Bingo. For basic encryption, I logged onto the tape silo, typed in a passphrase, enabled encryption, and called it done. Transferring the key via SPIN/SPOUT to the drives does the rest.
If I wanted better encryption, I can use a key management system, changing out keys for written tapes, but yet keeping them on the appliance for reading. Of course, a backup of the keys are made and stored.
Even without LTO's built in encryption, every modern backup program supports some type of AES level software encryption. NetBackup, TSM, Networker, you name it. It usually consists of a checkbox and either creating an encryption key, or typing in a password.
The iPad is great for general content consumption. I can watch a movie, do some basic E-mail checking, etc. It also is decent for reading books. Both Kindle's app and the iBook app are good for this.
However, the Kindle is much better for reading for hours on end. When I went on a camping trip [1], I took the Kindle with me for reading books in daylight that would wash out an iPad's screen. This is where the Kindle excels. Then there is the battery life. Turn off 3G, and the Kindle's battery can last weeks without a recharge.
[1]: Not really camping per se... Renting an RV for a weekend is not really roughing it, but it is a way to get away from things.
I bought a 3G Kindle, just for the purpose of allowing me to download books via Whispernet when I'm not near a Wi-Fi connection. Other than that, you nailed the salient points -- I'm looking to read a book, so having something easy on the eyes is my first consideration. A touchscreen gets smudged too easily.
At least Amazon has kept their Kindle Keyboard 3G and other models. Had they decided to just toss them all and go with touch screens, or even worse, tried to become low end tablet, they would have lost what made them great.
If I want a tablet with apps, that is what an iPad is for. An e-reader may have a similar form, but it should made to do one task extremely well, and that is to show text and the occasional diagram on the screen.
This way, if someone does want to spend the expense in wanting to piece together data from a drive, they not just have to physically reconstruct it, but try to deal with zeroed out sectors as well. Of course, smashing the platters with a hammer is a thorough method, but if one has a lot of drives to get rid of, going at them with a drill bit is likely the quickest (and cleanest) method.
I also have seen machines that use a hydraulic press to drive either a wedge, bending the drive in a V shape, or a cone, bending the spindle area. Those are good for rendering a drive inoperable, but still in one piece for easy disposal, but may cost a pretty penny.
Nail, head hit. Yes, it is fun to talk about turning a HDD into component quarks, but realistically, running DBAN, then HDDErase (which does a low level ATA wipe), followed up by drilling some holes in the case is realistically good enough. If one fears more than that, there is always a bonfire or even an oven on a self cleaning cycle.
This economy, doing the job cheaply is what is needed.
Exactly. Pretty much we have only a few solutions:
1: Tape. DLT and LTO tape will last 10-20 years, but tape drives are expensive ($3000+), require a fast connection (SAS minimum, likely FC), and one will need to know what software was used with what settings (like for tar, what blocksize, etc.)
2: Archival grade CDs/DVDs. Like the parent, it sounds good and isn't that expensive, but time will tell if the advertising holds true. Then there are factors like what burner is used and what dyes that may make or break things.
3: Copy files to hard disks, and keep copying them every so often to new media. Likely the best way, but takes time and trouble.
4: Use an offsite provider. The usual stuff about losing access, security, and reliability of the offsite provider apply.
Probably the best archiving technique would be a dedicated CAS appliance that keeps multiple copies of content stored on multiple iterations of media (stored with ECC, as well as SHA summing to check for corruption), copying/migrating data to new media periodically, and periodically checking that everything in its media database is readable.
To the user,it would appear as a volume, but will periodically ask for both used media (drives, tapes, CDs, DVDs, etc.) as well as new media to keep the data always refreshed. It would also cryptographically sign/timestamp all files so one knows that their 10 year old copy of their master's thesis has not been tampered with.
I find that on the iPhone that for a basic service like this, it requires a jailbreak and iBlacklist to be installed. Why Apple forces people to listen/decline all calls is beyond me, while Android can use an app like Mr. Number, or on some instances, have its own blacklist.
iBlacklist is a must have for the iPhone -- for a couple creepers, I have it set to pick up and automatically hang up (this way, they waste their time redialing thinking someone actually cares enough to manually do that), and the rest of the vermin get a busy signal.
Where it really sucks are POTS lines -- you can block local numbers, but if people call from an 800 number, the blocking system refuses to interfere with them.
Here is something I wonder. Who the heck thought that it would be a good idea to make FB an authentication provider? MS tried this with Passport and people didn't use them. Why do businesses trust the keys to the city to someone that doesn't advertise any security assurances?
