I was hoping Apple would license ZFS or even Veritas Volume Manager/Veritas FS from Symantec. Heck, even ReFS from MS. However, with all the cash they have, I am happy they are putting out something. I wouldn't expect it to be a default filesystem until 2017, perhaps 2018, as filesystems are something never to be undertaken lightly, but long term, it is crucial to macOS's usefulness, especially as SSDs get larger, and TRIM support is more critical to performance.
I'm glad Apple has introduced this. As of now, the snapshot API and others are not present, but now Apple is on parity with everyone else in the industry.
APFS isn't like ZFS or btrfs, but more like ReFS in the fact that it still requires a logical volume manager. It would be nice if it had RAID, but that is a minor item, compared to just getting rid of HFS+, which just had to be killed.
Some features I like:
The ability to encrypt volumes with multiple volume keys. It looks like it will be similar to Oracle's ZFS on Solaris, but the implementation can be completely different.
Snapshots. Something like zfs send and zfs send -i will be quite useful for backups. Copy-on-write capability, which is useful for VMs.
Of course, it appears that Apple will be documenting and publishing the FS's specs in 2017, which will be even more useful for compatibility.
All and all, even though there is no RAID 5/RAID-Z, or LVM replacement, this is a heck of a lot better than what OS X/macOS has now.
Thanks. That goes a long way into addressing a major shortcoming in OS^WmacOS. Even though snapshots have no accessible API, at least this will be there eventually, so the box can get backed up via sends.
I really don't care for Siri, nor the fact that the computer will have to actively listen in 24/7 to support that. I was hoping for some under the hood improvements, like a new filesystem, better software RAID, iSCSI, a package management/repository system usable by third parties, so signed code and repos would be easy to add, so we wouldn't need ports, brew, or other third party stuff. Maybe even more blue-sky stuff like having root be a role like Solaris as opposed to an actual user, filesystem snapshots (something like btrfs send/zfs send), deduplication (since all Mac laptops are SSD based, might as well have an offline dedup process to help with storage), maybe even build in a ESXi compatibile hypervisor, so virtualization is baked in and usable without third party utilities, which adds to security.
I wish Apple would actually extend OS X to do more fundamental stuff, not 1-2 gewgaws.
The thing about MS. If they have a revenue drop, they just hike the price for Windows Server and other enterprise grade items, and come out ahead for that quarter.
Long term, it would be nice to see all machines have a tier 1 hypervisor, and a "dumb" console (virtual KVM) to interact with the VMs. QubesOS is a good example of this, but the ideal would be having the ability to have the virtual KVM run not just on the desktop, but servers as well.
Downside will be handling 3D graphics between the VM and a hardware GPU, but this isn't an impossible problem, especially if a mechanism like OnLive is used where the GPU processing is sent somewhere else, and the virtual KVM displays a high quality stream from that.
Problem is that the US isn't Australia. The US has a lot of different ethnic and racial groups, a lot of distrust for the government, and a history of just ignoring the law. The US also has firearms as part of the national culture.
My biggest concern with the talk about sweeping bans, "assault weapons" bans, bans on ammo, bans on having brass or a metal shop is that it will just result in another War on Drugs pogrom against the people, or another Prohibition where armed gangs then own turf on most city streets (and they are armed by definition, since that is where they make their cash.)
Say having an AR-15 becomes a felony. What's the difference between having that single shot AR, versus having one with a three position switch? Same amount of prison time. So, we will see more fully auto machine guns on the street because prison time is prison time. Right now, civilian weapons are one pull, one bang. Go too crazy with bans, and people will just do modifications so their one pull results in many bangs, as it would mean the same prison sentence.
Then there is enforcement. Search social media for pro-2A stuff and punish 2A supporters? MeWe will be more than happy to handle the people coming to it, and someone will spend the cash and make a completely encrypted social network with every participant having their own PGP/gpg key. Right now, everyone supports the police enforcing the law, even with firearms. Get people angry that they have to "hand them over", and police will have a far tougher job. There is a lot of angry talk on 2A sites.
