Android also has a VM, where even if there was a flaw in the OS that would allow something to get root, it would have to get out of the VM. Since the Dalvik VM is constantly updated by Google, with bugs fixed quite quickly, it would take an attacker a significant time to find a hole to get out of the VM.
After getting out of the VM and able to execute Linux system calls directly, there is getting out of the user mode. This can be trivial, or it can be quite difficult, depending on device.
Because Android has two security hurdles before a rogue app can seize the phone, with updates able to be pushed almost immediately, its security is as good as anything else present on the market in the way of phones.
To boot, Android's security doesn't depend on keeping users from having full access to the phone. A rogue app still has to get past the VM and user mode to get anywhere, and all it takes is one access to su with a knowledgeable user wondering about the access, and Google will be throwing the kill switch hours later.
I wish there would always be a successor to the N900, however cellular carriers HATE the N900 with a passion:
They can't update the DRM on the device as they please.
They can't disable features if they don't like them and the device is on the market.
The life of the device is long, because it can easily be updated. Carriers want people to chuck their phones every 6-12 months. A good example of this is the Samsung Behold 2, which shipped with excellent hardware at the time, but because it is locked to at most Android 1.6, it essentially is useless six months after release.
The cellular carrier can't add bloatware or a "custom UI". This gives a lot of money, especially with exclusive deals that only one search engine comes up
The carrier can make money by locking people to a certain store for apps.
I hope Nokia can continue to keep the Meego line going regardless. At the minimum, I hope Google keeps the Nexus line, or at least an ADP model current, so there is *something* that can easily be modded in the future.
I've been using Paypal's security token (an OEM-ed VASCO device), and added the SMS feature as well.
Two factor authentication is a must these days, although it would be nice if people could standardize on a ZTIC-like appliance that plugged in a USB port and asked the critical questions through its interface.
The parent post states it excellently. I should add that people have to remember that even though past mis-deeds were in the past and as of now can't be arrested/sued on, it isn't hard for statute of limitations on various things to get revoked. A treaty can be signed that makes things that happened in the past prime target for cold case prosecutors.
It might be that the next WIPO/ACTA treaty makes the statute of limitations on any IP infringement unlimited, so people could be sued/arrested for pirating Duke Nukem 3D in the 1990s.
Of course, it makes sense to swap out the hard disk for another. People will go "buh?" if there is a hard disk in a machine, but blank. If a HDD is missing, they will be not yapping about stuff at the office cooler; they will be calling security, and people will be trying to remember any details they have noticed that were any way out of place.
Don't forget Cyrillic characters which have some that look like the Roman alphabet, but are not in reality.
So someone gets told to go to a site "theirbank.com", when in reality, the ".com" TLD is really a different set of three letters than the original.com top domain. Phishers would be in hog heaven.
Of course, the SSL certs would show green, perhaps with the EV logo, so even people who know enough to check the cert validity would be nailed by this.
Yes. Compartmentalize the data into as many little pigeonholes as possible, and only have the cubbyhole open/mounted/decrypted that is being worked on at the moment. When done with it, dismount/encrypt it.
I do this with my laptop and TrueCrypt. If I'm done with my Quickbooks instance, I suspend the VM and dismount the partition the VM disks are in. Doing this is the only real way of ensuring security in case of physical compromise. Of course, in a lot of cases, one can't really dismount critical server services, or go VM happy on a corporate desktop, but keeping tasks separate and only mounting what is needed is a good way to minimize damage is a good practice.
SIM unlocked devices can be purchased with some ease. It is tough with iPhones, since one probably would have to make a drive to Canada and physically get an unlocked one there. Android devices tend to be easier.
Unlocked as in fully rootable and ROM-able. Good luck. The only Android phone on the market in the past six months that has this ability is the Nexus S. Other phones, the ROM cookers have to go to great pains to make sure their stuff works with the signed kernel, work around the eFuse crap, and so on.
The perfect example of this is the Droid Pro. This would be the perfect unlocked phone because it groks CDMA and GSM. However, even unlocked, the versions sold in the US will not get on T-Mobile or AT&T, supposedly due to baseband booby-traps (nobody has been able to do this.) If the Droid Pro didn't have the eFuse crap, signed kernels, and other nasty things, it would be an ideal phone for a lot of people.
Unlocked has a lot of meanings. What would be ideal is a phone SIM unlocked and able to have custom ROMs flashed to it with a fastboot oem-unlock.
