Which PGP executable? I've never encountered his work not building when I used PGP in the past (before GnuPG came out.) Even RSAREF would work.
PRZ stuck his neck on the line from the get-go way back when Congress was in the process of codifying laws to completely ban cryptography wholesale in the US, or only allow backdoored implementations like Clipper/Skipjack to be used. He spent years twisting on the wind of the ITAR lawsuit.
You have to trust someone; and he is one of the few people in the industry who has shown they deserve that trust.
Even if the endpoints encrypt data, encrypted data going through one central point is still at risk. Even though it can't be read, it can be tampered with, possibly DoS-ed. At the minimum, an attacker can eventually do traffic analysis and figure out who is communicating to whom.
The physical car example:
You don't drive an armored car with your gold in it via a depot in Spokane every time you want to make a deposit to the bank.
That is ironic, but I can see it making sense. First it was device convergence, where the camera, USB flash drive, PDA, pager, cell phone, and MP3 player were rolled into one. Now we separate devices due to security issues. That way, the cell phone has no access to the documents on the camera, and the tablet has no access to what the text messages are.
Maybe a saner model might be to use a trusted proxy server for all traffic, have a capable enough OS on the device so an app does not get access to photos or contacts if explicitly authorized, and use multiple Web browsers. For example, I use one browser which auto-purges itself for general stuff, another browser for YouTube watching, and a third for anything I want to keep around.
Even though SELinux and AppArmor provide limits on executables so something that has full root really doesn't, I will agree with you on the general point.
In the 1980s, we had many CPU architectures, with many varying bit lengths from 4 bits on up.
Come the 1990s and 2000s, we ended up with a fairly limited set of CPU architectures in the mainstream. Basically, ARM, x86, x86 with AMD 64 bit extensions, Itanium, SPARC, and POWER.
Yes, they are "good enough". However, these architectures were either designed for speed or squeezing the maximum performance out of every watt of energy used. Security is an afterthought.
I do agree that we need to start from scratch with a new CPU architecture designed from the ground up for security. Real security as stated above -- a microkernel and a proper message passing architecture. Perhaps we might even go on a limb and use the Harvard architecture so there is no way that data can ever be executed as code by accident, ever.
The reason we got to the mess we are in, are two things:
First, the "good enough" fallacy. x86 is cheap, so might as well use that, even though a future F0 0F bug, or even worse, a bug that allows escalation to ring 0 from ring 3 can be possible. Similar with ARM, ARM has "worlds" support which can have stuff run not just on different access levels on the same CPU, but split the security sensitive code to a completely separated, virtual CPU. However, few companies actually bother using this.
Second is the mantra of "security has no ROI/Geek Squad can clean up the mess" which has been the norm in companies. It is far cheaper to sweep the mess under the rug than actually do stuff the right way.
I'm sad to say, but this will keep going on. CPU architectures with security as an afterthought will continue to be the norm. If there is a "cyber-9/11", the only things that will change at a hardware level are added DRM stacks and backdoors, not actual security.
That is exactly the same problem general desktop computing has. The OS is secure, the hardware is secure, it is the poorly engineered browser addons (and sometimes browsers) which bring the system to its knees from a security persepective.
Yes, this embedded OS is secure, but what gives me the ability to trust it? Old Cold War tensions aside, if someone hands me a lock and says, "trust me, its secure", that doesn't give me much assurance. Having source code available for peer review (even if it is commercial like PGP's source) would go a long way in assuring.
Otherwise, I don't see that much improvement between what it offers, and Linux's AppArmor/SELinux. I do like the fact that writes can be redirected elsewhere which isn't a part of any UNIX OS, but if need be, that functionality could be sort of cobbled together by making a snapshot and having a clone be a new filesystem.
What will give the Surface life or kill it are the availability of apps. Both consumer level stuff (like stuff like Angry Birds), as well as enterprise level Exchange support, Office support, and so on.
Right now, the iPad has three generations of a head start, a well established app ecosystem, apps that are usable in a business environment, and good Exchange support. MS has a lot of ground to cover.
That is why one uses RAID 6 with lower tier drives and hot spares.
