This basically puts control of an entire nation directly into the hands of whomever can hack the results of the voting system. With the issues of security that have popped up with e-voting, even normal voting requires paper receipts, via a Chaumian system, so people can verify their vote actually applied.
A constant voting system will be a big target for every single blackhat on the planet. All they need to do is just flip a few votes, and they can fundamentally change the direction the government goes in extremely subtle ways.
Voting is too sensitive to have it be on the Internet without a verifiable paper trail as it stands. Adding continuous voting just makes things worse.
Microsoft survives for one reason: They are so well entrenched in the enterprise. Other than small companies that LDAP can work with, AD will be found as the core authentication and management mechanism of most companies out there.
Because of this, if MS sees losses on other fronts, they can just ratchet up Windows Server license fees, and still come out ahead, as they have a captive audience.
The main thing 2FA protects against is keyboard loggers and a compromised machine. Even if the password is emailed, it still is a lot more difficult for an attacker to get in. Mainly because hacking someone's E-mail and constantly looking at it is more difficult than just passively retrieving a stream of a user's keyboard output from a keylogger.
Of course, the ideal is an application on a separate connection that isn't connected in any way to the computer, but even an emailed password is better than nothing.
Google provides a standard (as in open source and standard usable by all comers) TOTP/RFC 6238 app.
This really should be an option. For example, a user can opt to have their code texted, type in their six digit second authentication, or perhaps have a scratch-off card with one time use codes on it as the last resort. On iOS, maybe make a deal with Apple, so the code can appear using Apple's protocol that works regardless of SIM card used.
This should not be too difficult... the RFC is open source, easily used in Linux (I have it used for backup authentication for a remote machine, if I don't have my SSH private key on the computer I am using), not to mention a lot of websites (Google, Amazon, name.com, Linode, etc.), and even a number of NAS models support it. It would be nice if the Australian government offered this as an option.
Don't forget transportation costs. Oil is cheap right now, but that can change. Some mines in the strait of Hormuz, for example. It might be that gas might spike like 2008, and if a 2-3 times jump in price was bad, how about a 10-20x spike, which could happen pretty quickly.
Having the ability to make something or have a trade is good. Yes, the job at punching a button and having Ansible go and do the work is a nice thing... but if the economy tanks to 1929 levels, having a farm and producing or fixing things that people need will be important as well. It might be that one might have to start making 1920s-1960s style tractors and automobiles because access to the latest and greatest chips for ECMs may not be allowed (a China-led trade embargo on the US, perhaps.) In any case, metal shop skills, plumbing, electrician, HVAC, and other items are always needed. You can't offshore the guy who wires up the 120 circuits, nor can you outsource the lawyer who is in the courtroom.
It is wise to have a good "on grid" set of skills, and a good "off-grid" set. Even if one's "off-grid" set of skills is something one wouldn't think about, such as a good musician, entertainer, or teacher. Having the ability to fall back on a community is important, and community, as a whole, is something lacking here in the US (especially with the political races trying their best to wedge and divide everyone.)
It does make sense though. I was assuming by "thermal-electric" generator that a heat engine was involved in the process with a reverse Peltier method.
In general, nuclear (be it fission, elements for radioactive decay, etc) is to be way underused, just due to the sheer and unwarranted fear of it. Yes, it has its dangers, but if used right, it can solve a lot of the world's major problems. It doesn't suffer fools gladly... but neither did steam energy, nor early internal combustion prototypes.
There are some applications which are good at separating mail from the device. Divide comes to mind (which was bought by Google.) Touchdown is another app that I have used since 2010 for Exchange, and it can be configured to keep E-mail encrypted and separated from the OS.
iOS has a version of Touchdown, as well as MS Outlook, both offer separation and PIN protection.
The advantage of using one of these apps, especially in a BYOD environment, is if the Exchange admin issues a remote device wipe, it just kills that app's data, not what is on the entire phone.
I use these in parallel. One Exchange hosted account is something I use only for business correspondence and other critical tasks, everything else can be handled by the mail application found in the OS. I also have the Exchange account be for the password recovery E-mails. This way, if my phone is obtained and unlocked, it is highly likely the app with the critical E-mail is protected. It also is good to PIN protect things like Dropbox, GDrive, and other items as well, just so that an unlocked phone doesn't mean a complete compromise. Similar with 2FA programs, where apps like Authy are nice that require a PIN before allowing one to use the 2FA tokens.
Yes, it is radioactive, and yes, it is a very nasty heavy metal... but there are still pacemakers ticking away with this stuff as the "battery" 25+ years later.
I wonder if Pu-238 might have some use in areas where batteries are needed and extremely hard to replace other than space projects. Definitely not for a battery for a smartphone, because we don't want Youtubers like TechRax to get radiation poisoning, but airline flight data recorders come to mind.
