The true sign of this will be when it takes longer for the de-crapifying [1] the hardware than it takes for the next model to come out. For example, Apple did learn about the unpublished hardware exploit and patched it so it didn't work in the iPad 2.
Once the device gets so old, it really has no use, that will be the turning point. I am pessimistic; Most people are cattle and will just shrug and deal with the tightening restrictions in return for new gewgaws on the device.
[1]: Rooting/JB-ing/unlocking/modding can be easily summed up by de-crapifying, because it is exactly this.
Take a look at the Nexus platform for how this is to be handled elegantly with the fastboot oem unlock method. Why is this the best way for handling this I have seen?
1: It requires the user to at least install ADB software. This can be on Linux, OS X, or Windows. Installing this shows at least some competency of unzipping an archive and running a command.
2: The user is presented with a "one cannot simply walk into Mordor" dialog, stating that their warranty is about to go the way of the dinosaurs, and that unless they are deliberately ready to zap every single bit off their phone, to turn around before it is too late. The warning is obvious enough that even Joe Sixpack who is following the directions from a sleazy offshore website in order to download a "porn viewer" onto his Android device would realize that this might not be a good idea, especially losing all the stored info on the device.
3: Once past the dialog, the device erases itself, and the user can do whatever he or she wants with it. No DRM, no signed bootloaders. Just have fun.
Depends on the type of coal. Most coal plants are running on lignite coal, which is the dirtiest and most impure type.
End result: Highly toxic heavy metals, as well as radioactive isotopes polluting everywhere downwind of the plant on a large scale.
If one had to live downwind of a nuke plant or a coal plant, the nuke plant would be a better bet. At least the radioactive hydrogen in an emergency gets vented and floats up to the upper atmosphere to be dispersed, as opposed to heavy metals in the smoke raining down on the countryside.
The best feature about Chrome is that extensions run sandboxed, so there is a significantly smaller chance of malicious software being able to gain a user, or even worse, root context through the browser.
This is arguably the biggest vector for infection these days, so anything that closes this hole is good.
Of course, the best solution is Adblock, so the ad sites that ignore or even condone blackhat codes have their dirty work completely ignored.
Even though the Japanese reactors did their job to contain against a meltdown, it looks like nuclear power progress will be set back another 20-30 years due to the fearmongers pointing to this.
The loss of life can't be ignored. For people that were not affected by loved ones killed by it, the rest of the world will also be feeling this disaster in Japan for generations to come. Especially the fact that the anti-nuke crowd now possesses another "kill point" to keep nuclear power dead. This essentially clinches the fact that our kids and grandkids will still be having their lights powered by coal, and their cars by oil.
We have that in devices, and attempts like ChromeOS are likely going to bring that to the desktop.
There is a big push to take root/Administrator away from the end user, for a number of reasons:
1: Joe Sixpack users won't be installing Trojans. 2: The hardware can not have features enabled. 3: OS updates are controlled, and it is easy to force users to get new equipment if they want to use apps with a new OS version. 4: Features can be disabled at will, like OtherOS. 5: Un-uninstallable "branding" can be added. 6: Ad agencies are guaranteed to get a firehose stream of data without the user being able to do a thing about it. 7: LEOs can easily access a device from remote to track usage or copy off files for use as evidence without the user knowing or being able to do anything about it. 8: DRM for music and other content can be made unhackable for a good long while. 9: Content can be pulled at any time. 10: If someone isn't liked by a device maker, their access can be pulled at any time. Lawsuit? Good luck.
Don't forget that the advantage that consoles used to have (game done perfectly the first time because there would be no way to patch) has far since been lost.
Consoles also have fallen to the "it builds, ship it" mentality that has nailed almost all of the software industry except Blizzard [1]. Because it is easy to update code on modern consoles, QA has dropped from making the game as perfect as possible for the 1.0 drop, to even worse than PC games. At least PC games have some QA done on various hardware; since consoles use the same hardware, even this is likely skimped on.
These days, consoles provide two advantages over PCs: One is that the game *should* work. The other advantage has nothing to do with the user -- console games have a far lower piracy rate. This sole reason is why the big names are falling head over heels for consoles.
[1]: And people wonder why WoW is doing so well... perhaps if MMO designers actually released a finished product on opening day, they might have something that may keep interest more than the initial first week or two.
I know the iPhone has a brand image where widgets are not part of it, but one of the nicest things about Android is that functionality. Of course, one can JB an iPhone for similar stuff, but it is nice to have it officially supported by the OS maker, and have it ready to go on a new device as opposed to having to wait months for the Dev Team to get a crack out.