Lower tier drives (SATA) need RAID 6 and hot spares, because it takes a long time (days) to rebuild a failed drive, which leaves a large window for another drive failure to happen.
Upper tier drives (FC/SSD) are far faster, so the window of vulnerability is a lot less, so RAID 5 is more useful. Even then, it doesn't hurt to have a hot spare, so no tech is needed in case of a drive failure. You jusr change out the failed drive at one's relative leisure.
If you buy drives from the same batch, you might end up with one issue nailing your whole array.
If you buy from different batches or makers, you have to contend with drive firmwares (some arrays may not support some revisions), drive brands, the fact that drive maker's 2TB drive isn't the same exact size as another maker's 2TB drive, and so on.
On the high end, this isn't usually a problem because drives specced for VNX or DS SANs tend to be enterprise grade with some semblance of a warranty, and someone will have their goose cooked if that tier of storage flops.
I'd rather just go with the same batch, than deal with the firmware issues, especially on lower end controllers.
Ages ago (early 1990s), there used to be a system like that for Macs. Aim one transceiver at an area (such as a wall or ceiling), aim another one at the same area, and they would notify you with a LED when the connection was working.
Just have little directional device from each host, have them all point at one area, and be done with it. If two devices just want to communicate with each other, find another piece of paper to aim them at.
I agree there. It did get a bit fantastic that one random human could do better than a complete alien race, but the suspension of disbelief for what the human was going to do against the upcoming enemy was something I was looking for.
Of course, as for the name David, I forgot to list David Eddings. Very classic fantasy.
Even with faster stopping, there will be those who deliberately jump in front of cars in order to get hit, hopefully to score a big jury verdict.
The solution -- a camera that turns on and records encounters with pedestrians, bicyclists, etc, with a timer in place. That way, if there is a wreck, there is documented proof that the other party jaywalked or violated traffic laws.
Of course, if it is the car's fault, it will be documented as well, but assuming a fully automatic vehicle which obeys all traffic signals, it likely won't be the vehicle that caused the collision.
Asimov goes without saying. I'd say his writings were great, but were positive -- the dystopian hellholes most people write about start to get boring.
Lots of Heinlein. Some of his works are better than others.
Michael Moorcock fantasy novels. Definitely in their own genre, and other than the core anti-hero, they are not the usual "it is all shades of grey" or "everyone is the 'good guy' and it is all just a misunderstanding" that we see in modern fiction.
Piers Anthony was a common read, although not for philosophical reasons -- his stuff was pretty much pure entertainment.
Raymond E. Feist for a good fantasy world.
Terry Brooks, although some argue that his works were too close to Tolkein's.
Keith Laumer for the Bolo series.
Harry Harrison deserves a mention, similar with Cordwainer Smith (Linebarger's alias).
Finally, there was one author who wrote a start of a book series about someone going from CEO to fantasy styled shapeshifting warrior on an alien world [1] whose culture was in peril, so summoned the protagonist as their champion. I think the author name was Gary Palmer, and I have zero clue what the book title was. To my recollection, it was extremely well read, and the way the hero "won" by channeling anger instead of being crushed by despair was fairly unique. I really wish I knew the book title.
[1]: Sounds a lot like Avatar, I know... but was decades before Cameron's work.
It looks like one of the best things to do for E-mail storage so backups are kept "in the cloud", but protected would be to have a large TrueCrypt volume on a box.net or Dropbox drive. In that volume would be someone's archived mail spool info, either the directories from Thunderbird, or PST files from Outlook.
Of course, contention issues come into play if one wants to access archived mail from multiple machines. Windows does not have a cluster file system (allowing multiple machines to mount the same LUN and use it), Linux has GFS2, and BSD/Solaris, clustering is built into ZFS so multiple boxes can mount a TC volume without getting in each other's way. Of course, then comes the application issues... I'm sure MS didn't design Outlook to be able to deal with multiple instances accessing the same PST at the same time.
If this was really a concern, probably the best answer would be to run your own mailserver with its own SSL key, encrypted hard disks, third party SMTP relay (to get around the dynamic IP blocks), and DynDNS functionality.
