We might end up with two types of SSD, or even drives with both:
MLC's descendant would be designed for space and shoveling as much data into a drive as possible. Because of this, it would require large amounts of error correction. Because MLC is sometimes less reliable than SLC, it will take more processing power to encode incoming data effectively and safely.
SLC's descendant would be designed for speed.
As time goes on, operating systems will get intelligent enough to figure out what parts of a volume are most often used, and move them to the SLC array so they are accessed with a faster speed, while items that are not accessed go to the slower MLC array.
Exactly. Since the form factor isn't dependent on a disk shape, it might be better to go with a form factor that is better for SSD. Perhaps cubic, with a riser card holding the banks of flash chips connected to the controller which does the ECC, encryption, wear levelling, and other stuff?
With SSDs, I'm sure there is always another axis of improvement, similar to with CPUs, when you hit a wall with them, go SMP. When SMP doesn't scale, crank up the clock speed, etc.
What I wonder is what can be focused on to make SSDs be able to store more. We can always stick more chips in an enclosure, and the cooling needs for SSDs are far less than the cooling needed for CPUs.
I'm just crossing my fingers and hoping the ADP3 will be useful for Android 3.x, with at least a 1GHz CPU, preferably 1.5-2.0 GHz, a decent high resolution screen, GPU, and a reasonable amount of onboard storage (32-64GB without needing to go to the memory card.)
I also hope the ADP3 also has the ability to use the 3G bands of both T-Mobile and/or AT&T, so it doesn't matter what provider one uses -- just drop the SIM card and go.
It definitely applies to Android. This means that the modding scene won't be shut down, nor will having a rooted phone with custom firmware lead to jail time.
It won't mean that Motorola will stop signing bootloaders and kernels, but because the last "open" phone, the N1 is out of production [1], this will become a part of the modding process just like the JB process for iPhone models.
[1]: Out of production in the US. Of course, you can see about eBay or overseas, but there is a good chance you will get a piece of cement instead of a phone if you go that route due to fraud being so easy to accomplish.
Because of the dancing bunny issue, I wouldn't mind a hurdle steep enough to keep Joe Sixpack from jailbreaking his phone, downloading a "pr0n viewer", getting his phone infected, then bitching to the world how insecure the phone is. Something that will make him go, "gee, I might 'brick' my phone if I do this wrong" and keep his cluelessness inside the walled garden.
However, the obstacle shouldn't be too high that makes it iffish to impossible for people to know the ramifications to do it. Ideally it should be something like booting to a recovery prompt with a "$" sign, typing in something like "echo '1' >/proc/jailbrokenstatus" then rebooting, and when the phone comes on, it would be trivial to download Cydia and go to town.
The Nexus 1 had it right with the OEM Unlock command and the warning about "if you unlock this phone, there is no more warranty and any damage you bring is your own fault." Something stern enough to keep the guy with the drool cup from doing it, but someone who knows a kernel from an inode, it would be no sweat.
With the way most databases work [1], I'm almost completely sure that most social networking sites do keep backlevel copies. All it would take is just looking at a certain point in time with an archive log at tables used for a certain account, and it wouldn't be hard to see what happens over time.
In fact, I am sure this is or will be monetized. A social network could make some good cash if they figured out over time what people changed or preferred through their FB status and preference changes. For example, if there is a significant trend from rap to bluegrass, it might be usable/salable info to record labels to start picking up more in the genre gaining popularity. Similar if quotes from a certain person or TV show start gaining more people using them.
[1]: I don't know about NoSQL based databases, but those are fundamentally broken, sacrificing integrity for performance, so it may not be possible to restore to a point in time even with an archive log.
I'd probably say it is almost definitely will happen. Remember: There are no criminal laws against data loss in the US, only civil, unless the data is classified+. So, a place can file bankruptcy, someone else can buy the stored data and do what they want with it, and there will be zero legal recourse possible.
What is needed are data retention laws that people face jail/prison terms. Then, we might see some action. Otherwise, expect those photos of lighting farts in high school to haunt people even when they hit the retirement age.