However, the only devices that will be able to do this will be Google's. It is somewhat ironic that the only true free (as in being able to do what you want with them) Android devices are sold from Google.
Not just a piece of media. A piece of untrusted media. The computer needs to consider all media as suspect and require the user to take action. It shouldn't do anything else.
The media should be mounted, and mounted noexec, nosuid, no-nothing. That's it. No autorun, no autoplay, no autoboot, no -nothing-. The user can decide what to do with the media once it is mounted. If the user wants to run stuff from the media, they can remount it with the permissions ready.
Of course, there is always the issue of PEBKAC errors, but short of yanking root from the user a la Android or iOS, there isn't much the OS can do here.
Having the fiber wholesaled would be the next best thing to sliced bread for me. Doesn't matter if the state owned it, or if it were well regulated and privately owned.
There is one thing I miss about the days about the old dialup times. There were tons of ISPs, and a lot of them were actually just plain cool. The Eden Matrix [1], and Illuminati Online come to mind. I'd love to see mom and pop ISPs come back, especially ISPs run by sysadmins for sysadmins, and offered services such as local (to the ISP) mirroring of Linux and FreeBSD repos, VPN ability (so Android devices and iPhones don't have to deal with whomever is listening over an open wi-fi connection), etc.
Having a specialized ISP for one's preferences would be nice.
Even cooler would be this happening with wireless providers. I'd love a wireless provider that caters to people who root and cook custom roms for Android devices, and which would have a mirror of the latest and greatest of those available.
[1]: It was named this way before the Matrix series of movies.
Take some guy who decides to go for a brawl in the US. There are a number of felony assault, assault and battery, malicious destruction, and criminal trespass charges that can be filed. If he fights back against the police, that would give more felonies. So, in theory, a brawler might be facing 20+ years if the judge decided to drop the hammer and have sentences serve consecutively.
This is why for the most part, brawls in the US are pretty rare.
True, but with databases these days, when does the info go off the DB? It isn't hard for a third party to get dumps from that database, and create a permanent record that can be used by businesses for extra security.
Yes, someone might be an asshole at a sporting event and deserve a year suspension from it... but the way data is stored forever by third parties, that year can easily turn into a lifetime.
Even Craftsman is slipping in quality. Their stuff still has a lifetime warranty, but compare a socket wrench made now to one made 10-20 years ago, and you find that they definitely are not as well built.
I'd highly recommend Snap-on or Mac Tools. Both of those still are high quality. They are expensive, but if someone uses a tool often, having the assurance that a tool isn't going to break and possibly injure is a good thing. However, for people who occasionally reach for the toolchest, the Sears offering is for the most part good enough. This also applies to the other store lines with lifetime warranties -- it is good quality, but not as good as Mac or Snap-on
Bingo. Essentially private companies need a "BIPRnet", similar to NIPRnet or SIPRnet. This would be for B2B communications (bank to credit card company, business to bank.)
There are ways to make data accessible, but without allowing it to sit on a remote device. Heck, it could be a front-end that uses a serial protocol. The security engineering would be between the application and the server, showing a view of the data, but not allowing it to remain on a device, and this can get hairy, especially with the ease of keeping screenshots and movies (FRAPS-like utilities.)
It might take a complete re-engineering from the ground up of devices with a hypervisor... this way, the "normal" OS and apps sit in a VM, while the "trusted" part (which is essentially a graphical dumb terminal) would set up connections using preshared secrets [1], then allow the user to log in.
There is a balance between keeping everything on the mainframe and using 3270 terminals versus having it replaced to every smartphone in a company. Air-gapping is a viable security solution, and it would be nice if OS makers would make it easier to do this. This way, a machine can be configured as "no, it won't have an Internet connection, ever", and it would provide an alternate mechanism for updates (ISO images).
[1]: I'd propose the same Diffie-Hellman exchange as in SSL, except the session key would be combined with a stored secret key (XOR works, perhaps encrypting the session key with the secret key, perhaps SHA-256-ing both keys joined together, etc.) This way, even if RSA encryption is completely broken, the preshared secret keeps the communications secure. If the preshared key is divulged (endpoint is compromised), the RSA key exchange keeps the session key from being gleaned, assuming a cryptographically secure PRNG.
