There is not much that works cross platform. If I were moving data between completely different platforms, I'd use something standard that would work on a file basis, rather than a filesystem or disk basis basis. The answer to this is gpg. Most platforms have a working gpg ported to them, be it Android, Solaris, AIX, Windows, Linux, BSD, or even iOS (both jailbroken and non jailbroken apps). I'd just encrypt a file using a passphrase and call it done. If it were a bunch of files, create a bit of chaff of a random size, tar that up, gpg the tar file and copy that to the drive.
So, with this in mind, TrueCrypt or BitLocker do the job well enough. Oftentimes, I'm just moving data from a Windows box to a Windows box, or from a Mac to a Mac. These cases, Disk Image or BitLocker is good enough.
Formatted in FAT is one thing. However there is just no excuse for not encrypting a USB flash drive. On Windows, BitLocker is a right click away. If one doesn't have an edition with BDE, then TrueCrypt is an easy install. Linux, there is TrueCrypt, LUKS, or loopback encryption. Macs have TrueCrypt and other items.
The reason I like using BitLocker or TrueCrypt for encrypting Windows data on a USB flash drive is that if someone finds the drive, can't access it, so formats it, the format.exe command in Windows explicitly will overwrite the sectors containing BitLocker key data, and also will overwrite the volume header in TrueCrypt (not by explicit design, but as part of putting the new filesystem in place.) This way, even if someone gets the password or key later on, the data is gone, barring someone bypassing the disk controller and going cell-by-cell around the wear levelling algorithm.
I'm looking forwards to Windows Server 8, assuming that they get the deduplication in the next revision of NTFS down pat. Especially for disk volumes that have virtual machine images on them.
As for the client version of 8, the ability to run the whole OS from a USB flash drive and then yank the drive when done as a way of checking for viruses and rootkits on machines periodically will be an ability worth having.
I hate to be a devil's advocate (and please prove me wrong on this), but I don't really see a changeover from fossil fuels as the primary means of energy use. In fact, I see more dependence on fossil fuels as time goes on. A couple examples:
The wholesale exodus from nuclear power generation. France is having people break into their plants, a number of countries are shuttering their reactors, and here in the US, there has not been a single new power reactor built or renovated since Three Mile Island.
The embracing of natural gas by Germany. These days, they are so beholden to Russia that if the Bear turns off the pipes, German citizens by the tens of thousands will freeze to death.
The extinguishing of a solar panel boom in the US by alleged dumping by offshore companies.
For the near future, there are not many other alternatives to coal or oil. Electricity is a positive change because at least solar/wind/geothermal can be used, but it looks like our grandsons will still be using fossil fuels for their vehicles.
Believe it or not, this is one selling point for AIX. IBM touts that if it runs in an earlier version of AIX, it almost certainly will run on AIX 7. In fact, IBM actually has a binary compatibility guarantee that anything running on AIX 5.x or 6.x will run on the latest version.
Of course, change is important, because an OS that ends up stagnant will eventually fall to the wayside, but in a production environment, people want to have to change as little as possible during an upgrade cycle.
Even though the syslog is in a binary format, it would be nice to have it also stored in text as well. For example, on some sensitive machines, I would have the syslog redirect to an IBM3151 serial terminal for real time monitoring. This way, I could immediately tell if a job started at its appropriate time, finished, or caused issues.
IMHO, the best way RedHat should implement this is similar to how AIX does logging. It has its own format for logs that are read using the errpt command. However, one can turn on plain old syslog logging and have that able to be stored in a file, forwarded to a log server, or shipped via a serial connection to a secure log drop that has no network access. It would be nice to have a signed, secure format for logs, but also nice to have plain text to watch in realtime and search from without requiring specialized commands.
I'd disagree. RedHat is only one of two Linux distros that is FIPS and Common Criteria certified. Of course, to people who work with Linux, this doesn't mean much. However when it comes audit time, the auditors either want to see certifications of the OS, or one better has to have a damn good reason (and not a technical one -- one that will appeal to a bean counter who is looking for any excuse to shut your operation down) why the OS isn't certified. Usually one has to explain in great detail why the OS in use is not Windows.
