It depends on area. Here in Austin, iPhones are commonplace. However, in more rural areas, Android tends to prevail since people might not qualify for 2 year contracts, so need something that works on a prepaid plan.
Android is less dominant in the US. However, overseas in Asia, Android phones are very inexpensive. They may not sport a Retina caliber display, but they will be decent and be able to run most apps, which is good enough. In some areas of the world, the Android phone might be someone's "main computer".
It may, but Apple has a ton of momentum. The time it would take to recode apps from Objective C to run on a Dalvik VM is incredible, because they have completely different UIs, system calls, manifest files, packaging, filesystems, document storage, and so on. This is why one sees Android apps being barely a shell around a Web browser going to a mobile site while iOS actually being a true, native Objective-C based program.
This market lockdown where devs cannot move code is another key in keeping iOS's ecosystem going. Developers can't really port between Android and iOS in any known and reliable fashion -- the two platforms are that disparate. If a developer decides to use a "shell" to run code, that works on Android, but Apple won't approve an app doing that.
This isn't saying that Android's market is going anywhere anytime soon. However, neither is the ecosystem for iOS.
I used to help run a Diku based MUD (CircleMUD OLC, Merc/Envy as the main engine) which did the remort thing as well. You have to be the top level (which was 30 back then [1].) Then you remorted to another class. You ended up level 1, but you had some abilities:
1: You had all your talents and practices.
2: You could use any weapons/armor -- no level restrictions.
3: You had your HP.
4: You gained an "emblem" which allowed you into areas where others who were not remorted couldn't enter, and the areas had better challenges/treasure/etc. This was before the days of raiding, so at best you had 5-6 people attempting a boss.
5: You got a few abilities, such as an "undo" button for a death every 24 hours. Since the penalty for a death back then was half your exp to the previous level, and possibly losing all your gear if you couldn't get to your corpse, dying hurt.
One could remort more than once to get access to other areas, as well as another class's abilities. (the MUD only had the four basic classes for simplicity reasons, but thief/rogue was extremely popular as a class just for the backstab ability as an opener.)
These days, maybe a MMO should do a variant of that -- if someone does a quest, they end up back at level 1, except with their HP/mana pools and the ability to wear gear of any level, and they end up with an item that is very powerful, something similar to the heirloom armor in WoW, but can last someone not just to end tier level, but perhaps even as a tier comparable to raid tier gear. Perhaps have it be a charm or trinket. To further add to it, perhaps allow subsequent remorts to further add stats to that item.
Yes, there will be people running 1-level cap multiple times to get full benefit from a "remort trinket", but it would keep the newbie areas busy, and help with the low level dungeons/battlegrounds.
[1]: There was argument that 30 was higher than the old-school AD&D standard of 20 where a character ended up a deity (and thus out of the player's hands as an NPC.) However, since old Merc 1.0 MUDs used 30, we stuck with that.
XP is over a decade old OS, and was written to patch some of Windows 2000's flaws, as well as add a DRM stack. Compating to other companies shows this age. Apple has long since gotten over System 9, anyone asking for a.out support in Linux would be laughed at, and someone asking Oracle for disktool support would be laughed off the phone.
XP's security is geared to fight against problems in early to mid 2000s. Time has moved on, and threats have moved from hacking a machine via the network to nailing a box via the Web browser or its addons.
Yes, Windows 7 may not run on older hardware (which is a valid reason to keep XP), but there is a point with old hardware where it burns too much energy/CPU to be viable. For those tasks, there is always P2V. The exception are some older games which just won't run right in an emulator.
If a site stops support for IE, there are always other Web browsers. Firefox and Chrome still work well on XP, perhaps Safari.
As for streaming apps, that is a cool concept. Basically combine VMWare Unity with Onlive's technology to have one Windows box on the network, and have others use that for all W32 code.
As for the topic at hand, I don't agree with MS cutting off W7 support so close.
Windows 8 is a definite UI change (and arguably a bigger step than going from Windows 3.1 to Windows 95 [1].) Because of that, W8 is going to not be adapted quickly by the enterprise (due to training costs), and consumers are also reluctant to change from their start button.
Of course, there is always an alternative to W8 if you are a college student or otherwise have access... Windows Server 2012 makes a decent desktop OS, and if you stick your applications on a separate volume [2], the deduplication ability is a nice thing to have.