If I were contracting out keys to my city to a third party, they better vomit up a slew of certificates and third party audit passes (including random third party audits on machines, their network, and physical security.) At the minimum, they would need FISMA compliance. FB doesn't advertise they are a security provider, so it makes me wonder about businesses using them as such.
If I were doing an authentication provider, it would be designed from the ground up with security in mind, from using hardware designed for security, processes in place, random audits and intrusion attempts by tiger teams. Something up to snuff when it comes to providing adequate security on all levels, be it physical, remote, software, or social engineering.
On the user facing end, it would have multiple ways for users to authenticate (app, SMS, voice call, keyfob, OATH compliant device, separate software device, TAN list, or just a username/PW), etc.
While waiting for Spotify to get to this side of the pond, I heard about rdio.com, so downloaded the app, plunked cash down for a subscription and went from there.
Finally, when Spotify got here, I gave them a try, only to find their selection was far more limited than Rdio's.
End result: Rdio kept their place on my smartphone while Spotify met the delete button.
The ARM platform supports protections on the instruction level between subsets or "worlds". This was originally meant for DRM, but I'm sure a well written hypervisor can use this to keep work and home content separated, even if one VM got compromised somehow.
It all depends on who someone has to worry about and whom they are going to piss off with their actions. Maybe VPN services should be in tier levels for anonymity provided:
The lowest tier of anonymity are VPNs that provide high speed, but are located in the same country. These are good to protect you from compromised Wi-Fi providers (no FireSheep or BEAST attacks), ISPs who are Phorm-happy, and ISP data retention. These are VPNs who you use to keep your buying habits out of the guy at the one star motel's hands, but anything that would get an actual lawyer to spend time enough for a motion of discovery, don't bother.
The second tier would be VPNs in another Western country such as Sweden that is part of treaties, but won't rat people out because someone is sue-happy. These have fairly fast pipes (although slower than the previous tier), and are better at hiding traffic from the casual divorce attorney doing a fishing expedition, or people looking to do mass lawsuits against John Doe downloaders.
The next tier will be VPNs in countries who are not bound by ACTA, WIPO, and other treaties, like Eastern Europe.
Finally the last tier are in countries with little or no ties with Western countries. However, it is a crap-shoot if you get a good VPS or not. Some may accept a bribe and hand over every single log, because they know there will be no chance of lawsuits for violating their part of an agreement.
The key is who is one going to piss off by their network traffic. Keeping the ISP's Phorm server away from your Facebook pages is one thing, while sending material that is top secret to a large country would be another.
Very true. To us, it makes sense. However, what is needed in order for this to not be something that ends up bounced in the courts for years is a clear law -- client data on a company that goes bankrupt? The physical machine's drives get zeroed (if the drives support cryptographic erasures), or physically destroyed, and a third party certifies that this has been done to the bankruptcy court.
Ideally, we need a data protection act, where unless there is explicit reason for data to remain on a machine (intrusion attempt, motion of discovery), it has to be destroyed within a reasonable time frame (30 days for Web logs, 12 months for back purchases, etc.) This way, the damage from a bankruptcy would be limited.
It can affect activation. It would be trivial to have in the EULA that only "genuine" or "non-tampered with" equipment be allowed to run the OS. So, on the activation check, the OS can refuse to activate on that motherboard/CPU combo, or even refuse to run completely.
Of course, I'm crossing my fingers that UEFI secure mode will be like the TPM, an option that users explicitly turn on, and is all around beneficial, as opposed to jamming the DRM stack deep into hardware.
This exact issue is also affects cloud computing as a whole.
Take a cloud provider goes out of business. Another entity buys up all their servers, and now has free and complete access to the former clients' data. All data can be sold to the highest bidder (even if it is in a hostile country), or just slap it on a 20TB BitTorrent off of thepiratebay? Easily done, and there is not one thing legally that can be done about it.
Until the bankruptcy code addresses this with a stipulation that all data is either erased (with certificates of destruction of data or physical media), one needs to assume any and all "privacy policies" are "we will give any info to any and all we please."
Then the OS checks if the version of UEFI was "jailbroken", sends up the BIOS serial number, then deactivates itself. Further attempts to activate will fail as that BIOS would be on the blacklist.
Precedent is already there -- PSN and XBL both will blacklist a box from their networks at a second's notice.
This "Metro" Interface reminds me of the old IBM PS/1 machines back in the early 1990s. It had four huge buttons that you clicked on, usually you clicked the one that booted to DOS and went from there. This interface was a flop.
