Why is user location given out *at all* unless this is an explicit service and the user is warned about this on app install like Android does? User wherabouts should be private unless there is an issue of law enforcement such as E911 service. Why is this info given out without a choice to advertisers inside the iAd system? To boot, I have yet to see what other information that is sent up to advertisers. People I know who have worked with iAd can't divulge details due to NDAs, so I have ZERO clue what information is being handed over that is on my phone.
Of course, this is information that a user cannot decline to give out either. It is all or nothing. Either hand over to third parties where you are 24/7/365, and other private info, or don't buy the device.
That would be nice, but I am cynical. I'm sure eventually, even paid apps will have ads in them after a bit. The free apps will end up losing functionality, or just be only usable as "full" versions for a couple days before being crippled (no save command, read-only, app only runs for 5 minutes, etc.)
I hope not, but times are shitty, and I'm sure that a bean counter fresh from MBA school will demand the dev house resume tacking on ads for more cashola even in paid for apps, because it keeps money coming in, even in the future. A paid app is only paid once, then no more income.
There is also another scenario that would seriously hurt Google. This is in theory, mind you:
Say Android didn't come to market, and Apple gets the lion's share of the smartphone market, like they did the MP3 player arena.
Then, down the road while most of the public is tied to the single ISP the iPhone is on (will use $ISP to represent the ISP Apple uses in various countries), Apple makes their own search engine.
Because people are tied to $ISP plans with low data caps, it would not be unforeseeable to have Apple's search engine traffic not contribute to the cap, while traffic to Google/Bing/Yahoo would be billed. Because of this, people would end up using any services Apple or $ISP provides have because it is cheaper, as opposed to having to pay for the bandwidth for almost the same results from somewhere else.
This would start applying to other services as well. If $ISP ratchets up the cost per kilobyte downloaded, people will end up going to the "free" services offered, be it E-mail, social networks and all this. A service offered by $ISP could be of far less quality than something else, but people would use it because it would not charge them.
Disclaimer: This is a scenario. However, with net neutrality dead, it is only a matter of time to see how far ISPs can push things, and I think it is only a matter of time before we start seeing tiered sites and surcharges per site.
There wasn't a well-funded lobby blocking NASA from getting to the moon. There is a well-funded lobby to keep MPG low and non-prototype [1] alternative fuel cars off the road so more oil gets consumed.
Even diesel cars here in the US have a bad rap. The Mercedes Turbo Diesel which asphyxiated drivers behind it, and was obnoxiously underpowered is what people think of what a diesel car is. Ironically even though some Americans bitch about diesel cars, they don't even notice a diesel pickup truck (other than the sound) because of the low sulfur fuel mandatory these days. I'd love to see a diesel revolution again here in the States, because the engines are not just more reliable, but diesel fuel remains stable for years, as opposed to months or weeks like gasoline.
[1]: We all see the bubbly, tiny cars that are used for prototypes that look like rehashes of the AMC Gremlin. Americans don't like that style. I'm sure that had there not been a deep pocketed legion of lobbyists, we would have seen cars like the Tesla and an electric grid structure to support them back in the 1980s.
Actually, there is a third factor to consider: Reliability. One part replaced is a lot of oil used for polymers in making the plastic, shipping, and other items.
If a 50mpg vehicle required some intricate doodad that requires shipment from Elbonia every 5-10k miles, compared to a 20mpg vehicle that runs without anything but oil and filters changed, as a gestalt, the 20mpg vehicle may be a better environmental choice.
Mileage is important, but I like focusing on the TCO of a vehicle (which is important in both cost, and environmental impact). I'd rather pay more at the pump for a vehicle that requires less "downtime" at a service station.
Start->Run->gpedit.msc Local Computer Policy->Administrative Templates->Windows Components->AutoPlay Policies Turn off Autoplay -> Enabled, all drives Don't set the always do checkbox -> Enabled Turn off AutoPlay for non volume devices -> Enabled Default Behavior for AutoRun -> Enabled, set do not execute any autorun commands gpupdate/force
My beef is why this is not the default on all Windows machines. AutoPlay and AutoRun are separate entities, so one needs to make sure both are disabled.