I have encountered exactly one retailer which actually asked for a PIN: Target. Everyone else either tells me to just swipe and ignore the dip part or jam the card in, and have the transaction treated like a swipe (tap "yes", sign.)
Of course, it is like having a deadbolt lock with no tumblers in the lock. Chip & PIN not just protects against using swiped codes, but also unauthorized use of the card. Someone who found a card lying on the road can't just use it as one sees fit.
Hopefully CNP transactions get some security love as well. The only merchant that actually has this is Sony/DayBreak, where they shunt me to Visa or MC to type in my password before the card is approved.
October 2015 was a deadline that card vendors transition to EMV or else take responsibility for fraud. However, my recent credit card from a few months ago has no EMV chip on it, and most retailers still are using swipe terminals. Even with the one retailer that used EMV, it would not ask for the PIN of the card... just did the transaction, and called it done.
Who is to blame? In this case, it can be shared equally.
As for separating tokens from transactions, I wonder if this could be done via just database partitioning, perhaps having a hardened computer or appliance whose job is to stash all the sensitive name/address/card no tuples, have a table of those secondary/foreign keys, which are used for the transaction tokenization. Nothing is hackproof, but there are ways to be secure in this manner. For example, one ancient SSL shop I had, it would take the data from the web form, make a text entry, encrypt it with GnuPG, then toss the encrypted file into a directory structure based on transaction IDs and the date. This way, one can find transactions, but the core data remained encrypted until manual decryption was necessary.
I wonder if a tokenization system could function similarly, where the data was tokenized, but a backup copy was stored encrypted via OpenPGP or another means, so the merchant could manually go through records for financial reasons.
What would be nice, would be an e-Ink display on the card that would change over time or when a button is pressed. If the card expires in 2-4 years, that is well within the time of a battery's lifetime, especially for a TOTP system.
This way, online purchases are protected by a form of 2FA as well, since an attacker would have to have the card info, as well as a challenge/response code.
You can always play the game the way the big boys do, and register stuff like that under the name of a business or corporation, with a PO box. Perfectly legal, and someone looking through the list of people with planes won't get an address to go burgle from.
This does bring up two good points:
The first is keeping data. In general, any work done with the FAA doesn't require a seven year retention... it requires fifty years. Do RC pilots have to keep info about their planes and other stuff for half a century now?
The second is how long it will be before some bad guys start pulling public registry data, finding people who have a lot of toys, don't live in a gated community, then figure out their schedule and go rob their place. The info is out there, and all it will take is the economy tanking for the bad guys behind keyboards offshore to start buying/selling/trading with the bad guys with the ski masks and the sawed off 12 gauges who own that area's turf. Selling to gangbangers lists of houses that don't have anyone at home and have a lot of stuff in them may be quite lucrative.
Before IAP came around in Android and iOS, there were a number of decent games, because the incentive was to get people to play the game.
What killed gaming on both platforms was IAP. This was supposed to be useful for a game designer to sell levels or an expansion... but what happened is that it fundamentally changed gaming on the platform for the worse. Instead of playable games, we got almost everything being released winding up "F2P/P2W", where the game was free, but the difficulty was extremely high and slow, in order to get people to go, "what the hell", and buy some smurfberries/brains/crowns/tokens/serum/ to get over that hump. Even classic tower defense games wound up going this way, where if you wanted a chance at completing them, you had to toss a few bucks each level for added powerups.
It would be nice to see the smartphone gaming market move away from Candy Crush like stuff back to games that are actually playable without having to buy large amounts of some in game currency. I would pay for levels and expansions... real content. Having to pay just for a chance at moving on... sorry, got better things to do.
There are companies that can do gaming right. Square-Enix for example. Maybe more companies should see about going that route.
There are ways to improve the security of Windows. EMET comes to mind, which is a useful tool for catching 0-days. Not perfect (as it was bypassed), but a decent jump in security.
As for making a Wi-Fi connection, I do know on Android and iOS, you can have it not search for Wi-Fi access points unless you explicitly bring that up. You can also use an always-on VPN which won't let traffic through until the VPN tunnel is up and operable.
I always use a VPN, especially after things like Verizon's UIDH. Plus, a VPN gives me a known IP address range, so I can have services that are at home (like SSH, IMAPS, etc.) only be allowed to connect to that range of IPs, and ignore everything else.
For other attacks, on Android, since one has control of the netfilter/iptables of the device (assuming rooted), one can easily modify what goes in/out either directly, or via an app. This is effective in not just blocking incoming attacks, but keeping apps that shouldn't be phoning home from doing so. It also is a last resort save from apps that have more "functionality" than they are supposed to.