Will MS screw up with this UI. Iffish, and time will tell. MS has been decent with new UIs, especially Windows 95 which pretty much set the standard for what people expect on a machine. Before that, it was clicking on a program manager, NeXT dock, or having your applications in a right click menu.
Done right, it may be a good thing, however, it will require changes in people's workflows. A full screen app and UI mean that switching applications becomes a multi-step process compared to clicking on a task in the taskbar (or just hitting alt-tab) to go directly from Excel to Word, or from Firefox to a command line prompt.
There is one weakness with that setup -- bare metal recovery. It would be nice if there were an OSS utility that supported a rescue disk that would authenticate the client by asking for an admin username/password to make sure it is the right one, set partitions, hit "restore", go for lunch, and come back to a pre-crash system exactly as it was.
So far, there are image utilities that can do this that are OSS, but restoring to an image may be useless if apps are installed afterwards.
Plenty of commercial products offer this functionality. Retrospect on the low end can get a completely dead Windows box bare metal restored. On the enterprise level, TSM and NetBackup also have this functionality.
It would be nice to have an OSS utility that would offer this, so a complete system restore is only a USB flash drive away.
I do a similar system, except I tag an external drive to the machines which backs them up nightly. This way:
If the main HDD blows, it is a matter of booting a recovery CD, unlocking the backup HDD (be it via BitLocker or FileVault), and doing a restore.
If malware corrupted the main and backup HDDs, I can use the backup server.
If the external drive is shot, the backup server is TU, I have a service like Mozy/Carbonite/Backblaze with a keyfile stored in a secure location. I can recover critical documents to another PC.
Other stuff, I just open one of the TrueCrypt volumes on my Dropbox account and fish it out. The TC volume uses keyfiles so password guessing is out of the picture if DB gets compromised.
Of course, periodically, I just dump all the backups from the backup server and the local external drives to 2-3 external disks and store those offsite, changing them out every so often.
Nail, head hit. WebOS is a good OS, but so is BlackberryOS. However, one of the biggest reasons that people have moved to Android and iOS is because of the third party apps, mainly games.
What has hamstrung Windows Phone 7 is this exact thing. The OS is solid, the hardware conforms to a decent spec guideline for a snappy UI, and the security model is good. However, without the apps, people will turn their nose up at it and buy a device using a platform that their friends and acquaintances use.
In a way, what we are seeing in the phone industry is what we saw in the computer industry when formats got consolidated. In the past, we had C64, TI-99/4a, Amiga, Apple//, CP/M, Atari ST, Xenix, and so forth. These got consolidated over time to a few mainstream platforms (and it can be argued that all of these got consolidated into one platform -- AJAX and Web based apps) because most consumers care more about what programs they are able to run, than the OS.
There are many uses for a home server, even for users who don't think they need one:
1: Seedbox. I'm not meaning movies and copyright violations, but there are always things worth seeding and getting via BitTorrent and not having one's main machines deal with those.
2: Caching. LANs are sometimes orders of magnitudes faster than WANs, so caching just makes sense, especially for often visited websites. This can be DNS caching, Squid caches, or anything along those lines.
3: Security. Having a server filter potentially malicious sites and ads will reduce machine compromise.
4: Backup server. This way, one can bare metal restore over the LAN, as well as roll back if a box gets infected.
5: Streaming media. I wonder how long it will be until one has a big render server in the home packed full of GPUs, and streams video to people's machines (be it computers, phones, or tablets.)
6: Secure file share for documents.
7: Gateway for multiple Internet connections. If the cable modem drops, it can use tethering on a smartphone and the other boxes on the LAN don't have to change routing.
I agree 100%. The "if you have nothing to hide" BS rings hollow as soon as you replace "law enforcement" with "thieves". When I send out a signed/encrypted statement to a client via PGP, it is encrypted not to keep the po-po out, but to keep who may be listening on the line off, be it a dodgy wi-fi spot, or somewhere along the line things got compromised, such as a compromised CA.
Same reason I lock my doors. Let other people make it easy for the criminal element to victimize them.
What people fail to realize with the cloud concept is that some data center somewhere has to store the data, and that cost is going to be passed onto someone. Storing a company's assets on Google Docs means that blackhats have more eggs in one basket, and if Sony (which was known for hyper-aggressive legal action against anyone who appeared to crack any of their security measures) was completely owned, then anyone can be taken over. Keeping one's data at home means that a cracker now has to choose targets, as opposed to just spending time going after the big juicy one.
Basic security 101 states to keep things separate as much as possible. With cloud computing, businesses and individuals are encouraged to do the diametric opposite -- store everything in one location.