So, what's the answer? Bans will just result in more sales, and enforcement is at best whack-a-mole no matter how many trillions go into it. Just the mention of a ban gets gun shops completely bought out to the bare shelves. Heck, some gun shops in my area are forced to close when there is a mass shooting, because they sell out of -everything-, down to the camo underwear. Even when bans are enacted, metal shops will ensure a steady supply of stuff for the black market.
The thing people never realize is that the gun issue is a symptom. Trying to stomp it out is like trying to push the needle of the speedometer to 0 if the brakes fail on one's car. The issues of fear, mistrust, xenophobia, racism, and hatred need to be addressed first, if any progress is to be made.
What we need is almost hypervisor level separation of the browser (and its add-ons) from everything else. This way, if something malicious gets into the browser's context, it couldn't get into the filesystem or memory space of the actual desktop. The closest to this is Qubes OS, or running the browser on a VM under a tier 2 hypervisor (or a tier 1, if you have a fast LAN connection and a decent remote desktop program.) Sandboxing is also an idea, like sandboxIE, but the best thing is complete isolation, OS kernel, filesystem, the works. This also allows an outside program to eyeball the browser's RAM space for malicious software signatures and put a kibosh on would-be rootkits.
I like having two NAS systems. One the primary, and one just for backups which either deduplicates (like a Data Domain appliance), or stashes deduplicated data (wherever the Veeam repo sits.) With snapshots on the primary for fast recovers should Locky come a knocking, this will help mitigate a ransomware threat. Of course, some form of offsite storage is a must, but one can use what works for them the best, be it tape, cloud, or maybe an external HDD that is used to dump critical files from the share, then gets stashed somewhere secure and offline.
Depends on how much data. At the low end, you can buy a NAS for $100-1000, like a Synology or QNAP model, add drives and attach it to AD or your LDAP server. From there, you can use S3, Azure, or another cloud storage provider for offsite storage. For additional peace of mind, have two NAS models, one whose job is to receive backups from the primary NAS, which provides for 3-2-1 backups (three copies, two on different media, one offsite) with S3. To boot, these NAS models offer encryption, so nothing hits the cloud in plaintext.
It isn't just backup software. It is implementation, and the 3-2-1 system, with inherent resistance to malware. Even if one doesn't use tape or cloud, devices like Isilons offer functionality like SmartLock which gives WORM functionality to a directory to ensure that snapshots remain around for a period of time, even if mayhem ensures everywhere else but a physical console.
With cloud backups, S3 isn't cheap, but it is decent for offsite storage, especially with so many client side encryption APIs available. Even Glacier can be useful for archived data, where it can be encrypted, shoved over, and forgotten about. Yes, it will be expensive to retrieve, but at least it is offsite.
The problem is that security and backups have no visible ROI in the eyes of most managers, so it always gets the hind teat. Until something breaks, that is.
Synology has an app that I use. It can go over the Internet, but I use it to directly connect via IP and dump the files when on the home Wi-Fi segment. The NAS isn't perfect (SynoLocker comes to mind as what can go wrong), but I'd rather store my data under my physical control, and if I do store anything offsite, it gets stashed encrypted, preferably with a keyfile, so an attacker has to brute force the entire keyspace.
This. Use FB for photos to be published, not for anything else. For everything else, there are many other ways to do it. I personally just use an app that dumps all the photos of my device to a NAS when I'm within Wi-Fi range (the NAS is firewalled away from the world), then the NAS does an encrypted backup offsite.
The last place I'd ever want to use for a photo storage place is FB, even if it is "free".
Makes me wonder if the Guarded Fabric/Shielded VMs in Hyper-V, coming in Windows Server 2016 is a definite answer to this type of attack, especially if it takes advantage of hardware RAM encryption in the latest AMD and Intel chipsets.
Not to praise MS, but it is interesting that they have a hardware based stack that might defend against this.