Even better, disable the UOPs so one doesn't need to sit through 30 minutes of ads before hitting the main menu? UOP was meant to just show the big FBI notice, not protect the ads.
What is ironic is that of all the cellular providers, the most "standard" will be AT&T. Sprint is going their own direction with Clear/Sprint 4G, Verizon is CDMA, T-Mobile is going 3.5G (HSPA+), and AT&T is GSM, but going LTE eventually (which is the de facto standard worldwide).
So if one wants their unlocked phone to happily work across the world, AT&T is probably the best choice, followed by T-Mobile.
That is true, but it has become extremely difficult to find a new unlocked model in the US unless one wants to pay the $300-$500 fee that phone importers tack on.
Check out the modmymoto.com forum. There are some good CLIQ ROMS that are MotoBlur free. While you are there, you might as well update your phone to Android 2.1 (they have the official T-Mobile version, IIRC, with root access.)
If you are not careful and try that on a rooted Motorola CLIQ, you will end up with a lovely bootloop until you restore from a nandroid backup or reflash.
That is becoming harder and harder every new model. The N1 (the last easily rootable Android device) is not in production anymore, and newer phones either have signed bootloaders, have hardware tricks to prevent critical filesystems from being remounted R/W, or worse.
Don't forget the good old fashioned weekend. It wasn't that long ago (relatively in our nation's history) where 12-16 hour shifts, 7 days a week was the normal work week. Maybe part of Sunday for church.
Oh, and that were the hours for the kiddos to be digging in the mines. Adults had it worse.
There are some issues where malware winds up in places, and that is something beyond the vendor's control. However, having the motherboard's BIOS infected is just plain not excusable. How can people have any guarantee of security if a maker's QA process allows this stuff to happen? Even if they offshore it to another contractor, the buck stops at the company whose name is on the machine. How can we be sure that replacing the management software and/or a BIOS reflash will take care of the problem?
At least there are plenty of vendors to choose from in the x86 server market. IBM has some very good machines. HP always has had quality offerings. Oracle sells x86 and SPARC hardware, Cisco sells x86 servers that are decent. Even Apple has a top quality 1U server that can both work in a server room as well as a musician's rack.
It depends on the "cyberwarrior". Two types come to mind:
Type 1: Someone who is able to focus on one small program or routine for months on end to find anything that can be used as en exploit. Perhaps one unbounded array, or the fact that it doesn't drop root privs immediately, or perhaps the program can be used to make another daemon dump core and the core file analyzed for encryption keys or cached passwords. They will focus on looking at an OS distribution to find any issues that might be with downlevel packages that might have been included. These are the "weapons makers", and the people that are really needed. However, due to the fear of winding up in jail because people fear them, these guys are not going to give their existence out. I'm sure that one can train people for this, but this type has been a solitary profession, or done with small groups of people that can trust each other 100%.
Type 2: Instead of focusing narrowly, this is the type that looks at the gestalt view. Even if system "X" is compromised and completely owned, will this affect day to day operations? Will the audit log methods be able to detect if there was a compromise of sshd? How protected are critical servers from network attacks?
It takes both types. The people that sift through code with a microscope to find any vulnerabilities, and people who are focused on a strategic perspective. Both are needed to cause successful intrusions, and both are needed to protect against them. No car analogy, but it would be the equivalent of a weaponsmith, and an armorsmith.
It is all about perception. I see high school advisors telling kids to stay away from computer science because they will be fighting for jobs against the whole world (programmers from India, sysadmins from the Bay Area, etc.) Instead, they tell them to go law because "there is no such thing as an unemployed lawyer."
Russia and China, it is different. There, their security guys doing blackhat/white work are viewed with similar respect as Special Forces guys are viewed here, as heroes for their country. Here in the US, a CS/IT person is looked at as someone who is going to be unemployed as soon as the PHB finds some offshore firm.
Change the perception, make it cool to be a CS/IT person. THEN you will have your "cyberwarriors" that are on par with the Russian/Chinese blackhats. Otherwise, the CS students will be taking their CS degree into law or business school.
