their badge on the spot. This started with Sarbanes Oxley, but seems to becoming a matter of routine, perhaps to hire H-1Bs in their stead. I've seen people who are true giants in the field tossed out on their ear, just to hire someone who has no IT skills [1], but who managed to get the MCSE tests done.
[1]: IT skills are the meta stuff that you learn, that isn't taught anywhere. Passing by a server, and hearing the "tick, tick, tick" of a trashed drive that isn't on an array so it doesn't have a light showing it failed, or making a signed internal repository mirror so you don't have to justify connecting each machine to the outside world, or knowing the right decision to make when the sales guy wants domain admin rights "just to show a customer an ad-hoc demo".
One lesson I learned the hard way: Certifications seem meaningless to the IT person and the people immediately surrounding them. However, out of the direct hierarchy, the only thing that matters are those colorful pieces of paper with alphabet soup abbreviations on them.
In fact, I've had jobs where some muckety-muck comes in, demands every single IT person produces certificates to "prove they are capable of operating the equipment." Ironically the most experienced guy in the bunch who has been in the industry since I was in third grade got axed on the spot because he didn't bother with keeping his MC-ITP or RHCE current.
People think certificates don't matter, but saying, "RHCE, cert id " means *far* more on a resume than almost any interview questions/answers. In fact, I've sat on interviews where the HR person asked the candidate the very first thing:
"Do you have a MC-ITP? No? Exit is to the right. Please fetch the next candidate in line."
You hit the nail on the head. The e-book providers have a vested interest in having their device locked down in some way, either to help reinforce their e-book DRM, or so they can have their device not lumped in with general-purpose tablets when it comes to hardware performance (allowing cheaper hardware to be used.)
A Nook or a Kindle Fire is tempting, but with the price of a Nexus 7 with built in 4G around three C-notes, it is hard to go wrong with that, as it is as open as any Android device can get. One more $100 and I can get a N10.
Why worry about "nooting" or dealing with various rooting/bootloader exploits when one can get a very solid tablet for an inexpensive price which does everything the non e-ink Kindle/Nook models do?
There are other gains as well. There is loss of voltage through long distance power lines, so 5KW of electricity coming from solar/batteries is a lot less than what is needed to be pushed from a substation to a house, through a number of step-up and step-down transformers in order to overcome the resistance in the wires. This is something that isn't thought of -- someone might think $5 in solar may not recoup $5 in energy, but realistically, it saves far more electricity.
Solar is constantly improving. Supercap batteries can be used as a front-end (fast charging, lower energy density) for the regular ones, to allow charging to continue even after there is no usable sunlight, as well as take advantage of peaks (cloud edge effects) that a normal charger wouldn't be able to use.
This doesn't say that even distinct solar panels have to be used. There are roofing shingles that might make less wattage, but make up for it by no need to install brackets and such.
Solar does have its detractors. When RV-ing, solar is a must have for anyone who decides to do camping that isn't at a full hookup resort. However, outside of the RV world, there are always people who complain that the energy it takes to make a complete solar panel (frame, cells, wires, etc.) are far more than the panel will ever generate in its usable lifetime. It is hard to change that attitude.
I agree with the above, perhaps even tossing a bone to the gas/coal industries with a subsidy, so they can produce less, but not dent their bottom line. In the long run, it would be a win/win for everyone involved.
I wish there were some way to convert natural gas into propane. Propane has a lot of nice qualities as a fuel, from being able to be stored as a liquid (which means it approaches gasoline for energy density), to not being a greenhouse gas, to being extremely useful as a refrigerant (R-290.) A vehicle with a propane tank would have almost as much range as a normal gasoline vehicle. To boot, if propane spills on the ground, it goes downhill and disperses, and doesn't make a mini-Superfund site like gasoline does.
Solar Blvd is having specials for panels at 70 cents per watt. With a decent controller (for RVs, I use MPPT controllers, but houses are a different beast) and battery bank, it can at least take the edge off consumption. At the minimum, it allows an additional circuit to be installed in a house/building to power low-wattage appliances. To boot, with a PSW inverter, the power will be very clean.
Solar is becoming a "why are you not implementing it" as opposed to "why implement?" with the price of panels falling, combined with more wattage per square foot.
For most people, it wouldn't enable them to be completely off-grid, but it will take the edge off of consumption during peak times, and that is the important thing.
I used to have a very good slider phone around '06, when the hot device was the Motorola RAZR V3, and smartphones were mainly the geek/exec crowd, ran Windows Mobile, BlackberryOS, or PalmOS, and cost $400-$600 with a 1-2 year plan.
They can be done. The problem is that the Android makers think they are aiming towards the old Sidekick market. Those people have long since flocked to the iPhone, so that market is definitely gone. Instead, a slider should be marketed to people who are professionals, and who want a real keyboard. One can type some text on a phone's touch screen, but for anything but a short note, it can get slow. A good physical keyboard can improve that, and even allow decent touch typing.
I'm sure there are other people out there who would buy a quality slider phone, and really don't care about the thinner craze (assuming a relatively thin device to begin with.) With the slightly larger form factor, a bigger battery, more SSD, more cores (high and low power cores, and hopefully both CPU and GPU), a better camera, and other items can be fitted in. Plus, with the bigger screens, making larger keys becomes easier. Motorola has done some advances in this, but their mistake was aiming them towards the low end as opposed to execs who are used to Blackberries and typing out longer memos.
For the enterprise, it essentially is a "pick your poison" choice. RIM devices and relatively expensive BES, in return for security [1] that is actually enterprise level. Or go with ActiveSync and relatively little control, other than iOS with its pushed policies. Maybe Windows Phone 8 has usable GPOs.
It would be nice to have an ability for more Android devices to have partitions separating work stuff from home stuff. With BYOD definitely becoming more common, this will be a great thing for all parties involved, perhaps with dual SIMs to completely separate things.
[1]: Only Blackberries have the feature to erase themselves if they have not checked in with a server after a period of time, or if an unauthorized SIM card get put in.
What would be nice is if investigations would either conclude with an arrest, or they are shelved as not sufficient, and the person investigated is let known.
However, realistically, even with the investigation loophole, that is better than what we have now, which is keep all data that is generated forever, and be able to sell it to all comers at any time, forever. One small step is better than nothing when it comes to tagging data with an expiration date.