I'm sure some company could make a good income from mods.
For example, take a game like NWN1 or NWN2 which allows not just for single player modules, but persistant worlds. Develop the backend so that the game company can provide a server backbone and the PW designers upload their areas and global scripts, and/or allow connections to private servers. The key is giving not just the ability to add customizable scripts (such as having an object be able to cross PWs with its own scripts attached like Enserric), but to also allow the usual database of a character, mobs, and objects to be extended as the PW makers see fit.
How can this make a company money?
1: The initial client. 2: Expansion packs of additional tiles, monsters, routines, spells, etc. 3: Use of the multi-player network. 4: Use of servers similar to mudhosting.net so PW designers do not have to keep their own boxes online. 5: Commercial modules. 6: If a PW maker wants to charge a small fee, they can have the revenue go through the software maker. 7: Websites for PWs, so if a PW wants to give players a way to show statistics/quest progression/achievements, that is possible.
Will this be a blockbuster? Nope. Steady income source over time? Yes. To boot, this model minimizes the need for DRM other than a CD key to get on the online servers.
I can't figure out how they calculate piracy. Are they taking the number of people on a torrent swarm and extrapolating?
In any case, this looks to be a cheap sell of consoles. Consoles are great for game companies. With updates, they can bang out beta-quality code, call it a release, and patch it to a late-beta stage, then start work on the next project, perhaps tossing a DLC bone, if they don't make most of the game requiring paid DLC anyway.
I say, if the likes of EA and Ubisoft wants to exit the PC market, don't let the door hit them in the derriere on the way out. GOG is making good money, Steam games are doing fine, Apple's App Store is doing A-OK, and I'm sure Microsoft's application store will be profitable for both MS and independent developers. I'm sure there will be some software company that will be the next ID or Origin who can deliver something cool, given time.
1: Most major roads have not been upgraded since the 1970s, with the last real traffic improvement being done in '95 (183).
2: A ton of various driving styles, due to people coming from all backgrounds.
3: Drunk/drugged drivers due to multiple universities in the area (UT, TSU, even A&M sometimes.)
4: Very unforgiving roads in the city core. Run a light, and you might get hit by a train.
5: Lots of semis that act as radio wave blockers.
6: Lots of techies, a lot of which tend to run jammers just for grins.
Austin is a good real world test. If this trial can survive the people drinking Bud Light out of a tap off their dashboard, it can survive almost anything but a Middle Eastern country.
At the 50GB level, that is where this service becomes useful. For maximum security, I'd create a TrueCrypt volume, stuff all the stuff needing to go into the archive into it, gpg sign the volume, and upload the volume and its signature. That would mean 50 cents a month indefinitely, but at the minimum, if the upload is successful, Amazon would be storing the data on a SAN with at least RAID 5 or 6 on the backend.
Of course, with a Blu-Ray burner, I can spend a couple bucks and burn the data onto BD-R media to store indefinitely.
For business critical data, perhaps the best thing would be both burning a local copy to optical media, then uploading a TC container to AWS. This allows recovery in a lot more circumstances. This way, one doesn't need to sit there waiting for stuff to get readied, then download, but if there are no working local copies, the data is still accessible.
Very true. However, a lot of root exploits use a procedure where one uses ADB in debug mode, pushes a binary onto the machine, said binary manages to get root, then you subsequently push the Superuser APK and the su binary into place. Few apps tend to have access to anything outside the Dalvik VM, much less the ability to run native ARM code on the Linux kernel.
Definitely not disagreeing with you, as there are one click roots that are apps downloaded, but generally, for an app to get outside its privs, it has to get outside the VM, then find a root-level exploit.
That is my fear as well. I wouldn't be surprised if in the future, there would be hardware DRM stacks built from the CPU upward to only allow apps and "authorized" content to be able to be used on a device. Right now, with OS X and Windows 8, one can throw a switch and use what they want to, executable wise. However, that switch can easily disappear in a future rev of the OS.
There used to be a Web forum product called Beehive (not sure on its status these days) which had this as a feature. A spammer or troll could spew all they wanted to, and if the "worm mode" bit was set, only they could see their postings -- nobody else.
For a constant troll, I'd say go for it. For a hit and run spammer who really just wants to get stuff on the board and then run off, I'd say don't bother; they won't be back on that account most likely.
There is an app for Android called LBE Privacy Guard which goes exactly that, where the app thinks it has the perms it wants... but doesn't.