With this being the case, what RH does affects a lot of production items. Take RHEL 6 -- it now uses a new network startup daemon instead of the old network binary. One can switch to the old one, but that one is depricated. Same with commands like ifconfig -- in RHEL6, one uses "ip addr" instead.
Red == stop. Red + yellow == wake up and stop texting, light will change. Green == proceed Flashing green == be prepared for the yellow. Yellow == stop now.
We don't need more red light cameras and crap like that. Instead, we need longer yellow lights (the good drivers WILL stop for the yellows, so it won't just make people floor it more often), and more intersections with a delay. Yes, some people will push the limit, but that is what police officers are for with citation notebooks.
You can't stop the illegal behavior, but you can make the lights safer in general for drivers who do give a shit and will stop, as well as make it easier on the reaction time.
If one has worked in a telco, we already have a standard, and that is 48VDC. This is the domain of the Sun Netras of yore.
If I were to recommend a voltage, why not plain old 12VDC? Yes, the amps have to be high, but we already have a connector for this (beats wiring up things by hand and throwing a breaker), and it is not hard to find off the shelf hardware to support this, be it batteries, power distribution units, inverters/converters, solar panels with MPPT controllers, and so on. We have two large markets (RV/marine) that are dedicated to 12VDC.
Why not just use an established standard? 12VDC works and has a lot of support, or if a higher voltage is needed, then 48VDC.
384VDC just seems to be asking for trouble. It would require yet another separate connector that can't be plugged into 120VAC or 240VAC, generators would have to have an adapter for it. It would require a complete retooling to get to that standard.
Making another voltage level is throwing the baby out with the bathwater. Why not just go with an established DC voltage level?
Take 12VDC. Most generators, from the expensive inverters by Honda or Yamaha can generate that, as well as the construction grade open-framed ones.
What would be interesting to see is an distributed rsync utility that uses this type of encrypted P2P architecture. This can be handled in many different ways. From a drive appearing for each public key in the system that is unique, to a decentralized system of permissions combined with deduplication on the backend. This way, if Alice wants to share Bob her PDF collection, it would take a few signed requests to propagate permissions, and then the peers will allow Bob access either by permitting him to access the file, or by sending encrypted data that is decrypted by his key. A well constructed system could have each file encrypted, and permissions handled by the master file key encrypted with each person's personal key, with additional metadata to add group structures, etc. Revoking access would be hard, as to do it right, it would require generation of a new master file key, re-encrypting file or files and destroying/blocking access to the old ones.
Essentially a combination of aspects of PGP's WoT, Hushmail, DC-nets, et. al.
It is called space exploration and colonization. Pretty much, it is do or die, as a species in this department. Yes, as of now, it takes a lot of energy and expense to get stuff out of earth's gravity well, but technology is progressing, and assuming some nation doesn't cause the LEO layers to be unusable due to debris and Kessler's Syndrome, we will have some sort of space elevator apparatus eventually.
I'm not sure if Australia is like the US in this regard, but here, each ISP has exclusive access to their cable/DSL networks. If the local DSL ISP boots a subscriber, there are no other DSL providers to go to. So, if a cable-based ISP and a DSL based ISP decide to block a range of sites, unless someone gets an upstream connection from somewhere else, those sites will stay blocked.
The ISPs can just refuse to let users communicate to the proxies. If someone sues the ISP, the ISP can always state that they are blocking potentially criminal content, which is good enough for a judge or jury.
Instead of Sneakernet, I can see the possibility of a more regional darknet based file-sharing items take place, using products like MUTE with private networks. Then people will swap from network on a regional basis, perhaps via an international proxy. Eventually a cell system will evolve, where if someone wants content, they can find a way to get a membership (such as like with Demonoid), and then after a while, be let in. If someone rats any IP they have access to out, only that group of people are affected, nobody else.
Of course, this cat and mouse game will evolve, but one thing I look at is the drug "war". Prohibition never works, so the IP issue needs to be addressed by a different means. (I'm partial to the idea of a clearinghouse paid for with tax money, but there are a lot of things that would need to be hammered out before it can be considered a fair system.)
