I see a cycle, oftentimes in the low end laptop and desktop market. User doesn't make recovery media, as the box doesn't ship with OS CDs or anything, and down the line, ends up getting a malware-ridden machine. Most techs will ask the user to purchase some Windows media. Then the user sees that it is $200 to buy new media, but a new computer costs $500-700, so just buys a new machine.
If an educated user could get ahold of OEM media that would work with the serial number on the machine's COA sticker, the best thing they can do is boot a HDD image utility, save off all the contents of the hard disk (just in case there is a utility or driver hidden that isn't findable online), DBAN (or at least use clear with diskpart) the HDD, then install from scratch. Ideally, get all the updates and drivers, activate the system, then save that off as an image, so the machine can be reinstalled (but yet remain activated) in the future.
1: No fussing with activation. I can radically change the hardware in a VM without having to deal with the "genuine-ness" of my OS each time.
2: XP has a small disk/RAM/CPU footprint.
3: I have some old 16 bit stuff I like running once in a while, and XP can run that.
4: I have a few special purpose applications that only run under XP. Especially some "antique" MP3 players such as the Nomad Jukebox. 32 bit Windows 7 might be able to run them, but likely not most due to the different driver model.
For a main OS, Windows 7 is light years ahead. However, for a VM guest, XP is still a good candidate because it still runs virtually everything.
The Atrix has a method of unlocking the bootloader. The Atrix 2, on the other hand, it is still locked, and only yesterday did a FXZ flash appear, so someone who soft-bricked their device can restore it.
App stores/repos take a lot of work that a developer would have to do:
1: No dealing with DRM. No activation infrastructure, no CD keys to make and have cracked. At worst, you make a couple calls to LVL if on Android to check the license. This saves headaches and bad PR.
2: No need to have a download and patch infrastructure. Just upload patched versions to the market/store/repo, and let them deal with making sure the bandwidth to the end user is adequate.
3: No dealing with credit cards and that type of crap. Same with billing.
4: Relatively easy to have different editions of products. On iOS, one would have different apps, on Android, one app that is free, and a purchased license key.
5: Piracy isn't your problem. Both iOS and Android deal with piracy in different ways. Android's method can said to be better because you can patch your app every week or so, forcing it to have to be re-cracked and the LVL calls stripped in order for it to be usable by nonlicensed users. Even if the patch is just upping the version and running the code through an obfuscator, it will force it to be manually cracked, uploaded, and re-downloaded by IP infringers.
6: In-app purchases are easy to do.
7: No physical packaging needed. It makes advertising easy -- tell people to visit your website or the store/market/repo to grab your product.
8: You just found a nasty security hole? Push out an update. No having to E-mail every user to tell them to download a new copy and manually install this. Better PR.
Yet another vote for Linode here. Especially when I need to spin up a server while I'm out for a weekend so I can VPN in and check E-mail because the remote hotel or whatnot has "free" Wi-Fi, but inserts ads, Phorm style into what one browses.
Extra passes of hashing seem to help. The venerable UNIX crypt(3) did a number of rounds to make for one CPU second of calculations for each password check. TrueCrypt performs a number of rounds when hashing. Same with OS X and iOS. Of course, due to CPU power doubling as per Moore's law, using number of rounds/extra passes is a losing battle. Instead, just as mentioned above, a good salt needs to be part of the hash algorithm.
The last part is what would be snazzy if designed -- a hardened physical box that would store the hashes. The reason for this over a separate DB schema (and hardened machine to serve it on) is isolation. The hardened hash checker would respond to a limited amount of inputs, and would impose an increasing time delay if a certain user/hash keypair keeps getting asked for authentication and failing. This way, an attacker couldn't just take a list of userIDs and brute force their way with CheckUserHash queries. For a MMO, one could add functionality into the hardened box to allow for multiple boxes to securely replicate hash data (database level, or on the OS level with rsync over ssh.) This would be also improved by using SSDs for the database (so random small reads are handled quickly.)