There is a similar app for jailbroken iPhones called PMP (Protect My Privacy). If an unauthorized app wants contacts, PMP will give gibberish, same with music. That way, the app thinks it is having a field day uploading data.
I am leery about reviews. The app I mentioned had five stars, and a ton of positive reviews. However, if you looked at the reviews, they were stuff like "Game play great!" [sic], or other pithy, fake reviews. One had to dig through a ton of the fake positives in order to find the one star "SMS spammer" items.
You would be surprised how easy it would be to get stung by this by an average user [1].
A couple months ago, I was browsing for a couple games. Looked at the game, and it demanded every right under the sun. Of course, it didn't get the second install click.
However, it was a game with an icon that was the logo for a popular game show, so it looked "legit" enough to a user. Most Android users are not the top tier IT people who know exactly what an app should and should not be doing. They tend to see an app, tap it, and go from there.
All and all, the Android permissions are working fine. The app couldn't do much to hide in the system, so someone removing the device admin and then the app resulted in a cleanup. Had the app had root, it could insert itself into a lot more places.
The problem is that whomever is the curator of the app store [2] in question. There really needs to be at least two tiers with some warning about entering into Mordor for the second tier. Android needs to have default stores like Amazon's that apps are vetted to a strict code before they hit the store. Not just checked with a scanner like the Bouncer, but put up to a higher tier of rules than the free-for-all of the present Google Play store. The reason for the higher standard is to minimize the "developer banned at 9:00, app is back in the store at 10:00 under a different name", which was not uncommon.
Android is great (and it can be argued that the OS is more secure than iOS when compared side to side [3]); it just needs a beefy gatekeeper enforcing a proper dress code. iOS's security would be significantly weakened without an active gatekeeper, and Apple has done a good job at keeping the nasties out of the Apple ecosystem.
[1]: The Dancing Bunnies "hole" has defeated many security systems.
[2]: I wasn't sure if it is Google or what, so using "app store" as a generic term. App Store would likely mean Apple's offering.
[3]: iOS depends on the "jail" system completely. A rooted Android device does not lessen any security, unless the user decides to let an app through via "Superuser" that shouldn't have root.
Very true. I was assuming that the OP already had both the tape drive, as well as the interface card (which even a low-end SAS card will be a few C-notes), not to mention a high speed server because tape drives will get very unhappy if they don't get their full bandwidth when reading/writing (good old "shoe-shining", the bane of all backup admins everywhere.) Of course, one can buy a Tandberg LTO-5 with Thunderbolt for an interface, but that will be a good chunk as well.
Eventually, I plan to spring for a tape drive myself. Yes, hard drives are inexpensive, but in no way are they backup media. You can tell this by the media warranties, one year on most HDDs versus lifetime on tapes. As of now, Blu-Ray optical media sort of fills in the gap, with the sweet spot being the 25 gig disks that can be bought for $1 or so apiece in some places, although copying off a terabyte NAS can take a good while, especially if one makes sure to use a backup product that allows for redundant media [1] so if a disk is bad, there is still a good chance of recovering everything completely.
Another advantage of tapes when used with a backup program is that malware has to be especially tailored to access the tape, even if it is something as simple as triggering a "mt erase". Even then, one can buy WORM tapes to ensure that even that will not erase data. Plus, once the tape is on the shelf and the read-only switch is flicked, virtually nothing can alter the data on the tape barring physical access, or a low-level reflash of the tape drive's microcode to get it around the write block.
[1]: Probably the backup program that has stood the test of time, where I can still find stuff I copied back in the late 1990s is WinRAR. I've had files with some corruption, but because I saved them with recovery records, I was able to completely recover all data stored. Definitely worth the cash, especially for the archive segmenting and recovery record functionality, and it does pretty well on OS X and Linux if one is good at the command line. I break up a large share into segments which go onto BD-R or DVD media, and so far this has done OK for long term archives.
I still use tapes today, and I think they would be nice for home use since I can pick up LTO-3 tapes for about $15 a pop, and LTO-5 tapes for around $42 each.
However, if one thinks a tape can be a random access device, they need to think again. Tapes are great for making sure data is copied somewhere safely, and once the read/write switch is flipped, that the data stays safe.
My recommendation: Keep the tape drive for backups, but go with two mirrored drives, or some other RAID configuration (other than RAID 0) to minimize the impact of a HDD failure.