[1]: It isn't that big a step, but Metro is definitely a different UI than is found on a desktop OS. The closest thing to it would be the four big panels found on the old PS/2 personal machines.
A good chunk that (if not almost all) goes for shipping, as well as to Vasco DigiPass GO6 which then is rebranded (adding extra cost).
If Blizzard wanted to make money from these, they could do very easily [1]. However, they don't.
I'm normally a critic of Blizzard, but IMHO, this is one area where they are doing something right, because two-factor authentication is a significant improvement in security.
As far as I know, this lawsuit is pointless. If one doesn't want to give Blizzard cash for an authenticator, the app that does the exact same thing is free on iOS and Android.
[1]: Phase out the apps, then require the physical authentication token to be attached to the account in order for the user to use the AH or trade with other players.
ESX/ESXi are very picky. If I were going to run that, I'd build a machine and hand-picking all devices from the hardware list, even the NICs, and disabling the ones on the MB.
However, VMWare Workstation is not very persnickety. It doesn't require SLAT, and it works on a wide range of machines. Plus, you can move machines to and from your vSphere cluster.
On a Mac, I highly recommend VMWare Fusion. The price is a lot less than VMWare Workstation, and it does come into handy.
#3 can be similar to #1 in the fact that it is crappy software, but I like doing Web browsing in a VM just because when I roll back to a snapshot, all changes/malware are gone. Especially if the Web browser is running as a user in the client OS. Yes, hypervisors can be penetrated, but it is a steep climb from user mode to admin rights, to punching through the hypervisor, to a useful context in the host machine. Not impossible, but a lot more difficult than running it as a user. This also provides me security from permanent cookies and other shared objects that might be left around. When the VM rolls back, all that is gone. Of course, this can be accomplished by other means like jails, but it is better than nothing.
4: This is similar to #2. I have some programs which I like keeping in their own environment for safekeeping, and that I will know that future hardware will be able to run the code. I have used programs that have became business critical, which ended up having problems with later OS releases. Take my Quickbooks installation. It resides in its own VM because I can shut the VM down on one machine, tote the physical HDD it is on to another, fire it up, and do work there. Backups are as simple as copying the virtual HDD image that holds just the documents (which is encrypted and automounted in the VM client OS,) to offsite storage every so often, or mounting the HD image, copying the files to a TC volume, and uploading the TC volume. Plus, this also gives me the ability to roll back to many times with automatic snapshots, so that is another backup layer which is useful.
5: Separation of tasks. Yes, I can use user accounts, but it is a decent way to be able to do work for one project, and keep everything related to that in one place.
I have a TV remote that, before it could be programmed, required one to create an account and spill the beans about everything about themselves in order to be able to use a single button. Want to reprogram something? Plug it in, install the software and re-log in.
Problem was solved by a VM, USB passthrough, a proxy, and fake info, however I'm not surprised that more things are going this route -- customer profiles and info is big cash to sell.
I wish I knew... I assume that it would be Linux friendly.
What would be an ideal is a ZTIC-like device as one offering, but if it requires a driver, perhaps an for a smartphone that uses OpenPGP packets over MMS might be passable. Since the app would use the phone's IP stack to communicate, it would be fairly secure, barring a compromise of the device.
Plus, since the app is only communicating with the bank, it could have the fingerprints of any public keys built in, so a compromised CA would have zero effect on the communications channel.
The best answer to this was IBM's ZTIC. The ZTIC is a simple device, and the KISS principle is important when it comes to security.
You plug it in to a USB port, it authenticates and has a direct secure channel to the bank regardless how compromised the computer it is plugged to might be.
Then, when you do a bank transaction, the ZTIC will pop up a display confirming the transaction, the parties involved, the direction, the time, and the amount. A transfer of a complete bank account to Nigeria is fairly obvious unless someone just blindly hits the "approve" button like the guy on the Drivetime commercial.
The worst malware can do is cut the path between the ZTIC and the bank's computers which means the transaction doesn't get confirmed and thus doesn't happen.
It would be nice if one could add a standardized encryption/signing layer on top of MMS (or SMS if one stitched together multiple messages.) That way, an app from the bank could look at incoming messages, verify they were genuine (regardless of what the phone number states), decrypt them with the user's key, and pass the authentication info to the user.
Fake SMS attempts would be detected/ignored, and an attacker able to get access to text messages wouldn't have the ability to decode them unless they also had access to the phone and the app's private key (which would be unique and generated on each device.)