I can't remember the standard for this, but passwords shouldn't just be hashed and salted, but run through a number of rounds to slow down brute forcing.
Even better, why can't there be dedicated appliances like hardware HSMs for public/private key encryption that companies can use to store account password hashes there? This way, an intruder would have to have physical access to the box in order to extract the hashes.
What is worse is that it isn't hard to wipe the drives. HDDErase can gnaw through a terabyte drive in 15 minutes to an hour [1], and DBAN might take a long time, but the computer can be set aside while that is going on. Even operating systems like OS X come with very easy to use HDD wiping tools.
[1]: HDDErase tells the HDD controller to zero everything out, so because the drive isn't waiting for oodles of zeros from the interface, it can write at its fastest speed.
I don't know if they will get with fines (most of the time, playing the three monkey game will be enough to avoid civil/criminal charges.)
However, this is a lesson to everyone: After buying any new storage media, completely erase it first. This is something I try to keep the habit of doing, be it a USB flash drive, a SD card for my phone, external hard disks, or an internal HDD of a new PC.
The best utility, hands down, is HDDErase because it tells the drive controller to do the dirty work and erase everything, including the host protected area, sector relocation table, etc. I then follow it up by a DBAN, or at least a dd if=/dev/zero of=/dev/sdwhatever. If one can't do an ATA erase, then zeroing it out with a couple passes is the next best thing.
If only on Windows, encrypting the disk with BitLocker, then running the format command will help. The format command in Vista and newer checks to see if the previous data was a BitLocker volume, and if so, scrub away the remnants of the old volume keys. You can use TrueCrypt and create a dummy volume for the same result.
I erase data before using a drive for three reasons:
First, to exercise the drive and all accessible sectors, so the drive relocates marginal stuff immediately. In the old days, you could periodically low level format a HDD which would shrink the drive's capacity, but extend the life of the drive by cleaning out the relocation table and making it ready for handling new defects encountered. However, new drives don't have this, so the next best thing is to test all sectors before use.
Second, there have been cases of people facing criminal and civil charges for data on their storage media that wasn't theirs... it came with the device. Whether this is true or not can be debated, but it is best to not let it happen in the first place.
Third, there is always the chance of malware be installed somewhere along the supply chain. By completely zeroing it out from the MBR to the last sectors, this threat is mitigated for the most part.
This also shows another sad fact. There are a number of "computer repair" places that are pretty shady. I'm sure most readers of/. can likely do better than a lot of repair joints.
Bingo. One can just look at the Nexus line of devices and the "fastboot oem unlock" command and the warning given as the right way to go about doing this. This is enough of a hurdle to keep Joe Sixpack from doing it so he can see the dancing bunnies, but allows people who are willing to trash their device (and not bother calling hardware support) to do what they feel free to.
PRZ pretty much said exactly that in the PGP introduction documentation. Encryption should be like envelopes, because few people would send sensitive documents on postcards.
Depends. If it is some big foreign organization scanning mail looking for persons in other nations they deem against their interests to deal with later on, encryption is just fine, as it keeps the broad nets at bay.
When it comes down to it, there is no one program that can truly automate good security. At some point, users cannot be spoon fed and have to do it themselves. CAs can be spoofed, trusted introducers can be hacked or bribed, and so on.
In reality, if you want security these days (I mean actual security, not some pretty spiffy lock icon promising security), then one will have to go out and pack your own parachute, just as people did in the early 1990s.
It is easier now than it was back then -- gpg and the commercial PGP versions can encrypt and decrypt clipboard contents, both Android and the iPhone have implementations of this. It also easier that the specter of encryption being outlawed is not over our heads as it was back in the days of the Clipper Chip.
So, it boils to a social issue more than technical now. Do people want to do proper keysigning gatherings, stick their PGP IDs and signatures on their business cards, and have this info as much a part of their contact info as their E-mail address and FB contacts? If we can get people to understand this and the concept of a web of trust, security in general will be much improved.