For advances, since IoT is coming at us like a crane falling down an alleyway, it would be nice for BT security to be improved. Toss E0, find a well tested cipher that works at low power, but has at least 256 bits, and a decent block size. Have pairing store a longer nonce, like at least 512 bits, so it can be used for a Diffie Hellman exchange for a session key, as well as having enough to have a unique IV. Of course, older devices and ones with less power may need a lesser algorithm, but part of the pairing process should be what each device can do, encryption-wise, so subsequent communications can't be "downgraded" with clients falling back to weaker encryption, unless that was initially specified in the pairing.
As for usefulness, if we can have Bluetooth be able to work with external hard drives at USB 2.0 speeds or better, that would be nice. No piggybacking off of Wi-Fi, ideally.
I have seen VDI used to keep criticial infrastructure walled off, so a compromised workstation is less of an issue.
I have also worked on having individual machines, which had zero net connectivity to the outside world, patches were done by WSUS, SCCM, software was pushed out via those means or VMWare ThinApp, and the only machines that the workstations could communicate with, were a RODC, software server, and a terminal server.
The terminal server allowed people to run their Web browsers via seamless RDP to pretty much any sites they felt like (within reason -- pr0n sites were blocked due to the legalities of sexual harassment, for example). This way, all the web browsing to external sites was done on a well controlled VM, and if it got compromised, malware couldn't propagate to the internal machines. This seemed like a good compromise between allowing users to browse the web when need be, while keeping security tight.
If one thinks about it, for messages and groups, USENET is ideal, when combined with websites to handle larger binary files. NNTP has quietly worked for decades now, and the only real thing it might need would be having an ISP sign messages just to make spam more difficult.
With E-mail for persistant messages, the Web for one's Wall, web forums or newsgroups for group discussion, XMPP or IRC for messaging, what is the point of a social network when we have existing tech doing the same exact thing for decades now?
I would say that Facebook's apps have lost their charm. It used to be that everyone played Farmville, then Candy Crush. Now, there there are not many people spending cash or asking for invites so they can get their cow over the fence.
The problem is that Facebook can't really sell something to its audience, as its audience are the product, not the customer. It can only sling enough ads, and suck up only a certain amount of data. They also don't have anything else specific to them except being the popular "watering hole".
Long term, once the advertising bubble hits a wall (i.e. there isn't anything to suck out on users to sell, especially in a recession), social networks will not a viable business model. Instead, what is viable, will be going back to a decentralized ISP model, similar to how E-mail is done.
Depends on the type of 2FA. Sites like Google and Amazon allow one to use a third party TKIP standard, which doesn't require any Internet access to generate a code. Of course the downside is making sure you have backups of the TKIP seeds, just in case you lose your 2FA device. I have an iPod Touch whose sole purpose in life is to keep a backup copy of those, just in case my smartphone gets swiped.
Next to keyfile hashes, I am personally partial to KeePass's generator, as it allows you to have custom password formatting and rules, as well as to allow keyboard/mouse input to be added to the randomness pool. This definitely cannot hurt when it comes to unpredictability.
There is also the fact that we don't know how well the data is secured. Unlike a cloud provider, if Cortana or a search process sends data to the mother ship about something sensitive, MS may not use it, but there is always the concern that they get compromised and someone now has that info about the new NX, with the exact SoC chip masks and other confidential items.
There is also the fact that MS may be coerced to forking that info over. For example, if something got uploaded to MS in the US, and Elbonia put the squeeze on MS, there isn't anything to stop MS handing any/all info they get to the Lower Elbonia Street Squad on a constant basis. Lawsuits? Between arbitration and EULA precedents, it would be almost impossible to actually get anything accomplished.
I wish there were another desktop that is viable in the enterprise. However, there isn't anything that is as manageable on a large scale as Windows, nor any management infrastructure that can scale up as high as AD/GPOs. Most likely, companies might have to move to VDI or block communication to MS, pushing out security updates via WSUS or SCCM.
AI seems to be one of those things that is always waiting in the wings, right next to the holographic storage drive, useful VR, 3D TV, memristors, flying cars, and the magic pill that you take that does the job as 12 hours of sleep.
In reality, the tech companies have not done much in the past 5-10 years. We have more cat picture sites, coupled with more intrusive ads, and consoles that can play the latest regurgitation of Call of Duty, but compared to the 1990s or 2000s where people started using computers or smartphones, this decade has had almost nothing useful happen in the way of day to day innovations.