Right now, VPNs are being used by this purpose, but when more people get disconnected, VPN use will become more common, just because people will actually start caring who is listening in.
I know I do this if I'm using a local wireless network. This way, someone listening in or using a FireSheep type of utility isn't going to be able to get far. Enabling a VPN means that I don't have to worry about a lot of local attacks, be it DNS poisoning, Phorm-like ad intrusions, or other man in the middle stuff. And none of this is for covering illegal/criminal activity -- it is to keep someone from interfering/eavesdropping with my network connectivity.
What is happening is that this is only going to shoot ISPs in their own foot. People move to VPNs, and now instead of being able to catch the serious criminals (the child pornography guys), all lines will go dark. Of course, governments and ISPs can go after VPNs, but that turns the "game" from passively sniffing traffic into an active cat and mouse play in both the legal and technical aspects.
Of course, the next step from VPNs are offshore VPNs, and this will mean that a routine shakedown for IP violations will turn into an international incident, and there are plenty of countries out there who will be more than happy to give the US the middle finger when it comes to hunting someone who pirated the latest Justin Beiber CD.
ISPs need to be smart and just sit back and only go after users who commit the more heinous crimes. If they go after every Joe who copies a MP3 file, then everyone will start using encryption.
Monster and other sites are good, but my advice is to have the E-mails go to a dedicated E-mail address that isn't your main one, but one you check daily, preferably with a custom domain.
The reason I say this is that you will be inundated with "resume blaster" (and other ads) that you implicitly consent to by using various hiring sites. You also will get often asked to do 3-6 month contracts by offshore agencies in fairly remote prices (western North Dakota) for $10/hr with zero relocation allowance.
To add on that, luck is important. However, that you can't control. Instead, the trick is to just keep at it. Eventually, with enough rolls of the dice, you will get something in your favor.
Part is working hard and keeping at it. The other part is working smart and keeping up with the market.
Don't forget getting certificates, be it a MS-ITP (MCSE's successor), RHCE, CCIE, A+, or others. HR people, and some clients (if freelancing) will just skim the resume and look for how many colored bits of paper you have attached to your name. In a lot of their minds, no RHCE for a Linux system admin is like a doctor not having a M. D., or a lawyer not being a part of the state bar association. It is unfair because certificates have little correlation with people who know what they are doing, but PHBs are the ones who have the purse strings, and they cherish those things.
Ubisoft knows that the second they leave the PC market, there will be a company taking their place making games that people want to play with little to no DRM.
There is plenty of room in the market for another Blizzard, Origin Bethesda, Bioware, ID, or heck, another Popcap.
Yes, people use consoles for playing, but PCs will have a far larger impact, since there are far more PCs than consoles in use. So, a well designed game that can run on fairly modest hardware would do well on a fraction of the PC market than the console market.
What will help is the advent of stores/repos as part of the OS. This way, a decent game is a download away, and all it would take is clicking on a link, and clicking "purchase" for it to be bought. For a reasonable price, that may bring about as much revenue as having a blockbuster release at Gamestop, especially because one wouldn't have to worry about DRM, packaging, or installation costs for the platform. Apple's and Microsoft's 30% commission may seem steep, but they handle the installation, maintain servers for updates, and they deal with the DRM, so game companies are likely to come out ahead in that department.
Just note that (IIRC) those standards are for non-classified data.
Classified+ require physical destruction/demilling of the drives. Some company failing to follow these stipulations when it comes to classified/S/TS/SCI data is going to lose their contract at best, or someone may face prison time at the worst.
That is why you do a two tier destruction process in these situations:
Tier 1 consists of a software erase, a physical degaussing and damaging the drive physically (but still keeping it in one piece). This can be accomplished either by drilling holes in the platters, or having a hydraulic ram bend the drive.
Tier 2 consists of handing the stack of bent drives to Iron Mountain or the shredding place who has the shredder online, who will hand back a certificate of destruction.
