Business PC laptops have a good amount of security features to deal with theft:
1: BitLocker + TPM. This keeps the thief out of the onboard data while the laptop owner doesn't have to remember anything more than his AD account password.
2: LoJack for Laptops. On Dells and HPs, once activated, this stays present forever, especially newer models where it persists even if the motherboard is reflashed. With this installed, it isn't hard for a business to remotely zero out the Documents directory, then kill the rest of the machine.
3: Onboard BIOS-level kill switches. I remember Intel demoing a VPro feature that allowed an enterprise to be able to kill a laptop and remotely wipe the drive using the hard disk's ATA secure drive erase, regardless of OS on the machine, and also give an acknowledgment back when the dirty deed was finished.
So, for anti-theft, the upper end business line PCs have it made. Macs don't have those features, but one can get decently secure if you use a WDE product like PointSec or PGP WDE, encrypted backups using Retrospect 8, perhaps LoJack for Mac. At the minimum, turn on FileVault.
I'd say that putting any OS on the Internet without a reasonable firewall is a poor idea, the exception being a laptop [1] just out of necessity. Yes, most operating systems are hardened, but what brings the bugs are the applications that run on them. This is why having a hardened machine with as little running on it as possible is essential between the general purpose computers and the rest of the Internet.
[1]: I have seen tiny embedded Linux adapters just bigger than an Ethernet plug. Why can't laptop makers build a tiny firewalling router into one of those and mount it on the motherboard? This way, it doesn't matter what OS is, attacks from remote will be minimized, and one could configure it to disallow outgoing ports (such as port 25) that the laptop shouldn't ever need to go out on. I'm sure similar functionality can be done for Wi-Fi. As an added bonus, if a machine gets DoS-ed, it won't be the main CPU that has to sort out the offending packets, but the one on the built in firewall.
This is is what some SAN companies do. One of them has SSD media that functions as a persistent cache. This way, data that is read/written to often goes off of the SSD, while other items end up being written directly to the array that can be made slower.
The good about this method: Not having to worry as much about what tiers of storage, because the SAN head determines where data is placed.
The bad: It might be that OS files end up there as opposed to what you want to have the great performance with. So, it doesn't completely replace the need for tiered storage.
I would like this myself. What this would be great for would be putting OS images on and having it be read-only. This way, if Joe Sixpack gets their computer compromised and trashed, it would be trivial to enable the boot device in BIOS and boot from it for a reinstall or a recovery mode. Well, more trivial than getting Joe to find the OS recovery media or buy another copy of Windows.
Even better would be the option of booting to recovery media, or having a recovery partition with tools to do offline malware checking, hard disk imaging, filesystem scanning, and other utilities.
Best would be a the above as well as a hypervisor that supported encryption and trusted booting via a TPM. This way, VMs can boot, regardless of OS and be protected against local tampering or malware tagging the MBR.
Have the devices with the hardware ID have special functionality, similar to MagicGate memory sticks. In bygone times, the early Sony "MP3" [1] players would only work with special memory sticks which supported their encryption system.
[1]: Some were technically encrypted ATRAC3 players and would require transcoding. Others would directly encrypt the MP3 files without requiring the quality loss.
Minor addition: There is nothing illegal about "jailbreaking" a device as the courts decided a couple weeks ago. The illegal acts are committed by the pirates, not the people who get the code working, nor the homebrewers.
Exactly what I mean. If an offshore gold seller hands their credit card information to another group who creates accounts on a MMO for blackhat reasons, the gold seller doesn't have to worry about violating such guidelines. Even if they are caught, if they are in a country that isn't on buddy-buddy terms with the West, the seller likely will face zero consequences.
This is the exact reason that I refused to buy a PS3. When the "Other OS" option was not just removed from the Slims, but removed from existing machines as a mandatory upgrade, that made the platform a no-go.
You don't need a closed platform to deal with wallhackers and aimbots. Steam runs on a ton of PCs, and VAC catches and bans forever a crapload of people daily who attempt to try this stuff. Similar with WoW. Blizzard's Warden has evolved to a point where only the gold farmers who have hundreds of thousands of accounts [1] are continuously doing hacks, and that is because account loss for them is no consideration.