Very true. However, the Congresscritters who would be mandating a DRM chip in each and every 3D printer (just like the V-chip in TVs) don't know/don't care about that fact. This would be used as a hot button issue so that 3D printers are yanked out of the hands of hobbyists, and only able to be used by larger firms.
Any type of technology along these lines, be it the printing press, the original phonograph, tape recorders, DATs, MP3 players, has had its makers fight extreme resistance to their existance.
3D printers are more of the same. DRM isn't surprising, and it will be championed upon the fear of bad guys printing firearms (of course the small detail of barrel pressures will not be mentioned) to get this through Congress as a law, and the patent holder of this will make a mint, since 3D printer makers would have to buy their DRM scheme.
We saw this before... SDMI and digital signatures with music around 2000 or so.
If there is a way to have secure boot accept one's own keys, or just be turned OFF, it is fine with me.
However, with a machine that uses a TPM chip and some sort of filesystem encryption, secure boot is redundant, other than the fact that the kernel is pre-signed rather than signed/sealed by the individual chip.
TPM was done right, where it was shipped disabled. However, it won't take much for the next rev of Windows to force x86 machines to only allow MS keys and remove the ability to turn Secure Boot off, just like the ARM boxes do now.
Interopability, yes. However, if MS uses it as a means for transporting DRM protected content, the DMCA clause that allows reverse engineering goes completely out the window, the same way that FairPlay interception when an iPod syncs was blocked by Apple.
Then there is the patent aspect. Interoperability stops where patents begin, and it wouldn't be hard for MS to make a slew of patents around the protocol. Individuals might be able to work around it, but there would be no commercial solutions to allow non "blessed" devices to operate,unless the company making it they could peel back each patent, one, by one.
Of course, part of the protocol could be dynamic updates similar to what is done with Blu-Ray content protection, so every couple months an update can make devices that are not "blessed" not work.
Combine the DMCA and active patent litigation, and it will be incredibly hard to make anything interoperate with Exchange, other than on the fringes similar to the mod chips for consoles.
Not that I wish MS would do this. I'm being a devil's advocate here, mentioning the ace in the hole MS has in their hand.
I'd not call it Trojaned advice [1], but something that can be done, and with potential devastating results to the market.
I don't knock microsoft in this department. They some good products. I was genuinely sorry to see the URGE store go away because it didn't just peddle music, but actually had band and album reviews and some discussion. However, what MS needs is not something like Kinect, but something that opens up a completely new market.
This likely would happen in the enterprise, where you have relatively few PHBs spend millions of dollars as opposed to lots of people spending a C-note.
One idea might be a "SAN in a can", using a specialized Windows version to not just provide snapshots and deduplication like Windows Server 2012 offers, but the ability to replicate at the block level (both synchronously for LAN replicas and asynchronously for WAN mirroring.) Essentially take most the functionality of a CLARiiON or VNX array and put it into software that can run on a PC, which isn't anywhere near as fast as a storage processor, but can do a lot of useful features, especially with Hyper-V and trying to run neck and neck with EMC/VMWare. That would be MS's thing... it wouldn't be as shiny as a new smartphone, but it would be something the enterprise would be top dollar for.
[1]: Personally, I'm not happy with any of the players in the smartphone market. Each has their own wants, and all of them have their motives.
Microsoft already has a stranglehold in one market, and that is anything enterprise related. Anything E-mail related has to work flawlessly with Exchange.
Same with AD. Even Linux installations end up having to have some form of AD compatibility if they are to be allowed in the data center.
After the data center, Microsoft does still control the desktop. We don't consider desktops that much, since there are tons of other devices, but MS is slowly clenching its fist. First was product activation. Now, Windows logo machines have to have UEFI boot, and anything ARM based have to have UEFI boot, and no way to turn it off to boot any other OS. I wouldn't be surprised that in a future version of Windows, x86 joins the ARM platform at being Windows-only in order to sport a logo.
Of course, don't think Microsoft is out of the phone arena. I mentioned this a few weeks ago. MS can completely wrest control of most of the smartphone market in a few steps:
1: Create a protocol that supersedes ActiveSync. This protocol would be copyrighted, patented, trademarked, and IP protected many ways. It would also be used for protected content and documents as well. That justifies DMCA protection.