This would take a lot of work, but what might be helpful for Google to do for making Android apps is making a source code conversion tool that would take Objective C code and convert the API calls to the equivalent Java calls.
Of course, this will take some doing because the Dalvik VM is a different beast than Objective-C (take the activities concept for example.) However, it would get software companies to at least dip a toe into the Android waters.
1: Technology for low level read-only abilities, Code to redirect writes somewhere else, and the ability for a device to periodically shut down, completely wipe itself and go back to factory standards.
2: If possible, flashing of a device can only be allowed physically. You stick a SD card in the device with the signed image, start the flashing process, and then press a button inside the machine to confirm this. The old ROM is saved off to a secure location, the new one is copied and verified, and only then is the new ROM flashed. As always, there is a mechanism to go back to a "1.0" ROM which is burned into the machine, if all else fails.
3: Segment and conquer. If some embedded devices need to talk to a log gathering server, put those machines on their own subnet physically separate from the Internet. Then have the logs pushed to another machine via a direct network connection over a crossover cable, or even a serial connection. This way, a blackhat is not going to be able to jump through a getty-less serial connection to do much other than look at logs.
4: Backups, backups, backups.
5: Defense in depth. A lot of companies rely on their network to provide security. However, what happens if a router blows a gasket and decides to fail to an "allow all" mode? Hosts need to have IP protection too.
6: Don't just test machines. Run social engineering pen tests. Call up people in the CEO's name and ask for enable passwords.
7: Be good at IPv6. If misconfigured, an attacker can easily grab the whole network topology of an IPv6 network (due to no need for NAT).
8: Encryption is useful, but key management is just as important.
9: Keep logs, and preferably on a server pair (where one of the servers only gets logs via a serial port, and no network connections otherwise.) Then back up logs to WORM media such as special tapes, or DVD-Rs.
10: Work on a ZTIC-like keyfob to allow for "trusted" confirmation to remote hosts. This way, even if the Web browser on a box is so hacked that it is changing data before it is displayed, there is still a secure channel. The ZTIC is secure because it is simple and hardened. Ideally combine it and the CAC.
This. There are still a lot of UNIX boxes out which are still using crypt(3), so they are using 8 characters max. There are only two fixes that can be done on this:
1: Force a password change to 8+ characters. 2: Ask a challenge question, such as an address stored on the account, or credit card used.
That wouldn't fix the problem. The guy who is rich enough to have the 4x4 Escalade will just pay the luxury/SUV tax and still have it. Even if gas were selling at $10.00 a gallon, they would still be on the roads.
This tax would put the screws on the small farmer who is too small to get the subsidies that the big guys get. We really don't want to see the small guys who grow our food go the way of ISPs and radio stations just yet... its nice knowing that an egg came from an actual chicken in a coop, as opposed to possibly from a chemical factory in Elbonia.
We could have as part of the cost for gasoline, a surcharge per liter that goes as a premium for $10,000,000.00 (or a very large amount) of damage/injury worth of no-fault insurance. This way, when one buys gasoline, they buy coverage, and no matter who is at fault in a wreck, the cars get fixed. This insurance would cover the cars, injuries, etc.
I'd be almost orgasmic if we started working on nuclear technology. Breeder reactors so the high level waste can be reprocessed. Reactors coupled with tasks that require a ton of energy, so we can desalinate water in the oceans and pipe it hundreds of miles inland for more arable land on the cheap. Reactors on ships coupled with thermal depolymerization systems that can suck out the waste in the Pacific Gyre, and turn it into crude oil. Heck, with thorium reactors or ones which can run on lesser grade fuel, have the ability to pull CO2 from the air and use that for syngas, or dump it through some chemical reactions to create gasoline.
I'm all for nuclear power. If done right, it means things can be done at home, as opposed to having the whole economy and national security of the US depend on other countries who might just choose to sell to China solely at a minutes notice.
In the past, there were a lot of applications that a true supercomputer was needed to be built for to solve, be it basic modeling of weather, rendering stuff for ray-tracing, etc.
Now, most applications are able to be done by COTS hardware. Because of this, there isn't much of a push to keep building faster and faster computers.
So, other than the guys who need the top of the line CPU cycles for very detailed models, such as the modelling used to simulate nuclear testing, there isn't really as big a push for supercomputing as there was in the past.