What people don't realize is that the info that they willingly give out may be what hangs them later on in life. Say their local government decides to go on a "proactive anti-terrorist campaign", does a search on FB for people who like a certain group or philosophy. By simple weighting of statements and then a subsequent sending out of police to do knocks on doors, those people can be removed from society in minutes.
On a longer term scale, what goes onto FB will affect job prospects later. For example companies who riffle through FB profiles and look for terms that are potentially racist, then stamp "UNHIRABLE" on people's foreheads. Even with FB stuff set private, it isn't hard for employers to demand friend access, and recently, a friend of mine had in the employment contract that hiding messages from the employer's "friend" account was grounds for immediate termination.
E-mails are a treasure trove too. Even more insidious is that people are wising up that Facebook is public, and not to post there. However the same data mining can be done to mail as well. A repressive government can find a person of interest, then check who emails to/from and what the contents are. Then it is trivial to send a couple people to pick up that person and introduce them to room 101.
One doesn't have to be paranoid about it -- one doesn't have to have a version of PGP predating a certain day in 1994, and Symantec's PGP utility is what I use if on Windows for pure convenience sake. However, it would be nice if people just started encrypting what they said to private keys, although signing before encryption would add a layer of security and prevent fake mail.
Maybe it might be time for some more PGP/gpg tools to make life easier as well. PGP/gpg keyserver code needs a facelift, and better options for replicating keys, as well as allowing keys to be marked as revoked if signed revokers say so, as well as giving notice about ADKs used.
Of course, having more MUAs support OpenPGP stuff directly would be nice, as opposed to having to cut/paste, or use Hushmail's web page for decryption of stuff if one doesn't have access to a PGP app.
I know this is might be a dumb idea, but instead of relying on a dubious disclaimer, why don't companies encourage internal employees and partners to use S/MIME, or even better PGP encryption?
PGP can be used with ADKs (additional decryption keys) to ensure recovering of data (important for regulations and legal compliance.) S/MIME can be used, although it might be less secure if you don't watch your CAs. Almost all general purpose MUAs support S/MIME and have some type of plug-in for PGP/gpg. Even the mailer in iOS 5 has S/MIME key support. Barring that, it isn't too tough to copy and paste text to a PGP decoder.
With PGP, gpg, or S/MIME, if a message gets delivered to the wrong person, unless the mis-addressed party has the resources of a country intelligence department, it really doesn't matter.
I do key authentication over the Net for the same exact reason. If I log into the wrong site, who cares if they get a public key ID or material, unless they have a TWIRL machine or a quantum computer to factor keys in logarithmic time.
Plus, it is only common sense to have public key only authentication, especially with all the brute force attempts done these days. Of course, systems like SSHGuard or custom scripts to have iptables deny IP addresses are useful, but nothing beats completely locking out an attack avenue completely.
The gaming industry has been a race to the bottom now for a number of years. We have seen this in the way game releases have been done, where quality essentially has gone from a true release version to quality equal to an early beta, then if you are lucky, get a patch that gets the game to a late state beta in terms of bug fixes and such. If you are unlucky, the game remains unplayable, and a waste of the $70 you plunked down.
I'm not surprised at all about the lack of security. Most businesses provide at best lip service when it comes down to locking down data.
It wouldn't have taken much to have done this job right. One quick example follows:
Step 1: Generate the keys using a cryptographically secure PRNG. This can be as simple as pulling bytes from/dev/random (not/dev/urandom) and putting them in a format for a CD key. Make sure the format of the key is one that can be checked to be valid (check digit, 16 bit CRC, etc.)
Step 2: Keep the actual keys on a separate database and machine. The only use for the actual keys will be to print, one by one, and put on physical cards, or to e-mail to people. So, controls can be put into place to limit access to the keys to which ones are not used and which ones have been used.
Step 3: Store a hash of the keys in a separate database, the same way you store passwords, preferably hashed with a salt and run through a number of encryption rounds to deter brute force guessing. At the minimum, SHA-256 the key and store the hash.
Step 4: For local checking, the game can use the CRC to make sure a CD key is valid. Then pass it to the server via TLS for vetting on that end.
This way seems roundabout, but all the servers need to validate the key is the hash. The actual key material never really needs to be accessible by anyone other than to print out key cards, install the keys in Steam, and to send keys via E-mail for electronic registration. Generating keys via a cryptographically secure RNG means that a keygen can't be used, other than a key that passes the check digit test. This method may not be perfect, but it keeps raw key material out of the hands of all but the most sophisticated attackers.
Bingo. For basic encryption, I logged onto the tape silo, typed in a passphrase, enabled encryption, and called it done. Transferring the key via SPIN/SPOUT to the drives does the rest.