There are a number of people who gain from moving stuff to the cloud:
Cloud providers for one. They can charge rates near the cost of a full fledged data center [1], and they really have no responsibilities for security or backups. Security breaches can be hushed with the finger pointed at the client. Legal action? If someone finds something sue-able, good luck getting past the binding arbitration clause which essentially sue-proofs the cloud provider. Of course, don't forget that if/when that cloud provider goes under, the next owner has full and unrestricted access to the server data (the data from Borders being bought out by B&N comes to mind). Far less scrupulous organizations can buy the servers too. PII? Here is the magnet link, hope someone cares enough to keep the seed going.
PHBs without any ITIL or other basic IT experience love the cloud. It means that someone else shoulders things and keeps staff small. Plus, it isn't their responsibility should data get lost or a security breach happen. By the time blame actually gets assigned, the breach would be forgotten about.
Blackhats love the cloud. Imagine having access to the backend hard drives of hundreds of businesses, all at once. Just sit back and copy anything relevant, or if bored with a business, start altering some figures on stored documents so that company faces big penalties from the IRS or the EU. If an intruder really hates the cloud provider, it doesn't take much to drop all backend LUNs, stored snapshots, and replications.
ISPs love the cloud. They can also watch the bits fly past, not to mention the bandwidth costs for businesses relying on the cloud.
Of course, the cloud has its uses. However, once someone gets an encryption key management framework in place, an ability to have known good backups, yadda, yadda, with the bandwidth charges and charges for fatter pipes to and from the cloud service, it might be far cheaper to just have a data center.
[1]: Regardless of where the servers are located, a company has to buy them to host locally, or is going to pay someone else's cost to have them in their facility. The cost of the server will be paid for, somehow.
Taking that a step further, there are a lot of appliances in a house that don't take that much wattage. A 400-500 watt solar panel system, a MPPT controller [1], a bank of deep-cycle AGM batteries, and a decent inverter could keep low wattage appliances going, such as electric shavers, smartphone chargers, laptop chargers, perhaps a TV or audio system.
There are a lot of RV boondockers who can run their whole rig, everything but the air conditioner, microwave, and engine with a similar setup.
Of course, the higher current appliances will still need grid access, such as the washer and dryer, dishwasher, electric stove, HVAC system, but it will help deal with the low draw items.
Since most chargers use small amounts of current even when nothing is plugged in or the device is fully charged, it wouldn't hurt to have them on their own circuit that is off a battery bank and not on the grid. As a bonus, with a good PSW inverter, even if there are surges and spikes from the power grid, those items wouldn't be affected.
[1]: Yes, a MPPT controller is more expensive than a PWM controller, but you can use higher voltage solar panels which helps with electricity loss over the wires. It also helps ensure the best charging voltage for the battery bank.
I always have a concern about the "hit by a bus" item, and where I work, I rather have all my documentation available for someone replacing than accidently leave the fact that I am looking at trips on Saturdays to head to.
Browsing history? Easy fix. Plug in a drive, use sandboxie, and redirect it there. Then when having to leave, unplug drive and erase that. All the stuff needed on the workstation is still there, but private browsing stuff is well sequestered away.
Thanks. That, I've already done. However, the main reason I want a "blessed" USB drive from Apple is more for ancient sysadmin reasons -- you always install the OS from "trusted" media, which usually means pressed CDs (no burns.)
It doesn't mean that much, but it ensures that if there is malware, it came from the OS maker's factory as opposed to someone slipping in a bogus disk. (Not to say this can't be done, but it is a lot harder with pressed media.)
With all the malware tools becoming available for Windows and Mac, perhaps Linux, I wonder if this will encourage people to move to lesser known platforms that would function just as well.
Moving to a non-mainstream CPU and OS would stop most malware in its tracks. Making sure that cross-platform items like Java are either not run, or are run in a chrooted, jailed space, perhaps as a different user, might also be the par for the course.
Hmm... time to see where I put the old Indy and see if Chromium or Firefox would port to IRIX without some substantial effort or rewriting... Barring that, there are always some old POWER5 boxes on eBay with graphical consoles, as well as SPARC boxes.
Maybe it is time to go back to the days of Solaris for being on the Internet.
I came from EQ1, and even though there were times WoW was slightly grindy (you couldn't just easily hop from quest to quest in some level ranges, but you could always see about nailing an instance), but truly difficult, I'd probably beg to differ.
EQ1 then was truly hard, especially raids where if you wiped, you had the risk of losing every single piece of gear you owned. In fact, you kept multiple stashes just so you were not naked after a botched Fear raid. Just getting the raid in the zone was extremely difficult. Of course, if you died too many times, you couldn't even enter the zone where the corpses were. Even getting to endgame levels, you ended up on a waiting list so you could get into a Guk or Highkeep goblin group.