Agreed. That is the one thing that needs some heavy duty engineering work (reliable tubing with valves that can sense leaks between sections and automatically cut off as well as cutting off when connecting/disconnecting.) However, if someone can make "smart pipes" which can do this without making messes in the server room, they will make a mint. It is a lot cheaper to plop a heat exchanger and use a building's chilled water supply than it is to use multiple CRACs.
The latest change I've seen to a desktop case was to use a netbook motherboard with an external power supply brick that plugs in. Yes, the box may have one 3.5" HDD and a full size optical drive, but there is a lot of wasted space in its ATX-sized format.
One reason why the cases are the size they are is due to the heat dumping requirements of modern CPUs. Even though cards have shrunk, HDDs have gone from 5.25" to 3.5", and to 2.5" in the enterprise, the CPU, GPU, and even RAM need the room freed up to get air past them.
Maybe the next step is a standard size desktop case paired with a standard way of doing liquid cooling with intelligent valves which can sense leaks and shut off as well as allow connects/disconnects with relative ease (and offer a high amount of disconnection/connection cycles.)
Combine liquid cooling and perhaps a passive backplane system (so we can move from video cards and motherboards to CPU cards, GPU cards, and I/O cards), and that would be a major advance in the every day workhorse desktop world.
Maybe even go to a passive backplane where the chassis itself that is made out of aluminum and steel stays put, while components can be swapped out as needed. New standard of connecting HDDs? Swap the bay out, but leave everything else. The I/O ports on the front need updated? Pull that module out and put in an updated one with the latest video port. Voltage goes from 120VAC to 340DC? Out comes the power supply and in goes a DC/DC converter.
People talk about environmentally friendly machines. However, the first thing that should be done is to minimize the use of plastic since that is much harder to recycle [1] as opposed to metal that can be relatively easily reused. Yes, a metal case is more expensive, but I've seen people reuse cases for generations of components.
After going with a metal case, the next thing is trying to minimize the use of PCB material, as that and chips can't be recycled. This is why it is better to go with a passive backplane computer so only the boards that are outdated would need replacing as opposed to complete systems.
Reduce, reuse, recycle. Reduce the amount of stuff that needs to be replaced at any given time. Reuse existing chassis and components, and minimize the amount of stuff that can't be recycled.
[1]: Plastics can be down-cycled, that is it. The only way to truly recycle plastic is to have a thermal depolymerization plant that boils the plastic back into short chain crude.
That is my only real complaint against it. For a phone, I am looking for a compact size with a decent, high resolution screen. I don't want a "phablet", I want something that stuffs in my pocket easily.
So far, the best device I had in the form factor department was the venerable Motorola CLIQ. The screen isn't as big as a Droid X's or an iPhone 5's, but the phone is small enough to comfortable go in a back pocket, and with a sliding keyboard, texting (or just using it as a UNIX terminal) was very easy to do. Why can't some phone maker keep that type of slider design and dimensions, add a better screen, a realistic amount of space (64 GB internal, with a spot for a MicroSD card), and updated specs across the board? Of course, this isn't the phone for everyone, but I'm sure some people don't mind the added thickness of a slider in return for better texting with a physical keyboard.
What I'd like to see is a cooperation between the Web browser, desktop UI, and OS. This would allow sites to make "trusted links" which use functionality similar to containers, or even complete virtual machines to ensure that the data is site-only, and is encapsulated.
For example, some mechanism puts a shortcut on the user's desktop that points to the Web browser. This is handled by the desktop UI in making sure when the icon is clicked that the OS and Web browser get fed the correct options.
Then, when the user clicks on it, the OS takes the instance of the Web browser, generates a random key (which only sits in RAM for that browser session), redirects all writes to a loop mounted container with the temporary encryption key, and limits/separates what other permissions that browser has. It would be nice if the OS had options that could limit what another application running as the same user can do to that process (such as examining its memory space, forcing it to dump core, etc.) In some sense, it runs the application as a different user, separated from everything else.
After doing jail and redirection, the main work is handled by the browser. It should limit the user to the site in question, with SSL a must, perhaps even limiting what SSL public keys are accepted (to protect against a compromised CA.)