You hit the nail on the head. When I graduated college and started looking for work, when HR people asked what my Myspace/FB/Twitter/LinkedIn accounts were, and I told them that I had none, I got told, "Why should we hire you? By not having a presence on social networks, you have shown yourself to be a fossil with no ability to adapt. No FB account is just as bad as not having an E-mail address." Even when I remarked that having an admin who doesn't spill his/her guts for the world to see if a good thing, I got the glazed-eyes look from the HR droid, and the "thank you for letting us interview you, don't call us; we'll call you" crap.
This happened during interviews for a few times until I created dummy profiles on the networks with a random article or two, so they didn't look blank.
So, unless one is getting a job as a door to door vacuum bed salesperson, a lot of employers I have personally encountered don't just want to know that you are on social networks, they actually ask your user IDs to see your public profile. A guy who graduated with me actually had to have his employer added onto followers/friends as a condition of employment. (Even though it technically is a TOS violation, he ended up keeping two sets of accounts, one under his name, one under his AKA.)
With job seekers essentially having to have a social media presence, it would be nice that some privacy laws other than, "if it is on the service, it is searchable and usable in criminal/civil courts" would apply. But realistically they don't, so one always has to remember that, when writing a post, assume there is someone there reading it who wants to stick handcuffs on someone, or sue into bankruptcy.
Heck with checksums. PGP/gpg signed manifest files with SHA-512 hashes for every file stored, from source code tarballs to documentation, and the PGP/gpg keys signed by multiple trustworthy keys in a WOT. This way, dropping in a fake key on a keyserver, then some signed binaries would be found out almost immediately.
For RPMs, if they are not gpg signed by someone, there is a security lapse. Same with Windows.MSI files which don't have Authenticode signatures (although the Windows certificate for a private key does cost some cash, but at least a PGP/gpg signature should be provided.)
Google might just end up making a new VM system, similar to what Microsoft did with.NET.
This might have some advantages. Perhaps language independence could be put in, so Java source code files can be used, but they would compile to the new VM format, similar to how Microsoft's J# compiled to.NET. This way, someone can use Java syntax, C++ syntax, heck, even a version of BASIC and still get the same bytecode coming out. Add JIT, and there would be little performance overhead.
Oracle doesn't seem to be doing much with Java anyway, so if Google made a VM system from scratch, perhaps it might be better overall in the long haul, especially if it was designed from the ground up for security, learning the mistakes Sun/Oracle made.
Android also has a VM, where even if there was a flaw in the OS that would allow something to get root, it would have to get out of the VM. Since the Dalvik VM is constantly updated by Google, with bugs fixed quite quickly, it would take an attacker a significant time to find a hole to get out of the VM.
After getting out of the VM and able to execute Linux system calls directly, there is getting out of the user mode. This can be trivial, or it can be quite difficult, depending on device.
Because Android has two security hurdles before a rogue app can seize the phone, with updates able to be pushed almost immediately, its security is as good as anything else present on the market in the way of phones.
To boot, Android's security doesn't depend on keeping users from having full access to the phone. A rogue app still has to get past the VM and user mode to get anywhere, and all it takes is one access to su with a knowledgeable user wondering about the access, and Google will be throwing the kill switch hours later.
I misread the article as "Scientists Love a Cold One".
I wish there would always be a successor to the N900, however cellular carriers HATE the N900 with a passion:
I hope Nokia can continue to keep the Meego line going regardless. At the minimum, I hope Google keeps the Nexus line, or at least an ADP model current, so there is *something* that can easily be modded in the future.
I've been using Paypal's security token (an OEM-ed VASCO device), and added the SMS feature as well.
Two factor authentication is a must these days, although it would be nice if people could standardize on a ZTIC-like appliance that plugged in a USB port and asked the critical questions through its interface.
The parent post states it excellently. I should add that people have to remember that even though past mis-deeds were in the past and as of now can't be arrested/sued on, it isn't hard for statute of limitations on various things to get revoked. A treaty can be signed that makes things that happened in the past prime target for cold case prosecutors.
It might be that the next WIPO/ACTA treaty makes the statute of limitations on any IP infringement unlimited, so people could be sued/arrested for pirating Duke Nukem 3D in the 1990s.
Of course, it makes sense to swap out the hard disk for another. People will go "buh?" if there is a hard disk in a machine, but blank. If a HDD is missing, they will be not yapping about stuff at the office cooler; they will be calling security, and people will be trying to remember any details they have noticed that were any way out of place.