What WoW brought was the ability to be absolutely antisocial in every way whatsoever, but still have a path to getting gear. In EQ1, someone who was a real putz would get a bad reputation real fast, and even getting to level cap would be rendered impossible, much less getting endgame gear or seeing anything past Lower Guk.
Some of the most successful raid guilds I've been on (and this is in WoW, EQ1, and EQ2) were groups of friends who excelled at two abilities -- focusing and communication. After those two things, strats is a third, gear is a fourth, and class selection after that.
I've had guilds do dipstick stress tests before, where they toss a recruit into a dungeon or raid that the app would be horrifically undergeared for and see if the person ragequits or bellyaches beyond the norm. If the new person does complain past a certain threshold, they find another recruit.
IMHO, EQ1 has had some of the more annoying stuff removed (mobs actually leash now, so trains are not as large as in the past, and the addition of a combat state allows for faster regeneration of mana/HP when resting.)
I still keep a sub to it. You are not handed levels on a silver platter, you still have to work for them. However there is a lot of content to go to for exploration and grinding, and with a merc, it isn't too bad to go and do stuff.
I'd say for MMOs, EQ1 has improved the most. It still is "old school", but if someone used to WoW or other MMOs sat and got used to the old graphics engine, they could "get" it and eventually get raiding without issue.
SSL by itself is secure. However, it would be nice to have it allow to be implemented in a WoT fashion similar to PGP/gpg.
This way, I go to my banks's site. I'm 100% sure that the key is genuine because that is what shows up, and that the bank prints the fingerprint of the key for people to see when visting a branch. So, I sign the bank's key.
I go to another site. The key for the server is unknown, but I have 2-3 semi-trusted CAs all agree that the key is whom it is supposed to be. The threshold I set allows the SSL transaction.
I go to a third site, one CA says the key is OK, but nobody has zero clue about it. The threshold set will warn the connection is encrypted, but untrusted. Since it is just the listings for when the local vomitorium is open, the risk is acceptable.
The fourth site, a friend signed the key, but completely distrusting it. The Web browser refuses to go to the site, or if allowed to, shows that anything from there is suspect. A link leads to a discussion on this. After several people mention this on another forum, the owners of the site with the bad cert find that their DNS server was compromised as well as the CA they were using.
I wish SSL had this functionality in it. Since it is a superset of having root keys and a CA hierarchy, existing stuff would work. A compromised CA's damage would be greatly limited.
I'm definitely going to upgrade when I get home. Worst case, I reload a TM backup, or copy over my home directory sans the TM ACLs and go back to what I'm doing.
I do hope Apple makes a USB flash drive with the Lion install image on it eventually.
One thing I will say about OS X: Of all the operating systems I've used except some Linux distros [1], OS X is one of the few that can do a major version upgrade [2] without leaving too much cruft behind. Most operating systems (especially Windows), I just save off all data and an image, erase the drives, and install from scratch, so I don't get oddball issues later on due to obsolete config files or other items. So far, for a machine I hammer on daily, I've not had to reinstall my OS X box, while Windows ends up getting some issue like being unable to download fixes come Path Tuesday that can't be fixed in any other way than a reload or a new service pack install.
[1]: RedHat ones are essentially a pile of RPMs at a certain date, so an upgrade of RHEL, Fedora or CentOS can be just changing a version number in/etc/redhat-release, running yum upgrade, and rebooting when done.
[2]: Even though they are all 10.x, if it is a minor version number increment, I do consider it a major version change due to fundamentals in the OS being different, like inetd being killed for launchd, etc.
Maybe one answer is OATH. Yubikeys support that. You can also download an iOS app like OATH Token which can add similar functionality.
If more sites supported OpenID, I'd definitely bring up a box with its own domain to do this. The ideal would be a secure coloc facility with some physical protection of the VM, but a Linux or BSD VM running on a server can also do the job if done right.
I get a bit cynical when I see people grumbling about old nuclear technology. To use the car analogy, it would be akin to banning cars since someone's Edsel or Packard threw a rod.
[1]: Safer because it doesn't conjure up the radioactive boogyman, even though some statistics say coal plants toss up more radioactive crap in the air on an annual basis than nuclear reactors even use.
Slashdot Mirror
I'm sure some company could make a good income from mods.