As with any technology, economies of scale would step in to make this cheap and effective. A flywheel is not that exotic a device, other than dealing with bearing friction/wear and minimizing the chance of the flywheel breaking apart (which isn't as tough as keeping batteries from exploding.) Given magnetic bearings, a flywheel can store its kinetic energy for a while.
Of course, there are downsides to flywheels. Due to their angular momentum, they require extensive engineering to be used in moving vehicles. However, for a stationary task of storing energy at a power station, these would be almost the ideal way of storing energy until supercap batteries are able to be made.
The battery problem is solvable with a boring, low-tech solution: Flywheels. With magnetic bearings, they don't require that much maintenance, and barring physical damage, are harder to kill than batteries. If you drain a conventional battery to 0 volts repeatedly, it will die. Drain a flywheel to 0 RPM... and it just stops.
Batteries are important for research for portable energy storage, such as cars and such. However, where large flywheels can be built they are the best tool for the job, until battery energy density puts physical storage of kinetic energy in the dust.
What might be useful is to find a better way of moving energy from place to place other than high voltage wires and the heat loss that comes from that. Room temperature superconductors would solve that problem, of course.
What would work is a way that even if it may be energy intensive, to pull CO2 out of the air somehow and use that and possibly water from a desalination plant to generate a hydrocarbon fuel, which is then piped to a burning assembly near a metropolitan area. This sounds wasteful, but over long distances, would be less wasteful than the voltage drop due to heat.
There are some areas of KSA such as Riyadh where there are a lot of foreigners. The money isn't as much as AF or IR, but it is there, and because the areas one works in tend to be mainly people from other places, the Sauds tend to look the other way for the most part. There is good money to be made there if you follow basic cultural instructions.
Working in the Middle East isn't all bad -- it is almost guaranteed that nobody is going to be breaking into your house in Saudi Arabia (well, nobody that values their hands that is, as they will chop them off.) The trick is to get to know the culture, and not be an asshole. The work week is a bit odd, but you get used to it. You work Monday through Thursday, have Friday off, work Saturday, and have Sunday off. Some people just end up with a permanent three day weekend in some jobs.
I'd say there is an exception... Working in a war zone for very high pay for 6-12 months and knowingly taking the risk to life and limb... then banking the money and sitting back for 5-10 years in a semi-retired state working on stuff you would like to do.
In this economy where for someone without a lot of IT experience has few options on jobs, working overseas in a combat area is very risky, but the payoff is big too. Take a $150,000 contract for six months (which for some things is at the low end of the pay range). A person who knows what they are doing can live frugally through the contract, then arrive back in the states with a sizable nest egg that can be used to go back to college with, or even use as seed money for a good business venture.
So, blindly working in a war zone just for a war zone is foolish, but someone who is being an educated gambler and taking the risk so they can choose what they want to do in life from then onwards might be worth it.
Exactly. My HTC Inspire 4G, I rooted, gold-card S/OFF-ed, and unlocked while in the AT&T store. The Droid X now isn't too bad (I SHX flashed to the latest ROM, then rooted and added ClockworkMod for fast and thorough backups [1].)
What is annoying is that new models like the Atrix 2 don't even have factory ROMs out in the wild, so even a soft brick/bootloop isn't recoverable at this time.
Doesn't work that way. The car would cost the same amount, it just would mean that the car dealer and car maker make more ad revenue.
You can point at Call of Duty and the Pepsi/Doritos stuff. If they are advertising Pepsi, shouldn't the game be free? Nope. It is still 40 bucks, and you have to deal with the fact that someone buying soft drinks has an advantage.
I wouldn't mind seeing a device ship locked, but with fastboot oem unlock available. This way, there is at least a barrier against the Dancing Bunnies attack, where Joe Sixpack is at least likely to think twice if he has to download a package from Oracle, then one from Google, and after installing those, type some commands in a funny window in order to get some app to work.
I'd love to see Motorola do like HTC and offer not just an open bootloader, but full ROM images ready to use for custom modding. Especially things like Webtop and such.