[1]: A lot of gold sellers get the accounts when suckers buy gold and pay with a credit card. Then they hand the CC# and info to another organization who just charges the credit card 5-10 times and create a bunch of paid accounts. Since they are offshore, PCI-DSS is not an issue, nor if there is ever a link found, there would be any criminal penalties applied.
With my bank, yes, there is a shared secret. However, what if I'm buying a new vend-a-goat machine from a bovine supply house's website, some place where I have had no previous dealings, so establishing a shared secret, even a 4 digit PIN is not possible? My only other avenue would be to find the bovine supply house's phone number and set up a preshared secret over the phone. However, if the only info about the phone number's location is on the Web, then that becomes pointless.
Of course, we could get into trusted parties, but some CAs are barely trustable with telling you that a key is actually belonging to the claimed party, much less knowing symmetric keys in a conversation.
Public key encryption solves a lot of problems. Without it, it will be hack beyond hack to try to get symmetric keys working between people who don't know each other, not to mention the sheer amount of storage of private nonces.
Another example: Say 1000 people want to have encrypted communication with each other. If they have a WoT, all one would need is the private key of a trusted introducer who signed that the 999 other people are legit. Otherwise, they would need 1000 symmetric keys. To boot, a public key doesn't have to be kept hidden, while the 1000 symmetric keys would cause a lot of damage if they were divulged.
1: Public keys are not just used for real time exchanges. Public keys are sometimes used for data archiving where the private keys are held in an offline area. Same with keys that sign programs to detect tampering.
2: Quantum links are really, really slow. Instead of a one time pad, realistically you want to generate a key through the secure channel via a Diffie-Hellman handshake that is used for some time then chucked (like for a transaction or for a chunk of data.) Then send the bulk data through a standard link.
3: Quantum key exchanges have had some issues that could allow an attacker to get knowledge of the key.
4: One would have to drop parallel pipes everywhere that supported quantum channels. It is hard to get ISPs to drop one chunk of fiber, much less the fiber needed to interconnect for the secure quantum channels and the partial photons.
5: There is the issue of trust. You can set up a quantum exchange with another machine and come up with a key that you know hasn't been touched... but is that really your bank, or is it some site in Elbonia that is patched in? Quantum key selection won't help you here in knowing that you are talking to the right host.
Regardless, even if we had secure point to point connections via quantum key generation and bulk tunnels, public key cryptography is still an important part of life, even if it to sign documents and ensure they won't be tampered with.
I'm sure the next thing will be the bits (in base 10 of course) that are available before the ECC, clock bits, sector relocation table, and other niceties are put in. Similar to raw capacity versus formatted capacity, except before the critical HDD functions are factored in.
Symmetric algorithms are at least in their second generation (DES/Lucifer now AES) of production use, with decades of study and close analysis by a lot of good minds.
Asymmetric algorithms are still essentially the first generation. Take RSA. It has been out for so long that its patent has expired more than 15 years ago. Even elliptic curve cryptography has been out at least 20 years, because the NeXT had it in NeXTStep 3.0 (and ended up getting pulled out of the OS due to ITAR).
Even cryptographic hashes have been through a number of iterations. We had MD4, then MD5, then SHA-1, then SHA-256, now are looking for something to replace SHA, similar to how Rijndael replaced 3DES and DES.
Maybe it is time to have a contest to have a standard asymmetric algorithm to replace RSA, DSS, and ElGamal? Something fundamentally designed to resist quantum computer attack as well as other threats.
IPv6 shouldn't be that hard to switch to. Macs are happy with it. Windows machines grok it. The only issue would be a number of SOHO routers, and some applications that don't understand V6 (MySQL is a good example.)
The sooner we get to IPv6, the better. If not, if someone wants a static IP, much less a/29 subnet with five usable host IPs, they will be paying through the nose, for it just due to artificial scarcity.