The sad thing, I seem to be seeing a resurgence in Flash because some website designers think that if they put all their content in a huge Flash file, that nobody can steal their pictures or content. I thought all Flash sites were left in the ashbin history, but I've stumbled upon several recently.
I feel dumb by asking, but I have looked at a few fuel cells. The VeGA from Truma looked promising, but was killed early. However, having the ability to get 10-20 ampere-hours a day from the propane system on a RV would be quite useful (just so the absorption fridge can be tossed.)
The current fuel cell I see fairly often is EFOY's. It isn't cheap, around $4-7k depending on how many watts per day you want, but it uses a container of methanol for its work.
Is it a limitation of fuel cell technology to have so relatively few amp-hours of electricity available, or is it just that the commercial models I encounter are designed for low-draw appliances (like a camera tower, for watching for fires, in the middle of nowhere where solar panels may be an eyesore.) If one could be made to handle higher amp draws, such as what an A/C uses, it would easily replace the generator.
He also sells batteries. If EV batteries wind up standardized, he can make a good chunk of change selling parts for other maker's EVs, as well as having his own vehicles.
Realistically, energy density by volume is a big limiting factor for many, many technologies. If Musk or someone else can get a stable battery that is 1/10 the energy density (by volume) of gasoline or diesel, this would be a major game changer. Already, IC engines are relatively inefficient... At best, 35% energy goes into twisting the crankshaft, the rest winds up going out the exhaust pipe. An electric motor is far more efficient, and more useful, as it gets its best torque at 0 RPM. Plus, an electric motor requires a lot less upkeep than an IC engine.
Get batteries near the energy by volume of LP gas, and airplanes can move from IC engines.
There are a lot of fundamental improvements waiting for us, once we get stable batteries with stored battery density around what fossil fuels have for energy.
One way is to use the quantum connection channel to negotiate a session key via Diffie-Hellman, but each side also has a pre-shared key or a chunk from a one-time-pad that gets XOR-ed or combined with the session key. Then the Internet or conventional channels is used for the bulk transmissions. The attacker would have to find the pre-shared info, as well as decode the quantum crypto, each alone would score nothing.
Another way is to use the quantum channel for sending info... but wrap the info in an existing crypto protocol, be it IPSec or a VPN tunnel, SSH, SSL/TLS, or something else. This way the data is still protected, end to end. Since the quantum channel is relatively slow, adding another encryption layer wouldn't create much of a performance decrease.
What it boils down to is not trusting one form or layer as absolute, especially if the data going over the pipe is sensitive and valuable enough to warrant high security in the first place. The physical equivalent would be something valuable being placed in a sealed security container, then taken via armored car to the destination. If the armored car is compromised, the security container and the GPS on the container would still protect the contents. Similar if the security container is the weakest link.
The reason why consumers "prefer" bigger phones is not because people want a change of clothing with bigger pockets... but the faster CPUs and such require more area to deal with heat.
Of course, I've been told by someone in the industry that nobody would give up CPU and RAM for a smaller phone, but it would be nice to have a phone about the size of an iPhone 4.
In general, it seems phone form factor choices have went from candybars, flip-phones, sliders, keyboards, clamshells... to the typical all-glass touch screen smartphone that fundamentally looks the same. across all models. Is this better? Not really.
Then, there are capabilities built in. Phones are powerful enough that one can build in an entire desktop OS. The Motorola Atrix and Atrix2 are examples of this. It would be nice, with the USB 3.1/USB 3 standard to be able to plug a keyboard, mouse, and monitor into a cellphone, and use it as a desktop. If one creates a dedicated network GPU server that allows devices to send graphics commands, and gets back streaming video (think OnLive for the LAN), then the device wouldn't need to have much in the way of video, and a phone could drive a standard monitor. This essentially allows one device to perform multiple roles, similar to how Microsoft's Surface Pro can work as a tablet, as well as function as a full desktop computer.
Right now, smartphones seem to be stagnating. We have faster CPUs and payment methods, maybe even touchscreens that register pressure on them... but those are evolution, "0.1" or "0.0.1" style improvements. Having the ability to use the phone as a desktop via USB-C, or even as a document repository, similar to Intel's personal server concept, would be a real "1.0" advance. Especially if BlueTooth could be used with a hard drive to get respectable transfer rates, at least USB 2.0, if not greater for short distances. Barring that, there are companies saying they could get 1GB/sec from infrared, so maybe update the IrDA protocol and have that as an alternative to wireless.
Lots of ways phones can be improved on, but there are no players interested in doing anything to affect the status quo right now.
At a previous job, there was a specialty appliance that had an admin control panel that only worked with IE6, XP, and a specific version of Java, no earlier, no later. In fact, it actually used Javascript tricks to catch a browser using a different User-Agent header.