There is a balance though. If I had something that required repeated insertion and extraction of fasteners, I'd go with a Torx bit because eventually Phillips screw heads will cam out, and if the next guy can't cough up that type of screwdriver, there is someone else out there who can/will. On the other hand, I'd be leery of using a XZN or a tri-wing screw head, even though they allow for far more torque without camming out.
Google needs to take the first step and have their subsidary, Motorola Mobility, lead by example. Even if it is something as simple as going onto a website, typing in your phone's IMEI, getting a response code, and then using that during the fastboot oem unlock procedure, it would show that Google/Motorola was open.
Locked bootloaders do have a place -- they are good at keeping Joe Sixpack out of things he shouldn't be mucking with, so the tech support department can tell him to hard reset and go about his life. However, if someone is willing to go to a website, acknowledge that they are doing stuff that only they will be taking responsibility for, and has the tech ability to get adb working with a device, it is only fair for the phone maker to hand over the keys.
I might disagree, but in a slight way. Some OEMs add onto Android in nonstandard, but positive ways.
Take Motorola's Atrix. It has security enhancements that really should be in AOSP. The first of which is encrypting everything on the internal drive as a complete image. The second is encrypting files on a memory card on a file by file basis. This way, if the device is lost or stolen, even if the MicroSD card is pulled, it is protected. This is crucial for getting Android into the enterprise.
Then, there is the Webtop feature. It may be limited, but it is interesting nonetheless, and appears to be a decent environment for doing remote work with. With the reports of searches and seizures of phones and laptops without any warrants, having the ability to leave your data at the remote site and work with it via a glorified dumb terminal will become more useful as time progresses.
The ideal would be to let phone makers and cell carriers have their default ROM load, but keep bootloaders open so one can just grab the latest CyanogenMod revision or a custom ROM and use that.
Slashdot Mirror
I see a cycle, oftentimes in the low end laptop and desktop market. User doesn't make recovery media, as the box doesn't ship with OS CDs or anything, and down the line, ends up getting a malware-ridden machine. Most techs will ask the user to purchase some Windows media. Then the user sees that it is $200 to buy new media, but a new computer costs $500-700, so just buys a new machine.
If an educated user could get ahold of OEM media that would work with the serial number on the machine's COA sticker, the best thing they can do is boot a HDD image utility, save off all the contents of the hard disk (just in case there is a utility or driver hidden that isn't findable online), DBAN (or at least use clear with diskpart) the HDD, then install from scratch. Ideally, get all the updates and drivers, activate the system, then save that off as an image, so the machine can be reinstalled (but yet remain activated) in the future.
Bingo. I'm running XP in a VM as well. Why?
1: No fussing with activation. I can radically change the hardware in a VM without having to deal with the "genuine-ness" of my OS each time.
2: XP has a small disk/RAM/CPU footprint.
3: I have some old 16 bit stuff I like running once in a while, and XP can run that.
4: I have a few special purpose applications that only run under XP. Especially some "antique" MP3 players such as the Nomad Jukebox. 32 bit Windows 7 might be able to run them, but likely not most due to the different driver model.
For a main OS, Windows 7 is light years ahead. However, for a VM guest, XP is still a good candidate because it still runs virtually everything.
The Atrix has a method of unlocking the bootloader. The Atrix 2, on the other hand, it is still locked, and only yesterday did a FXZ flash appear, so someone who soft-bricked their device can restore it.
I wish Motorola would follow suit.
App stores/repos take a lot of work that a developer would have to do:
1: No dealing with DRM. No activation infrastructure, no CD keys to make and have cracked. At worst, you make a couple calls to LVL if on Android to check the license. This saves headaches and bad PR.
2: No need to have a download and patch infrastructure. Just upload patched versions to the market/store/repo, and let them deal with making sure the bandwidth to the end user is adequate.
3: No dealing with credit cards and that type of crap. Same with billing.
4: Relatively easy to have different editions of products. On iOS, one would have different apps, on Android, one app that is free, and a purchased license key.