This is something PCs need to standardize on. My server has F1, my desktop has F2, my laptop has F10, my old Thinkpad has something else.
My suggestion:
[ESC] -- boot menu (with the ability to be password protected) [F1] -- BIOS setup. [F2] -- Diagnostics. [F3] -- RAID setup. [F4] -- Boot into built in Linux or WinPE image. [F5] -- BIOS on the serial port. Standard 9600/8/n/1. [F6] -- BIOS on the network with some way of setting the IP with or without a DHCP server, and perhaps with a password. Preferably a ssh client. [F7] -- Reset all CPU overclocking info, and go back to a default standard. [F8] -- Turn on/off management tools and LOM. LOM is great for some uses, a BIG security hole for others. The reason this is separate from the regular BIOS is so businesses can turn it on and off and password protect it, while giving users the ability to set normal settings. [F9] -- Put a number on every monitor the machine sees, either onboard or other, and allow the user to select which one. AIX does this the first time it boots so it knows which monitor is the primary LFT (or HFT if running 3.2.5.x), and what are secondary. [F10] -- Recovery image access. [F11] -- Network booting access (password protected as an option.) This way, a machine can be told to boot from the network headless. [F12] -- DBAN/decommissioning mode. On consumer PCs, this would be made *very* hard to access. However, on company machines, having the ability to tell all hard disks to do a secure erase, erase the NVRAM, zero the BIOS out, zero the TPM out (and set it back to default disabled) and reflash to a known good version on a true ROM chip, and erase multiple times any other memory would be a big help. Even better would be to present an official note with a timestamp and some validation code that a machine with a certain BIOS ID was completely zeroed out for audit reasons, and offer to save it on a USB flash drive. This way, IT knows that when this command is run and a completion message is put on the screen, that the machine was completely wiped.
If you look at the BIOS of an off the shelf consumer level HP or Dell, the BIOS is dumbed down. If you want serious BIOS features, you need to buy their business lines. This way, you get support for IDE/ATAPI passwording of drives, LoJack enabling or disabling, TPM [1] functionality, and other useful tools.
[1]: TPMs are not just for DRM. I find them an important tool to keep malware off a machine. If a machine installs or enables a hypervisor or installs a MBR payload, then reboots itself, the TPM will notice the change, and not allow the master volume key to be passed next boot. I wish every PC (and Mac) would either ship with a TPM (disabled and deactivated as per the standard, of course, so a user has to turn it on,) or ship with the ability to drop in a TPM daughtercard.
Call me insane, but I wish PC makers would get together with Microsoft and have WinPE available as a recovery image on the BIOS. This way, I can mount BitLocker volumes, and with some programs, be able to open TrueCrypt, and PGP encrypted disks for emergency recovery and spyware removal. This way, I can just boot a server into the WinPE volume, mount the system and data drives, then go in with an integrity checker (sigverif and sfc to start), as well as go through the Registry to look for rootkits with regedit and autoruns. Of course, spyware can encrypt pieces of the filesystem which some do to make recovery hard, but that is what backups are for.
Of course, having an image utility built into the WinPE system would be great. This way, I can make a known good backup or clonable image of a machine without any worry about open files, even if VSS is not operable.
Don't forget Retrospect 7.7. It is a backup utility, but with the Windows PE CD, it can be used for cloning, assuming you have the licenses in place. What I like doing with it is making an image on a master PC and have Retrospect do backups of the PC every so often. Then after an update, if I need to go and clone it, I can easily do so (especially on Vista and Windows 7 where repackaging is less of a hassle.) I have used it with a backup server with decent success at both P2V-ing a machine that completely died, but had a usable image, as well as reinstalling onto new hardware.