The --onlythisdomain option would only allow anything in https://.mybank.com/* to be viewed. The --lockstuffdown option would disable everything else, bookmarks, browser extensions, the URL bar, and anything else that a user might confuse or mess up. The window would have a special border around it, etc. Once this browser instance is closed, it purges all data. Perhaps even having all data for the instance read/written to a different location and encrypted with a throwaway key.
Having dedicated apps is one thing, but that forces people to have to have stuff for each site instead of being able to access it via one universal tool. I don't miss the days of AOL or CIS when one needed either to log in via the terminal, or use their special client in order to access their services.
It can be asserted that running under a user is good enough.
However, the advantage of VM level isolation is that everything related to a project (apps, data, even OS modifications) are stashed in one place. This can be done with users to a limited degree, but being able to have the complete OS with everything needed to run a specific application stored in one place is important. If done right, the VM doesn't care what hardware it runs on, so a future computer that might be ARM but translates x86 opcodes will be able to run the VM.
Then, there is the fact that malware can phone home. Having it only be able to access and report about a VM gives an attacker less info than if it is able to find what users a remote site possesses on its machines.
At the extreme, the hard disks can go into a server that has 10GB ethernet cards, and one can use iSCSI from there. An advantage of this setup is the ability to run RAID, and with some commercial implementations, run backend deduplication.
Now that is something I wish laptop makers made -- a decent dock for their products. it doesn't have to be fancy like the old PowerBook Duo dock (which engulfed the laptop like a VCR did a VCR tape), but something like the old IBM Thinkpad docking station/port replicators. The older ones accepted almost any Thinkpad, and provided not just video and other ports, it actually provided IDE and PCI card buses, floppy disks, and other items.
We have more technologies in the past to allow for docking connectors to work with the thinner laptops made today. Apple's Lightning adapter changes what pins do what on the fly. It wouldn't be hard for a laptop maker to do similar so the dock adapter doesn't have to have 100+ pins to handle analog VGA video and such.
With how laptops have become desktop replacements in a lot of places, I'm amazed that docking stations are not more common. Just the ability to have a second hard disk in the dock which backs up data when the machine is plugged in would be very useful. Perhaps a more powerful video card in the dock for gaming as well. Of course, with a dock, there is the fact that you just set up the cabling and forget it. No need to plug and unplug a rat's nest in every time one needs to use the computer.
I have multiple virtual machines for various tasks, and it isn't just for security. It is also for separation of duties:
One VM runs Quickbooks. This is stored on a USB flash drive so I can do accounting on any machine, then physically lock up the drive when done. Unless a remote intruder is savvy enough to nail my machine while the VM is active, my Quickbooks data is fairly protected, since when it isn't in use, the external drive is stashed in a safe.
Another VM has Windows and some potential client information. I don't want this information to end up in my personal stuff, so it stays in the VM, and with the VM disks encrypted, all data stays protected regardless of where it sits.
A third VM is for anonymous Web browsing. It has sandboxie and other tools to make it difficult for malware to get out and about. Nothing is 100% secure, but unless there is a F0 0F like bug that can get something in ring 3 into ring 0 on x86, it does the job.
A fourth VM is used for Mozy/Carbonite/etc. It shares TrueCrypt volumes via CIFS which are mounted to other machines. This sounds roundabout, but it ensures that if the backup client got compromised, it wouldn't spread outside the VM, and the only data it works with is encrypted.
A fifth VM is what I use for GPG and documents. This is stashed on a USB flash drive, so when I'm done signing/decrypting files, the private keys are physically offline. Of course, a dedicated intruder can still get those, but it limits the avenues of attack.
VMs have a lot of advantages. I like using them for isolation so data done for a certain task stays in one place.
Very true, but the burden of proof is on the victim. A PII loss really means nothing to a company other than a couple articles of bad press. Sony came out of the PSN compromise unscathed. Other companies have had break-ins, and they are not the worse for wear for the incidents, regardless of how things are handled.
The only organizations which actually would be held to task for break-ins would be government stuff. A private company losing data is considered normal. A government agency losing the same data will get people up in arms.
That makes sense -- it also prolongs the cell life when just the AES key is zapped and only new data forces an erase, as opposed to overwriting every block when a ATA secure erase command is given.
Slashdot Mirror
It depends on area. Here in Austin, iPhones are commonplace. However, in more rural areas, Android tends to prevail since people might not qualify for 2 year contracts, so need something that works on a prepaid plan.