5: Piracy isn't your problem. Both iOS and Android deal with piracy in different ways. Android's method can said to be better because you can patch your app every week or so, forcing it to have to be re-cracked and the LVL calls stripped in order for it to be usable by nonlicensed users. Even if the patch is just upping the version and running the code through an obfuscator, it will force it to be manually cracked, uploaded, and re-downloaded by IP infringers.
6: In-app purchases are easy to do.
7: No physical packaging needed. It makes advertising easy -- tell people to visit your website or the store/market/repo to grab your product.
8: You just found a nasty security hole? Push out an update. No having to E-mail every user to tell them to download a new copy and manually install this. Better PR.
Yet another vote for Linode here. Especially when I need to spin up a server while I'm out for a weekend so I can VPN in and check E-mail because the remote hotel or whatnot has "free" Wi-Fi, but inserts ads, Phorm style into what one browses.
Extra passes of hashing seem to help. The venerable UNIX crypt(3) did a number of rounds to make for one CPU second of calculations for each password check. TrueCrypt performs a number of rounds when hashing. Same with OS X and iOS. Of course, due to CPU power doubling as per Moore's law, using number of rounds/extra passes is a losing battle. Instead, just as mentioned above, a good salt needs to be part of the hash algorithm.
The last part is what would be snazzy if designed -- a hardened physical box that would store the hashes. The reason for this over a separate DB schema (and hardened machine to serve it on) is isolation. The hardened hash checker would respond to a limited amount of inputs, and would impose an increasing time delay if a certain user/hash keypair keeps getting asked for authentication and failing. This way, an attacker couldn't just take a list of userIDs and brute force their way with CheckUserHash queries. For a MMO, one could add functionality into the hardened box to allow for multiple boxes to securely replicate hash data (database level, or on the OS level with rsync over ssh.) This would be also improved by using SSDs for the database (so random small reads are handled quickly.)
I can't remember the standard for this, but passwords shouldn't just be hashed and salted, but run through a number of rounds to slow down brute forcing.
Even better, why can't there be dedicated appliances like hardware HSMs for public/private key encryption that companies can use to store account password hashes there? This way, an intruder would have to have physical access to the box in order to extract the hashes.
What is worse is that it isn't hard to wipe the drives. HDDErase can gnaw through a terabyte drive in 15 minutes to an hour [1], and DBAN might take a long time, but the computer can be set aside while that is going on. Even operating systems like OS X come with very easy to use HDD wiping tools.
[1]: HDDErase tells the HDD controller to zero everything out, so because the drive isn't waiting for oodles of zeros from the interface, it can write at its fastest speed.
I don't know if they will get with fines (most of the time, playing the three monkey game will be enough to avoid civil/criminal charges.)
However, this is a lesson to everyone: After buying any new storage media, completely erase it first. This is something I try to keep the habit of doing, be it a USB flash drive, a SD card for my phone, external hard disks, or an internal HDD of a new PC.
The best utility, hands down, is HDDErase because it tells the drive controller to do the dirty work and erase everything, including the host protected area, sector relocation table, etc. I then follow it up by a DBAN, or at least a dd if=/dev/zero of=/dev/sdwhatever. If one can't do an ATA erase, then zeroing it out with a couple passes is the next best thing.
If only on Windows, encrypting the disk with BitLocker, then running the format command will help. The format command in Vista and newer checks to see if the previous data was a BitLocker volume, and if so, scrub away the remnants of the old volume keys. You can use TrueCrypt and create a dummy volume for the same result.
I erase data before using a drive for three reasons:
First, to exercise the drive and all accessible sectors, so the drive relocates marginal stuff immediately. In the old days, you could periodically low level format a HDD which would shrink the drive's capacity, but extend the life of the drive by cleaning out the relocation table and making it ready for handling new defects encountered. However, new drives don't have this, so the next best thing is to test all sectors before use.
Second, there have been cases of people facing criminal and civil charges for data on their storage media that wasn't theirs... it came with the device. Whether this is true or not can be debated, but it is best to not let it happen in the first place.