The solution? A Windows XP VM that shared a vSwitch with a PFSense appliance which only allowed communication to the device, and incoming RDP into the VM. That, and a script which would roll back the VM to a clean snapshot.
There is always enforcement by peer. For example, Russian drivers almost always have dash cams. This usually means someone being a total dolt on the roads will be recorded by someone and that recording wind up on YouTube or played in front of a judge come trial time.
I saw a microcosm of this myself with my dash cam where the camera caught a vehicle popping into reverse, smashing into a car behind it, then the driver in front claiming it was the other person's fault. The footage I had on that MicroSD card likely saved someone's insurance premiums by a considerable margin because without it, it would be word against word.
I remember reading that dash cams are perhaps a definitive way to stop poor driving, just because once people get it in the head that their lane weaving and median driving might wind up on YouTube with their license plate available for all to see and look up, it likely would do more than any amount of police writing tickets for infractions.
I remember this debated in a criminal justice course, where the chance of getting caught would be less, but the penalties far harsher compared to a far less penalty, but a far higher chance of getting caught.
It was shown that having a far less penalty that was enforced heavily had a lot more impact. One example was the US drug laws where people could be ejected from college and perhaps go to prison for life for charges. As we can tell, it still isn't too tough to find weed.
On the other hand, various European countries have police will pull people over, ask for the fine cost on the spot, and let the driver on their own way after it is paid. Yes, the penalty is lower (especially without worry about points on a license), but people tend to stop misbehaving if they have to pay even a small fine, if they feel they will be caught.
E-mail clients really don't have much to add. If one wants a one-size-fits-all client for everything, there is always SeaMonkey, which does everything Thunderbird does, as well as brings a NNTP reader, browser, and HTML editor to the table.
I have looked at a lot of E-mail clients: I went with Thunderbird for a number of reasons (a number of them subjective.)
1: Multiplatform capability. When my Windows desktop died and I had to repurpose my MBP, all I had to do was copy a backup of my Thunderbird directory to the proper spot on OS X, and all my settings, mailboxes, and other stuff was in place. If I jump to Linux or back to Windows, I just copy the profile into place, and done.
2: A standard, text file format for storing mailboxes. mbox format may be old hat, but it does work, and if it gets corrupted, isn't too tough to fix by hand. I used to use Outlook.PST mailboxes because they offered encryption, but after corruption took out a mailbox, once I restore it from a backup, I jumped clients.
3: Webmail is OK, but it means that I have to go to each provider's site, log in, dig up the TKIP app or wait for the SMS message (I use 2FA on all accounts I can), browse the account, then log out. With a good MUA, all my E-mail from all accounts is in one place.
4: It is easy to archive mail. I select a folder, hit "archive", and all the mail that piled up in a mailbox gets moved to my IMAP server.
5: Searches are pretty quick. I can sit for a while waiting for another popular MUA to return results, while Thunderbird, once it builds its local caches, can get me an E-mail pretty quickly, regardless of location.
6: There are a lot of extensions available. AdBlock, and folder copy come to mind.
7: MUAs are not general web browsers, and they tend to be far more secure than web browsers for the task at hand.
All and all, I don't see how one can add any major new features to Thunderbird, other than a tool that can automatically back up the Thunderbird profile to a target destination, similar to how FEBE works for Firefox. Bonus points for compression, deduplication, and encryption [1].
[1]: The ideal with encryption would be similar to how Titanium Backup works. It generates a RSA key, stores the key pair on each backup volume, password protects (well, encrypts) the private key, and uses the public key for encrypting the backups (well, uses the public key to protect a symmetric key on each backup.) The result is that backups can be done unattended, restorations is easy with the password, and existing backups are kept secure.
Here where I live, the opposite happens. Oddly enough, if you are on one of the feeder roads that is alongside a toll road, the lights are timed to turn red just as traffic approaches. At. Every. Single. Intersection. In fact, a former co-worker used to be a civil engineer, and showed that even with random chance, it could not have been designed worse.
The same civil engineer told me about the methodology in general. Congestion reduces wrecks, so it looks better for a city to have traffic moving 15-20 mph on the roads than at highway speeds because it lowers the fatal accident rate. There is no downside (to a town) to have streets that are impassible, and the local police can always make money by inspecting the license plates, looking for "busted taillights", and other things.
It only will backfire on the states giving abatements. Yes, it means that there is someone who will be paying a large electric bill and real estate taxes, but like others said above, there is a large opportunity cost. Even a big box store would be better in some ways, because it would hire a lot more people and being money to the community in sales tax revenue.
As someone living in the area, given a choice of a data center which blocks out a huge chunk of land for good, versus something like a S-Mart or Gnome Depot opening up, I'd take the big box store, just because it is something I can use. It makes me wonder how long until data centers start getting pushback by the NIMBY types.