Being able to glance at a screen, see the real temperature (not the forever Cupertino 73 degrees), an icon for weather, some incoming E-mail messages, and other relevant info on the main screen is a nice thing to have.
Best of all would be drives automatically encrypting data, and storing the key in memory that is highly reliable, but can also be precisely and completely zeroed out. Drives can be erased by having the key zeroed out and a new key used. What would also be useful would be a way to blow fuses and have the memory rendered unusable after this, with some obvious indication on the drive that this was done. This way, even a drunk intern can tell if a drive has been rendered unusable before tossing it in the trash bin.
Ideally, as a HDD maker, you want your hard disks to work indefinitely, and have people buy newer models based on capacity, speed, features, or a combination of the above.
Even without factoring in drive failures, HDDs leave circulation for good for another reason -- data confidentiality. When selling machines, any company that has an interest in security is going to be yanking HDDs from all boxes going out the door and melting/shredding/smashing them to ensure that no data present on those drives ever is recoverable.
As for drives needing degaussed, it would be nice to have some mechanical feature on the drive where a drive can be destroyed easily, for example, a mechanical spring-loaded lever which shatters the platters if they are made of ceramic. Couple that with a transparent window to confirm destruction, and that would be a lot easier (although less fun) than thermite packs.
That is true. However, even though routers are highly secure, they can become points of attack, especially if there are a lot of compromised PCs, and one belongs to the LAN admin, where he types the enable secrets on.
Of course, SecurID helps in this department to mitigate an enterprise-wide botnet infection, but it is still a note to consider.
The answer is more of the opposite -- how can one not be connected. Yes, VPNs might be an answer, but all it takes is for one blackhat to compromise some suit's laptop with an evil maid attack, and they can easily bypass that.
It would be ideal if we had backbones similar to NIPRnet and SIPRnet, but pretty much you either completely air gap and deal with the consequences of having no connectivity, or you bring everything online and hope your firewall/IDS/IPS/host security is up to snuff.
The best one can really hope for is to bring eggs into a well secured basket (IBM sysplex on the high end for example), as opposed to having many machines with sensitive data (PII, accounts payable/receivable, etc.) that need to be hardened and protected via the network.
Blowback 101. That will work for a couple cases, but when the bar gets set low that a well heeled person or organization starts doing massive SLAPP cases against every Tom, Dick, and Harry that disses he/she/them, the proxy company will end up just showing the government where they reside, how pathetic American requests for info are. Veiled or overt threats may work for a bit, but eventually will be ignored or dealt with, especially if it was made public how a US firm was trying to force their hands.
If the VPS was located in a country that was neutral, or even hostile to the US, the revelation that threats about being part of the Falun Gong (if China related), or anti-Islam sentiment (if a Middle Eastern nation) just might make that VPS company be honored as heroes or victims, targets of Western cyber-aggression.
Someone posting on many forums, falsely alleging heinous crimes that $PERSON did in efforts to deliberately destroy a reputation is another.
The libel/slander laws are aimed at the second instance. However, because SLAPP laws are not enforced these days, said libel/slander laws get used for the first.
If people saying "Elbonia sucks" on a forum get nailed by the Elbonian embassy for slander, then people will get scared and start using VPNs. Once this becomes a common practice, the people that LEOs really want to catch for suspected terrorism or other serious offences will require international cooperation with an offshore VPN service instead of just asking the telco for IP to names.
Real dumb move there by the decision-makers. What will happen is that Joe Clueless who makes a comment about someone sucking might get stung, while there will be a heightened interest in using a proxy for traffic; likely an offshore proxy that will either reply with unmitigated laughter, or a high resolution picture of a middle finger (or perhaps a sole of a shoe depending on geographic location) when someone demands IP logs.
VPNs are becoming really easy to use these days. The iPhone can activate one with a couple button presses. Browser extensions can activate Tor access with a button press.
If push came to shove and people started being arrested and sued left and right, it wouldn't be difficult for even Joe Sixpack to move to a VPN service, which would make current police work against real criminals a lot harder because every connection, the forensic officer would have to bed the VPN server for IP to IP correlation logs, or be able to monitor all connections to the VPN server and prove that connection "A" went into the network, and was routed to site "B", and do it well enough in a presentation to convince a jury.
If this judge were smart, he would have let the small fry go. This way, the nasty criminals would still be easily catchable without having to make any and all police investigations international affairs.