The hydrogen is from the water which likely would be obtained from near the plant. The CO2 is extracted from the air and done by some chemical process to make alcohol or a water source from the plant. I misstated in the post. The goal is to get some type of fluid that is pulled apart by energy on one side, and is burned or catalyzed at the other end of the pipe.
Even better would be a means of pulling carbon from the air over at the generation plant, generating hydrogen gas or an alcohol, then pumping that fuel via pipeline to a place near the city, and burning it there. This sounds Rube Goldberg-ish, but doing something like this would mean more energy gets to the grid from the generator because it is not lost to wire resistance over the long distances.
The only disadvantage would be needing a source of water near the generation plant, and the fact that vandals and kooks are not deterred from messing with it like they are with high voltage power lines (for the most part).
With China trying to show off what it can do, what happens if they get enough fast moving junk in the orbit levels that it starts hitting other objects... which will promptly start speeding off in other directions, essentially causing a chain reason, tearing up anything in orbit at that level, eventually making an almost impenetrable barrier of fast moving stuff, blocking any chances at anything going into space for the next several hundreds years?
Is there any way to slow the junk down so it hits atmosphere and burns up?
Microsoft doesn't need a BES like subsystem. They own the E-mail enterprise market which is locked down tightly with Exchange. Except for larger companies (IBM and Google come to mind) that have their own E-mail systems, almost everyone else, from Fortune 10 businesses down to SMBs are running Microsoft's offering.
The lawyers are not supposed to. The person who REALLY needs to be knowledgeable about such things is the man or woman holding the gavel. They are the ones who are charged with writing the decisions and why they ruled the way they did.
Lawyers are supposed to make their side win above all else. It is the judge who has to be able to cut through the smoke screens and be able to render a decision that will affect the nation's future.
What will be a big issue will be energy generation. A colony will be needing to recycle used air/water, find ways of making up lost oxygen and other atmospheric gases in order to expand to new rooms and expand the colony from something small, to something habitable for the rest of peoples' lives.
How will this be done? Probably nuclear fission and high capacity breeder reactors. Because they can't be water cooled, they will have to be designed from the ground up to be able to use as much heat as possible for energy, and radiate either into the ground, or into space any energy that it can't use.
Without a source of energy to keep everything going, there is no hope for a colony. It isn't like they can go grab some trees and stick them in a bonfire.
Ideally, fusion would be the best way of generating energy for a colony to last generations. Hydrogen is fairly easy to get (grab out in space, ship from Earth in water, etc.) In a decent tank, it stores indefinitely, and a little bit goes a long way.
If you are feeling really insane, some UNIX operating systems can dispense with root altogether, even past having it disabled for logins (like how OS X has it present but not usable until explicitly turned on). AIX 6.x has the ability to completely chuck root (where stuff running as UID 0 is essentially running as nobody with no privs whatsoever), and what would have been handled by the superuser is handed off to other users as roles. Of course, if a critical role isn't defined before root gets stripped of its mantle of rulership, well, have fun rebooting to install media or to a NIM server and fixing that.
Some UNIX variants don't care a bit if the user root is renamed. Others will choke and give up the ghost. Ideally it would be nice to rename the root user (and put a dummy user named root just for kicks, similar to how Windows admins worth their salt have a bogus Administrator user with insane amounts of logging enabled), but it is hard to tell which UNIX variants don't care, and which will be really unhappy.
Maybe the best of all worlds is to have SELinux-like ACL policies be made into an easier pill to swallow. For example, a Web browser should not have access to a user's.xinitrc,.profile,.bashrc, or other files. If a policy enforces this, even if a Web browser is completely compromised, there is no way a blackhat can install software running in the browser's context that would start on a login, nor even with a valid su or sudo password, would ever get to a "#" prompt. By focusing on isolating applications, a system can be partially compromised, but not completely taken over, unless the security problem lies in a critical subsystem like ssh/sshd where it really can't be put into a fenced in playground.
As for obfuscation, it does work against script kiddies, but a blackhat worth his salt will eventually go through the IP range and find that one randomly named server is listening on port 80 and 443, and communicating with some other box via some ports that are usually for Oracle. Security through obscurity is not a good solution in the long run.