I just fear that companies are going to spend big bucks for routers that can do NAT traversal (dev subnet gets NATted to another subnet which then gets translated to the outside IP), as opposed to going to IPv6 where one can keep firewalls up and the traffic isolated and secure, but keep NAT is an option, not a must-have. If a company is worried about the IPv6 stack having issues, just use IPv6 as an edge routing protocol and keep the internal network on v4 and use Toredo. Yes, this is still not optimal, but it is better than dealing with having to bid for v4 statics so one can have their own webserver online.
Even better is if one uses double-byte characters and drops in Cyrillic characters. That domain may say one thing, but in reality, it might lead to a completely different rabbit hole.
Combine that with CAs who have been mentioned on/. as untrustworthy, and people may get a perfectly secure HTTPS connection to something that looks exactly like their bank's URL, but in reality is nowhere near.
Nail, head hit. One reason IPv6 isn't being pushed is because of artificial scarcity. If top tier ISPs can force people to pay for V4 addresses, so much the better. It isn't like there is a lawmaking body that can tell them to flip the switch like how ARPANet went from NCP to TCP/IP in the past.
Plus, the more people behind NATs, the harder it is to P2P, and the less bandwidth used by people. All wins for ISPs (especially cable companies who want people watching their TV and not streaming video), all losses for everyone else.
[cynical] Or a security issue that allows the device to function perfectly as an embedded botnet client, or even more realistically, a botnet redirector that forensic trails end up stopping at. [/cynical]
I wonder if IP addresses will end up just going up in price, forcing smaller sites out or onto virtual domains instead of people switching over to IPv6, even if IPv6 is just used as an edge protocol, where businesses still use v4 as their core layer 3 protocol.
I hope we go to IPv6 sometime. I just dread having to go find an auction to pay hyperinflated prices for a 5 IP subnet if I want some v4 statics.
The reason stations do this is because it is cheaper to pay for a license once for a block of 400 songs, never having to pay for anything new. Then the only real costs are overhead of the transmitter and building, and the costs of DJs.
Yes, it may generate revenue, but it is long term moronic. Had stations kept playing new stuff while keeping older songs on the air occasionally, they would have not just kept profit as radio stations, but could have been communication hubs for people, especially if stations had decided to try social networking before even the Friendster days. Back when radio was relevant, the DJs talked and people listened, so I'm sure that stations could have had a following based on an interactive website that would have offered forums, event calenders, "free" E-mail accounts, etc. Revenue would have been tremendous -- ad revenue for starters because advertisers wouldn't just get the radio station van out to a site, they would get fans coming for freebies who have known about the event due to site banners for weeks ahead of time. Even without factoring in ads, I'm sure listeners would have paid money for E-mail addresses and such in return for being able to have a chance of winning items, or being the first to be able to go to a concert of an up and coming band.
But radio decided not to embrace the Internet. Instead, they ditched what gave them life and went to a profit model that all but ensures their demise. Radio is now reduced to just background noise, when in the past, they could have taken charge and been leaders of various music scenes. These days, the people who listen to the radio now are not the college students or the teenagers with rich parents. It is people looking for traffic reports, music to be played at a construction site as something to listen to, or background music in the doctor's waiting room.
Don't forget the FM radio arena has been abandoned by virtually everyone. You might hear a radio blasting at a construction site because it is cheaper than someone attaching a MP3 player, but that essentially is it.
15 years ago, FM radio was different. New bands played all the time.
Now, FM radio is not worth the time of day. "Rock" stations are in a time warp and are still playing Blind Melon, Smashing Pumpkins, and Nirvana as the absolute latest music they bother to listen to. You might catch a 1 hour show at midnight on a Friday that has recent music, but that is essentially it. To boot, it is the same songs, about 100-400 that play over and over.
This is also an issue with other stations, be it hip-hop, country, Tejano, or one's genre of choice -- the vibrancy that radio used to have about 15-20 years ago is lost. People don't click on a FM radio station to hear new stuff, they go to last.fm or Pandora.