For example, take a game like NWN1 or NWN2 which allows not just for single player modules, but persistant worlds. Develop the backend so that the game company can provide a server backbone and the PW designers upload their areas and global scripts, and/or allow connections to private servers. The key is giving not just the ability to add customizable scripts (such as having an object be able to cross PWs with its own scripts attached like Enserric), but to also allow the usual database of a character, mobs, and objects to be extended as the PW makers see fit.
How can this make a company money?
1: The initial client.
2: Expansion packs of additional tiles, monsters, routines, spells, etc.
3: Use of the multi-player network.
4: Use of servers similar to mudhosting.net so PW designers do not have to keep their own boxes online.
5: Commercial modules.
6: If a PW maker wants to charge a small fee, they can have the revenue go through the software maker.
7: Websites for PWs, so if a PW wants to give players a way to show statistics/quest progression/achievements, that is possible.
Will this be a blockbuster? Nope. Steady income source over time? Yes. To boot, this model minimizes the need for DRM other than a CD key to get on the online servers.
I can't figure out how they calculate piracy. Are they taking the number of people on a torrent swarm and extrapolating?
In any case, this looks to be a cheap sell of consoles. Consoles are great for game companies. With updates, they can bang out beta-quality code, call it a release, and patch it to a late-beta stage, then start work on the next project, perhaps tossing a DLC bone, if they don't make most of the game requiring paid DLC anyway.
I say, if the likes of EA and Ubisoft wants to exit the PC market, don't let the door hit them in the derriere on the way out. GOG is making good money, Steam games are doing fine, Apple's App Store is doing A-OK, and I'm sure Microsoft's application store will be profitable for both MS and independent developers. I'm sure there will be some software company that will be the next ID or Origin who can deliver something cool, given time.
I'd recommend Austin for a number of reasons:
1: Most major roads have not been upgraded since the 1970s, with the last real traffic improvement being done in '95 (183).
2: A ton of various driving styles, due to people coming from all backgrounds.
3: Drunk/drugged drivers due to multiple universities in the area (UT, TSU, even A&M sometimes.)
4: Very unforgiving roads in the city core. Run a light, and you might get hit by a train.
5: Lots of semis that act as radio wave blockers.
6: Lots of techies, a lot of which tend to run jammers just for grins.
Austin is a good real world test. If this trial can survive the people drinking Bud Light out of a tap off their dashboard, it can survive almost anything but a Middle Eastern country.
At the 50GB level, that is where this service becomes useful. For maximum security, I'd create a TrueCrypt volume, stuff all the stuff needing to go into the archive into it, gpg sign the volume, and upload the volume and its signature. That would mean 50 cents a month indefinitely, but at the minimum, if the upload is successful, Amazon would be storing the data on a SAN with at least RAID 5 or 6 on the backend.
Of course, with a Blu-Ray burner, I can spend a couple bucks and burn the data onto BD-R media to store indefinitely.
For business critical data, perhaps the best thing would be both burning a local copy to optical media, then uploading a TC container to AWS. This allows recovery in a lot more circumstances. This way, one doesn't need to sit there waiting for stuff to get readied, then download, but if there are no working local copies, the data is still accessible.
Very true. However, a lot of root exploits use a procedure where one uses ADB in debug mode, pushes a binary onto the machine, said binary manages to get root, then you subsequently push the Superuser APK and the su binary into place. Few apps tend to have access to anything outside the Dalvik VM, much less the ability to run native ARM code on the Linux kernel.
Definitely not disagreeing with you, as there are one click roots that are apps downloaded, but generally, for an app to get outside its privs, it has to get outside the VM, then find a root-level exploit.
That is my fear as well. I wouldn't be surprised if in the future, there would be hardware DRM stacks built from the CPU upward to only allow apps and "authorized" content to be able to be used on a device. Right now, with OS X and Windows 8, one can throw a switch and use what they want to, executable wise. However, that switch can easily disappear in a future rev of the OS.
There used to be a Web forum product called Beehive (not sure on its status these days) which had this as a feature. A spammer or troll could spew all they wanted to, and if the "worm mode" bit was set, only they could see their postings -- nobody else.
For a constant troll, I'd say go for it. For a hit and run spammer who really just wants to get stuff on the board and then run off, I'd say don't bother; they won't be back on that account most likely.
There is an app for Android called LBE Privacy Guard which goes exactly that, where the app thinks it has the perms it wants... but doesn't.
There is a similar app for jailbroken iPhones called PMP (Protect My Privacy). If an unauthorized app wants contacts, PMP will give gibberish, same with music. That way, the app thinks it is having a field day uploading data.