You can convince a jury of anything here in the US and get them to rubber stamp a DA's verdict when it comes to technology. Especially with the lack of education and the rampant technophobic qualities of most people here, all the prosecution has to say, "Nobody in their right mind doesn't use up all the space on a hard disk, so the empty space is hiding something."
The defense has to then try to prove a negative (good luck), and almost always, the jury will side with the prosecution because their brains ache from all the computer terms like "encryption", or "password".
As for kernel compiles, I do miss the days in the mid 1990s when a new kernel came out nightly, and I'd end up grabbing the diff and having a completely automated building and installing process (including two reboots to ensure modules get built and loaded right.)
Of course, the Linux kernel of today is stable and designed for production 24/7/365 work, but I sort of miss the pace of seeing new features pop up nightly in the odd numbered dev kernels.
Virtually all Android phones can be rooted. However, there is a difference between a "#" prompt and being able to flash your own ROM freely without needing to kexec() from a signed kernel.
The best compromise would be something VMWare showed a few months ago -- keeping the business data in a VM, while the user could do what they wanted with the real phone. Of course, someone can crack this, but someone will end up rooting phones, so might as well have the user experience more tolerable with a device.
Wake me up when Motorola gives more than the middle finger to modders. Having a ROM that has to run by kexec(), after modders spend hundreds of man hours defanging the device of eFuses and other crap shows Moto isn't really interested in making open devices.
I really wish Motorola would stop being hostile to modders. Even if they offered a modder-friendly device for a little bit more, that would be a faire compromise.
There is one exception, and I am assuming the devil's advocate role here:
Microsoft Exchange. It is not an open source product, but finding a company that is not dependent on Exchange (especially if they have to deal with PCI/DSS2, SOX, HIPAA, FERPA, or other regs) is a rare exception.
Of course, Google and IBM are exceptions, but pretty much Exchange is the only game in town if one wants to get past basic E-mail.
This is a good question:
The true sign of this will be when it takes longer for the de-crapifying [1] the hardware than it takes for the next model to come out. For example, Apple did learn about the unpublished hardware exploit and patched it so it didn't work in the iPad 2.
Once the device gets so old, it really has no use, that will be the turning point. I am pessimistic; Most people are cattle and will just shrug and deal with the tightening restrictions in return for new gewgaws on the device.
[1]: Rooting/JB-ing/unlocking/modding can be easily summed up by de-crapifying, because it is exactly this.
Take a look at the Nexus platform for how this is to be handled elegantly with the fastboot oem unlock method. Why is this the best way for handling this I have seen?
1: It requires the user to at least install ADB software. This can be on Linux, OS X, or Windows. Installing this shows at least some competency of unzipping an archive and running a command.
2: The user is presented with a "one cannot simply walk into Mordor" dialog, stating that their warranty is about to go the way of the dinosaurs, and that unless they are deliberately ready to zap every single bit off their phone, to turn around before it is too late. The warning is obvious enough that even Joe Sixpack who is following the directions from a sleazy offshore website in order to download a "porn viewer" onto his Android device would realize that this might not be a good idea, especially losing all the stored info on the device.
3: Once past the dialog, the device erases itself, and the user can do whatever he or she wants with it. No DRM, no signed bootloaders. Just have fun.
Depends on the type of coal. Most coal plants are running on lignite coal, which is the dirtiest and most impure type.
End result: Highly toxic heavy metals, as well as radioactive isotopes polluting everywhere downwind of the plant on a large scale.
If one had to live downwind of a nuke plant or a coal plant, the nuke plant would be a better bet. At least the radioactive hydrogen in an emergency gets vented and floats up to the upper atmosphere to be dispersed, as opposed to heavy metals in the smoke raining down on the countryside.
The kicker:
This was a 40 year old nuke plant too that has withstood a series of catastrophes that the designers would never dream of.
Imagine what a modern facility would be like when it came to safety, with 40 years more advanced material technology, manufacturing skills, and so on.
The best feature about Chrome is that extensions run sandboxed, so there is a significantly smaller chance of malicious software being able to gain a user, or even worse, root context through the browser.
This is arguably the biggest vector for infection these days, so anything that closes this hole is good.
Of course, the best solution is Adblock, so the ad sites that ignore or even condone blackhat codes have their dirty work completely ignored.
Even though the Japanese reactors did their job to contain against a meltdown, it looks like nuclear power progress will be set back another 20-30 years due to the fearmongers pointing to this.