I have seen these things on cars not owned by DUI convictees. For example, some parents install them on the soon to be teen driver's car to make sure that the car is operated by someone sober. These are the exact same devices requires in a lot of states for DWI offenders, except have a setting not available -- the ability to enter in a PIN and turn the thing off.
Even if they *could* put out a patch for a game or music files that would kill DRM on bankruptcy, I'm sure some bankruptcy lawyer would say "nope", consider the DRM as asset protection and bar that from happening, no matter how thoroughly it was promised to consumers. History has proven this -- a lot of old games only are able to be played because some good 6502 or 8086 assembly people who are good at decoding protection systems.
This is one reason that D2D2T setups are a good thing. If the tape gets overwritten, most likely the copy sitting on the HDD is still useful for recovering.
One thing I highly recommend businesses get is a backup server. It can be as simple as a 1U Linux box connected to a Drobo that does an rsync. It can be a passive box that does Samba/CIFS serving, one account for each machine and each machine's individual backup program dump to it. Or the machine can have an active role and run a backup utility like Retrospect. The advantage of the active role is that one can plug another external drive into the server, copy backed up data to it, then take the external drive offsite for additional data protection. It isn't as good as full tape rotation, but better than nothing.
The problem is not just the MBAs who failed ITIL running the game companies, it is the fact that there is a great barrier to entry to the market. The days of writing some vector graphics in BASIC, making copies of the floppies, and selling them with a photocopied manual in a Ziploc bag are long gone. It takes millions of dollars in licensing fees for the engine and artists to do the graphics that is required for even the most entry level game.
It would be nice to see "interactive movies" where the plot came first and the gameplay was centered more about advancing the storyline as opposed to just being a cookie cutter FPS sequel. However, the market has spoken, and gamers would rather have another Halo, Madden, Sims, or Call of Duty with the same gameplay as the previous iteration (maybe with a random zombie with a new superpower tossed in) as opposed to completely new and original IP.
Business PC laptops have a good amount of security features to deal with theft:
1: BitLocker + TPM. This keeps the thief out of the onboard data while the laptop owner doesn't have to remember anything more than his AD account password.
2: LoJack for Laptops. On Dells and HPs, once activated, this stays present forever, especially newer models where it persists even if the motherboard is reflashed. With this installed, it isn't hard for a business to remotely zero out the Documents directory, then kill the rest of the machine.
3: Onboard BIOS-level kill switches. I remember Intel demoing a VPro feature that allowed an enterprise to be able to kill a laptop and remotely wipe the drive using the hard disk's ATA secure drive erase, regardless of OS on the machine, and also give an acknowledgment back when the dirty deed was finished.
So, for anti-theft, the upper end business line PCs have it made. Macs don't have those features, but one can get decently secure if you use a WDE product like PointSec or PGP WDE, encrypted backups using Retrospect 8, perhaps LoJack for Mac. At the minimum, turn on FileVault.
I'd say that putting any OS on the Internet without a reasonable firewall is a poor idea, the exception being a laptop [1] just out of necessity. Yes, most operating systems are hardened, but what brings the bugs are the applications that run on them. This is why having a hardened machine with as little running on it as possible is essential between the general purpose computers and the rest of the Internet.
[1]: I have seen tiny embedded Linux adapters just bigger than an Ethernet plug. Why can't laptop makers build a tiny firewalling router into one of those and mount it on the motherboard? This way, it doesn't matter what OS is, attacks from remote will be minimized, and one could configure it to disallow outgoing ports (such as port 25) that the laptop shouldn't ever need to go out on. I'm sure similar functionality can be done for Wi-Fi. As an added bonus, if a machine gets DoS-ed, it won't be the main CPU that has to sort out the offending packets, but the one on the built in firewall.
This is is what some SAN companies do. One of them has SSD media that functions as a persistent cache. This way, data that is read/written to often goes off of the SSD, while other items end up being written directly to the array that can be made slower.
The good about this method: Not having to worry as much about what tiers of storage, because the SAN head determines where data is placed.