2: Justify to PHBs and Federal regulators why this new protocol is more secure, in effort to get people to move to this. On the other end, drop support for ActiveSync as much as possible, similar to how IP over IEEE1394 met its end in Windows Server 2008.
3: License the protocol out as need be. Apple likely would license it. Everyone else would be left out in the cold.
4: Actively go after anyone reverse engineering the protocol under the WIPO/DMCA guidelines (since it is used for DRM.) DMCA would be a hammer used against individuals, patent violations for larger organizations.
5: No "?????" needed. MS would own the enterprise smartphone market, lock/stock/barrel. The only thing MS might have to deal with is the EU (and they can always make a version of Exchange just for that geographic region), but in the US, this would completely shut down Android from the enterprise now and in the future.
I think there will eventually be a backlash. For example on cars, people don't want to control the whole vehicle workings on a touchscreen which requires looking at. They want buttons so the radio's volume can be adjusted without taking the eyes off the road.
As for keylocks, anyone who watches YouTube sees the automatic locks getting defeated left and right. At least a purely mechanical lock that is of decent security requires some manual dexterity to open, and picking a lock for more than a few seconds becomes very noticable. (I personally prefer Evva or Abloy cylinders, but Medeco3 or Mul-T-Lock [1] are decent as well.)
Of course, it is cooler to have everything electronic, from the lock on the door to the water valves... however, most people wouldn't care to upgrade, and even the most intrusive government isn't going to pay for those upgrades. I can see this in high rise apartments where being able to cut off hot water might be useful for the management company for PR reasons.
Mul-T-Lock is nice because you can order additional functionality, such as being able to "rekey" twice by sticking in a second key which moves a ball bearing out of the pin stick. Another item is the ability to have one key which can only lock, another key which can only unlock. Of course, the ability to have one key lock out another set on a temporary basis is nice.
We did have flash drives back in '97. I had a full size PCMCIA card made by SunDisk (not SanDisk) that I used as additional storage with my laptop. This was before CF cards (then SD) cards became the standard for cameras.
Some things have changed. Instead of E-mail lists and mutt, we have Facebook.
I would say the biggest change would be MP3 players. We had tablets (GriDpads) and other stuff, but MP3 players really didn't get started until after the Rio versus RIAA fight, then definitely when Apple entered the market.
I love your ideas. I'd do one thing different: I'd take the hot loop and a Sterling engine to make rotational force to not just drive the pump, but a compressor. This would provide the cooling needed for a house wide air conditioning system.
The reason I'd go that route over an absorption fridge is that absorption systems are very fussy. Get one off level, and the rust inhibiter, sodium chromate, will cook out and form solids, which will not just plug up the lines, but with it not being in the liquid, the pipes will corrode and spring pinhole leaks... requiring a complete cooling system replacement. This is something learned the hardway by RV-ers, and why people end up replacing absorption fridges with inverters, solar panels/charge controllers, beefed up battery banks, and dorm fridges.
There is also the fact that hydrogen builds up. One can search for "Norcold fire" and find out what big disasters a relatively small modification (a slightly bigger heating element) can possibly cause.
I don't know if Einstein cycle refrigerators would be any better, as they use butane as a gas instead of hydrogen.
What I'm hoping for is more advances in supercap batteries that store energy physically, not chemically, or general battery advances so we can get close to gasoline in energy stored per volume. If we can get a battery that has 1/10 the energy of gasoline by volume and so it safely, the world will be a drastically different place.
There is one problem with that argument. It takes tools to make things. No power means no saws, no working tools, no means of smelting metal to replace stuff that wears out (the tools of today are nowhere near as good as hand tools made 20 years ago), no transportation (since all metal alloying is done in China.) Give a city in the US three days without trucks coming in, and the food riots will start. One week later, and you will see gangs ransacking homes when they can, and people whom they can't get to, they will burn to the ground.
The people that have a chance at surviving are people outside a 100-150 mile radius of large cities -- far enough away that walking and bicycling are impossible for people who have no access to food.
Slashdot Mirror
I'd write up yet another diatribe about guilty until proven innocent, but that is par for the course these days.
Isn't this what TLS is for, or am I mistaken? TLS is a connection level encryption protocol.