We might end up with two types of SSD, or even drives with both:
MLC's descendant would be designed for space and shoveling as much data into a drive as possible. Because of this, it would require large amounts of error correction. Because MLC is sometimes less reliable than SLC, it will take more processing power to encode incoming data effectively and safely.
SLC's descendant would be designed for speed.
As time goes on, operating systems will get intelligent enough to figure out what parts of a volume are most often used, and move them to the SLC array so they are accessed with a faster speed, while items that are not accessed go to the slower MLC array.
Exactly. Since the form factor isn't dependent on a disk shape, it might be better to go with a form factor that is better for SSD. Perhaps cubic, with a riser card holding the banks of flash chips connected to the controller which does the ECC, encryption, wear levelling, and other stuff?
With SSDs, I'm sure there is always another axis of improvement, similar to with CPUs, when you hit a wall with them, go SMP. When SMP doesn't scale, crank up the clock speed, etc.
What I wonder is what can be focused on to make SSDs be able to store more. We can always stick more chips in an enclosure, and the cooling needs for SSDs are far less than the cooling needed for CPUs.
I'm just crossing my fingers and hoping the ADP3 will be useful for Android 3.x, with at least a 1GHz CPU, preferably 1.5-2.0 GHz, a decent high resolution screen, GPU, and a reasonable amount of onboard storage (32-64GB without needing to go to the memory card.)
I also hope the ADP3 also has the ability to use the 3G bands of both T-Mobile and/or AT&T, so it doesn't matter what provider one uses -- just drop the SIM card and go.
It definitely applies to Android. This means that the modding scene won't be shut down, nor will having a rooted phone with custom firmware lead to jail time.
It won't mean that Motorola will stop signing bootloaders and kernels, but because the last "open" phone, the N1 is out of production [1], this will become a part of the modding process just like the JB process for iPhone models.
[1]: Out of production in the US. Of course, you can see about eBay or overseas, but there is a good chance you will get a piece of cement instead of a phone if you go that route due to fraud being so easy to accomplish.
Because of the dancing bunny issue, I wouldn't mind a hurdle steep enough to keep Joe Sixpack from jailbreaking his phone, downloading a "pr0n viewer", getting his phone infected, then bitching to the world how insecure the phone is. Something that will make him go, "gee, I might 'brick' my phone if I do this wrong" and keep his cluelessness inside the walled garden.
However, the obstacle shouldn't be too high that makes it iffish to impossible for people to know the ramifications to do it. Ideally it should be something like booting to a recovery prompt with a "$" sign, typing in something like "echo '1' > /proc/jailbrokenstatus" then rebooting, and when the phone comes on, it would be trivial to download Cydia and go to town.
The Nexus 1 had it right with the OEM Unlock command and the warning about "if you unlock this phone, there is no more warranty and any damage you bring is your own fault." Something stern enough to keep the guy with the drool cup from doing it, but someone who knows a kernel from an inode, it would be no sweat.
With the way most databases work [1], I'm almost completely sure that most social networking sites do keep backlevel copies. All it would take is just looking at a certain point in time with an archive log at tables used for a certain account, and it wouldn't be hard to see what happens over time.
In fact, I am sure this is or will be monetized. A social network could make some good cash if they figured out over time what people changed or preferred through their FB status and preference changes. For example, if there is a significant trend from rap to bluegrass, it might be usable/salable info to record labels to start picking up more in the genre gaining popularity. Similar if quotes from a certain person or TV show start gaining more people using them.
[1]: I don't know about NoSQL based databases, but those are fundamentally broken, sacrificing integrity for performance, so it may not be possible to restore to a point in time even with an archive log.
I'd probably say it is almost definitely will happen. Remember: There are no criminal laws against data loss in the US, only civil, unless the data is classified+. So, a place can file bankruptcy, someone else can buy the stored data and do what they want with it, and there will be zero legal recourse possible.
What is needed are data retention laws that people face jail/prison terms. Then, we might see some action. Otherwise, expect those photos of lighting farts in high school to haunt people even when they hit the retirement age.