If I wanted better encryption, I can use a key management system, changing out keys for written tapes, but yet keeping them on the appliance for reading. Of course, a backup of the keys are made and stored.
Even without LTO's built in encryption, every modern backup program supports some type of AES level software encryption. NetBackup, TSM, Networker, you name it. It usually consists of a checkbox and either creating an encryption key, or typing in a password.
Tape encryption isn't hard by any means.
I have both a Kindle and an iPad.
The iPad is great for general content consumption. I can watch a movie, do some basic E-mail checking, etc. It also is decent for reading books. Both Kindle's app and the iBook app are good for this.
However, the Kindle is much better for reading for hours on end. When I went on a camping trip [1], I took the Kindle with me for reading books in daylight that would wash out an iPad's screen. This is where the Kindle excels. Then there is the battery life. Turn off 3G, and the Kindle's battery can last weeks without a recharge.
[1]: Not really camping per se... Renting an RV for a weekend is not really roughing it, but it is a way to get away from things.
I bought a 3G Kindle, just for the purpose of allowing me to download books via Whispernet when I'm not near a Wi-Fi connection. Other than that, you nailed the salient points -- I'm looking to read a book, so having something easy on the eyes is my first consideration. A touchscreen gets smudged too easily.
At least Amazon has kept their Kindle Keyboard 3G and other models. Had they decided to just toss them all and go with touch screens, or even worse, tried to become low end tablet, they would have lost what made them great.
If I want a tablet with apps, that is what an iPad is for. An e-reader may have a similar form, but it should made to do one task extremely well, and that is to show text and the occasional diagram on the screen.
I'm not worried -- they will make that up in volume.
(Sorry, old joke.)
True. I like doing it at multiple levels.
This way, if someone does want to spend the expense in wanting to piece together data from a drive, they not just have to physically reconstruct it, but try to deal with zeroed out sectors as well. Of course, smashing the platters with a hammer is a thorough method, but if one has a lot of drives to get rid of, going at them with a drill bit is likely the quickest (and cleanest) method.
I also have seen machines that use a hydraulic press to drive either a wedge, bending the drive in a V shape, or a cone, bending the spindle area. Those are good for rendering a drive inoperable, but still in one piece for easy disposal, but may cost a pretty penny.
Nail, head hit. Yes, it is fun to talk about turning a HDD into component quarks, but realistically, running DBAN, then HDDErase (which does a low level ATA wipe), followed up by drilling some holes in the case is realistically good enough. If one fears more than that, there is always a bonfire or even an oven on a self cleaning cycle.
This economy, doing the job cheaply is what is needed.
Exactly. Pretty much we have only a few solutions:
1: Tape. DLT and LTO tape will last 10-20 years, but tape drives are expensive ($3000+), require a fast connection (SAS minimum, likely FC), and one will need to know what software was used with what settings (like for tar, what blocksize, etc.)
2: Archival grade CDs/DVDs. Like the parent, it sounds good and isn't that expensive, but time will tell if the advertising holds true. Then there are factors like what burner is used and what dyes that may make or break things.
3: Copy files to hard disks, and keep copying them every so often to new media. Likely the best way, but takes time and trouble.
4: Use an offsite provider. The usual stuff about losing access, security, and reliability of the offsite provider apply.
Probably the best archiving technique would be a dedicated CAS appliance that keeps multiple copies of content stored on multiple iterations of media (stored with ECC, as well as SHA summing to check for corruption), copying/migrating data to new media periodically, and periodically checking that everything in its media database is readable.
To the user,it would appear as a volume, but will periodically ask for both used media (drives, tapes, CDs, DVDs, etc.) as well as new media to keep the data always refreshed. It would also cryptographically sign/timestamp all files so one knows that their 10 year old copy of their master's thesis has not been tampered with.
I find that on the iPhone that for a basic service like this, it requires a jailbreak and iBlacklist to be installed. Why Apple forces people to listen/decline all calls is beyond me, while Android can use an app like Mr. Number, or on some instances, have its own blacklist.
iBlacklist is a must have for the iPhone -- for a couple creepers, I have it set to pick up and automatically hang up (this way, they waste their time redialing thinking someone actually cares enough to manually do that), and the rest of the vermin get a busy signal.
Where it really sucks are POTS lines -- you can block local numbers, but if people call from an 800 number, the blocking system refuses to interfere with them.
Here is something I wonder. Who the heck thought that it would be a good idea to make FB an authentication provider? MS tried this with Passport and people didn't use them. Why do businesses trust the keys to the city to someone that doesn't advertise any security assurances?