On the individual IP packet level, there is IPSec, but that tends to be mainly used in Windows domains.
Which PGP executable? I've never encountered his work not building when I used PGP in the past (before GnuPG came out.) Even RSAREF would work.
PRZ stuck his neck on the line from the get-go way back when Congress was in the process of codifying laws to completely ban cryptography wholesale in the US, or only allow backdoored implementations like Clipper/Skipjack to be used. He spent years twisting on the wind of the ITAR lawsuit.
You have to trust someone; and he is one of the few people in the industry who has shown they deserve that trust.
Even if the endpoints encrypt data, encrypted data going through one central point is still at risk. Even though it can't be read, it can be tampered with, possibly DoS-ed. At the minimum, an attacker can eventually do traffic analysis and figure out who is communicating to whom.
The physical car example:
You don't drive an armored car with your gold in it via a depot in Spokane every time you want to make a deposit to the bank.
That is ironic, but I can see it making sense. First it was device convergence, where the camera, USB flash drive, PDA, pager, cell phone, and MP3 player were rolled into one. Now we separate devices due to security issues. That way, the cell phone has no access to the documents on the camera, and the tablet has no access to what the text messages are.
Maybe a saner model might be to use a trusted proxy server for all traffic, have a capable enough OS on the device so an app does not get access to photos or contacts if explicitly authorized, and use multiple Web browsers. For example, I use one browser which auto-purges itself for general stuff, another browser for YouTube watching, and a third for anything I want to keep around.
Even though SELinux and AppArmor provide limits on executables so something that has full root really doesn't, I will agree with you on the general point.
In the 1980s, we had many CPU architectures, with many varying bit lengths from 4 bits on up.
Come the 1990s and 2000s, we ended up with a fairly limited set of CPU architectures in the mainstream. Basically, ARM, x86, x86 with AMD 64 bit extensions, Itanium, SPARC, and POWER.
Yes, they are "good enough". However, these architectures were either designed for speed or squeezing the maximum performance out of every watt of energy used. Security is an afterthought.
I do agree that we need to start from scratch with a new CPU architecture designed from the ground up for security. Real security as stated above -- a microkernel and a proper message passing architecture. Perhaps we might even go on a limb and use the Harvard architecture so there is no way that data can ever be executed as code by accident, ever.
The reason we got to the mess we are in, are two things:
First, the "good enough" fallacy. x86 is cheap, so might as well use that, even though a future F0 0F bug, or even worse, a bug that allows escalation to ring 0 from ring 3 can be possible. Similar with ARM, ARM has "worlds" support which can have stuff run not just on different access levels on the same CPU, but split the security sensitive code to a completely separated, virtual CPU. However, few companies actually bother using this.
Second is the mantra of "security has no ROI/Geek Squad can clean up the mess" which has been the norm in companies. It is far cheaper to sweep the mess under the rug than actually do stuff the right way.
I'm sad to say, but this will keep going on. CPU architectures with security as an afterthought will continue to be the norm. If there is a "cyber-9/11", the only things that will change at a hardware level are added DRM stacks and backdoors, not actual security.
That is exactly the same problem general desktop computing has. The OS is secure, the hardware is secure, it is the poorly engineered browser addons (and sometimes browsers) which bring the system to its knees from a security persepective.
Yes, this embedded OS is secure, but what gives me the ability to trust it? Old Cold War tensions aside, if someone hands me a lock and says, "trust me, its secure", that doesn't give me much assurance. Having source code available for peer review (even if it is commercial like PGP's source) would go a long way in assuring.
Otherwise, I don't see that much improvement between what it offers, and Linux's AppArmor/SELinux. I do like the fact that writes can be redirected elsewhere which isn't a part of any UNIX OS, but if need be, that functionality could be sort of cobbled together by making a snapshot and having a clone be a new filesystem.
What will give the Surface life or kill it are the availability of apps. Both consumer level stuff (like stuff like Angry Birds), as well as enterprise level Exchange support, Office support, and so on.
Right now, the iPad has three generations of a head start, a well established app ecosystem, apps that are usable in a business environment, and good Exchange support. MS has a lot of ground to cover.