Slashdot Mirror
This basically puts control of an entire nation directly into the hands of whomever can hack the results of the voting system. With the issues of security that have popped up with e-voting, even normal voting requires paper receipts, via a Chaumian system, so people can verify their vote actually applied.
A constant voting system will be a big target for every single blackhat on the planet. All they need to do is just flip a few votes, and they can fundamentally change the direction the government goes in extremely subtle ways.
Voting is too sensitive to have it be on the Internet without a verifiable paper trail as it stands. Adding continuous voting just makes things worse.
Microsoft survives for one reason: They are so well entrenched in the enterprise. Other than small companies that LDAP can work with, AD will be found as the core authentication and management mechanism of most companies out there.
Because of this, if MS sees losses on other fronts, they can just ratchet up Windows Server license fees, and still come out ahead, as they have a captive audience.
The main thing 2FA protects against is keyboard loggers and a compromised machine. Even if the password is emailed, it still is a lot more difficult for an attacker to get in. Mainly because hacking someone's E-mail and constantly looking at it is more difficult than just passively retrieving a stream of a user's keyboard output from a keylogger.
Of course, the ideal is an application on a separate connection that isn't connected in any way to the computer, but even an emailed password is better than nothing.
Google provides a standard (as in open source and standard usable by all comers) TOTP/RFC 6238 app.
This really should be an option. For example, a user can opt to have their code texted, type in their six digit second authentication, or perhaps have a scratch-off card with one time use codes on it as the last resort. On iOS, maybe make a deal with Apple, so the code can appear using Apple's protocol that works regardless of SIM card used.
This should not be too difficult... the RFC is open source, easily used in Linux (I have it used for backup authentication for a remote machine, if I don't have my SSH private key on the computer I am using), not to mention a lot of websites (Google, Amazon, name.com, Linode, etc.), and even a number of NAS models support it. It would be nice if the Australian government offered this as an option.
Don't forget transportation costs. Oil is cheap right now, but that can change. Some mines in the strait of Hormuz, for example. It might be that gas might spike like 2008, and if a 2-3 times jump in price was bad, how about a 10-20x spike, which could happen pretty quickly.
Having the ability to make something or have a trade is good. Yes, the job at punching a button and having Ansible go and do the work is a nice thing... but if the economy tanks to 1929 levels, having a farm and producing or fixing things that people need will be important as well. It might be that one might have to start making 1920s-1960s style tractors and automobiles because access to the latest and greatest chips for ECMs may not be allowed (a China-led trade embargo on the US, perhaps.) In any case, metal shop skills, plumbing, electrician, HVAC, and other items are always needed. You can't offshore the guy who wires up the 120 circuits, nor can you outsource the lawyer who is in the courtroom.
It is wise to have a good "on grid" set of skills, and a good "off-grid" set. Even if one's "off-grid" set of skills is something one wouldn't think about, such as a good musician, entertainer, or teacher. Having the ability to fall back on a community is important, and community, as a whole, is something lacking here in the US (especially with the political races trying their best to wedge and divide everyone.)
It does make sense though. I was assuming by "thermal-electric" generator that a heat engine was involved in the process with a reverse Peltier method.
In general, nuclear (be it fission, elements for radioactive decay, etc) is to be way underused, just due to the sheer and unwarranted fear of it. Yes, it has its dangers, but if used right, it can solve a lot of the world's major problems. It doesn't suffer fools gladly... but neither did steam energy, nor early internal combustion prototypes.
There are some applications which are good at separating mail from the device. Divide comes to mind (which was bought by Google.) Touchdown is another app that I have used since 2010 for Exchange, and it can be configured to keep E-mail encrypted and separated from the OS.
iOS has a version of Touchdown, as well as MS Outlook, both offer separation and PIN protection.
The advantage of using one of these apps, especially in a BYOD environment, is if the Exchange admin issues a remote device wipe, it just kills that app's data, not what is on the entire phone.
I use these in parallel. One Exchange hosted account is something I use only for business correspondence and other critical tasks, everything else can be handled by the mail application found in the OS. I also have the Exchange account be for the password recovery E-mails. This way, if my phone is obtained and unlocked, it is highly likely the app with the critical E-mail is protected. It also is good to PIN protect things like Dropbox, GDrive, and other items as well, just so that an unlocked phone doesn't mean a complete compromise. Similar with 2FA programs, where apps like Authy are nice that require a PIN before allowing one to use the 2FA tokens.
Yes, it is radioactive, and yes, it is a very nasty heavy metal... but there are still pacemakers ticking away with this stuff as the "battery" 25+ years later.
I wonder if Pu-238 might have some use in areas where batteries are needed and extremely hard to replace other than space projects. Definitely not for a battery for a smartphone, because we don't want Youtubers like TechRax to get radiation poisoning, but airline flight data recorders come to mind.