If I were contracting out keys to my city to a third party, they better vomit up a slew of certificates and third party audit passes (including random third party audits on machines, their network, and physical security.) At the minimum, they would need FISMA compliance. FB doesn't advertise they are a security provider, so it makes me wonder about businesses using them as such.
If I were doing an authentication provider, it would be designed from the ground up with security in mind, from using hardware designed for security, processes in place, random audits and intrusion attempts by tiger teams. Something up to snuff when it comes to providing adequate security on all levels, be it physical, remote, software, or social engineering.
On the user facing end, it would have multiple ways for users to authenticate (app, SMS, voice call, keyfob, OATH compliant device, separate software device, TAN list, or just a username/PW), etc.
While waiting for Spotify to get to this side of the pond, I heard about rdio.com, so downloaded the app, plunked cash down for a subscription and went from there.
Finally, when Spotify got here, I gave them a try, only to find their selection was far more limited than Rdio's.
End result: Rdio kept their place on my smartphone while Spotify met the delete button.
The ARM platform supports protections on the instruction level between subsets or "worlds". This was originally meant for DRM, but I'm sure a well written hypervisor can use this to keep work and home content separated, even if one VM got compromised somehow.
It all depends on who someone has to worry about and whom they are going to piss off with their actions. Maybe VPN services should be in tier levels for anonymity provided:
The lowest tier of anonymity are VPNs that provide high speed, but are located in the same country. These are good to protect you from compromised Wi-Fi providers (no FireSheep or BEAST attacks), ISPs who are Phorm-happy, and ISP data retention. These are VPNs who you use to keep your buying habits out of the guy at the one star motel's hands, but anything that would get an actual lawyer to spend time enough for a motion of discovery, don't bother.
The second tier would be VPNs in another Western country such as Sweden that is part of treaties, but won't rat people out because someone is sue-happy. These have fairly fast pipes (although slower than the previous tier), and are better at hiding traffic from the casual divorce attorney doing a fishing expedition, or people looking to do mass lawsuits against John Doe downloaders.
The next tier will be VPNs in countries who are not bound by ACTA, WIPO, and other treaties, like Eastern Europe.
Finally the last tier are in countries with little or no ties with Western countries. However, it is a crap-shoot if you get a good VPS or not. Some may accept a bribe and hand over every single log, because they know there will be no chance of lawsuits for violating their part of an agreement.
The key is who is one going to piss off by their network traffic. Keeping the ISP's Phorm server away from your Facebook pages is one thing, while sending material that is top secret to a large country would be another.
Very true. To us, it makes sense. However, what is needed in order for this to not be something that ends up bounced in the courts for years is a clear law -- client data on a company that goes bankrupt? The physical machine's drives get zeroed (if the drives support cryptographic erasures), or physically destroyed, and a third party certifies that this has been done to the bankruptcy court.
Ideally, we need a data protection act, where unless there is explicit reason for data to remain on a machine (intrusion attempt, motion of discovery), it has to be destroyed within a reasonable time frame (30 days for Web logs, 12 months for back purchases, etc.) This way, the damage from a bankruptcy would be limited.
It can affect activation. It would be trivial to have in the EULA that only "genuine" or "non-tampered with" equipment be allowed to run the OS. So, on the activation check, the OS can refuse to activate on that motherboard/CPU combo, or even refuse to run completely.
Of course, I'm crossing my fingers that UEFI secure mode will be like the TPM, an option that users explicitly turn on, and is all around beneficial, as opposed to jamming the DRM stack deep into hardware.
This exact issue is also affects cloud computing as a whole.
Take a cloud provider goes out of business. Another entity buys up all their servers, and now has free and complete access to the former clients' data. All data can be sold to the highest bidder (even if it is in a hostile country), or just slap it on a 20TB BitTorrent off of thepiratebay? Easily done, and there is not one thing legally that can be done about it.
Until the bankruptcy code addresses this with a stipulation that all data is either erased (with certificates of destruction of data or physical media), one needs to assume any and all "privacy policies" are "we will give any info to any and all we please."
Then the OS checks if the version of UEFI was "jailbroken", sends up the BIOS serial number, then deactivates itself. Further attempts to activate will fail as that BIOS would be on the blacklist.
Precedent is already there -- PSN and XBL both will blacklist a box from their networks at a second's notice.
This "Metro" Interface reminds me of the old IBM PS/1 machines back in the early 1990s. It had four huge buttons that you clicked on, usually you clicked the one that booted to DOS and went from there. This interface was a flop.