That is why one uses RAID 6 with lower tier drives and hot spares.
Lower tier drives (SATA) need RAID 6 and hot spares, because it takes a long time (days) to rebuild a failed drive, which leaves a large window for another drive failure to happen.
Upper tier drives (FC/SSD) are far faster, so the window of vulnerability is a lot less, so RAID 5 is more useful. Even then, it doesn't hurt to have a hot spare, so no tech is needed in case of a drive failure. You jusr change out the failed drive at one's relative leisure.
It is a Scylla/Charybdis scenario.
If you buy drives from the same batch, you might end up with one issue nailing your whole array.
If you buy from different batches or makers, you have to contend with drive firmwares (some arrays may not support some revisions), drive brands, the fact that drive maker's 2TB drive isn't the same exact size as another maker's 2TB drive, and so on.
On the high end, this isn't usually a problem because drives specced for VNX or DS SANs tend to be enterprise grade with some semblance of a warranty, and someone will have their goose cooked if that tier of storage flops.
I'd rather just go with the same batch, than deal with the firmware issues, especially on lower end controllers.
Ages ago (early 1990s), there used to be a system like that for Macs. Aim one transceiver at an area (such as a wall or ceiling), aim another one at the same area, and they would notify you with a LED when the connection was working.
Just have little directional device from each host, have them all point at one area, and be done with it. If two devices just want to communicate with each other, find another piece of paper to aim them at.
I agree there. It did get a bit fantastic that one random human could do better than a complete alien race, but the suspension of disbelief for what the human was going to do against the upcoming enemy was something I was looking for.
Of course, as for the name David, I forgot to list David Eddings. Very classic fantasy.
Even with faster stopping, there will be those who deliberately jump in front of cars in order to get hit, hopefully to score a big jury verdict.
The solution -- a camera that turns on and records encounters with pedestrians, bicyclists, etc, with a timer in place. That way, if there is a wreck, there is documented proof that the other party jaywalked or violated traffic laws.
Of course, if it is the car's fault, it will be documented as well, but assuming a fully automatic vehicle which obeys all traffic signals, it likely won't be the vehicle that caused the collision.
Religious texts aside, very similar here:
Asimov goes without saying. I'd say his writings were great, but were positive -- the dystopian hellholes most people write about start to get boring.
Lots of Heinlein. Some of his works are better than others.
Michael Moorcock fantasy novels. Definitely in their own genre, and other than the core anti-hero, they are not the usual "it is all shades of grey" or "everyone is the 'good guy' and it is all just a misunderstanding" that we see in modern fiction.
Piers Anthony was a common read, although not for philosophical reasons -- his stuff was pretty much pure entertainment.
Raymond E. Feist for a good fantasy world.
Terry Brooks, although some argue that his works were too close to Tolkein's.
Keith Laumer for the Bolo series.
Harry Harrison deserves a mention, similar with Cordwainer Smith (Linebarger's alias).
Finally, there was one author who wrote a start of a book series about someone going from CEO to fantasy styled shapeshifting warrior on an alien world [1] whose culture was in peril, so summoned the protagonist as their champion. I think the author name was Gary Palmer, and I have zero clue what the book title was. To my recollection, it was extremely well read, and the way the hero "won" by channeling anger instead of being crushed by despair was fairly unique. I really wish I knew the book title.
[1]: Sounds a lot like Avatar, I know... but was decades before Cameron's work.
It looks like one of the best things to do for E-mail storage so backups are kept "in the cloud", but protected would be to have a large TrueCrypt volume on a box.net or Dropbox drive. In that volume would be someone's archived mail spool info, either the directories from Thunderbird, or PST files from Outlook.
Of course, contention issues come into play if one wants to access archived mail from multiple machines. Windows does not have a cluster file system (allowing multiple machines to mount the same LUN and use it), Linux has GFS2, and BSD/Solaris, clustering is built into ZFS so multiple boxes can mount a TC volume without getting in each other's way. Of course, then comes the application issues... I'm sure MS didn't design Outlook to be able to deal with multiple instances accessing the same PST at the same time.
If this was really a concern, probably the best answer would be to run your own mailserver with its own SSL key, encrypted hard disks, third party SMTP relay (to get around the dynamic IP blocks), and DynDNS functionality.