I am leery about reviews. The app I mentioned had five stars, and a ton of positive reviews. However, if you looked at the reviews, they were stuff like "Game play great!" [sic], or other pithy, fake reviews. One had to dig through a ton of the fake positives in order to find the one star "SMS spammer" items.
You would be surprised how easy it would be to get stung by this by an average user [1].
A couple months ago, I was browsing for a couple games. Looked at the game, and it demanded every right under the sun. Of course, it didn't get the second install click.
However, it was a game with an icon that was the logo for a popular game show, so it looked "legit" enough to a user. Most Android users are not the top tier IT people who know exactly what an app should and should not be doing. They tend to see an app, tap it, and go from there.
All and all, the Android permissions are working fine. The app couldn't do much to hide in the system, so someone removing the device admin and then the app resulted in a cleanup. Had the app had root, it could insert itself into a lot more places.
The problem is that whomever is the curator of the app store [2] in question. There really needs to be at least two tiers with some warning about entering into Mordor for the second tier. Android needs to have default stores like Amazon's that apps are vetted to a strict code before they hit the store. Not just checked with a scanner like the Bouncer, but put up to a higher tier of rules than the free-for-all of the present Google Play store. The reason for the higher standard is to minimize the "developer banned at 9:00, app is back in the store at 10:00 under a different name", which was not uncommon.
Android is great (and it can be argued that the OS is more secure than iOS when compared side to side [3]); it just needs a beefy gatekeeper enforcing a proper dress code. iOS's security would be significantly weakened without an active gatekeeper, and Apple has done a good job at keeping the nasties out of the Apple ecosystem.
[1]: The Dancing Bunnies "hole" has defeated many security systems.
[2]: I wasn't sure if it is Google or what, so using "app store" as a generic term. App Store would likely mean Apple's offering.
[3]: iOS depends on the "jail" system completely. A rooted Android device does not lessen any security, unless the user decides to let an app through via "Superuser" that shouldn't have root.
Very true. I was assuming that the OP already had both the tape drive, as well as the interface card (which even a low-end SAS card will be a few C-notes), not to mention a high speed server because tape drives will get very unhappy if they don't get their full bandwidth when reading/writing (good old "shoe-shining", the bane of all backup admins everywhere.) Of course, one can buy a Tandberg LTO-5 with Thunderbolt for an interface, but that will be a good chunk as well.
Eventually, I plan to spring for a tape drive myself. Yes, hard drives are inexpensive, but in no way are they backup media. You can tell this by the media warranties, one year on most HDDs versus lifetime on tapes. As of now, Blu-Ray optical media sort of fills in the gap, with the sweet spot being the 25 gig disks that can be bought for $1 or so apiece in some places, although copying off a terabyte NAS can take a good while, especially if one makes sure to use a backup product that allows for redundant media [1] so if a disk is bad, there is still a good chance of recovering everything completely.
Another advantage of tapes when used with a backup program is that malware has to be especially tailored to access the tape, even if it is something as simple as triggering a "mt erase". Even then, one can buy WORM tapes to ensure that even that will not erase data. Plus, once the tape is on the shelf and the read-only switch is flicked, virtually nothing can alter the data on the tape barring physical access, or a low-level reflash of the tape drive's microcode to get it around the write block.
[1]: Probably the backup program that has stood the test of time, where I can still find stuff I copied back in the late 1990s is WinRAR. I've had files with some corruption, but because I saved them with recovery records, I was able to completely recover all data stored. Definitely worth the cash, especially for the archive segmenting and recovery record functionality, and it does pretty well on OS X and Linux if one is good at the command line. I break up a large share into segments which go onto BD-R or DVD media, and so far this has done OK for long term archives.
I still use tapes today, and I think they would be nice for home use since I can pick up LTO-3 tapes for about $15 a pop, and LTO-5 tapes for around $42 each.
However, if one thinks a tape can be a random access device, they need to think again. Tapes are great for making sure data is copied somewhere safely, and once the read/write switch is flipped, that the data stays safe.
My recommendation: Keep the tape drive for backups, but go with two mirrored drives, or some other RAID configuration (other than RAID 0) to minimize the impact of a HDD failure.