Will MS screw up with this UI. Iffish, and time will tell. MS has been decent with new UIs, especially Windows 95 which pretty much set the standard for what people expect on a machine. Before that, it was clicking on a program manager, NeXT dock, or having your applications in a right click menu.
Done right, it may be a good thing, however, it will require changes in people's workflows. A full screen app and UI mean that switching applications becomes a multi-step process compared to clicking on a task in the taskbar (or just hitting alt-tab) to go directly from Excel to Word, or from Firefox to a command line prompt.
There is one weakness with that setup -- bare metal recovery. It would be nice if there were an OSS utility that supported a rescue disk that would authenticate the client by asking for an admin username/password to make sure it is the right one, set partitions, hit "restore", go for lunch, and come back to a pre-crash system exactly as it was.
So far, there are image utilities that can do this that are OSS, but restoring to an image may be useless if apps are installed afterwards.
Plenty of commercial products offer this functionality. Retrospect on the low end can get a completely dead Windows box bare metal restored. On the enterprise level, TSM and NetBackup also have this functionality.
It would be nice to have an OSS utility that would offer this, so a complete system restore is only a USB flash drive away.
I do a similar system, except I tag an external drive to the machines which backs them up nightly. This way:
If the main HDD blows, it is a matter of booting a recovery CD, unlocking the backup HDD (be it via BitLocker or FileVault), and doing a restore.
If malware corrupted the main and backup HDDs, I can use the backup server.
If the external drive is shot, the backup server is TU, I have a service like Mozy/Carbonite/Backblaze with a keyfile stored in a secure location. I can recover critical documents to another PC.
Other stuff, I just open one of the TrueCrypt volumes on my Dropbox account and fish it out. The TC volume uses keyfiles so password guessing is out of the picture if DB gets compromised.
Of course, periodically, I just dump all the backups from the backup server and the local external drives to 2-3 external disks and store those offsite, changing them out every so often.
Nail, head hit. WebOS is a good OS, but so is BlackberryOS. However, one of the biggest reasons that people have moved to Android and iOS is because of the third party apps, mainly games.
What has hamstrung Windows Phone 7 is this exact thing. The OS is solid, the hardware conforms to a decent spec guideline for a snappy UI, and the security model is good. However, without the apps, people will turn their nose up at it and buy a device using a platform that their friends and acquaintances use.
In a way, what we are seeing in the phone industry is what we saw in the computer industry when formats got consolidated. In the past, we had C64, TI-99/4a, Amiga, Apple //, CP/M, Atari ST, Xenix, and so forth. These got consolidated over time to a few mainstream platforms (and it can be argued that all of these got consolidated into one platform -- AJAX and Web based apps) because most consumers care more about what programs they are able to run, than the OS.
There are many uses for a home server, even for users who don't think they need one:
1: Seedbox. I'm not meaning movies and copyright violations, but there are always things worth seeding and getting via BitTorrent and not having one's main machines deal with those.
2: Caching. LANs are sometimes orders of magnitudes faster than WANs, so caching just makes sense, especially for often visited websites. This can be DNS caching, Squid caches, or anything along those lines.
3: Security. Having a server filter potentially malicious sites and ads will reduce machine compromise.
4: Backup server. This way, one can bare metal restore over the LAN, as well as roll back if a box gets infected.
5: Streaming media. I wonder how long it will be until one has a big render server in the home packed full of GPUs, and streams video to people's machines (be it computers, phones, or tablets.)
6: Secure file share for documents.
7: Gateway for multiple Internet connections. If the cable modem drops, it can use tethering on a smartphone and the other boxes on the LAN don't have to change routing.
I agree 100%. The "if you have nothing to hide" BS rings hollow as soon as you replace "law enforcement" with "thieves". When I send out a signed/encrypted statement to a client via PGP, it is encrypted not to keep the po-po out, but to keep who may be listening on the line off, be it a dodgy wi-fi spot, or somewhere along the line things got compromised, such as a compromised CA.
Same reason I lock my doors. Let other people make it easy for the criminal element to victimize them.
What people fail to realize with the cloud concept is that some data center somewhere has to store the data, and that cost is going to be passed onto someone. Storing a company's assets on Google Docs means that blackhats have more eggs in one basket, and if Sony (which was known for hyper-aggressive legal action against anyone who appeared to crack any of their security measures) was completely owned, then anyone can be taken over. Keeping one's data at home means that a cracker now has to choose targets, as opposed to just spending time going after the big juicy one.
Basic security 101 states to keep things separate as much as possible. With cloud computing, businesses and individuals are encouraged to do the diametric opposite -- store everything in one location.