Third, there is always the chance of malware be installed somewhere along the supply chain. By completely zeroing it out from the MBR to the last sectors, this threat is mitigated for the most part.
This also shows another sad fact. There are a number of "computer repair" places that are pretty shady. I'm sure most readers of /. can likely do better than a lot of repair joints.
Bingo. One can just look at the Nexus line of devices and the "fastboot oem unlock" command and the warning given as the right way to go about doing this. This is enough of a hurdle to keep Joe Sixpack from doing it so he can see the dancing bunnies, but allows people who are willing to trash their device (and not bother calling hardware support) to do what they feel free to.
PRZ pretty much said exactly that in the PGP introduction documentation. Encryption should be like envelopes, because few people would send sensitive documents on postcards.
Depends. If it is some big foreign organization scanning mail looking for persons in other nations they deem against their interests to deal with later on, encryption is just fine, as it keeps the broad nets at bay.
When it comes down to it, there is no one program that can truly automate good security. At some point, users cannot be spoon fed and have to do it themselves. CAs can be spoofed, trusted introducers can be hacked or bribed, and so on.
In reality, if you want security these days (I mean actual security, not some pretty spiffy lock icon promising security), then one will have to go out and pack your own parachute, just as people did in the early 1990s.
It is easier now than it was back then -- gpg and the commercial PGP versions can encrypt and decrypt clipboard contents, both Android and the iPhone have implementations of this. It also easier that the specter of encryption being outlawed is not over our heads as it was back in the days of the Clipper Chip.
So, it boils to a social issue more than technical now. Do people want to do proper keysigning gatherings, stick their PGP IDs and signatures on their business cards, and have this info as much a part of their contact info as their E-mail address and FB contacts? If we can get people to understand this and the concept of a web of trust, security in general will be much improved.
As with any technology, economies of scale would step in to make this cheap and effective. A flywheel is not that exotic a device, other than dealing with bearing friction/wear and minimizing the chance of the flywheel breaking apart (which isn't as tough as keeping batteries from exploding.) Given magnetic bearings, a flywheel can store its kinetic energy for a while.
Of course, there are downsides to flywheels. Due to their angular momentum, they require extensive engineering to be used in moving vehicles. However, for a stationary task of storing energy at a power station, these would be almost the ideal way of storing energy until supercap batteries are able to be made.
The battery problem is solvable with a boring, low-tech solution: Flywheels. With magnetic bearings, they don't require that much maintenance, and barring physical damage, are harder to kill than batteries. If you drain a conventional battery to 0 volts repeatedly, it will die. Drain a flywheel to 0 RPM... and it just stops.
Batteries are important for research for portable energy storage, such as cars and such. However, where large flywheels can be built they are the best tool for the job, until battery energy density puts physical storage of kinetic energy in the dust.
What might be useful is to find a better way of moving energy from place to place other than high voltage wires and the heat loss that comes from that. Room temperature superconductors would solve that problem, of course.
What would work is a way that even if it may be energy intensive, to pull CO2 out of the air somehow and use that and possibly water from a desalination plant to generate a hydrocarbon fuel, which is then piped to a burning assembly near a metropolitan area. This sounds wasteful, but over long distances, would be less wasteful than the voltage drop due to heat.
There are some areas of KSA such as Riyadh where there are a lot of foreigners. The money isn't as much as AF or IR, but it is there, and because the areas one works in tend to be mainly people from other places, the Sauds tend to look the other way for the most part. There is good money to be made there if you follow basic cultural instructions.
Working in the Middle East isn't all bad -- it is almost guaranteed that nobody is going to be breaking into your house in Saudi Arabia (well, nobody that values their hands that is, as they will chop them off.) The trick is to get to know the culture, and not be an asshole. The work week is a bit odd, but you get used to it. You work Monday through Thursday, have Friday off, work Saturday, and have Sunday off. Some people just end up with a permanent three day weekend in some jobs.