Why can't tech companies use AI technology for some real things? Such as:
Making devices that can do a wireless mesh network for basic connectivity even if most towers are out. Bandwidth would suck, but at least one can communicate.
Using better security detection heuristics. If a computer notices a ton of.DOC files turned into.locky files, it stops the offending process, snapshots the.locky files, rolls back the.DOC files, and prompts the user if this is acceptable behavior.
Having a system to send ETAs. That way, when I am hopping in the car, other co-workers will have an accurate time when I'll be in the office, even factoring in a pit stop for some breakfast tacos.
Have a way to allow for statistics, but anonymize the results in a way where it is difficult for someone to track "Mr. X" to Joe Sixpack.
Factor in crime for heat maps in neighborhoods and for routes. If an area is a place rife with carjackings, steer clear of it. This would also be useful for real estate, especially accurate predictions in increase/decrease of it.
Create a menu, with input coming from what foods are good, and what might have issues, be it shortages, or taint in the food supply of an ingredient.
Something to filter E-mail into mailboxes (not just spam and not spam, but junk, stuff to peruse whenever, stuff to look at today, stuff to look at before the next coffee, and stuff that actually requires looking at right -now-.)
I wouldn't say the security problem is impossible... just when the monitor is unplugged, have all RAM get flipped to all 1s, then back to 0. Very quick, and would ensure that nothing is displayed that shouldn't be.
However, this is something that is really original. I would pay for a monitor that had its own GPU so the laptop wouldn't need as much silicon to power up and cool down.
I do wonder if this functionality should be in a docking station as well, think the PowerBook Duo, or the IBM docking station of yore that didn't just add ports, but added a PCI bus, an additional ISA (yes, this is antediluvian tech here) bus, two IDE bays, a video card, and so on.
Slashdot Mirror
I wouldn't mind deduplication either.
I was hoping Apple would license ZFS or even Veritas Volume Manager/Veritas FS from Symantec. Heck, even ReFS from MS. However, with all the cash they have, I am happy they are putting out something. I wouldn't expect it to be a default filesystem until 2017, perhaps 2018, as filesystems are something never to be undertaken lightly, but long term, it is crucial to macOS's usefulness, especially as SSDs get larger, and TRIM support is more critical to performance.
I'm glad Apple has introduced this. As of now, the snapshot API and others are not present, but now Apple is on parity with everyone else in the industry.
APFS isn't like ZFS or btrfs, but more like ReFS in the fact that it still requires a logical volume manager. It would be nice if it had RAID, but that is a minor item, compared to just getting rid of HFS+, which just had to be killed.
Some features I like:
The ability to encrypt volumes with multiple volume keys. It looks like it will be similar to Oracle's ZFS on Solaris, but the implementation can be completely different.
Snapshots. Something like zfs send and zfs send -i will be quite useful for backups.
Copy-on-write capability, which is useful for VMs.
Of course, it appears that Apple will be documenting and publishing the FS's specs in 2017, which will be even more useful for compatibility.
All and all, even though there is no RAID 5/RAID-Z, or LVM replacement, this is a heck of a lot better than what OS X/macOS has now.
Thanks. That goes a long way into addressing a major shortcoming in OS^WmacOS. Even though snapshots have no accessible API, at least this will be there eventually, so the box can get backed up via sends.
I really don't care for Siri, nor the fact that the computer will have to actively listen in 24/7 to support that. I was hoping for some under the hood improvements, like a new filesystem, better software RAID, iSCSI, a package management/repository system usable by third parties, so signed code and repos would be easy to add, so we wouldn't need ports, brew, or other third party stuff. Maybe even more blue-sky stuff like having root be a role like Solaris as opposed to an actual user, filesystem snapshots (something like btrfs send/zfs send), deduplication (since all Mac laptops are SSD based, might as well have an offline dedup process to help with storage), maybe even build in a ESXi compatibile hypervisor, so virtualization is baked in and usable without third party utilities, which adds to security.