There are a number of people who gain from moving stuff to the cloud:
Cloud providers for one. They can charge rates near the cost of a full fledged data center [1], and they really have no responsibilities for security or backups. Security breaches can be hushed with the finger pointed at the client. Legal action? If someone finds something sue-able, good luck getting past the binding arbitration clause which essentially sue-proofs the cloud provider. Of course, don't forget that if/when that cloud provider goes under, the next owner has full and unrestricted access to the server data (the data from Borders being bought out by B&N comes to mind). Far less scrupulous organizations can buy the servers too. PII? Here is the magnet link, hope someone cares enough to keep the seed going.
PHBs without any ITIL or other basic IT experience love the cloud. It means that someone else shoulders things and keeps staff small. Plus, it isn't their responsibility should data get lost or a security breach happen. By the time blame actually gets assigned, the breach would be forgotten about.
Blackhats love the cloud. Imagine having access to the backend hard drives of hundreds of businesses, all at once. Just sit back and copy anything relevant, or if bored with a business, start altering some figures on stored documents so that company faces big penalties from the IRS or the EU. If an intruder really hates the cloud provider, it doesn't take much to drop all backend LUNs, stored snapshots, and replications.
ISPs love the cloud. They can also watch the bits fly past, not to mention the bandwidth costs for businesses relying on the cloud.
Of course, the cloud has its uses. However, once someone gets an encryption key management framework in place, an ability to have known good backups, yadda, yadda, with the bandwidth charges and charges for fatter pipes to and from the cloud service, it might be far cheaper to just have a data center.
[1]: Regardless of where the servers are located, a company has to buy them to host locally, or is going to pay someone else's cost to have them in their facility. The cost of the server will be paid for, somehow.
Taking that a step further, there are a lot of appliances in a house that don't take that much wattage. A 400-500 watt solar panel system, a MPPT controller [1], a bank of deep-cycle AGM batteries, and a decent inverter could keep low wattage appliances going, such as electric shavers, smartphone chargers, laptop chargers, perhaps a TV or audio system.
There are a lot of RV boondockers who can run their whole rig, everything but the air conditioner, microwave, and engine with a similar setup.
Of course, the higher current appliances will still need grid access, such as the washer and dryer, dishwasher, electric stove, HVAC system, but it will help deal with the low draw items.
Since most chargers use small amounts of current even when nothing is plugged in or the device is fully charged, it wouldn't hurt to have them on their own circuit that is off a battery bank and not on the grid. As a bonus, with a good PSW inverter, even if there are surges and spikes from the power grid, those items wouldn't be affected.
[1]: Yes, a MPPT controller is more expensive than a PWM controller, but you can use higher voltage solar panels which helps with electricity loss over the wires. It also helps ensure the best charging voltage for the battery bank.
I always have a concern about the "hit by a bus" item, and where I work, I rather have all my documentation available for someone replacing than accidently leave the fact that I am looking at trips on Saturdays to head to.
Browsing history? Easy fix. Plug in a drive, use sandboxie, and redirect it there. Then when having to leave, unplug drive and erase that. All the stuff needed on the workstation is still there, but private browsing stuff is well sequestered away.
Thanks. That, I've already done. However, the main reason I want a "blessed" USB drive from Apple is more for ancient sysadmin reasons -- you always install the OS from "trusted" media, which usually means pressed CDs (no burns.)
It doesn't mean that much, but it ensures that if there is malware, it came from the OS maker's factory as opposed to someone slipping in a bogus disk. (Not to say this can't be done, but it is a lot harder with pressed media.)
With all the malware tools becoming available for Windows and Mac, perhaps Linux, I wonder if this will encourage people to move to lesser known platforms that would function just as well.
Moving to a non-mainstream CPU and OS would stop most malware in its tracks. Making sure that cross-platform items like Java are either not run, or are run in a chrooted, jailed space, perhaps as a different user, might also be the par for the course.
Hmm... time to see where I put the old Indy and see if Chromium or Firefox would port to IRIX without some substantial effort or rewriting... Barring that, there are always some old POWER5 boxes on eBay with graphical consoles, as well as SPARC boxes.
Maybe it is time to go back to the days of Solaris for being on the Internet.
I came from EQ1, and even though there were times WoW was slightly grindy (you couldn't just easily hop from quest to quest in some level ranges, but you could always see about nailing an instance), but truly difficult, I'd probably beg to differ.
EQ1 then was truly hard, especially raids where if you wiped, you had the risk of losing every single piece of gear you owned. In fact, you kept multiple stashes just so you were not naked after a botched Fear raid. Just getting the raid in the zone was extremely difficult. Of course, if you died too many times, you couldn't even enter the zone where the corpses were. Even getting to endgame levels, you ended up on a waiting list so you could get into a Guk or Highkeep goblin group.