Don't forget Cyrillic characters which have some that look like the Roman alphabet, but are not in reality.
So someone gets told to go to a site "theirbank.com", when in reality, the ".com" TLD is really a different set of three letters than the original .com top domain. Phishers would be in hog heaven.
Of course, the SSL certs would show green, perhaps with the EV logo, so even people who know enough to check the cert validity would be nailed by this.
Yes. Compartmentalize the data into as many little pigeonholes as possible, and only have the cubbyhole open/mounted/decrypted that is being worked on at the moment. When done with it, dismount/encrypt it.
I do this with my laptop and TrueCrypt. If I'm done with my Quickbooks instance, I suspend the VM and dismount the partition the VM disks are in. Doing this is the only real way of ensuring security in case of physical compromise. Of course, in a lot of cases, one can't really dismount critical server services, or go VM happy on a corporate desktop, but keeping tasks separate and only mounting what is needed is a good way to minimize damage is a good practice.
Depends on how means locked down:
SIM unlocked devices can be purchased with some ease. It is tough with iPhones, since one probably would have to make a drive to Canada and physically get an unlocked one there. Android devices tend to be easier.
Unlocked as in fully rootable and ROM-able. Good luck. The only Android phone on the market in the past six months that has this ability is the Nexus S. Other phones, the ROM cookers have to go to great pains to make sure their stuff works with the signed kernel, work around the eFuse crap, and so on.
The perfect example of this is the Droid Pro. This would be the perfect unlocked phone because it groks CDMA and GSM. However, even unlocked, the versions sold in the US will not get on T-Mobile or AT&T, supposedly due to baseband booby-traps (nobody has been able to do this.) If the Droid Pro didn't have the eFuse crap, signed kernels, and other nasty things, it would be an ideal phone for a lot of people.
Unlocked has a lot of meanings. What would be ideal is a phone SIM unlocked and able to have custom ROMs flashed to it with a fastboot oem-unlock.
However, the only devices that will be able to do this will be Google's. It is somewhat ironic that the only true free (as in being able to do what you want with them) Android devices are sold from Google.
Not just a piece of media. A piece of untrusted media. The computer needs to consider all media as suspect and require the user to take action. It shouldn't do anything else.
The media should be mounted, and mounted noexec, nosuid, no-nothing. That's it. No autorun, no autoplay, no autoboot, no -nothing-. The user can decide what to do with the media once it is mounted. If the user wants to run stuff from the media, they can remount it with the permissions ready.
Of course, there is always the issue of PEBKAC errors, but short of yanking root from the user a la Android or iOS, there isn't much the OS can do here.
I want my secretary to use a one-time pad for transcriptions.
Having the fiber wholesaled would be the next best thing to sliced bread for me. Doesn't matter if the state owned it, or if it were well regulated and privately owned.
There is one thing I miss about the days about the old dialup times. There were tons of ISPs, and a lot of them were actually just plain cool. The Eden Matrix [1], and Illuminati Online come to mind. I'd love to see mom and pop ISPs come back, especially ISPs run by sysadmins for sysadmins, and offered services such as local (to the ISP) mirroring of Linux and FreeBSD repos, VPN ability (so Android devices and iPhones don't have to deal with whomever is listening over an open wi-fi connection), etc.
Having a specialized ISP for one's preferences would be nice.
Even cooler would be this happening with wireless providers. I'd love a wireless provider that caters to people who root and cook custom roms for Android devices, and which would have a mirror of the latest and greatest of those available.
[1]: It was named this way before the Matrix series of movies.
Isn't that what jails are for?
Take some guy who decides to go for a brawl in the US. There are a number of felony assault, assault and battery, malicious destruction, and criminal trespass charges that can be filed. If he fights back against the police, that would give more felonies. So, in theory, a brawler might be facing 20+ years if the judge decided to drop the hammer and have sentences serve consecutively.
This is why for the most part, brawls in the US are pretty rare.
True, but with databases these days, when does the info go off the DB? It isn't hard for a third party to get dumps from that database, and create a permanent record that can be used by businesses for extra security.
Yes, someone might be an asshole at a sporting event and deserve a year suspension from it... but the way data is stored forever by third parties, that year can easily turn into a lifetime.
Even Craftsman is slipping in quality. Their stuff still has a lifetime warranty, but compare a socket wrench made now to one made 10-20 years ago, and you find that they definitely are not as well built.