Maybe it should be the case a customer has a corporate recovery tool. It would be nice to have some functionality by a TPM (of course it can be zeroed out) so a user can use a "trusted" corporate recovery image that wasn't tampered with to reimage their laptop on the road, perhaps without losing documents.
Of course, this means that BitLocker's functionality of encryption would have to be moved into the BIOS since the TPM can only protect one OS on a machine, but it this functionality can be disabled (even if it means the images have to be wiped so the machine can be used), it would be a good thing.
This was a true test of an old school Compaq support person. If you remembered to download and make the F10 boot floppies (first it came on one, then two, then three), and when rebuilding a server, made sure to put that F10 boot partition on the machine.
The day when Compaq stopped doing that (mainly because they went with OEM BIOSes) was a blessed one. This meant that a server built by someone who didn't know what they were doing would still have access to basic BIOS utilities, even without a flopy drive.
DOS has its uses. If someone is wanting an OS that is going to guarantee them that they will be able to poll a doodad hardware device every x milliseconds (say a thermometer measuring coolant in a reactor and if the coolant reaches a certain temperature, scram the reactor and drop the rods), DOS will do that and not crash (unless someone goes happy with TSR programs.)
Yes, there are other embedded operating systems, but if the task is simple, then why not use DOS? DOS does little other than deal with interrupts and the hardware driver functionality has been worked out over decades. If I were to make a life support device, a version of DOS is a good candidate for this because it has so little overhead and can be rebooted almost instantly by a watchdog controller.
This is why data centers I've worked at have multiple transfer switches and multiple power line drops. Machines with two PSUs get one plug that is fed by one switch, and the other plug by another. I've also seen some online UPSes [1] use two separate power cables for this reason too.
[1]: UPSes that don't switch, but always have the computers use the batteries 24/7, unless the batteries are manually shunted for maintenance. Compared to standby UPS models that has a couple milliseconds to switch over, these are a lot more reliable... and more expensive.
We had this in the past. It was called PostScript. PostScript sent would work regardless of printer, be it inkjet, laser, dye sublimation, or high velocity platypus sweat sprayed onto paper.
I wish Adobe would relicense PostScript making the cost on a sliding scale so a low end printer (the usual $50 inkjet that takes cartridges more than what the printer costs) could use it.
Now, drivers are more of for using printer-specific features, not just getting it to print at all.
Even better, how about a list of either PGP/gpg public keys (fingerprints or actual keys stored), or S/MIME keys (either by fingerprint or key material, or trusting the certificate?)
This way, unless the key is compromised by malware that knows exactly what it is doing, it would be extremely difficult to send spam to the printer.
Of course, as a pale second, a passphrase would work, but E-mail is easily forged, and non encrypted E-mail can be sniffed to glean contents.
With net neutrality not an issue, I wonder if AT&T will have its arm twisted into giving "free" passage to any Apple specified content where it doesn't contribute to the cap, while anything from Hulu, YouTube, and other places get charged the metered rates. This way, users end up going to Apple's content because it doesn't cost them anything.
Why should I trust unknown servers with critical data? If I were forced to use cloud-based services for banking and file storage, I have no clue who has access to the data. Even with the best security, there are some individuals who will happily loan a blackhat their badge, PIN, and offline authentication device in return for a princely sum of cash, and barring that, there are always other exploits.
Cloud services have some uses, but not for everything. Cloud storage is a decent method of keeping files in a secure location, provided you have some sort of encryption layer, and that you have another method of storage. For example, an external hard disk with a backup program (Retrospect, Time Machine) coupled with a cloud backup service like Mozy, Carbonite, or BackBlaze should go a long way in protecting a home/SOHO user. The external hard disk protects against "oh shit" happenings that trash the machine, while the cloud backup allows files to be obtained even if the machine (and the backup drive) were destroyed.
Cloud based VMs also have their uses, but in reality these uses are limited because one would not want to store confidential data on them. One use could be a point where external network traffic from a business gets redirected to, or perhaps a mirror of publically available downloads. Anything past that is playing with fire when it comes to security.