What WoW brought was the ability to be absolutely antisocial in every way whatsoever, but still have a path to getting gear. In EQ1, someone who was a real putz would get a bad reputation real fast, and even getting to level cap would be rendered impossible, much less getting endgame gear or seeing anything past Lower Guk.
Some of the most successful raid guilds I've been on (and this is in WoW, EQ1, and EQ2) were groups of friends who excelled at two abilities -- focusing and communication. After those two things, strats is a third, gear is a fourth, and class selection after that.
I've had guilds do dipstick stress tests before, where they toss a recruit into a dungeon or raid that the app would be horrifically undergeared for and see if the person ragequits or bellyaches beyond the norm. If the new person does complain past a certain threshold, they find another recruit.
IMHO, EQ1 has had some of the more annoying stuff removed (mobs actually leash now, so trains are not as large as in the past, and the addition of a combat state allows for faster regeneration of mana/HP when resting.)
I still keep a sub to it. You are not handed levels on a silver platter, you still have to work for them. However there is a lot of content to go to for exploration and grinding, and with a merc, it isn't too bad to go and do stuff.
I'd say for MMOs, EQ1 has improved the most. It still is "old school", but if someone used to WoW or other MMOs sat and got used to the old graphics engine, they could "get" it and eventually get raiding without issue.
SSL by itself is secure. However, it would be nice to have it allow to be implemented in a WoT fashion similar to PGP/gpg.
This way, I go to my banks's site. I'm 100% sure that the key is genuine because that is what shows up, and that the bank prints the fingerprint of the key for people to see when visting a branch. So, I sign the bank's key.
I go to another site. The key for the server is unknown, but I have 2-3 semi-trusted CAs all agree that the key is whom it is supposed to be. The threshold I set allows the SSL transaction.
I go to a third site, one CA says the key is OK, but nobody has zero clue about it. The threshold set will warn the connection is encrypted, but untrusted. Since it is just the listings for when the local vomitorium is open, the risk is acceptable.
The fourth site, a friend signed the key, but completely distrusting it. The Web browser refuses to go to the site, or if allowed to, shows that anything from there is suspect. A link leads to a discussion on this. After several people mention this on another forum, the owners of the site with the bad cert find that their DNS server was compromised as well as the CA they were using.
I wish SSL had this functionality in it. Since it is a superset of having root keys and a CA hierarchy, existing stuff would work. A compromised CA's damage would be greatly limited.
I'm definitely going to upgrade when I get home. Worst case, I reload a TM backup, or copy over my home directory sans the TM ACLs and go back to what I'm doing.
I do hope Apple makes a USB flash drive with the Lion install image on it eventually.
One thing I will say about OS X: Of all the operating systems I've used except some Linux distros [1], OS X is one of the few that can do a major version upgrade [2] without leaving too much cruft behind. Most operating systems (especially Windows), I just save off all data and an image, erase the drives, and install from scratch, so I don't get oddball issues later on due to obsolete config files or other items. So far, for a machine I hammer on daily, I've not had to reinstall my OS X box, while Windows ends up getting some issue like being unable to download fixes come Path Tuesday that can't be fixed in any other way than a reload or a new service pack install.
[1]: RedHat ones are essentially a pile of RPMs at a certain date, so an upgrade of RHEL, Fedora or CentOS can be just changing a version number in /etc/redhat-release, running yum upgrade, and rebooting when done.
[2]: Even though they are all 10.x, if it is a minor version number increment, I do consider it a major version change due to fundamentals in the OS being different, like inetd being killed for launchd, etc.
Maybe one answer is OATH. Yubikeys support that. You can also download an iOS app like OATH Token which can add similar functionality.
If more sites supported OpenID, I'd definitely bring up a box with its own domain to do this. The ideal would be a secure coloc facility with some physical protection of the VM, but a Linux or BSD VM running on a server can also do the job if done right.
They are safe and cheap...
But coal is "safer" [1] and cheaper.
I get a bit cynical when I see people grumbling about old nuclear technology. To use the car analogy, it would be akin to banning cars since someone's Edsel or Packard threw a rod.
[1]: Safer because it doesn't conjure up the radioactive boogyman, even though some statistics say coal plants toss up more radioactive crap in the air on an annual basis than nuclear reactors even use.
What I am going to be curious about is how the GateKeeper signed executable functionality will help in the wild against Trojans.
Assuming users are smart enough to not turn it off because a Web ad for a "pr0n viewer" or a free iPad told them to.