I'd highly recommend Snap-on or Mac Tools. Both of those still are high quality. They are expensive, but if someone uses a tool often, having the assurance that a tool isn't going to break and possibly injure is a good thing. However, for people who occasionally reach for the toolchest, the Sears offering is for the most part good enough. This also applies to the other store lines with lifetime warranties -- it is good quality, but not as good as Mac or Snap-on
For bicycles, I'd recommend Park Tools.
Bingo. Essentially private companies need a "BIPRnet", similar to NIPRnet or SIPRnet. This would be for B2B communications (bank to credit card company, business to bank.)
There are ways to make data accessible, but without allowing it to sit on a remote device. Heck, it could be a front-end that uses a serial protocol. The security engineering would be between the application and the server, showing a view of the data, but not allowing it to remain on a device, and this can get hairy, especially with the ease of keeping screenshots and movies (FRAPS-like utilities.)
It might take a complete re-engineering from the ground up of devices with a hypervisor... this way, the "normal" OS and apps sit in a VM, while the "trusted" part (which is essentially a graphical dumb terminal) would set up connections using preshared secrets [1], then allow the user to log in.
There is a balance between keeping everything on the mainframe and using 3270 terminals versus having it replaced to every smartphone in a company. Air-gapping is a viable security solution, and it would be nice if OS makers would make it easier to do this. This way, a machine can be configured as "no, it won't have an Internet connection, ever", and it would provide an alternate mechanism for updates (ISO images).
[1]: I'd propose the same Diffie-Hellman exchange as in SSL, except the session key would be combined with a stored secret key (XOR works, perhaps encrypting the session key with the secret key, perhaps SHA-256-ing both keys joined together, etc.) This way, even if RSA encryption is completely broken, the preshared secret keeps the communications secure. If the preshared key is divulged (endpoint is compromised), the RSA key exchange keeps the session key from being gleaned, assuming a cryptographically secure PRNG.
This would take a lot of work, but what might be helpful for Google to do for making Android apps is making a source code conversion tool that would take Objective C code and convert the API calls to the equivalent Java calls.
Of course, this will take some doing because the Dalvik VM is a different beast than Objective-C (take the activities concept for example.) However, it would get software companies to at least dip a toe into the Android waters.
Some more elaboration on that:
1: Technology for low level read-only abilities, Code to redirect writes somewhere else, and the ability for a device to periodically shut down, completely wipe itself and go back to factory standards.
2: If possible, flashing of a device can only be allowed physically. You stick a SD card in the device with the signed image, start the flashing process, and then press a button inside the machine to confirm this. The old ROM is saved off to a secure location, the new one is copied and verified, and only then is the new ROM flashed. As always, there is a mechanism to go back to a "1.0" ROM which is burned into the machine, if all else fails.
3: Segment and conquer. If some embedded devices need to talk to a log gathering server, put those machines on their own subnet physically separate from the Internet. Then have the logs pushed to another machine via a direct network connection over a crossover cable, or even a serial connection. This way, a blackhat is not going to be able to jump through a getty-less serial connection to do much other than look at logs.
4: Backups, backups, backups.
5: Defense in depth. A lot of companies rely on their network to provide security. However, what happens if a router blows a gasket and decides to fail to an "allow all" mode? Hosts need to have IP protection too.
6: Don't just test machines. Run social engineering pen tests. Call up people in the CEO's name and ask for enable passwords.
7: Be good at IPv6. If misconfigured, an attacker can easily grab the whole network topology of an IPv6 network (due to no need for NAT).
8: Encryption is useful, but key management is just as important.
9: Keep logs, and preferably on a server pair (where one of the servers only gets logs via a serial port, and no network connections otherwise.) Then back up logs to WORM media such as special tapes, or DVD-Rs.
10: Work on a ZTIC-like keyfob to allow for "trusted" confirmation to remote hosts. This way, even if the Web browser on a box is so hacked that it is changing data before it is displayed, there is still a secure channel. The ZTIC is secure because it is simple and hardened. Ideally combine it and the CAC.
This. There are still a lot of UNIX boxes out which are still using crypt(3), so they are using 8 characters max. There are only two fixes that can be done on this:
1: Force a password change to 8+ characters.
2: Ask a challenge question, such as an address stored on the account, or credit card used.