I don't know... if users were considered non profitable because they use more than 2GB a month, then it sounds like AT&T needs to do a quarterly charge-off, and put in some infrastructure so they can support the hordes of users. At least they did a better job at this SXSW in ensuring coverage than last year.
In all honesty, 2GB is nothing. If you pile on the Adobe updates, Windows Update files, DRM updates, antivirus defs pushed daily, updates for Web browsers and add-ons, 2GB can vanish in a heartbeat, and this isn't a user who is a bandwidth hog.
Bandwidth is part of computing, and is one of the places where growth of all Internet apps is stunted because ISPs can't/won't upgrade their pipes. Picture gigabit WAN connections, and the app services they can provide. Not just the tired old video streaming and videoconferencing that people talk about, but honest to goodness cloud syncing of critical files with a trustworthy encryption layer, ability to store data on personal servers accessible securely from anywhere, ease of doing backups (separating the data center that does archives from everything else geographically), separating computers so a family can not just have a core server at home, but a "clan" server room.
However, until ISPs decide to do add something more than additional user fees, we are stuck with 2000 technology. If ISPs were like this in the 1990s and the world was stuck at 28.8k dialup, most of computing would have never happened, no cloud computing, no Mozy backups, no Net radio other than low res RealAudio, no security updates of software (people would have to update their machines via CDs sent via the mail), no real games, no console multiplayer gaming, no DLC, essentially most industries that are thriving on the Internet would never have been possible.
So, until ISPs stop thinking about next quarter's profits and start working on infrastructure so they can make more money, computing as a whole has stopped evolving. Yes, we will get a new iWhatever every so often, or a program going from 1.0 to 1.1, but serious improvements are not going to happen.
It sounds like you know what you are doing and are able to cook ROMs worth downloading. I just think that because compromising phones is so lucrative [1] that it will only be a matter of time before the modding community (be it Windows Mobile, Android, jailbroken iPhone utilities, even the N900) will be strongly hit by this. This is why I like the idea of PGP/gpg signing ROMS, and perhaps urging a popular modding forum (xda-developers, modmymoto, etc.) to sign and store copies of developers' PGP/gpg keys for easy retrieval and validation (so someone impersonating a dev cert wouldn't go far.)
I worry about two things when it comes to modding phones: Piracy and compromised ROMs. Piracy gets app developers to put more pressure on Google, phone makers, and carriers to make their devices more hostile. A compromised ROM, regardless of platform, if it affected a good amount of people would cause phone makers and cell carriers to start putting more root-hostile "features" on their devices, such as the signed kernels on the Milestone, to daemons that run that kill any root process that isn't on a manifest list.
At least PGP/gpg signing of ROMs means an attacker has to go to serious lengths to try to get around it, perhaps by hacking one of the bigger Web forums. Even then, if people already have a copy of the public key, it will be obvious that a ROM was tampered with on download.
[1]: Tons of ways to make money from a compromised phone. Repeatedly dial a long distance number, send out spam via SMS, send out traditional spam via a smtp server, grab user contacts and info for use for targeted phishing or extortion, use the phone's storage for a BitTorrent seed or FTP server, use the phone as a proxy to further hide a blackhat's IP tracks, and so on.
I'd like to see an antivirus scanner put into the fastboot or recovery image. This way, if a phone is rootkitted, someone can boot to the recovery, and run Tripwire like software which would catch unknown kernel modules, and for known malware signatures, a signature based AV would deal with those.
However, lets be realistic: AV software is the absolutely last bastion of defense. Before malware can trip the AV software, the OS or application should have dealt with it by either ignoring it and forbidding it to run, or actively killing what it was doing.
Maybe this is where Android "fragmentation" might be good. An exploit that works for Android 1.5 and the Samsung Behold 2 likely won't work on a Droid running 2.1, especially if it uses a kernel module, and will almost definitely won't work if neither phone is rooted.