Android is less dominant in the US. However, overseas in Asia, Android phones are very inexpensive. They may not sport a Retina caliber display, but they will be decent and be able to run most apps, which is good enough. In some areas of the world, the Android phone might be someone's "main computer".
It may, but Apple has a ton of momentum. The time it would take to recode apps from Objective C to run on a Dalvik VM is incredible, because they have completely different UIs, system calls, manifest files, packaging, filesystems, document storage, and so on. This is why one sees Android apps being barely a shell around a Web browser going to a mobile site while iOS actually being a true, native Objective-C based program.
This market lockdown where devs cannot move code is another key in keeping iOS's ecosystem going. Developers can't really port between Android and iOS in any known and reliable fashion -- the two platforms are that disparate. If a developer decides to use a "shell" to run code, that works on Android, but Apple won't approve an app doing that.
This isn't saying that Android's market is going anywhere anytime soon. However, neither is the ecosystem for iOS.
I used to help run a Diku based MUD (CircleMUD OLC, Merc/Envy as the main engine) which did the remort thing as well. You have to be the top level (which was 30 back then [1].) Then you remorted to another class. You ended up level 1, but you had some abilities:
1: You had all your talents and practices.
2: You could use any weapons/armor -- no level restrictions.
3: You had your HP.
4: You gained an "emblem" which allowed you into areas where others who were not remorted couldn't enter, and the areas had better challenges/treasure/etc. This was before the days of raiding, so at best you had 5-6 people attempting a boss.
5: You got a few abilities, such as an "undo" button for a death every 24 hours. Since the penalty for a death back then was half your exp to the previous level, and possibly losing all your gear if you couldn't get to your corpse, dying hurt.
One could remort more than once to get access to other areas, as well as another class's abilities. (the MUD only had the four basic classes for simplicity reasons, but thief/rogue was extremely popular as a class just for the backstab ability as an opener.)
These days, maybe a MMO should do a variant of that -- if someone does a quest, they end up back at level 1, except with their HP/mana pools and the ability to wear gear of any level, and they end up with an item that is very powerful, something similar to the heirloom armor in WoW, but can last someone not just to end tier level, but perhaps even as a tier comparable to raid tier gear. Perhaps have it be a charm or trinket. To further add to it, perhaps allow subsequent remorts to further add stats to that item.
Yes, there will be people running 1-level cap multiple times to get full benefit from a "remort trinket", but it would keep the newbie areas busy, and help with the low level dungeons/battlegrounds.
[1]: There was argument that 30 was higher than the old-school AD&D standard of 20 where a character ended up a deity (and thus out of the player's hands as an NPC.) However, since old Merc 1.0 MUDs used 30, we stuck with that.
Devil's advocate here:
XP is over a decade old OS, and was written to patch some of Windows 2000's flaws, as well as add a DRM stack. Compating to other companies shows this age. Apple has long since gotten over System 9, anyone asking for a.out support in Linux would be laughed at, and someone asking Oracle for disktool support would be laughed off the phone.
XP's security is geared to fight against problems in early to mid 2000s. Time has moved on, and threats have moved from hacking a machine via the network to nailing a box via the Web browser or its addons.
Yes, Windows 7 may not run on older hardware (which is a valid reason to keep XP), but there is a point with old hardware where it burns too much energy/CPU to be viable. For those tasks, there is always P2V. The exception are some older games which just won't run right in an emulator.
If a site stops support for IE, there are always other Web browsers. Firefox and Chrome still work well on XP, perhaps Safari.
As for streaming apps, that is a cool concept. Basically combine VMWare Unity with Onlive's technology to have one Windows box on the network, and have others use that for all W32 code.
As for the topic at hand, I don't agree with MS cutting off W7 support so close.
Windows 8 is a definite UI change (and arguably a bigger step than going from Windows 3.1 to Windows 95 [1].) Because of that, W8 is going to not be adapted quickly by the enterprise (due to training costs), and consumers are also reluctant to change from their start button.
Of course, there is always an alternative to W8 if you are a college student or otherwise have access... Windows Server 2012 makes a decent desktop OS, and if you stick your applications on a separate volume [2], the deduplication ability is a nice thing to have.
[1]: It isn't that big a step, but Metro is definitely a different UI than is found on a desktop OS. The closest thing to it would be the four big panels found on the old PS/2 personal machines.
[2]: Can't deduplicate the OS volume.