Even better, disable the UOPs so one doesn't need to sit through 30 minutes of ads before hitting the main menu? UOP was meant to just show the big FBI notice, not protect the ads.
What is ironic is that of all the cellular providers, the most "standard" will be AT&T. Sprint is going their own direction with Clear/Sprint 4G, Verizon is CDMA, T-Mobile is going 3.5G (HSPA+), and AT&T is GSM, but going LTE eventually (which is the de facto standard worldwide).
So if one wants their unlocked phone to happily work across the world, AT&T is probably the best choice, followed by T-Mobile.
That is true, but it has become extremely difficult to find a new unlocked model in the US unless one wants to pay the $300-$500 fee that phone importers tack on.
Check out the modmymoto.com forum. There are some good CLIQ ROMS that are MotoBlur free. While you are there, you might as well update your phone to Android 2.1 (they have the official T-Mobile version, IIRC, with root access.)
If you are not careful and try that on a rooted Motorola CLIQ, you will end up with a lovely bootloop until you restore from a nandroid backup or reflash.
That is becoming harder and harder every new model. The N1 (the last easily rootable Android device) is not in production anymore, and newer phones either have signed bootloaders, have hardware tricks to prevent critical filesystems from being remounted R/W, or worse.
Don't forget the good old fashioned weekend. It wasn't that long ago (relatively in our nation's history) where 12-16 hour shifts, 7 days a week was the normal work week. Maybe part of Sunday for church.
Oh, and that were the hours for the kiddos to be digging in the mines. Adults had it worse.
There are some issues where malware winds up in places, and that is something beyond the vendor's control. However, having the motherboard's BIOS infected is just plain not excusable. How can people have any guarantee of security if a maker's QA process allows this stuff to happen? Even if they offshore it to another contractor, the buck stops at the company whose name is on the machine. How can we be sure that replacing the management software and/or a BIOS reflash will take care of the problem?
At least there are plenty of vendors to choose from in the x86 server market. IBM has some very good machines. HP always has had quality offerings. Oracle sells x86 and SPARC hardware, Cisco sells x86 servers that are decent. Even Apple has a top quality 1U server that can both work in a server room as well as a musician's rack.
It depends on the "cyberwarrior". Two types come to mind:
Type 1: Someone who is able to focus on one small program or routine for months on end to find anything that can be used as en exploit. Perhaps one unbounded array, or the fact that it doesn't drop root privs immediately, or perhaps the program can be used to make another daemon dump core and the core file analyzed for encryption keys or cached passwords. They will focus on looking at an OS distribution to find any issues that might be with downlevel packages that might have been included. These are the "weapons makers", and the people that are really needed. However, due to the fear of winding up in jail because people fear them, these guys are not going to give their existence out. I'm sure that one can train people for this, but this type has been a solitary profession, or done with small groups of people that can trust each other 100%.
Type 2: Instead of focusing narrowly, this is the type that looks at the gestalt view. Even if system "X" is compromised and completely owned, will this affect day to day operations? Will the audit log methods be able to detect if there was a compromise of sshd? How protected are critical servers from network attacks?
It takes both types. The people that sift through code with a microscope to find any vulnerabilities, and people who are focused on a strategic perspective. Both are needed to cause successful intrusions, and both are needed to protect against them. No car analogy, but it would be the equivalent of a weaponsmith, and an armorsmith.
It is all about perception. I see high school advisors telling kids to stay away from computer science because they will be fighting for jobs against the whole world (programmers from India, sysadmins from the Bay Area, etc.) Instead, they tell them to go law because "there is no such thing as an unemployed lawyer."
Russia and China, it is different. There, their security guys doing blackhat/white work are viewed with similar respect as Special Forces guys are viewed here, as heroes for their country. Here in the US, a CS/IT person is looked at as someone who is going to be unemployed as soon as the PHB finds some offshore firm.
Change the perception, make it cool to be a CS/IT person. THEN you will have your "cyberwarriors" that are on par with the Russian/Chinese blackhats. Otherwise, the CS students will be taking their CS degree into law or business school.