Even if a user gives permissions, they may get their account and messages compromises, but unless there is an exploit the malware uses that isn't known by the modding/rooting community, there is NO WAY that something installed as an APK in a user account on a phone is going to be able to get root access to drop in a kernel module. Even if it did, phones like the Motorola Milestone have signed Linux kernels and are not built with the ability to load modules, so all it would do is nothing or cause the phone to bootloop.
Don't forget, that a lot of kernels on Android phones are built monolithic and not allowing kernel extensions. A custom kernel that is explicitly built to allow.ko files on a G1 is likely what is needed for this exploit.
I can see three ways that this kernel rootkit (which is nothing new -- there have been Linux kernel modules for rootkits since the late 1990s) can get on an Android device, and all three require a rooted phone:
1: The app masquerades as a root utility. There are some utilities which are very useful for rooted phones. Droidwall, Autostarts, Wireless Tether, Wired Tether, root explorer, Titanium Backup, SQLite Editor, and a terminal emulator are must have utilities, because they add a lot of useful functionality. I can see a utility masquerading as something useful for rooted phones, getting installed, then going to town on the phone, replacing BusyBox with a utility that hides the rootkit, opening up a command port, and so on.
2: Some malware is put on a custom ROM. This would kill the custom modding scene as we know it if this happens, and makes me wish that people who "cook" ROMs would PGP or gpg sign the images, so a determined blackhat would not be able to tamper with things.
3: An app gets access to the SD card, manages to alter nandroid backups on the card and/or add an update.zip file which is signed, and then runs an update. This way, the malware package would be sucked in implicitly.
So, for the average user with Android, a rootkit isn't going to happen unless it uses an exploit, and these days, RAMDLD exploits and such are rare for phones.
A closed device could make life much worse for privacy. How does one know that history and cookies are actually deleted, as opposed to saved off to a protected area? And of course, there are items like Flash/Java shared objects that are normally not deleted and on a closed system, there likely is no way a user can delete those. And there is always the ability to have an undocumented add-on which reports a unique ID to any Web server that asks for it.
Privacy on normal computers is an uphill battle, but at least if worst comes to worst, you can run your Web browser in a VM, or on Macs, do your web browsing as guest and log out periodically so all files are deleted. If a platform is closed, where one has to trust the Web browser to guard privacy, does it really do so? Cookies are not the only way to uniquely identify a machine.
I can see in the future this becoming a tool for "law enforcement" -- because most devices that are closed are tied by some sort of unique ID to some central place, it wouldn't be hard to push an update to a device to upload those "deleted" cookies and other data. The end user wouldn't know, and if he or she did, there would be nothing they could do other than trash the device. Or push a program out on a mass scale to look for certain items (say a MP3 file that was leaked), confirm it was on a number of devices, then file a large amount of lawsuits.
Why is user location given out *at all* unless this is an explicit service and the user is warned about this on app install like Android does? User wherabouts should be private unless there is an issue of law enforcement such as E911 service. Why is this info given out without a choice to advertisers inside the iAd system? To boot, I have yet to see what other information that is sent up to advertisers. People I know who have worked with iAd can't divulge details due to NDAs, so I have ZERO clue what information is being handed over that is on my phone.
Of course, this is information that a user cannot decline to give out either. It is all or nothing. Either hand over to third parties where you are 24/7/365, and other private info, or don't buy the device.
That would be nice, but I am cynical. I'm sure eventually, even paid apps will have ads in them after a bit. The free apps will end up losing functionality, or just be only usable as "full" versions for a couple days before being crippled (no save command, read-only, app only runs for 5 minutes, etc.)
I hope not, but times are shitty, and I'm sure that a bean counter fresh from MBA school will demand the dev house resume tacking on ads for more cashola even in paid for apps, because it keeps money coming in, even in the future. A paid app is only paid once, then no more income.
This will date me, but I remember when cable TV came out, two advantages detailed:
1: No antennas to worry about.
2: You pay for the service, and not advertising, thus no ads.
Then the ads came between shows. Not much longer, people sat through the same time of ads on cable as they do on OTA TV.