This way, the auditors are happy because there is a piece of paper showing the drives were destroyed, and one can be sure in-house that the drives were really trashed by doing some process that shatters the drive platters, but keeps the drive in one piece.
HDDErase will do an ATA low-level secure erase that tells the controller to zero out all sectors. Even though that are on the relocated table which would be inaccessible via normal software solutions.
After HDDErase does its job (which it does in a pretty quick amount of time since there is no I/O involved, but just the write head laying down zeros), running DBAN on the drive adds further insurance. Realistically, this will remove all data.
Of course, prevention is a good idea as well. This is why I have some type of FDE software on my drives. This way, a simple zeroing out of the drive will be enough. In fact, the format command in Windows will check to see if a disk is BitLocker protected and zero out the places where the volume key resides, so even if someone knew the password to the drive, it will do them no good.
Don't forget Droidwall, which is the only real way to keep apps from spying on you unless you have a CM ROM with user selectable permissions built in.
Droidwall isn't great for just locking out apps, but making sure high bandwidth apps only use Wi-Fi for saving on bandwidth.
Of course, Titanium Backup is a must have as well, especially the fact that it not just stores encrypted backups... but can copy them to a Dropbox account encrypted. This also is a must have.
Now that would be nice. The only thing even close to that are trailers with multiple slide-outs, where the left and right parts can expand outward giving some decent space to kick back in. It won't give as much room as a 25x30 space, but it can get you something fairly comfortable with a decent bathroom. Of course, one can approximate this by pulling out a pavilion tent in front of the camper, but that definitely doesn't do the job if the weather is below freezing.
There is a wide spectrum of RV-ing out there. You can hit a RV park which essentially is just a parking lot with hookups. Or, you can go to a BLM dispersed camping site that is 100 miles away from anything and is only accessible by a 4x4 pickup with a camper on it, or a Jeep with an Australian made tent trailer.
Slashdot Mirror
There is not much that works cross platform. If I were moving data between completely different platforms, I'd use something standard that would work on a file basis, rather than a filesystem or disk basis basis. The answer to this is gpg. Most platforms have a working gpg ported to them, be it Android, Solaris, AIX, Windows, Linux, BSD, or even iOS (both jailbroken and non jailbroken apps). I'd just encrypt a file using a passphrase and call it done. If it were a bunch of files, create a bit of chaff of a random size, tar that up, gpg the tar file and copy that to the drive.
So, with this in mind, TrueCrypt or BitLocker do the job well enough. Oftentimes, I'm just moving data from a Windows box to a Windows box, or from a Mac to a Mac. These cases, Disk Image or BitLocker is good enough.
Formatted in FAT is one thing. However there is just no excuse for not encrypting a USB flash drive. On Windows, BitLocker is a right click away. If one doesn't have an edition with BDE, then TrueCrypt is an easy install. Linux, there is TrueCrypt, LUKS, or loopback encryption. Macs have TrueCrypt and other items.
The reason I like using BitLocker or TrueCrypt for encrypting Windows data on a USB flash drive is that if someone finds the drive, can't access it, so formats it, the format.exe command in Windows explicitly will overwrite the sectors containing BitLocker key data, and also will overwrite the volume header in TrueCrypt (not by explicit design, but as part of putting the new filesystem in place.) This way, even if someone gets the password or key later on, the data is gone, barring someone bypassing the disk controller and going cell-by-cell around the wear levelling algorithm.
I'm looking forwards to Windows Server 8, assuming that they get the deduplication in the next revision of NTFS down pat. Especially for disk volumes that have virtual machine images on them.
As for the client version of 8, the ability to run the whole OS from a USB flash drive and then yank the drive when done as a way of checking for viruses and rootkits on machines periodically will be an ability worth having.
I hate to be a devil's advocate (and please prove me wrong on this), but I don't really see a changeover from fossil fuels as the primary means of energy use. In fact, I see more dependence on fossil fuels as time goes on. A couple examples:
The wholesale exodus from nuclear power generation. France is having people break into their plants, a number of countries are shuttering their reactors, and here in the US, there has not been a single new power reactor built or renovated since Three Mile Island.