The loss of life can't be ignored. For people that were not affected by loved ones killed by it, the rest of the world will also be feeling this disaster in Japan for generations to come. Especially the fact that the anti-nuke crowd now possesses another "kill point" to keep nuclear power dead. This essentially clinches the fact that our kids and grandkids will still be having their lights powered by coal, and their cars by oil.
We have that in devices, and attempts like ChromeOS are likely going to bring that to the desktop.
There is a big push to take root/Administrator away from the end user, for a number of reasons:
1: Joe Sixpack users won't be installing Trojans.
2: The hardware can not have features enabled.
3: OS updates are controlled, and it is easy to force users to get new equipment if they want to use apps with a new OS version.
4: Features can be disabled at will, like OtherOS.
5: Un-uninstallable "branding" can be added.
6: Ad agencies are guaranteed to get a firehose stream of data without the user being able to do a thing about it.
7: LEOs can easily access a device from remote to track usage or copy off files for use as evidence without the user knowing or being able to do anything about it.
8: DRM for music and other content can be made unhackable for a good long while.
9: Content can be pulled at any time.
10: If someone isn't liked by a device maker, their access can be pulled at any time. Lawsuit? Good luck.
Don't forget that the advantage that consoles used to have (game done perfectly the first time because there would be no way to patch) has far since been lost.
Consoles also have fallen to the "it builds, ship it" mentality that has nailed almost all of the software industry except Blizzard [1]. Because it is easy to update code on modern consoles, QA has dropped from making the game as perfect as possible for the 1.0 drop, to even worse than PC games. At least PC games have some QA done on various hardware; since consoles use the same hardware, even this is likely skimped on.
These days, consoles provide two advantages over PCs: One is that the game *should* work. The other advantage has nothing to do with the user -- console games have a far lower piracy rate. This sole reason is why the big names are falling head over heels for consoles.
[1]: And people wonder why WoW is doing so well... perhaps if MMO designers actually released a finished product on opening day, they might have something that may keep interest more than the initial first week or two.
I know the iPhone has a brand image where widgets are not part of it, but one of the nicest things about Android is that functionality. Of course, one can JB an iPhone for similar stuff, but it is nice to have it officially supported by the OS maker, and have it ready to go on a new device as opposed to having to wait months for the Dev Team to get a crack out.
Being able to glance at a screen, see the real temperature (not the forever Cupertino 73 degrees), an icon for weather, some incoming E-mail messages, and other relevant info on the main screen is a nice thing to have.
Best of all would be drives automatically encrypting data, and storing the key in memory that is highly reliable, but can also be precisely and completely zeroed out. Drives can be erased by having the key zeroed out and a new key used. What would also be useful would be a way to blow fuses and have the memory rendered unusable after this, with some obvious indication on the drive that this was done. This way, even a drunk intern can tell if a drive has been rendered unusable before tossing it in the trash bin.
Ideally, as a HDD maker, you want your hard disks to work indefinitely, and have people buy newer models based on capacity, speed, features, or a combination of the above.
Even without factoring in drive failures, HDDs leave circulation for good for another reason -- data confidentiality. When selling machines, any company that has an interest in security is going to be yanking HDDs from all boxes going out the door and melting/shredding/smashing them to ensure that no data present on those drives ever is recoverable.
As for drives needing degaussed, it would be nice to have some mechanical feature on the drive where a drive can be destroyed easily, for example, a mechanical spring-loaded lever which shatters the platters if they are made of ceramic. Couple that with a transparent window to confirm destruction, and that would be a lot easier (although less fun) than thermite packs.
Would a picture of my drinking piece from a renfaire count as a mugshot?
That is true. However, even though routers are highly secure, they can become points of attack, especially if there are a lot of compromised PCs, and one belongs to the LAN admin, where he types the enable secrets on.
Of course, SecurID helps in this department to mitigate an enterprise-wide botnet infection, but it is still a note to consider.
The answer is more of the opposite -- how can one not be connected. Yes, VPNs might be an answer, but all it takes is for one blackhat to compromise some suit's laptop with an evil maid attack, and they can easily bypass that.
It would be ideal if we had backbones similar to NIPRnet and SIPRnet, but pretty much you either completely air gap and deal with the consequences of having no connectivity, or you bring everything online and hope your firewall/IDS/IPS/host security is up to snuff.
The best one can really hope for is to bring eggs into a well secured basket (IBM sysplex on the high end for example), as opposed to having many machines with sensitive data (PII, accounts payable/receivable, etc.) that need to be hardened and protected via the network.