The hydrogen is from the water which likely would be obtained from near the plant. The CO2 is extracted from the air and done by some chemical process to make alcohol or a water source from the plant. I misstated in the post. The goal is to get some type of fluid that is pulled apart by energy on one side, and is burned or catalyzed at the other end of the pipe.
Even better would be a means of pulling carbon from the air over at the generation plant, generating hydrogen gas or an alcohol, then pumping that fuel via pipeline to a place near the city, and burning it there. This sounds Rube Goldberg-ish, but doing something like this would mean more energy gets to the grid from the generator because it is not lost to wire resistance over the long distances.
The only disadvantage would be needing a source of water near the generation plant, and the fact that vandals and kooks are not deterred from messing with it like they are with high voltage power lines (for the most part).
With China trying to show off what it can do, what happens if they get enough fast moving junk in the orbit levels that it starts hitting other objects... which will promptly start speeding off in other directions, essentially causing a chain reason, tearing up anything in orbit at that level, eventually making an almost impenetrable barrier of fast moving stuff, blocking any chances at anything going into space for the next several hundreds years?
Is there any way to slow the junk down so it hits atmosphere and burns up?
Microsoft doesn't need a BES like subsystem. They own the E-mail enterprise market which is locked down tightly with Exchange. Except for larger companies (IBM and Google come to mind) that have their own E-mail systems, almost everyone else, from Fortune 10 businesses down to SMBs are running Microsoft's offering.
The lawyers are not supposed to. The person who REALLY needs to be knowledgeable about such things is the man or woman holding the gavel. They are the ones who are charged with writing the decisions and why they ruled the way they did.
Lawyers are supposed to make their side win above all else. It is the judge who has to be able to cut through the smoke screens and be able to render a decision that will affect the nation's future.
What will be a big issue will be energy generation. A colony will be needing to recycle used air/water, find ways of making up lost oxygen and other atmospheric gases in order to expand to new rooms and expand the colony from something small, to something habitable for the rest of peoples' lives.
How will this be done? Probably nuclear fission and high capacity breeder reactors. Because they can't be water cooled, they will have to be designed from the ground up to be able to use as much heat as possible for energy, and radiate either into the ground, or into space any energy that it can't use.
Without a source of energy to keep everything going, there is no hope for a colony. It isn't like they can go grab some trees and stick them in a bonfire.
Ideally, fusion would be the best way of generating energy for a colony to last generations. Hydrogen is fairly easy to get (grab out in space, ship from Earth in water, etc.) In a decent tank, it stores indefinitely, and a little bit goes a long way.
If you are feeling really insane, some UNIX operating systems can dispense with root altogether, even past having it disabled for logins (like how OS X has it present but not usable until explicitly turned on). AIX 6.x has the ability to completely chuck root (where stuff running as UID 0 is essentially running as nobody with no privs whatsoever), and what would have been handled by the superuser is handed off to other users as roles. Of course, if a critical role isn't defined before root gets stripped of its mantle of rulership, well, have fun rebooting to install media or to a NIM server and fixing that.
Some UNIX variants don't care a bit if the user root is renamed. Others will choke and give up the ghost. Ideally it would be nice to rename the root user (and put a dummy user named root just for kicks, similar to how Windows admins worth their salt have a bogus Administrator user with insane amounts of logging enabled), but it is hard to tell which UNIX variants don't care, and which will be really unhappy.
Maybe the best of all worlds is to have SELinux-like ACL policies be made into an easier pill to swallow. For example, a Web browser should not have access to a user's .xinitrc, .profile, .bashrc, or other files. If a policy enforces this, even if a Web browser is completely compromised, there is no way a blackhat can install software running in the browser's context that would start on a login, nor even with a valid su or sudo password, would ever get to a "#" prompt. By focusing on isolating applications, a system can be partially compromised, but not completely taken over, unless the security problem lies in a critical subsystem like ssh/sshd where it really can't be put into a fenced in playground.
As for obfuscation, it does work against script kiddies, but a blackhat worth his salt will eventually go through the IP range and find that one randomly named server is listening on port 80 and 443, and communicating with some other box via some ports that are usually for Oracle. Security through obscurity is not a good solution in the long run.