The bad: It might be that OS files end up there as opposed to what you want to have the great performance with. So, it doesn't completely replace the need for tiered storage.
I would like this myself. What this would be great for would be putting OS images on and having it be read-only. This way, if Joe Sixpack gets their computer compromised and trashed, it would be trivial to enable the boot device in BIOS and boot from it for a reinstall or a recovery mode. Well, more trivial than getting Joe to find the OS recovery media or buy another copy of Windows.
Even better would be the option of booting to recovery media, or having a recovery partition with tools to do offline malware checking, hard disk imaging, filesystem scanning, and other utilities.
Best would be a the above as well as a hypervisor that supported encryption and trusted booting via a TPM. This way, VMs can boot, regardless of OS and be protected against local tampering or malware tagging the MBR.
Even more insidious:
Have the devices with the hardware ID have special functionality, similar to MagicGate memory sticks. In bygone times, the early Sony "MP3" [1] players would only work with special memory sticks which supported their encryption system.
[1]: Some were technically encrypted ATRAC3 players and would require transcoding. Others would directly encrypt the MP3 files without requiring the quality loss.
Minor addition: There is nothing illegal about "jailbreaking" a device as the courts decided a couple weeks ago. The illegal acts are committed by the pirates, not the people who get the code working, nor the homebrewers.
Exactly what I mean. If an offshore gold seller hands their credit card information to another group who creates accounts on a MMO for blackhat reasons, the gold seller doesn't have to worry about violating such guidelines. Even if they are caught, if they are in a country that isn't on buddy-buddy terms with the West, the seller likely will face zero consequences.
This is the exact reason that I refused to buy a PS3. When the "Other OS" option was not just removed from the Slims, but removed from existing machines as a mandatory upgrade, that made the platform a no-go.
You don't need a closed platform to deal with wallhackers and aimbots. Steam runs on a ton of PCs, and VAC catches and bans forever a crapload of people daily who attempt to try this stuff. Similar with WoW. Blizzard's Warden has evolved to a point where only the gold farmers who have hundreds of thousands of accounts [1] are continuously doing hacks, and that is because account loss for them is no consideration.
[1]: A lot of gold sellers get the accounts when suckers buy gold and pay with a credit card. Then they hand the CC# and info to another organization who just charges the credit card 5-10 times and create a bunch of paid accounts. Since they are offshore, PCI-DSS is not an issue, nor if there is ever a link found, there would be any criminal penalties applied.
With my bank, yes, there is a shared secret. However, what if I'm buying a new vend-a-goat machine from a bovine supply house's website, some place where I have had no previous dealings, so establishing a shared secret, even a 4 digit PIN is not possible? My only other avenue would be to find the bovine supply house's phone number and set up a preshared secret over the phone. However, if the only info about the phone number's location is on the Web, then that becomes pointless.
Of course, we could get into trusted parties, but some CAs are barely trustable with telling you that a key is actually belonging to the claimed party, much less knowing symmetric keys in a conversation.
Public key encryption solves a lot of problems. Without it, it will be hack beyond hack to try to get symmetric keys working between people who don't know each other, not to mention the sheer amount of storage of private nonces.
Another example: Say 1000 people want to have encrypted communication with each other. If they have a WoT, all one would need is the private key of a trusted introducer who signed that the 999 other people are legit. Otherwise, they would need 1000 symmetric keys. To boot, a public key doesn't have to be kept hidden, while the 1000 symmetric keys would cause a lot of damage if they were divulged.
Three reasons:
1: Public keys are not just used for real time exchanges. Public keys are sometimes used for data archiving where the private keys are held in an offline area. Same with keys that sign programs to detect tampering.
2: Quantum links are really, really slow. Instead of a one time pad, realistically you want to generate a key through the secure channel via a Diffie-Hellman handshake that is used for some time then chucked (like for a transaction or for a chunk of data.) Then send the bulk data through a standard link.
3: Quantum key exchanges have had some issues that could allow an attacker to get knowledge of the key.