There is also another scenario that would seriously hurt Google. This is in theory, mind you:
Say Android didn't come to market, and Apple gets the lion's share of the smartphone market, like they did the MP3 player arena.
Then, down the road while most of the public is tied to the single ISP the iPhone is on (will use $ISP to represent the ISP Apple uses in various countries), Apple makes their own search engine.
Because people are tied to $ISP plans with low data caps, it would not be unforeseeable to have Apple's search engine traffic not contribute to the cap, while traffic to Google/Bing/Yahoo would be billed. Because of this, people would end up using any services Apple or $ISP provides have because it is cheaper, as opposed to having to pay for the bandwidth for almost the same results from somewhere else.
This would start applying to other services as well. If $ISP ratchets up the cost per kilobyte downloaded, people will end up going to the "free" services offered, be it E-mail, social networks and all this. A service offered by $ISP could be of far less quality than something else, but people would use it because it would not charge them.
Disclaimer: This is a scenario. However, with net neutrality dead, it is only a matter of time to see how far ISPs can push things, and I think it is only a matter of time before we start seeing tiered sites and surcharges per site.
There wasn't a well-funded lobby blocking NASA from getting to the moon. There is a well-funded lobby to keep MPG low and non-prototype [1] alternative fuel cars off the road so more oil gets consumed.
Even diesel cars here in the US have a bad rap. The Mercedes Turbo Diesel which asphyxiated drivers behind it, and was obnoxiously underpowered is what people think of what a diesel car is. Ironically even though some Americans bitch about diesel cars, they don't even notice a diesel pickup truck (other than the sound) because of the low sulfur fuel mandatory these days. I'd love to see a diesel revolution again here in the States, because the engines are not just more reliable, but diesel fuel remains stable for years, as opposed to months or weeks like gasoline.
[1]: We all see the bubbly, tiny cars that are used for prototypes that look like rehashes of the AMC Gremlin. Americans don't like that style. I'm sure that had there not been a deep pocketed legion of lobbyists, we would have seen cars like the Tesla and an electric grid structure to support them back in the 1980s.
Actually, there is a third factor to consider: Reliability. One part replaced is a lot of oil used for polymers in making the plastic, shipping, and other items.
If a 50mpg vehicle required some intricate doodad that requires shipment from Elbonia every 5-10k miles, compared to a 20mpg vehicle that runs without anything but oil and filters changed, as a gestalt, the 20mpg vehicle may be a better environmental choice.
Mileage is important, but I like focusing on the TCO of a vehicle (which is important in both cost, and environmental impact). I'd rather pay more at the pump for a vehicle that requires less "downtime" at a service station.
This is how I fix it:
Start->Run->gpedit.msc /force
Local Computer Policy->Administrative Templates->Windows Components->AutoPlay Policies
Turn off Autoplay -> Enabled, all drives
Don't set the always do checkbox -> Enabled
Turn off AutoPlay for non volume devices -> Enabled
Default Behavior for AutoRun -> Enabled, set do not execute any autorun commands
gpupdate
My beef is why this is not the default on all Windows machines. AutoPlay and AutoRun are separate entities, so one needs to make sure both are disabled.
This is something PCs need to standardize on. My server has F1, my desktop has F2, my laptop has F10, my old Thinkpad has something else.
My suggestion:
[ESC] -- boot menu (with the ability to be password protected)
[F1] -- BIOS setup.
[F2] -- Diagnostics.
[F3] -- RAID setup.
[F4] -- Boot into built in Linux or WinPE image.
[F5] -- BIOS on the serial port. Standard 9600/8/n/1.
[F6] -- BIOS on the network with some way of setting the IP with or without a DHCP server, and perhaps with a password. Preferably a ssh client.
[F7] -- Reset all CPU overclocking info, and go back to a default standard.
[F8] -- Turn on/off management tools and LOM. LOM is great for some uses, a BIG security hole for others. The reason this is separate from the regular BIOS is so businesses can turn it on and off and password protect it, while giving users the ability to set normal settings.