A good chunk that (if not almost all) goes for shipping, as well as to Vasco DigiPass GO6 which then is rebranded (adding extra cost).
If Blizzard wanted to make money from these, they could do very easily [1]. However, they don't.
I'm normally a critic of Blizzard, but IMHO, this is one area where they are doing something right, because two-factor authentication is a significant improvement in security.
As far as I know, this lawsuit is pointless. If one doesn't want to give Blizzard cash for an authenticator, the app that does the exact same thing is free on iOS and Android.
[1]: Phase out the apps, then require the physical authentication token to be attached to the account in order for the user to use the AH or trade with other players.
ESX/ESXi are very picky. If I were going to run that, I'd build a machine and hand-picking all devices from the hardware list, even the NICs, and disabling the ones on the MB.
However, VMWare Workstation is not very persnickety. It doesn't require SLAT, and it works on a wide range of machines. Plus, you can move machines to and from your vSphere cluster.
On a Mac, I highly recommend VMWare Fusion. The price is a lot less than VMWare Workstation, and it does come into handy.
I have a couple reasons that I use VMs.
#3 can be similar to #1 in the fact that it is crappy software, but I like doing Web browsing in a VM just because when I roll back to a snapshot, all changes/malware are gone. Especially if the Web browser is running as a user in the client OS. Yes, hypervisors can be penetrated, but it is a steep climb from user mode to admin rights, to punching through the hypervisor, to a useful context in the host machine. Not impossible, but a lot more difficult than running it as a user. This also provides me security from permanent cookies and other shared objects that might be left around. When the VM rolls back, all that is gone. Of course, this can be accomplished by other means like jails, but it is better than nothing.
4: This is similar to #2. I have some programs which I like keeping in their own environment for safekeeping, and that I will know that future hardware will be able to run the code. I have used programs that have became business critical, which ended up having problems with later OS releases. Take my Quickbooks installation. It resides in its own VM because I can shut the VM down on one machine, tote the physical HDD it is on to another, fire it up, and do work there. Backups are as simple as copying the virtual HDD image that holds just the documents (which is encrypted and automounted in the VM client OS,) to offsite storage every so often, or mounting the HD image, copying the files to a TC volume, and uploading the TC volume. Plus, this also gives me the ability to roll back to many times with automatic snapshots, so that is another backup layer which is useful.
5: Separation of tasks. Yes, I can use user accounts, but it is a decent way to be able to do work for one project, and keep everything related to that in one place.
Detroit has one thing that a lot of states are in desperate need of:
Water.
A lot of factories need fresh water, so locating near the Great Lakes does make sense. Anywhere else in the US risks water shortages.
I have a TV remote that, before it could be programmed, required one to create an account and spill the beans about everything about themselves in order to be able to use a single button. Want to reprogram something? Plug it in, install the software and re-log in.
Problem was solved by a VM, USB passthrough, a proxy, and fake info, however I'm not surprised that more things are going this route -- customer profiles and info is big cash to sell.
I wish I knew... I assume that it would be Linux friendly.
What would be an ideal is a ZTIC-like device as one offering, but if it requires a driver, perhaps an for a smartphone that uses OpenPGP packets over MMS might be passable. Since the app would use the phone's IP stack to communicate, it would be fairly secure, barring a compromise of the device.
Plus, since the app is only communicating with the bank, it could have the fingerprints of any public keys built in, so a compromised CA would have zero effect on the communications channel.
The best answer to this was IBM's ZTIC. The ZTIC is a simple device, and the KISS principle is important when it comes to security.
You plug it in to a USB port, it authenticates and has a direct secure channel to the bank regardless how compromised the computer it is plugged to might be.
Then, when you do a bank transaction, the ZTIC will pop up a display confirming the transaction, the parties involved, the direction, the time, and the amount. A transfer of a complete bank account to Nigeria is fairly obvious unless someone just blindly hits the "approve" button like the guy on the Drivetime commercial.
The worst malware can do is cut the path between the ZTIC and the bank's computers which means the transaction doesn't get confirmed and thus doesn't happen.
It would be nice if one could add a standardized encryption/signing layer on top of MMS (or SMS if one stitched together multiple messages.) That way, an app from the bank could look at incoming messages, verify they were genuine (regardless of what the phone number states), decrypt them with the user's key, and pass the authentication info to the user.
Fake SMS attempts would be detected/ignored, and an attacker able to get access to text messages wouldn't have the ability to decode them unless they also had access to the phone and the app's private key (which would be unique and generated on each device.)