The embracing of natural gas by Germany. These days, they are so beholden to Russia that if the Bear turns off the pipes, German citizens by the tens of thousands will freeze to death.
The extinguishing of a solar panel boom in the US by alleged dumping by offshore companies.
For the near future, there are not many other alternatives to coal or oil. Electricity is a positive change because at least solar/wind/geothermal can be used, but it looks like our grandsons will still be using fossil fuels for their vehicles.
Believe it or not, this is one selling point for AIX. IBM touts that if it runs in an earlier version of AIX, it almost certainly will run on AIX 7. In fact, IBM actually has a binary compatibility guarantee that anything running on AIX 5.x or 6.x will run on the latest version.
Of course, change is important, because an OS that ends up stagnant will eventually fall to the wayside, but in a production environment, people want to have to change as little as possible during an upgrade cycle.
Even though the syslog is in a binary format, it would be nice to have it also stored in text as well. For example, on some sensitive machines, I would have the syslog redirect to an IBM3151 serial terminal for real time monitoring. This way, I could immediately tell if a job started at its appropriate time, finished, or caused issues.
IMHO, the best way RedHat should implement this is similar to how AIX does logging. It has its own format for logs that are read using the errpt command. However, one can turn on plain old syslog logging and have that able to be stored in a file, forwarded to a log server, or shipped via a serial connection to a secure log drop that has no network access. It would be nice to have a signed, secure format for logs, but also nice to have plain text to watch in realtime and search from without requiring specialized commands.
I'd disagree. RedHat is only one of two Linux distros that is FIPS and Common Criteria certified. Of course, to people who work with Linux, this doesn't mean much. However when it comes audit time, the auditors either want to see certifications of the OS, or one better has to have a damn good reason (and not a technical one -- one that will appeal to a bean counter who is looking for any excuse to shut your operation down) why the OS isn't certified. Usually one has to explain in great detail why the OS in use is not Windows.
With this being the case, what RH does affects a lot of production items. Take RHEL 6 -- it now uses a new network startup daemon instead of the old network binary. One can switch to the old one, but that one is depricated. Same with commands like ifconfig -- in RHEL6, one uses "ip addr" instead.
I like Germany's system:
Red == stop.
Red + yellow == wake up and stop texting, light will change.
Green == proceed
Flashing green == be prepared for the yellow.
Yellow == stop now.
We don't need more red light cameras and crap like that. Instead, we need longer yellow lights (the good drivers WILL stop for the yellows, so it won't just make people floor it more often), and more intersections with a delay. Yes, some people will push the limit, but that is what police officers are for with citation notebooks.
You can't stop the illegal behavior, but you can make the lights safer in general for drivers who do give a shit and will stop, as well as make it easier on the reaction time.
If one has worked in a telco, we already have a standard, and that is 48VDC. This is the domain of the Sun Netras of yore.
If I were to recommend a voltage, why not plain old 12VDC? Yes, the amps have to be high, but we already have a connector for this (beats wiring up things by hand and throwing a breaker), and it is not hard to find off the shelf hardware to support this, be it batteries, power distribution units, inverters/converters, solar panels with MPPT controllers, and so on. We have two large markets (RV/marine) that are dedicated to 12VDC.
Why not just use an established standard? 12VDC works and has a lot of support, or if a higher voltage is needed, then 48VDC.
384VDC just seems to be asking for trouble. It would require yet another separate connector that can't be plugged into 120VAC or 240VAC, generators would have to have an adapter for it. It would require a complete retooling to get to that standard.
Making another voltage level is throwing the baby out with the bathwater. Why not just go with an established DC voltage level?
Take 12VDC. Most generators, from the expensive inverters by Honda or Yamaha can generate that, as well as the construction grade open-framed ones.