Very true. However, the Congresscritters who would be mandating a DRM chip in each and every 3D printer (just like the V-chip in TVs) don't know/don't care about that fact. This would be used as a hot button issue so that 3D printers are yanked out of the hands of hobbyists, and only able to be used by larger firms.
Any type of technology along these lines, be it the printing press, the original phonograph, tape recorders, DATs, MP3 players, has had its makers fight extreme resistance to their existance.
3D printers are more of the same. DRM isn't surprising, and it will be championed upon the fear of bad guys printing firearms (of course the small detail of barrel pressures will not be mentioned) to get this through Congress as a law, and the patent holder of this will make a mint, since 3D printer makers would have to buy their DRM scheme.
We saw this before... SDMI and digital signatures with music around 2000 or so.
If there is a way to have secure boot accept one's own keys, or just be turned OFF, it is fine with me.
However, with a machine that uses a TPM chip and some sort of filesystem encryption, secure boot is redundant, other than the fact that the kernel is pre-signed rather than signed/sealed by the individual chip.
TPM was done right, where it was shipped disabled. However, it won't take much for the next rev of Windows to force x86 machines to only allow MS keys and remove the ability to turn Secure Boot off, just like the ARM boxes do now.
Interopability, yes. However, if MS uses it as a means for transporting DRM protected content, the DMCA clause that allows reverse engineering goes completely out the window, the same way that FairPlay interception when an iPod syncs was blocked by Apple.
Then there is the patent aspect. Interoperability stops where patents begin, and it wouldn't be hard for MS to make a slew of patents around the protocol. Individuals might be able to work around it, but there would be no commercial solutions to allow non "blessed" devices to operate,unless the company making it they could peel back each patent, one, by one.
Of course, part of the protocol could be dynamic updates similar to what is done with Blu-Ray content protection, so every couple months an update can make devices that are not "blessed" not work.
Combine the DMCA and active patent litigation, and it will be incredibly hard to make anything interoperate with Exchange, other than on the fringes similar to the mod chips for consoles.
Not that I wish MS would do this. I'm being a devil's advocate here, mentioning the ace in the hole MS has in their hand.
I'd not call it Trojaned advice [1], but something that can be done, and with potential devastating results to the market.
I don't knock microsoft in this department. They some good products. I was genuinely sorry to see the URGE store go away because it didn't just peddle music, but actually had band and album reviews and some discussion. However, what MS needs is not something like Kinect, but something that opens up a completely new market.
This likely would happen in the enterprise, where you have relatively few PHBs spend millions of dollars as opposed to lots of people spending a C-note.
One idea might be a "SAN in a can", using a specialized Windows version to not just provide snapshots and deduplication like Windows Server 2012 offers, but the ability to replicate at the block level (both synchronously for LAN replicas and asynchronously for WAN mirroring.) Essentially take most the functionality of a CLARiiON or VNX array and put it into software that can run on a PC, which isn't anywhere near as fast as a storage processor, but can do a lot of useful features, especially with Hyper-V and trying to run neck and neck with EMC/VMWare. That would be MS's thing... it wouldn't be as shiny as a new smartphone, but it would be something the enterprise would be top dollar for.
[1]: Personally, I'm not happy with any of the players in the smartphone market. Each has their own wants, and all of them have their motives.
Microsoft already has a stranglehold in one market, and that is anything enterprise related. Anything E-mail related has to work flawlessly with Exchange.
Same with AD. Even Linux installations end up having to have some form of AD compatibility if they are to be allowed in the data center.
After the data center, Microsoft does still control the desktop. We don't consider desktops that much, since there are tons of other devices, but MS is slowly clenching its fist. First was product activation. Now, Windows logo machines have to have UEFI boot, and anything ARM based have to have UEFI boot, and no way to turn it off to boot any other OS. I wouldn't be surprised that in a future version of Windows, x86 joins the ARM platform at being Windows-only in order to sport a logo.
Of course, don't think Microsoft is out of the phone arena. I mentioned this a few weeks ago. MS can completely wrest control of most of the smartphone market in a few steps:
1: Create a protocol that supersedes ActiveSync. This protocol would be copyrighted, patented, trademarked, and IP protected many ways. It would also be used for protected content and documents as well. That justifies DMCA protection.