I'd say there is an exception... Working in a war zone for very high pay for 6-12 months and knowingly taking the risk to life and limb... then banking the money and sitting back for 5-10 years in a semi-retired state working on stuff you would like to do.
In this economy where for someone without a lot of IT experience has few options on jobs, working overseas in a combat area is very risky, but the payoff is big too. Take a $150,000 contract for six months (which for some things is at the low end of the pay range). A person who knows what they are doing can live frugally through the contract, then arrive back in the states with a sizable nest egg that can be used to go back to college with, or even use as seed money for a good business venture.
So, blindly working in a war zone just for a war zone is foolish, but someone who is being an educated gambler and taking the risk so they can choose what they want to do in life from then onwards might be worth it.
Exactly. My HTC Inspire 4G, I rooted, gold-card S/OFF-ed, and unlocked while in the AT&T store. The Droid X now isn't too bad (I SHX flashed to the latest ROM, then rooted and added ClockworkMod for fast and thorough backups [1].)
What is annoying is that new models like the Atrix 2 don't even have factory ROMs out in the wild, so even a soft brick/bootloop isn't recoverable at this time.
Doesn't work that way. The car would cost the same amount, it just would mean that the car dealer and car maker make more ad revenue.
You can point at Call of Duty and the Pepsi/Doritos stuff. If they are advertising Pepsi, shouldn't the game be free? Nope. It is still 40 bucks, and you have to deal with the fact that someone buying soft drinks has an advantage.
I wouldn't mind seeing a device ship locked, but with fastboot oem unlock available. This way, there is at least a barrier against the Dancing Bunnies attack, where Joe Sixpack is at least likely to think twice if he has to download a package from Oracle, then one from Google, and after installing those, type some commands in a funny window in order to get some app to work.
I'd love to see Motorola do like HTC and offer not just an open bootloader, but full ROM images ready to use for custom modding. Especially things like Webtop and such.
Glad to hear that google has addressed this with ICS, because this has been a major thorn in the side of getting Android adopted in the enterprise.
Now, perhaps Google can merge ChromeOS and the existing Webtop OS in the Atrix/Bionic devices. This would make for an ideal remote access client.
There is a balance though. If I had something that required repeated insertion and extraction of fasteners, I'd go with a Torx bit because eventually Phillips screw heads will cam out, and if the next guy can't cough up that type of screwdriver, there is someone else out there who can/will. On the other hand, I'd be leery of using a XZN or a tri-wing screw head, even though they allow for far more torque without camming out.
Google needs to take the first step and have their subsidary, Motorola Mobility, lead by example. Even if it is something as simple as going onto a website, typing in your phone's IMEI, getting a response code, and then using that during the fastboot oem unlock procedure, it would show that Google/Motorola was open.
Locked bootloaders do have a place -- they are good at keeping Joe Sixpack out of things he shouldn't be mucking with, so the tech support department can tell him to hard reset and go about his life. However, if someone is willing to go to a website, acknowledge that they are doing stuff that only they will be taking responsibility for, and has the tech ability to get adb working with a device, it is only fair for the phone maker to hand over the keys.
I might disagree, but in a slight way. Some OEMs add onto Android in nonstandard, but positive ways.
Take Motorola's Atrix. It has security enhancements that really should be in AOSP. The first of which is encrypting everything on the internal drive as a complete image. The second is encrypting files on a memory card on a file by file basis. This way, if the device is lost or stolen, even if the MicroSD card is pulled, it is protected. This is crucial for getting Android into the enterprise.
Then, there is the Webtop feature. It may be limited, but it is interesting nonetheless, and appears to be a decent environment for doing remote work with. With the reports of searches and seizures of phones and laptops without any warrants, having the ability to leave your data at the remote site and work with it via a glorified dumb terminal will become more useful as time progresses.
The ideal would be to let phone makers and cell carriers have their default ROM load, but keep bootloaders open so one can just grab the latest CyanogenMod revision or a custom ROM and use that.