What would be interesting to see is an distributed rsync utility that uses this type of encrypted P2P architecture. This can be handled in many different ways. From a drive appearing for each public key in the system that is unique, to a decentralized system of permissions combined with deduplication on the backend. This way, if Alice wants to share Bob her PDF collection, it would take a few signed requests to propagate permissions, and then the peers will allow Bob access either by permitting him to access the file, or by sending encrypted data that is decrypted by his key. A well constructed system could have each file encrypted, and permissions handled by the master file key encrypted with each person's personal key, with additional metadata to add group structures, etc. Revoking access would be hard, as to do it right, it would require generation of a new master file key, re-encrypting file or files and destroying/blocking access to the old ones.
Essentially a combination of aspects of PGP's WoT, Hushmail, DC-nets, et. al.
It is called space exploration and colonization. Pretty much, it is do or die, as a species in this department. Yes, as of now, it takes a lot of energy and expense to get stuff out of earth's gravity well, but technology is progressing, and assuming some nation doesn't cause the LEO layers to be unusable due to debris and Kessler's Syndrome, we will have some sort of space elevator apparatus eventually.
I'm not sure if Australia is like the US in this regard, but here, each ISP has exclusive access to their cable/DSL networks. If the local DSL ISP boots a subscriber, there are no other DSL providers to go to. So, if a cable-based ISP and a DSL based ISP decide to block a range of sites, unless someone gets an upstream connection from somewhere else, those sites will stay blocked.
Devil's advocate:
The ISPs can just refuse to let users communicate to the proxies. If someone sues the ISP, the ISP can always state that they are blocking potentially criminal content, which is good enough for a judge or jury.
Instead of Sneakernet, I can see the possibility of a more regional darknet based file-sharing items take place, using products like MUTE with private networks. Then people will swap from network on a regional basis, perhaps via an international proxy. Eventually a cell system will evolve, where if someone wants content, they can find a way to get a membership (such as like with Demonoid), and then after a while, be let in. If someone rats any IP they have access to out, only that group of people are affected, nobody else.
Of course, this cat and mouse game will evolve, but one thing I look at is the drug "war". Prohibition never works, so the IP issue needs to be addressed by a different means. (I'm partial to the idea of a clearinghouse paid for with tax money, but there are a lot of things that would need to be hammered out before it can be considered a fair system.)
Right now, VPNs are being used by this purpose, but when more people get disconnected, VPN use will become more common, just because people will actually start caring who is listening in.
I know I do this if I'm using a local wireless network. This way, someone listening in or using a FireSheep type of utility isn't going to be able to get far. Enabling a VPN means that I don't have to worry about a lot of local attacks, be it DNS poisoning, Phorm-like ad intrusions, or other man in the middle stuff. And none of this is for covering illegal/criminal activity -- it is to keep someone from interfering/eavesdropping with my network connectivity.
What is happening is that this is only going to shoot ISPs in their own foot. People move to VPNs, and now instead of being able to catch the serious criminals (the child pornography guys), all lines will go dark. Of course, governments and ISPs can go after VPNs, but that turns the "game" from passively sniffing traffic into an active cat and mouse play in both the legal and technical aspects.
Of course, the next step from VPNs are offshore VPNs, and this will mean that a routine shakedown for IP violations will turn into an international incident, and there are plenty of countries out there who will be more than happy to give the US the middle finger when it comes to hunting someone who pirated the latest Justin Beiber CD.
ISPs need to be smart and just sit back and only go after users who commit the more heinous crimes. If they go after every Joe who copies a MP3 file, then everyone will start using encryption.
Monster and other sites are good, but my advice is to have the E-mails go to a dedicated E-mail address that isn't your main one, but one you check daily, preferably with a custom domain.
The reason I say this is that you will be inundated with "resume blaster" (and other ads) that you implicitly consent to by using various hiring sites. You also will get often asked to do 3-6 month contracts by offshore agencies in fairly remote prices (western North Dakota) for $10/hr with zero relocation allowance.
To add on that, luck is important. However, that you can't control. Instead, the trick is to just keep at it. Eventually, with enough rolls of the dice, you will get something in your favor.
Part is working hard and keeping at it. The other part is working smart and keeping up with the market.