4: One would have to drop parallel pipes everywhere that supported quantum channels. It is hard to get ISPs to drop one chunk of fiber, much less the fiber needed to interconnect for the secure quantum channels and the partial photons.
5: There is the issue of trust. You can set up a quantum exchange with another machine and come up with a key that you know hasn't been touched... but is that really your bank, or is it some site in Elbonia that is patched in? Quantum key selection won't help you here in knowing that you are talking to the right host.
Regardless, even if we had secure point to point connections via quantum key generation and bulk tunnels, public key cryptography is still an important part of life, even if it to sign documents and ensure they won't be tampered with.
I'm sure the next thing will be the bits (in base 10 of course) that are available before the ECC, clock bits, sector relocation table, and other niceties are put in. Similar to raw capacity versus formatted capacity, except before the critical HDD functions are factored in.
Symmetric algorithms are at least in their second generation (DES/Lucifer now AES) of production use, with decades of study and close analysis by a lot of good minds.
Asymmetric algorithms are still essentially the first generation. Take RSA. It has been out for so long that its patent has expired more than 15 years ago. Even elliptic curve cryptography has been out at least 20 years, because the NeXT had it in NeXTStep 3.0 (and ended up getting pulled out of the OS due to ITAR).
Even cryptographic hashes have been through a number of iterations. We had MD4, then MD5, then SHA-1, then SHA-256, now are looking for something to replace SHA, similar to how Rijndael replaced 3DES and DES.
Maybe it is time to have a contest to have a standard asymmetric algorithm to replace RSA, DSS, and ElGamal? Something fundamentally designed to resist quantum computer attack as well as other threats.
Correction. Teredo tunneling.
IPv6 shouldn't be that hard to switch to. Macs are happy with it. Windows machines grok it. The only issue would be a number of SOHO routers, and some applications that don't understand V6 (MySQL is a good example.)
The sooner we get to IPv6, the better. If not, if someone wants a static IP, much less a /29 subnet with five usable host IPs, they will be paying through the nose, for it just due to artificial scarcity.
I just fear that companies are going to spend big bucks for routers that can do NAT traversal (dev subnet gets NATted to another subnet which then gets translated to the outside IP), as opposed to going to IPv6 where one can keep firewalls up and the traffic isolated and secure, but keep NAT is an option, not a must-have. If a company is worried about the IPv6 stack having issues, just use IPv6 as an edge routing protocol and keep the internal network on v4 and use Toredo. Yes, this is still not optimal, but it is better than dealing with having to bid for v4 statics so one can have their own webserver online.
Even better is if one uses double-byte characters and drops in Cyrillic characters. That domain may say one thing, but in reality, it might lead to a completely different rabbit hole.
Combine that with CAs who have been mentioned on /. as untrustworthy, and people may get a perfectly secure HTTPS connection to something that looks exactly like their bank's URL, but in reality is nowhere near.
The keylogger is free, and account compromise is guaranteed or no money back.
Nail, head hit. One reason IPv6 isn't being pushed is because of artificial scarcity. If top tier ISPs can force people to pay for V4 addresses, so much the better. It isn't like there is a lawmaking body that can tell them to flip the switch like how ARPANet went from NCP to TCP/IP in the past.
Plus, the more people behind NATs, the harder it is to P2P, and the less bandwidth used by people. All wins for ISPs (especially cable companies who want people watching their TV and not streaming video), all losses for everyone else.
[cynical]
Or a security issue that allows the device to function perfectly as an embedded botnet client, or even more realistically, a botnet redirector that forensic trails end up stopping at.
[/cynical]
I wonder if IP addresses will end up just going up in price, forcing smaller sites out or onto virtual domains instead of people switching over to IPv6, even if IPv6 is just used as an edge protocol, where businesses still use v4 as their core layer 3 protocol.
I hope we go to IPv6 sometime. I just dread having to go find an auction to pay hyperinflated prices for a 5 IP subnet if I want some v4 statics.