Blowback 101. That will work for a couple cases, but when the bar gets set low that a well heeled person or organization starts doing massive SLAPP cases against every Tom, Dick, and Harry that disses he/she/them, the proxy company will end up just showing the government where they reside, how pathetic American requests for info are. Veiled or overt threats may work for a bit, but eventually will be ignored or dealt with, especially if it was made public how a US firm was trying to force their hands.
If the VPS was located in a country that was neutral, or even hostile to the US, the revelation that threats about being part of the Falun Gong (if China related), or anti-Islam sentiment (if a Middle Eastern nation) just might make that VPS company be honored as heroes or victims, targets of Western cyber-aggression.
It depends on the degree of the action:
Someone saying $PERSON sucks is one thing.
Someone posting on many forums, falsely alleging heinous crimes that $PERSON did in efforts to deliberately destroy a reputation is another.
The libel/slander laws are aimed at the second instance. However, because SLAPP laws are not enforced these days, said libel/slander laws get used for the first.
Correction:
If people saying "Elbonia sucks" on a forum get nailed by the Elbonian embassy for slander, then people will get scared and start using VPNs. Once this becomes a common practice, the people that LEOs really want to catch for suspected terrorism or other serious offences will require international cooperation with an offshore VPN service instead of just asking the telco for IP to names.
Real dumb move there by the decision-makers. What will happen is that Joe Clueless who makes a comment about someone sucking might get stung, while there will be a heightened interest in using a proxy for traffic; likely an offshore proxy that will either reply with unmitigated laughter, or a high resolution picture of a middle finger (or perhaps a sole of a shoe depending on geographic location) when someone demands IP logs.
VPNs are becoming really easy to use these days. The iPhone can activate one with a couple button presses. Browser extensions can activate Tor access with a button press.
If push came to shove and people started being arrested and sued left and right, it wouldn't be difficult for even Joe Sixpack to move to a VPN service, which would make current police work against real criminals a lot harder because every connection, the forensic officer would have to bed the VPN server for IP to IP correlation logs, or be able to monitor all connections to the VPN server and prove that connection "A" went into the network, and was routed to site "B", and do it well enough in a presentation to convince a jury.
If this judge were smart, he would have let the small fry go. This way, the nasty criminals would still be easily catchable without having to make any and all police investigations international affairs.
You can convince a jury of anything here in the US and get them to rubber stamp a DA's verdict when it comes to technology. Especially with the lack of education and the rampant technophobic qualities of most people here, all the prosecution has to say, "Nobody in their right mind doesn't use up all the space on a hard disk, so the empty space is hiding something."
The defense has to then try to prove a negative (good luck), and almost always, the jury will side with the prosecution because their brains ache from all the computer terms like "encryption", or "password".
As for kernel compiles, I do miss the days in the mid 1990s when a new kernel came out nightly, and I'd end up grabbing the diff and having a completely automated building and installing process (including two reboots to ensure modules get built and loaded right.)
Of course, the Linux kernel of today is stable and designed for production 24/7/365 work, but I sort of miss the pace of seeing new features pop up nightly in the odd numbered dev kernels.
Giving people the ability to get everything attached to their motherboard for testing reasons until they find a real enclosure.
Virtually all Android phones can be rooted. However, there is a difference between a "#" prompt and being able to flash your own ROM freely without needing to kexec() from a signed kernel.
The best compromise would be something VMWare showed a few months ago -- keeping the business data in a VM, while the user could do what they wanted with the real phone. Of course, someone can crack this, but someone will end up rooting phones, so might as well have the user experience more tolerable with a device.
Moto isn't the only ones doing this. Try updating a Samsung Behold 2 to Android 2.x.
Wake me up when Motorola gives more than the middle finger to modders. Having a ROM that has to run by kexec(), after modders spend hundreds of man hours defanging the device of eFuses and other crap shows Moto isn't really interested in making open devices.
I really wish Motorola would stop being hostile to modders. Even if they offered a modder-friendly device for a little bit more, that would be a faire compromise.
There is one exception, and I am assuming the devil's advocate role here:
Microsoft Exchange. It is not an open source product, but finding a company that is not dependent on Exchange (especially if they have to deal with PCI/DSS2, SOX, HIPAA, FERPA, or other regs) is a rare exception.
Of course, Google and IBM are exceptions, but pretty much Exchange is the only game in town if one wants to get past basic E-mail.