Don't forget getting certificates, be it a MS-ITP (MCSE's successor), RHCE, CCIE, A+, or others. HR people, and some clients (if freelancing) will just skim the resume and look for how many colored bits of paper you have attached to your name. In a lot of their minds, no RHCE for a Linux system admin is like a doctor not having a M. D., or a lawyer not being a part of the state bar association. It is unfair because certificates have little correlation with people who know what they are doing, but PHBs are the ones who have the purse strings, and they cherish those things.
Ubisoft knows that the second they leave the PC market, there will be a company taking their place making games that people want to play with little to no DRM.
There is plenty of room in the market for another Blizzard, Origin Bethesda, Bioware, ID, or heck, another Popcap.
Yes, people use consoles for playing, but PCs will have a far larger impact, since there are far more PCs than consoles in use. So, a well designed game that can run on fairly modest hardware would do well on a fraction of the PC market than the console market.
What will help is the advent of stores/repos as part of the OS. This way, a decent game is a download away, and all it would take is clicking on a link, and clicking "purchase" for it to be bought. For a reasonable price, that may bring about as much revenue as having a blockbuster release at Gamestop, especially because one wouldn't have to worry about DRM, packaging, or installation costs for the platform. Apple's and Microsoft's 30% commission may seem steep, but they handle the installation, maintain servers for updates, and they deal with the DRM, so game companies are likely to come out ahead in that department.
Just note that (IIRC) those standards are for non-classified data.
Classified+ require physical destruction/demilling of the drives. Some company failing to follow these stipulations when it comes to classified/S/TS/SCI data is going to lose their contract at best, or someone may face prison time at the worst.
That is why you do a two tier destruction process in these situations:
Tier 1 consists of a software erase, a physical degaussing and damaging the drive physically (but still keeping it in one piece). This can be accomplished either by drilling holes in the platters, or having a hydraulic ram bend the drive.
Tier 2 consists of handing the stack of bent drives to Iron Mountain or the shredding place who has the shredder online, who will hand back a certificate of destruction.
This way, the auditors are happy because there is a piece of paper showing the drives were destroyed, and one can be sure in-house that the drives were really trashed by doing some process that shatters the drive platters, but keeps the drive in one piece.
I like combining DBAN with HDDErase.
HDDErase will do an ATA low-level secure erase that tells the controller to zero out all sectors. Even though that are on the relocated table which would be inaccessible via normal software solutions.
After HDDErase does its job (which it does in a pretty quick amount of time since there is no I/O involved, but just the write head laying down zeros), running DBAN on the drive adds further insurance. Realistically, this will remove all data.
Of course, prevention is a good idea as well. This is why I have some type of FDE software on my drives. This way, a simple zeroing out of the drive will be enough. In fact, the format command in Windows will check to see if a disk is BitLocker protected and zero out the places where the volume key resides, so even if someone knew the password to the drive, it will do them no good.
Don't forget Droidwall, which is the only real way to keep apps from spying on you unless you have a CM ROM with user selectable permissions built in.
Droidwall isn't great for just locking out apps, but making sure high bandwidth apps only use Wi-Fi for saving on bandwidth.
Of course, Titanium Backup is a must have as well, especially the fact that it not just stores encrypted backups... but can copy them to a Dropbox account encrypted. This also is a must have.
Now that would be nice. The only thing even close to that are trailers with multiple slide-outs, where the left and right parts can expand outward giving some decent space to kick back in. It won't give as much room as a 25x30 space, but it can get you something fairly comfortable with a decent bathroom. Of course, one can approximate this by pulling out a pavilion tent in front of the camper, but that definitely doesn't do the job if the weather is below freezing.
There is a wide spectrum of RV-ing out there. You can hit a RV park which essentially is just a parking lot with hookups. Or, you can go to a BLM dispersed camping site that is 100 miles away from anything and is only accessible by a 4x4 pickup with a camper on it, or a Jeep with an Australian made tent trailer.
A lot of people actually do this, especially in areas that are booming, but housing is unavailable, like the oil boom in North Dakota right now.
They buy a high end fifth wheel, have it towed and put in place, extend the slide-outs, and use it as a home while their job is going on.