The reason stations do this is because it is cheaper to pay for a license once for a block of 400 songs, never having to pay for anything new. Then the only real costs are overhead of the transmitter and building, and the costs of DJs.
Yes, it may generate revenue, but it is long term moronic. Had stations kept playing new stuff while keeping older songs on the air occasionally, they would have not just kept profit as radio stations, but could have been communication hubs for people, especially if stations had decided to try social networking before even the Friendster days. Back when radio was relevant, the DJs talked and people listened, so I'm sure that stations could have had a following based on an interactive website that would have offered forums, event calenders, "free" E-mail accounts, etc. Revenue would have been tremendous -- ad revenue for starters because advertisers wouldn't just get the radio station van out to a site, they would get fans coming for freebies who have known about the event due to site banners for weeks ahead of time. Even without factoring in ads, I'm sure listeners would have paid money for E-mail addresses and such in return for being able to have a chance of winning items, or being the first to be able to go to a concert of an up and coming band.
But radio decided not to embrace the Internet. Instead, they ditched what gave them life and went to a profit model that all but ensures their demise. Radio is now reduced to just background noise, when in the past, they could have taken charge and been leaders of various music scenes. These days, the people who listen to the radio now are not the college students or the teenagers with rich parents. It is people looking for traffic reports, music to be played at a construction site as something to listen to, or background music in the doctor's waiting room.
Don't forget the FM radio arena has been abandoned by virtually everyone. You might hear a radio blasting at a construction site because it is cheaper than someone attaching a MP3 player, but that essentially is it.
15 years ago, FM radio was different. New bands played all the time.
Now, FM radio is not worth the time of day. "Rock" stations are in a time warp and are still playing Blind Melon, Smashing Pumpkins, and Nirvana as the absolute latest music they bother to listen to. You might catch a 1 hour show at midnight on a Friday that has recent music, but that is essentially it. To boot, it is the same songs, about 100-400 that play over and over.
This is also an issue with other stations, be it hip-hop, country, Tejano, or one's genre of choice -- the vibrancy that radio used to have about 15-20 years ago is lost. People don't click on a FM radio station to hear new stuff, they go to last.fm or Pandora.
I have seen these things on cars not owned by DUI convictees. For example, some parents install them on the soon to be teen driver's car to make sure that the car is operated by someone sober. These are the exact same devices requires in a lot of states for DWI offenders, except have a setting not available -- the ability to enter in a PIN and turn the thing off.
Even if they *could* put out a patch for a game or music files that would kill DRM on bankruptcy, I'm sure some bankruptcy lawyer would say "nope", consider the DRM as asset protection and bar that from happening, no matter how thoroughly it was promised to consumers. History has proven this -- a lot of old games only are able to be played because some good 6502 or 8086 assembly people who are good at decoding protection systems.
This is one reason that D2D2T setups are a good thing. If the tape gets overwritten, most likely the copy sitting on the HDD is still useful for recovering.
One thing I highly recommend businesses get is a backup server. It can be as simple as a 1U Linux box connected to a Drobo that does an rsync. It can be a passive box that does Samba/CIFS serving, one account for each machine and each machine's individual backup program dump to it. Or the machine can have an active role and run a backup utility like Retrospect. The advantage of the active role is that one can plug another external drive into the server, copy backed up data to it, then take the external drive offsite for additional data protection. It isn't as good as full tape rotation, but better than nothing.
The problem is not just the MBAs who failed ITIL running the game companies, it is the fact that there is a great barrier to entry to the market. The days of writing some vector graphics in BASIC, making copies of the floppies, and selling them with a photocopied manual in a Ziploc bag are long gone. It takes millions of dollars in licensing fees for the engine and artists to do the graphics that is required for even the most entry level game.
It would be nice to see "interactive movies" where the plot came first and the gameplay was centered more about advancing the storyline as opposed to just being a cookie cutter FPS sequel. However, the market has spoken, and gamers would rather have another Halo, Madden, Sims, or Call of Duty with the same gameplay as the previous iteration (maybe with a random zombie with a new superpower tossed in) as opposed to completely new and original IP.