I have encountered exactly one retailer which actually asked for a PIN: Target. Everyone else either tells me to just swipe and ignore the dip part or jam the card in, and have the transaction treated like a swipe (tap "yes", sign.)
Of course, it is like having a deadbolt lock with no tumblers in the lock. Chip & PIN not just protects against using swiped codes, but also unauthorized use of the card. Someone who found a card lying on the road can't just use it as one sees fit.
Hopefully CNP transactions get some security love as well. The only merchant that actually has this is Sony/DayBreak, where they shunt me to Visa or MC to type in my password before the card is approved.
October 2015 was a deadline that card vendors transition to EMV or else take responsibility for fraud. However, my recent credit card from a few months ago has no EMV chip on it, and most retailers still are using swipe terminals. Even with the one retailer that used EMV, it would not ask for the PIN of the card... just did the transaction, and called it done.
Who is to blame? In this case, it can be shared equally.
As for separating tokens from transactions, I wonder if this could be done via just database partitioning, perhaps having a hardened computer or appliance whose job is to stash all the sensitive name/address/card no tuples, have a table of those secondary/foreign keys, which are used for the transaction tokenization. Nothing is hackproof, but there are ways to be secure in this manner. For example, one ancient SSL shop I had, it would take the data from the web form, make a text entry, encrypt it with GnuPG, then toss the encrypted file into a directory structure based on transaction IDs and the date. This way, one can find transactions, but the core data remained encrypted until manual decryption was necessary.
I wonder if a tokenization system could function similarly, where the data was tokenized, but a backup copy was stored encrypted via OpenPGP or another means, so the merchant could manually go through records for financial reasons.
What would be nice, would be an e-Ink display on the card that would change over time or when a button is pressed. If the card expires in 2-4 years, that is well within the time of a battery's lifetime, especially for a TOTP system.
This way, online purchases are protected by a form of 2FA as well, since an attacker would have to have the card info, as well as a challenge/response code.
You can always play the game the way the big boys do, and register stuff like that under the name of a business or corporation, with a PO box. Perfectly legal, and someone looking through the list of people with planes won't get an address to go burgle from.
This does bring up two good points:
The first is keeping data. In general, any work done with the FAA doesn't require a seven year retention... it requires fifty years. Do RC pilots have to keep info about their planes and other stuff for half a century now?
The second is how long it will be before some bad guys start pulling public registry data, finding people who have a lot of toys, don't live in a gated community, then figure out their schedule and go rob their place. The info is out there, and all it will take is the economy tanking for the bad guys behind keyboards offshore to start buying/selling/trading with the bad guys with the ski masks and the sawed off 12 gauges who own that area's turf. Selling to gangbangers lists of houses that don't have anyone at home and have a lot of stuff in them may be quite lucrative.
Before IAP came around in Android and iOS, there were a number of decent games, because the incentive was to get people to play the game.
What killed gaming on both platforms was IAP. This was supposed to be useful for a game designer to sell levels or an expansion... but what happened is that it fundamentally changed gaming on the platform for the worse. Instead of playable games, we got almost everything being released winding up "F2P/P2W", where the game was free, but the difficulty was extremely high and slow, in order to get people to go, "what the hell", and buy some smurfberries/brains/crowns/tokens/serum/ to get over that hump. Even classic tower defense games wound up going this way, where if you wanted a chance at completing them, you had to toss a few bucks each level for added powerups.
It would be nice to see the smartphone gaming market move away from Candy Crush like stuff back to games that are actually playable without having to buy large amounts of some in game currency. I would pay for levels and expansions... real content. Having to pay just for a chance at moving on... sorry, got better things to do.
There are companies that can do gaming right. Square-Enix for example. Maybe more companies should see about going that route.
There are ways to improve the security of Windows. EMET comes to mind, which is a useful tool for catching 0-days. Not perfect (as it was bypassed), but a decent jump in security.
As for making a Wi-Fi connection, I do know on Android and iOS, you can have it not search for Wi-Fi access points unless you explicitly bring that up. You can also use an always-on VPN which won't let traffic through until the VPN tunnel is up and operable.
I always use a VPN, especially after things like Verizon's UIDH. Plus, a VPN gives me a known IP address range, so I can have services that are at home (like SSH, IMAPS, etc.) only be allowed to connect to that range of IPs, and ignore everything else.
For other attacks, on Android, since one has control of the netfilter/iptables of the device (assuming rooted), one can easily modify what goes in/out either directly, or via an app. This is effective in not just blocking incoming attacks, but keeping apps that shouldn't be phoning home from doing so. It also is a last resort save from apps that have more "functionality" than they are supposed to.