Agreed. That is the one thing that needs some heavy duty engineering work (reliable tubing with valves that can sense leaks between sections and automatically cut off as well as cutting off when connecting/disconnecting.) However, if someone can make "smart pipes" which can do this without making messes in the server room, they will make a mint. It is a lot cheaper to plop a heat exchanger and use a building's chilled water supply than it is to use multiple CRACs.
The Droids are great, except that I use a GSM provider...
The latest change I've seen to a desktop case was to use a netbook motherboard with an external power supply brick that plugs in. Yes, the box may have one 3.5" HDD and a full size optical drive, but there is a lot of wasted space in its ATX-sized format.
One reason why the cases are the size they are is due to the heat dumping requirements of modern CPUs. Even though cards have shrunk, HDDs have gone from 5.25" to 3.5", and to 2.5" in the enterprise, the CPU, GPU, and even RAM need the room freed up to get air past them.
Maybe the next step is a standard size desktop case paired with a standard way of doing liquid cooling with intelligent valves which can sense leaks and shut off as well as allow connects/disconnects with relative ease (and offer a high amount of disconnection/connection cycles.)
Combine liquid cooling and perhaps a passive backplane system (so we can move from video cards and motherboards to CPU cards, GPU cards, and I/O cards), and that would be a major advance in the every day workhorse desktop world.
Maybe even go to a passive backplane where the chassis itself that is made out of aluminum and steel stays put, while components can be swapped out as needed. New standard of connecting HDDs? Swap the bay out, but leave everything else. The I/O ports on the front need updated? Pull that module out and put in an updated one with the latest video port. Voltage goes from 120VAC to 340DC? Out comes the power supply and in goes a DC/DC converter.
People talk about environmentally friendly machines. However, the first thing that should be done is to minimize the use of plastic since that is much harder to recycle [1] as opposed to metal that can be relatively easily reused. Yes, a metal case is more expensive, but I've seen people reuse cases for generations of components.
After going with a metal case, the next thing is trying to minimize the use of PCB material, as that and chips can't be recycled. This is why it is better to go with a passive backplane computer so only the boards that are outdated would need replacing as opposed to complete systems.
Reduce, reuse, recycle. Reduce the amount of stuff that needs to be replaced at any given time. Reuse existing chassis and components, and minimize the amount of stuff that can't be recycled.
[1]: Plastics can be down-cycled, that is it. The only way to truly recycle plastic is to have a thermal depolymerization plant that boils the plastic back into short chain crude.
That is my only real complaint against it. For a phone, I am looking for a compact size with a decent, high resolution screen. I don't want a "phablet", I want something that stuffs in my pocket easily.
So far, the best device I had in the form factor department was the venerable Motorola CLIQ. The screen isn't as big as a Droid X's or an iPhone 5's, but the phone is small enough to comfortable go in a back pocket, and with a sliding keyboard, texting (or just using it as a UNIX terminal) was very easy to do. Why can't some phone maker keep that type of slider design and dimensions, add a better screen, a realistic amount of space (64 GB internal, with a spot for a MicroSD card), and updated specs across the board? Of course, this isn't the phone for everyone, but I'm sure some people don't mind the added thickness of a slider in return for better texting with a physical keyboard.
What I'd like to see is a cooperation between the Web browser, desktop UI, and OS. This would allow sites to make "trusted links" which use functionality similar to containers, or even complete virtual machines to ensure that the data is site-only, and is encapsulated.
For example, some mechanism puts a shortcut on the user's desktop that points to the Web browser. This is handled by the desktop UI in making sure when the icon is clicked that the OS and Web browser get fed the correct options.
Then, when the user clicks on it, the OS takes the instance of the Web browser, generates a random key (which only sits in RAM for that browser session), redirects all writes to a loop mounted container with the temporary encryption key, and limits/separates what other permissions that browser has. It would be nice if the OS had options that could limit what another application running as the same user can do to that process (such as examining its memory space, forcing it to dump core, etc.) In some sense, it runs the application as a different user, separated from everything else.
After doing jail and redirection, the main work is handled by the browser. It should limit the user to the site in question, with SSL a must, perhaps even limiting what SSL public keys are accepted (to protect against a compromised CA.)