2: Justify to PHBs and Federal regulators why this new protocol is more secure, in effort to get people to move to this. On the other end, drop support for ActiveSync as much as possible, similar to how IP over IEEE1394 met its end in Windows Server 2008.
3: License the protocol out as need be. Apple likely would license it. Everyone else would be left out in the cold.
4: Actively go after anyone reverse engineering the protocol under the WIPO/DMCA guidelines (since it is used for DRM.) DMCA would be a hammer used against individuals, patent violations for larger organizations.
5: No "?????" needed. MS would own the enterprise smartphone market, lock/stock/barrel. The only thing MS might have to deal with is the EU (and they can always make a version of Exchange just for that geographic region), but in the US, this would completely shut down Android from the enterprise now and in the future.
I think there will eventually be a backlash. For example on cars, people don't want to control the whole vehicle workings on a touchscreen which requires looking at. They want buttons so the radio's volume can be adjusted without taking the eyes off the road.
As for keylocks, anyone who watches YouTube sees the automatic locks getting defeated left and right. At least a purely mechanical lock that is of decent security requires some manual dexterity to open, and picking a lock for more than a few seconds becomes very noticable. (I personally prefer Evva or Abloy cylinders, but Medeco3 or Mul-T-Lock [1] are decent as well.)
Of course, it is cooler to have everything electronic, from the lock on the door to the water valves... however, most people wouldn't care to upgrade, and even the most intrusive government isn't going to pay for those upgrades. I can see this in high rise apartments where being able to cut off hot water might be useful for the management company for PR reasons.
Mul-T-Lock is nice because you can order additional functionality, such as being able to "rekey" twice by sticking in a second key which moves a ball bearing out of the pin stick. Another item is the ability to have one key which can only lock, another key which can only unlock. Of course, the ability to have one key lock out another set on a temporary basis is nice.
We did have flash drives back in '97. I had a full size PCMCIA card made by SunDisk (not SanDisk) that I used as additional storage with my laptop. This was before CF cards (then SD) cards became the standard for cameras.
Some things have changed. Instead of E-mail lists and mutt, we have Facebook.
I would say the biggest change would be MP3 players. We had tablets (GriDpads) and other stuff, but MP3 players really didn't get started until after the Rio versus RIAA fight, then definitely when Apple entered the market.
I love your ideas. I'd do one thing different: I'd take the hot loop and a Sterling engine to make rotational force to not just drive the pump, but a compressor. This would provide the cooling needed for a house wide air conditioning system.
The reason I'd go that route over an absorption fridge is that absorption systems are very fussy. Get one off level, and the rust inhibiter, sodium chromate, will cook out and form solids, which will not just plug up the lines, but with it not being in the liquid, the pipes will corrode and spring pinhole leaks... requiring a complete cooling system replacement. This is something learned the hardway by RV-ers, and why people end up replacing absorption fridges with inverters, solar panels/charge controllers, beefed up battery banks, and dorm fridges.
There is also the fact that hydrogen builds up. One can search for "Norcold fire" and find out what big disasters a relatively small modification (a slightly bigger heating element) can possibly cause.
I don't know if Einstein cycle refrigerators would be any better, as they use butane as a gas instead of hydrogen.
What I'm hoping for is more advances in supercap batteries that store energy physically, not chemically, or general battery advances so we can get close to gasoline in energy stored per volume. If we can get a battery that has 1/10 the energy of gasoline by volume and so it safely, the world will be a drastically different place.
There is one problem with that argument. It takes tools to make things. No power means no saws, no working tools, no means of smelting metal to replace stuff that wears out (the tools of today are nowhere near as good as hand tools made 20 years ago), no transportation (since all metal alloying is done in China.) Give a city in the US three days without trucks coming in, and the food riots will start. One week later, and you will see gangs ransacking homes when they can, and people whom they can't get to, they will burn to the ground.
The people that have a chance at surviving are people outside a 100-150 mile radius of large cities -- far enough away that walking and bicycling are impossible for people who have no access to food.