The sad thing, I seem to be seeing a resurgence in Flash because some website designers think that if they put all their content in a huge Flash file, that nobody can steal their pictures or content. I thought all Flash sites were left in the ashbin history, but I've stumbled upon several recently.
I feel dumb by asking, but I have looked at a few fuel cells. The VeGA from Truma looked promising, but was killed early. However, having the ability to get 10-20 ampere-hours a day from the propane system on a RV would be quite useful (just so the absorption fridge can be tossed.)
The current fuel cell I see fairly often is EFOY's. It isn't cheap, around $4-7k depending on how many watts per day you want, but it uses a container of methanol for its work.
Is it a limitation of fuel cell technology to have so relatively few amp-hours of electricity available, or is it just that the commercial models I encounter are designed for low-draw appliances (like a camera tower, for watching for fires, in the middle of nowhere where solar panels may be an eyesore.) If one could be made to handle higher amp draws, such as what an A/C uses, it would easily replace the generator.
He also sells batteries. If EV batteries wind up standardized, he can make a good chunk of change selling parts for other maker's EVs, as well as having his own vehicles.
Realistically, energy density by volume is a big limiting factor for many, many technologies. If Musk or someone else can get a stable battery that is 1/10 the energy density (by volume) of gasoline or diesel, this would be a major game changer. Already, IC engines are relatively inefficient... At best, 35% energy goes into twisting the crankshaft, the rest winds up going out the exhaust pipe. An electric motor is far more efficient, and more useful, as it gets its best torque at 0 RPM. Plus, an electric motor requires a lot less upkeep than an IC engine.
Get batteries near the energy by volume of LP gas, and airplanes can move from IC engines.
There are a lot of fundamental improvements waiting for us, once we get stable batteries with stored battery density around what fossil fuels have for energy.
I've read about ways to handle this myself.
One way is to use the quantum connection channel to negotiate a session key via Diffie-Hellman, but each side also has a pre-shared key or a chunk from a one-time-pad that gets XOR-ed or combined with the session key. Then the Internet or conventional channels is used for the bulk transmissions. The attacker would have to find the pre-shared info, as well as decode the quantum crypto, each alone would score nothing.
Another way is to use the quantum channel for sending info... but wrap the info in an existing crypto protocol, be it IPSec or a VPN tunnel, SSH, SSL/TLS, or something else. This way the data is still protected, end to end. Since the quantum channel is relatively slow, adding another encryption layer wouldn't create much of a performance decrease.
What it boils down to is not trusting one form or layer as absolute, especially if the data going over the pipe is sensitive and valuable enough to warrant high security in the first place. The physical equivalent would be something valuable being placed in a sealed security container, then taken via armored car to the destination. If the armored car is compromised, the security container and the GPS on the container would still protect the contents. Similar if the security container is the weakest link.
The reason why consumers "prefer" bigger phones is not because people want a change of clothing with bigger pockets... but the faster CPUs and such require more area to deal with heat.
Of course, I've been told by someone in the industry that nobody would give up CPU and RAM for a smaller phone, but it would be nice to have a phone about the size of an iPhone 4.
In general, it seems phone form factor choices have went from candybars, flip-phones, sliders, keyboards, clamshells... to the typical all-glass touch screen smartphone that fundamentally looks the same. across all models. Is this better? Not really.
Then, there are capabilities built in. Phones are powerful enough that one can build in an entire desktop OS. The Motorola Atrix and Atrix2 are examples of this. It would be nice, with the USB 3.1/USB 3 standard to be able to plug a keyboard, mouse, and monitor into a cellphone, and use it as a desktop. If one creates a dedicated network GPU server that allows devices to send graphics commands, and gets back streaming video (think OnLive for the LAN), then the device wouldn't need to have much in the way of video, and a phone could drive a standard monitor. This essentially allows one device to perform multiple roles, similar to how Microsoft's Surface Pro can work as a tablet, as well as function as a full desktop computer.
Right now, smartphones seem to be stagnating. We have faster CPUs and payment methods, maybe even touchscreens that register pressure on them... but those are evolution, "0.1" or "0.0.1" style improvements. Having the ability to use the phone as a desktop via USB-C, or even as a document repository, similar to Intel's personal server concept, would be a real "1.0" advance. Especially if BlueTooth could be used with a hard drive to get respectable transfer rates, at least USB 2.0, if not greater for short distances. Barring that, there are companies saying they could get 1GB/sec from infrared, so maybe update the IrDA protocol and have that as an alternative to wireless.
Lots of ways phones can be improved on, but there are no players interested in doing anything to affect the status quo right now.
At a previous job, there was a specialty appliance that had an admin control panel that only worked with IE6, XP, and a specific version of Java, no earlier, no later. In fact, it actually used Javascript tricks to catch a browser using a different User-Agent header.