That wouldn't fix the problem. The guy who is rich enough to have the 4x4 Escalade will just pay the luxury/SUV tax and still have it. Even if gas were selling at $10.00 a gallon, they would still be on the roads.
This tax would put the screws on the small farmer who is too small to get the subsidies that the big guys get. We really don't want to see the small guys who grow our food go the way of ISPs and radio stations just yet... its nice knowing that an egg came from an actual chicken in a coop, as opposed to possibly from a chemical factory in Elbonia.
We could have as part of the cost for gasoline, a surcharge per liter that goes as a premium for $10,000,000.00 (or a very large amount) of damage/injury worth of no-fault insurance. This way, when one buys gasoline, they buy coverage, and no matter who is at fault in a wreck, the cars get fixed. This insurance would cover the cars, injuries, etc.
However, I'm sure this would never happen.
I'd be almost orgasmic if we started working on nuclear technology. Breeder reactors so the high level waste can be reprocessed. Reactors coupled with tasks that require a ton of energy, so we can desalinate water in the oceans and pipe it hundreds of miles inland for more arable land on the cheap. Reactors on ships coupled with thermal depolymerization systems that can suck out the waste in the Pacific Gyre, and turn it into crude oil. Heck, with thorium reactors or ones which can run on lesser grade fuel, have the ability to pull CO2 from the air and use that for syngas, or dump it through some chemical reactions to create gasoline.
I'm all for nuclear power. If done right, it means things can be done at home, as opposed to having the whole economy and national security of the US depend on other countries who might just choose to sell to China solely at a minutes notice.
In the past, there were a lot of applications that a true supercomputer was needed to be built for to solve, be it basic modeling of weather, rendering stuff for ray-tracing, etc.
Now, most applications are able to be done by COTS hardware. Because of this, there isn't much of a push to keep building faster and faster computers.
So, other than the guys who need the top of the line CPU cycles for very detailed models, such as the modelling used to simulate nuclear testing, there isn't really as big a push for supercomputing as there was in the past.
You hit the nail on the head. When I graduated college and started looking for work, when HR people asked what my Myspace/FB/Twitter/LinkedIn accounts were, and I told them that I had none, I got told, "Why should we hire you? By not having a presence on social networks, you have shown yourself to be a fossil with no ability to adapt. No FB account is just as bad as not having an E-mail address." Even when I remarked that having an admin who doesn't spill his/her guts for the world to see if a good thing, I got the glazed-eyes look from the HR droid, and the "thank you for letting us interview you, don't call us; we'll call you" crap.
This happened during interviews for a few times until I created dummy profiles on the networks with a random article or two, so they didn't look blank.
So, unless one is getting a job as a door to door vacuum bed salesperson, a lot of employers I have personally encountered don't just want to know that you are on social networks, they actually ask your user IDs to see your public profile. A guy who graduated with me actually had to have his employer added onto followers/friends as a condition of employment. (Even though it technically is a TOS violation, he ended up keeping two sets of accounts, one under his name, one under his AKA.)
With job seekers essentially having to have a social media presence, it would be nice that some privacy laws other than, "if it is on the service, it is searchable and usable in criminal/civil courts" would apply. But realistically they don't, so one always has to remember that, when writing a post, assume there is someone there reading it who wants to stick handcuffs on someone, or sue into bankruptcy.
Heck with checksums. PGP/gpg signed manifest files with SHA-512 hashes for every file stored, from source code tarballs to documentation, and the PGP/gpg keys signed by multiple trustworthy keys in a WOT. This way, dropping in a fake key on a keyserver, then some signed binaries would be found out almost immediately.
For RPMs, if they are not gpg signed by someone, there is a security lapse. Same with Windows .MSI files which don't have Authenticode signatures (although the Windows certificate for a private key does cost some cash, but at least a PGP/gpg signature should be provided.)
Google might just end up making a new VM system, similar to what Microsoft did with .NET.
This might have some advantages. Perhaps language independence could be put in, so Java source code files can be used, but they would compile to the new VM format, similar to how Microsoft's J# compiled to .NET. This way, someone can use Java syntax, C++ syntax, heck, even a version of BASIC and still get the same bytecode coming out. Add JIT, and there would be little performance overhead.
Oracle doesn't seem to be doing much with Java anyway, so if Google made a VM system from scratch, perhaps it might be better overall in the long haul, especially if it was designed from the ground up for security, learning the mistakes Sun/Oracle made.