I wish Apple would actually extend OS X to do more fundamental stuff, not 1-2 gewgaws.
The thing about MS. If they have a revenue drop, they just hike the price for Windows Server and other enterprise grade items, and come out ahead for that quarter.
Long term, it would be nice to see all machines have a tier 1 hypervisor, and a "dumb" console (virtual KVM) to interact with the VMs. QubesOS is a good example of this, but the ideal would be having the ability to have the virtual KVM run not just on the desktop, but servers as well.
Downside will be handling 3D graphics between the VM and a hardware GPU, but this isn't an impossible problem, especially if a mechanism like OnLive is used where the GPU processing is sent somewhere else, and the virtual KVM displays a high quality stream from that.
Problem is that the US isn't Australia. The US has a lot of different ethnic and racial groups, a lot of distrust for the government, and a history of just ignoring the law. The US also has firearms as part of the national culture.
My biggest concern with the talk about sweeping bans, "assault weapons" bans, bans on ammo, bans on having brass or a metal shop is that it will just result in another War on Drugs pogrom against the people, or another Prohibition where armed gangs then own turf on most city streets (and they are armed by definition, since that is where they make their cash.)
Say having an AR-15 becomes a felony. What's the difference between having that single shot AR, versus having one with a three position switch? Same amount of prison time. So, we will see more fully auto machine guns on the street because prison time is prison time. Right now, civilian weapons are one pull, one bang. Go too crazy with bans, and people will just do modifications so their one pull results in many bangs, as it would mean the same prison sentence.
Then there is enforcement. Search social media for pro-2A stuff and punish 2A supporters? MeWe will be more than happy to handle the people coming to it, and someone will spend the cash and make a completely encrypted social network with every participant having their own PGP/gpg key. Right now, everyone supports the police enforcing the law, even with firearms. Get people angry that they have to "hand them over", and police will have a far tougher job. There is a lot of angry talk on 2A sites.
So, what's the answer? Bans will just result in more sales, and enforcement is at best whack-a-mole no matter how many trillions go into it. Just the mention of a ban gets gun shops completely bought out to the bare shelves. Heck, some gun shops in my area are forced to close when there is a mass shooting, because they sell out of -everything-, down to the camo underwear. Even when bans are enacted, metal shops will ensure a steady supply of stuff for the black market.
The thing people never realize is that the gun issue is a symptom. Trying to stomp it out is like trying to push the needle of the speedometer to 0 if the brakes fail on one's car. The issues of fear, mistrust, xenophobia, racism, and hatred need to be addressed first, if any progress is to be made.
What we need is almost hypervisor level separation of the browser (and its add-ons) from everything else. This way, if something malicious gets into the browser's context, it couldn't get into the filesystem or memory space of the actual desktop. The closest to this is Qubes OS, or running the browser on a VM under a tier 2 hypervisor (or a tier 1, if you have a fast LAN connection and a decent remote desktop program.) Sandboxing is also an idea, like sandboxIE, but the best thing is complete isolation, OS kernel, filesystem, the works. This also allows an outside program to eyeball the browser's RAM space for malicious software signatures and put a kibosh on would-be rootkits.
I like having two NAS systems. One the primary, and one just for backups which either deduplicates (like a Data Domain appliance), or stashes deduplicated data (wherever the Veeam repo sits.) With snapshots on the primary for fast recovers should Locky come a knocking, this will help mitigate a ransomware threat. Of course, some form of offsite storage is a must, but one can use what works for them the best, be it tape, cloud, or maybe an external HDD that is used to dump critical files from the share, then gets stashed somewhere secure and offline.
Depends on how much data. At the low end, you can buy a NAS for $100-1000, like a Synology or QNAP model, add drives and attach it to AD or your LDAP server. From there, you can use S3, Azure, or another cloud storage provider for offsite storage. For additional peace of mind, have two NAS models, one whose job is to receive backups from the primary NAS, which provides for 3-2-1 backups (three copies, two on different media, one offsite) with S3. To boot, these NAS models offer encryption, so nothing hits the cloud in plaintext.