What people don't realize is that the info that they willingly give out may be what hangs them later on in life. Say their local government decides to go on a "proactive anti-terrorist campaign", does a search on FB for people who like a certain group or philosophy. By simple weighting of statements and then a subsequent sending out of police to do knocks on doors, those people can be removed from society in minutes.
On a longer term scale, what goes onto FB will affect job prospects later. For example companies who riffle through FB profiles and look for terms that are potentially racist, then stamp "UNHIRABLE" on people's foreheads. Even with FB stuff set private, it isn't hard for employers to demand friend access, and recently, a friend of mine had in the employment contract that hiding messages from the employer's "friend" account was grounds for immediate termination.
E-mails are a treasure trove too. Even more insidious is that people are wising up that Facebook is public, and not to post there. However the same data mining can be done to mail as well. A repressive government can find a person of interest, then check who emails to/from and what the contents are. Then it is trivial to send a couple people to pick up that person and introduce them to room 101.
One doesn't have to be paranoid about it -- one doesn't have to have a version of PGP predating a certain day in 1994, and Symantec's PGP utility is what I use if on Windows for pure convenience sake. However, it would be nice if people just started encrypting what they said to private keys, although signing before encryption would add a layer of security and prevent fake mail.
Maybe it might be time for some more PGP/gpg tools to make life easier as well. PGP/gpg keyserver code needs a facelift, and better options for replicating keys, as well as allowing keys to be marked as revoked if signed revokers say so, as well as giving notice about ADKs used.
Of course, having more MUAs support OpenPGP stuff directly would be nice, as opposed to having to cut/paste, or use Hushmail's web page for decryption of stuff if one doesn't have access to a PGP app.
I know this is might be a dumb idea, but instead of relying on a dubious disclaimer, why don't companies encourage internal employees and partners to use S/MIME, or even better PGP encryption?
PGP can be used with ADKs (additional decryption keys) to ensure recovering of data (important for regulations and legal compliance.) S/MIME can be used, although it might be less secure if you don't watch your CAs. Almost all general purpose MUAs support S/MIME and have some type of plug-in for PGP/gpg. Even the mailer in iOS 5 has S/MIME key support. Barring that, it isn't too tough to copy and paste text to a PGP decoder.
With PGP, gpg, or S/MIME, if a message gets delivered to the wrong person, unless the mis-addressed party has the resources of a country intelligence department, it really doesn't matter.
Why isn't encryption more prevalent these days?
I do key authentication over the Net for the same exact reason. If I log into the wrong site, who cares if they get a public key ID or material, unless they have a TWIRL machine or a quantum computer to factor keys in logarithmic time.
Plus, it is only common sense to have public key only authentication, especially with all the brute force attempts done these days. Of course, systems like SSHGuard or custom scripts to have iptables deny IP addresses are useful, but nothing beats completely locking out an attack avenue completely.
The gaming industry has been a race to the bottom now for a number of years. We have seen this in the way game releases have been done, where quality essentially has gone from a true release version to quality equal to an early beta, then if you are lucky, get a patch that gets the game to a late state beta in terms of bug fixes and such. If you are unlucky, the game remains unplayable, and a waste of the $70 you plunked down.
I'm not surprised at all about the lack of security. Most businesses provide at best lip service when it comes down to locking down data.
It wouldn't have taken much to have done this job right. One quick example follows:
Step 1: Generate the keys using a cryptographically secure PRNG. This can be as simple as pulling bytes from /dev/random (not /dev/urandom) and putting them in a format for a CD key. Make sure the format of the key is one that can be checked to be valid (check digit, 16 bit CRC, etc.)
Step 2: Keep the actual keys on a separate database and machine. The only use for the actual keys will be to print, one by one, and put on physical cards, or to e-mail to people. So, controls can be put into place to limit access to the keys to which ones are not used and which ones have been used.
Step 3: Store a hash of the keys in a separate database, the same way you store passwords, preferably hashed with a salt and run through a number of encryption rounds to deter brute force guessing. At the minimum, SHA-256 the key and store the hash.
Step 4: For local checking, the game can use the CRC to make sure a CD key is valid. Then pass it to the server via TLS for vetting on that end.
This way seems roundabout, but all the servers need to validate the key is the hash. The actual key material never really needs to be accessible by anyone other than to print out key cards, install the keys in Steam, and to send keys via E-mail for electronic registration. Generating keys via a cryptographically secure RNG means that a keygen can't be used, other than a key that passes the check digit test. This method may not be perfect, but it keeps raw key material out of the hands of all but the most sophisticated attackers.