Why not have it be a shortcut (in Windows), or a list of command line options (in UNIX)? For example:
$browser --onlythisdomain mybank.com --lockstuffdown
The --onlythisdomain option would only allow anything in https://.mybank.com/* to be viewed. The --lockstuffdown option would disable everything else, bookmarks, browser extensions, the URL bar, and anything else that a user might confuse or mess up. The window would have a special border around it, etc. Once this browser instance is closed, it purges all data. Perhaps even having all data for the instance read/written to a different location and encrypted with a throwaway key.
Having dedicated apps is one thing, but that forces people to have to have stuff for each site instead of being able to access it via one universal tool. I don't miss the days of AOL or CIS when one needed either to log in via the terminal, or use their special client in order to access their services.
It can be asserted that running under a user is good enough.
However, the advantage of VM level isolation is that everything related to a project (apps, data, even OS modifications) are stashed in one place. This can be done with users to a limited degree, but being able to have the complete OS with everything needed to run a specific application stored in one place is important. If done right, the VM doesn't care what hardware it runs on, so a future computer that might be ARM but translates x86 opcodes will be able to run the VM.
Then, there is the fact that malware can phone home. Having it only be able to access and report about a VM gives an attacker less info than if it is able to find what users a remote site possesses on its machines.
At the extreme, the hard disks can go into a server that has 10GB ethernet cards, and one can use iSCSI from there. An advantage of this setup is the ability to run RAID, and with some commercial implementations, run backend deduplication.
Now that is something I wish laptop makers made -- a decent dock for their products. it doesn't have to be fancy like the old PowerBook Duo dock (which engulfed the laptop like a VCR did a VCR tape), but something like the old IBM Thinkpad docking station/port replicators. The older ones accepted almost any Thinkpad, and provided not just video and other ports, it actually provided IDE and PCI card buses, floppy disks, and other items.
We have more technologies in the past to allow for docking connectors to work with the thinner laptops made today. Apple's Lightning adapter changes what pins do what on the fly. It wouldn't be hard for a laptop maker to do similar so the dock adapter doesn't have to have 100+ pins to handle analog VGA video and such.
With how laptops have become desktop replacements in a lot of places, I'm amazed that docking stations are not more common. Just the ability to have a second hard disk in the dock which backs up data when the machine is plugged in would be very useful. Perhaps a more powerful video card in the dock for gaming as well. Of course, with a dock, there is the fact that you just set up the cabling and forget it. No need to plug and unplug a rat's nest in every time one needs to use the computer.
It depends on the task at hand:
I have multiple virtual machines for various tasks, and it isn't just for security. It is also for separation of duties:
One VM runs Quickbooks. This is stored on a USB flash drive so I can do accounting on any machine, then physically lock up the drive when done. Unless a remote intruder is savvy enough to nail my machine while the VM is active, my Quickbooks data is fairly protected, since when it isn't in use, the external drive is stashed in a safe.
Another VM has Windows and some potential client information. I don't want this information to end up in my personal stuff, so it stays in the VM, and with the VM disks encrypted, all data stays protected regardless of where it sits.
A third VM is for anonymous Web browsing. It has sandboxie and other tools to make it difficult for malware to get out and about. Nothing is 100% secure, but unless there is a F0 0F like bug that can get something in ring 3 into ring 0 on x86, it does the job.
A fourth VM is used for Mozy/Carbonite/etc. It shares TrueCrypt volumes via CIFS which are mounted to other machines. This sounds roundabout, but it ensures that if the backup client got compromised, it wouldn't spread outside the VM, and the only data it works with is encrypted.
A fifth VM is what I use for GPG and documents. This is stashed on a USB flash drive, so when I'm done signing/decrypting files, the private keys are physically offline. Of course, a dedicated intruder can still get those, but it limits the avenues of attack.
VMs have a lot of advantages. I like using them for isolation so data done for a certain task stays in one place.
Very true, but the burden of proof is on the victim. A PII loss really means nothing to a company other than a couple articles of bad press. Sony came out of the PSN compromise unscathed. Other companies have had break-ins, and they are not the worse for wear for the incidents, regardless of how things are handled.
The only organizations which actually would be held to task for break-ins would be government stuff. A private company losing data is considered normal. A government agency losing the same data will get people up in arms.
That makes sense -- it also prolongs the cell life when just the AES key is zapped and only new data forces an erase, as opposed to overwriting every block when a ATA secure erase command is given.
Faster as well.