It isn't just backup software. It is implementation, and the 3-2-1 system, with inherent resistance to malware. Even if one doesn't use tape or cloud, devices like Isilons offer functionality like SmartLock which gives WORM functionality to a directory to ensure that snapshots remain around for a period of time, even if mayhem ensures everywhere else but a physical console.
With cloud backups, S3 isn't cheap, but it is decent for offsite storage, especially with so many client side encryption APIs available. Even Glacier can be useful for archived data, where it can be encrypted, shoved over, and forgotten about. Yes, it will be expensive to retrieve, but at least it is offsite.
The problem is that security and backups have no visible ROI in the eyes of most managers, so it always gets the hind teat. Until something breaks, that is.
Synology has an app that I use. It can go over the Internet, but I use it to directly connect via IP and dump the files when on the home Wi-Fi segment. The NAS isn't perfect (SynoLocker comes to mind as what can go wrong), but I'd rather store my data under my physical control, and if I do store anything offsite, it gets stashed encrypted, preferably with a keyfile, so an attacker has to brute force the entire keyspace.
This. Use FB for photos to be published, not for anything else. For everything else, there are many other ways to do it. I personally just use an app that dumps all the photos of my device to a NAS when I'm within Wi-Fi range (the NAS is firewalled away from the world), then the NAS does an encrypted backup offsite.
The last place I'd ever want to use for a photo storage place is FB, even if it is "free".
Makes me wonder if the Guarded Fabric/Shielded VMs in Hyper-V, coming in Windows Server 2016 is a definite answer to this type of attack, especially if it takes advantage of hardware RAM encryption in the latest AMD and Intel chipsets.
Not to praise MS, but it is interesting that they have a hardware based stack that might defend against this.
For advances, since IoT is coming at us like a crane falling down an alleyway, it would be nice for BT security to be improved. Toss E0, find a well tested cipher that works at low power, but has at least 256 bits, and a decent block size. Have pairing store a longer nonce, like at least 512 bits, so it can be used for a Diffie Hellman exchange for a session key, as well as having enough to have a unique IV. Of course, older devices and ones with less power may need a lesser algorithm, but part of the pairing process should be what each device can do, encryption-wise, so subsequent communications can't be "downgraded" with clients falling back to weaker encryption, unless that was initially specified in the pairing.
As for usefulness, if we can have Bluetooth be able to work with external hard drives at USB 2.0 speeds or better, that would be nice. No piggybacking off of Wi-Fi, ideally.
I have seen VDI used to keep criticial infrastructure walled off, so a compromised workstation is less of an issue.
I have also worked on having individual machines, which had zero net connectivity to the outside world, patches were done by WSUS, SCCM, software was pushed out via those means or VMWare ThinApp, and the only machines that the workstations could communicate with, were a RODC, software server, and a terminal server.
The terminal server allowed people to run their Web browsers via seamless RDP to pretty much any sites they felt like (within reason -- pr0n sites were blocked due to the legalities of sexual harassment, for example). This way, all the web browsing to external sites was done on a well controlled VM, and if it got compromised, malware couldn't propagate to the internal machines. This seemed like a good compromise between allowing users to browse the web when need be, while keeping security tight.
If one thinks about it, for messages and groups, USENET is ideal, when combined with websites to handle larger binary files. NNTP has quietly worked for decades now, and the only real thing it might need would be having an ISP sign messages just to make spam more difficult.
With E-mail for persistant messages, the Web for one's Wall, web forums or newsgroups for group discussion, XMPP or IRC for messaging, what is the point of a social network when we have existing tech doing the same exact thing for decades now?
I would say that Facebook's apps have lost their charm. It used to be that everyone played Farmville, then Candy Crush. Now, there there are not many people spending cash or asking for invites so they can get their cow over the fence.
The problem is that Facebook can't really sell something to its audience, as its audience are the product, not the customer. It can only sling enough ads, and suck up only a certain amount of data. They also don't have anything else specific to them except being the popular "watering hole".
Long term, once the advertising bubble hits a wall (i.e. there isn't anything to suck out on users to sell, especially in a recession), social networks will not a viable business model. Instead, what is viable, will be going back to a decentralized ISP model, similar to how E-mail is done.