The solution? A Windows XP VM that shared a vSwitch with a PFSense appliance which only allowed communication to the device, and incoming RDP into the VM. That, and a script which would roll back the VM to a clean snapshot.
There is always enforcement by peer. For example, Russian drivers almost always have dash cams. This usually means someone being a total dolt on the roads will be recorded by someone and that recording wind up on YouTube or played in front of a judge come trial time.
I saw a microcosm of this myself with my dash cam where the camera caught a vehicle popping into reverse, smashing into a car behind it, then the driver in front claiming it was the other person's fault. The footage I had on that MicroSD card likely saved someone's insurance premiums by a considerable margin because without it, it would be word against word.
I remember reading that dash cams are perhaps a definitive way to stop poor driving, just because once people get it in the head that their lane weaving and median driving might wind up on YouTube with their license plate available for all to see and look up, it likely would do more than any amount of police writing tickets for infractions.
I remember this debated in a criminal justice course, where the chance of getting caught would be less, but the penalties far harsher compared to a far less penalty, but a far higher chance of getting caught.
It was shown that having a far less penalty that was enforced heavily had a lot more impact. One example was the US drug laws where people could be ejected from college and perhaps go to prison for life for charges. As we can tell, it still isn't too tough to find weed.
On the other hand, various European countries have police will pull people over, ask for the fine cost on the spot, and let the driver on their own way after it is paid. Yes, the penalty is lower (especially without worry about points on a license), but people tend to stop misbehaving if they have to pay even a small fine, if they feel they will be caught.
E-mail clients really don't have much to add. If one wants a one-size-fits-all client for everything, there is always SeaMonkey, which does everything Thunderbird does, as well as brings a NNTP reader, browser, and HTML editor to the table.
I have looked at a lot of E-mail clients: I went with Thunderbird for a number of reasons (a number of them subjective.)
1: Multiplatform capability. When my Windows desktop died and I had to repurpose my MBP, all I had to do was copy a backup of my Thunderbird directory to the proper spot on OS X, and all my settings, mailboxes, and other stuff was in place. If I jump to Linux or back to Windows, I just copy the profile into place, and done.
2: A standard, text file format for storing mailboxes. mbox format may be old hat, but it does work, and if it gets corrupted, isn't too tough to fix by hand. I used to use Outlook .PST mailboxes because they offered encryption, but after corruption took out a mailbox, once I restore it from a backup, I jumped clients.
3: Webmail is OK, but it means that I have to go to each provider's site, log in, dig up the TKIP app or wait for the SMS message (I use 2FA on all accounts I can), browse the account, then log out. With a good MUA, all my E-mail from all accounts is in one place.
4: It is easy to archive mail. I select a folder, hit "archive", and all the mail that piled up in a mailbox gets moved to my IMAP server.
5: Searches are pretty quick. I can sit for a while waiting for another popular MUA to return results, while Thunderbird, once it builds its local caches, can get me an E-mail pretty quickly, regardless of location.
6: There are a lot of extensions available. AdBlock, and folder copy come to mind.
7: MUAs are not general web browsers, and they tend to be far more secure than web browsers for the task at hand.
All and all, I don't see how one can add any major new features to Thunderbird, other than a tool that can automatically back up the Thunderbird profile to a target destination, similar to how FEBE works for Firefox. Bonus points for compression, deduplication, and encryption [1].
[1]: The ideal with encryption would be similar to how Titanium Backup works. It generates a RSA key, stores the key pair on each backup volume, password protects (well, encrypts) the private key, and uses the public key for encrypting the backups (well, uses the public key to protect a symmetric key on each backup.) The result is that backups can be done unattended, restorations is easy with the password, and existing backups are kept secure.
Here where I live, the opposite happens. Oddly enough, if you are on one of the feeder roads that is alongside a toll road, the lights are timed to turn red just as traffic approaches. At. Every. Single. Intersection. In fact, a former co-worker used to be a civil engineer, and showed that even with random chance, it could not have been designed worse.
The same civil engineer told me about the methodology in general. Congestion reduces wrecks, so it looks better for a city to have traffic moving 15-20 mph on the roads than at highway speeds because it lowers the fatal accident rate. There is no downside (to a town) to have streets that are impassible, and the local police can always make money by inspecting the license plates, looking for "busted taillights", and other things.
It only will backfire on the states giving abatements. Yes, it means that there is someone who will be paying a large electric bill and real estate taxes, but like others said above, there is a large opportunity cost. Even a big box store would be better in some ways, because it would hire a lot more people and being money to the community in sales tax revenue.
As someone living in the area, given a choice of a data center which blocks out a huge chunk of land for good, versus something like a S-Mart or Gnome Depot opening up, I'd take the big box store, just because it is something I can use. It makes me wonder how long until data centers start getting pushback by the NIMBY types.