Depends on the type of 2FA. Sites like Google and Amazon allow one to use a third party TKIP standard, which doesn't require any Internet access to generate a code. Of course the downside is making sure you have backups of the TKIP seeds, just in case you lose your 2FA device. I have an iPod Touch whose sole purpose in life is to keep a backup copy of those, just in case my smartphone gets swiped.
Next to keyfile hashes, I am personally partial to KeePass's generator, as it allows you to have custom password formatting and rules, as well as to allow keyboard/mouse input to be added to the randomness pool. This definitely cannot hurt when it comes to unpredictability.
I do similar, but I generated a keyfile with VeraCrypt that is 1k in length. From that keyfile, I take the file's hash.
Downside is that if a bad guy nabs that keyfile, my goose is cooked, but barring that, a SHA-256 hash for a password is good enough for most things.
There is also the fact that we don't know how well the data is secured. Unlike a cloud provider, if Cortana or a search process sends data to the mother ship about something sensitive, MS may not use it, but there is always the concern that they get compromised and someone now has that info about the new NX, with the exact SoC chip masks and other confidential items.
There is also the fact that MS may be coerced to forking that info over. For example, if something got uploaded to MS in the US, and Elbonia put the squeeze on MS, there isn't anything to stop MS handing any/all info they get to the Lower Elbonia Street Squad on a constant basis. Lawsuits? Between arbitration and EULA precedents, it would be almost impossible to actually get anything accomplished.
I wish there were another desktop that is viable in the enterprise. However, there isn't anything that is as manageable on a large scale as Windows, nor any management infrastructure that can scale up as high as AD/GPOs. Most likely, companies might have to move to VDI or block communication to MS, pushing out security updates via WSUS or SCCM.
AI seems to be one of those things that is always waiting in the wings, right next to the holographic storage drive, useful VR, 3D TV, memristors, flying cars, and the magic pill that you take that does the job as 12 hours of sleep.
In reality, the tech companies have not done much in the past 5-10 years. We have more cat picture sites, coupled with more intrusive ads, and consoles that can play the latest regurgitation of Call of Duty, but compared to the 1990s or 2000s where people started using computers or smartphones, this decade has had almost nothing useful happen in the way of day to day innovations.
Why can't tech companies use AI technology for some real things? Such as:
Making devices that can do a wireless mesh network for basic connectivity even if most towers are out. Bandwidth would suck, but at least one can communicate.
Using better security detection heuristics. If a computer notices a ton of .DOC files turned into .locky files, it stops the offending process, snapshots the .locky files, rolls back the .DOC files, and prompts the user if this is acceptable behavior.
Having a system to send ETAs. That way, when I am hopping in the car, other co-workers will have an accurate time when I'll be in the office, even factoring in a pit stop for some breakfast tacos.
Have a way to allow for statistics, but anonymize the results in a way where it is difficult for someone to track "Mr. X" to Joe Sixpack.
Factor in crime for heat maps in neighborhoods and for routes. If an area is a place rife with carjackings, steer clear of it. This would also be useful for real estate, especially accurate predictions in increase/decrease of it.
Create a menu, with input coming from what foods are good, and what might have issues, be it shortages, or taint in the food supply of an ingredient.
Something to filter E-mail into mailboxes (not just spam and not spam, but junk, stuff to peruse whenever, stuff to look at today, stuff to look at before the next coffee, and stuff that actually requires looking at right -now-.)
More interesting RTS games.
I wouldn't say the security problem is impossible... just when the monitor is unplugged, have all RAM get flipped to all 1s, then back to 0. Very quick, and would ensure that nothing is displayed that shouldn't be.
However, this is something that is really original. I would pay for a monitor that had its own GPU so the laptop wouldn't need as much silicon to power up and cool down.
I do wonder if this functionality should be in a docking station as well, think the PowerBook Duo, or the IBM docking station of yore that didn't just add ports, but added a PCI bus, an additional ISA (yes, this is antediluvian tech here) bus, two IDE bays, a video card, and so on.