[F9] -- Put a number on every monitor the machine sees, either onboard or other, and allow the user to select which one. AIX does this the first time it boots so it knows which monitor is the primary LFT (or HFT if running 3.2.5.x), and what are secondary.
[F10] -- Recovery image access.
[F11] -- Network booting access (password protected as an option.) This way, a machine can be told to boot from the network headless.
[F12] -- DBAN/decommissioning mode. On consumer PCs, this would be made *very* hard to access. However, on company machines, having the ability to tell all hard disks to do a secure erase, erase the NVRAM, zero the BIOS out, zero the TPM out (and set it back to default disabled) and reflash to a known good version on a true ROM chip, and erase multiple times any other memory would be a big help. Even better would be to present an official note with a timestamp and some validation code that a machine with a certain BIOS ID was completely zeroed out for audit reasons, and offer to save it on a USB flash drive. This way, IT knows that when this command is run and a completion message is put on the screen, that the machine was completely wiped.
If you look at the BIOS of an off the shelf consumer level HP or Dell, the BIOS is dumbed down. If you want serious BIOS features, you need to buy their business lines. This way, you get support for IDE/ATAPI passwording of drives, LoJack enabling or disabling, TPM [1] functionality, and other useful tools.
[1]: TPMs are not just for DRM. I find them an important tool to keep malware off a machine. If a machine installs or enables a hypervisor or installs a MBR payload, then reboots itself, the TPM will notice the change, and not allow the master volume key to be passed next boot. I wish every PC (and Mac) would either ship with a TPM (disabled and deactivated as per the standard, of course, so a user has to turn it on,) or ship with the ability to drop in a TPM daughtercard.
Call me insane, but I wish PC makers would get together with Microsoft and have WinPE available as a recovery image on the BIOS. This way, I can mount BitLocker volumes, and with some programs, be able to open TrueCrypt, and PGP encrypted disks for emergency recovery and spyware removal. This way, I can just boot a server into the WinPE volume, mount the system and data drives, then go in with an integrity checker (sigverif and sfc to start), as well as go through the Registry to look for rootkits with regedit and autoruns. Of course, spyware can encrypt pieces of the filesystem which some do to make recovery hard, but that is what backups are for.
Of course, having an image utility built into the WinPE system would be great. This way, I can make a known good backup or clonable image of a machine without any worry about open files, even if VSS is not operable.
Don't forget Retrospect 7.7. It is a backup utility, but with the Windows PE CD, it can be used for cloning, assuming you have the licenses in place. What I like doing with it is making an image on a master PC and have Retrospect do backups of the PC every so often. Then after an update, if I need to go and clone it, I can easily do so (especially on Vista and Windows 7 where repackaging is less of a hassle.) I have used it with a backup server with decent success at both P2V-ing a machine that completely died, but had a usable image, as well as reinstalling onto new hardware.
Maybe it should be the case a customer has a corporate recovery tool. It would be nice to have some functionality by a TPM (of course it can be zeroed out) so a user can use a "trusted" corporate recovery image that wasn't tampered with to reimage their laptop on the road, perhaps without losing documents.
Of course, this means that BitLocker's functionality of encryption would have to be moved into the BIOS since the TPM can only protect one OS on a machine, but it this functionality can be disabled (even if it means the images have to be wiped so the machine can be used), it would be a good thing.
This was a true test of an old school Compaq support person. If you remembered to download and make the F10 boot floppies (first it came on one, then two, then three), and when rebuilding a server, made sure to put that F10 boot partition on the machine.
The day when Compaq stopped doing that (mainly because they went with OEM BIOSes) was a blessed one. This meant that a server built by someone who didn't know what they were doing would still have access to basic BIOS utilities, even without a flopy drive.
DOS has its uses. If someone is wanting an OS that is going to guarantee them that they will be able to poll a doodad hardware device every x milliseconds (say a thermometer measuring coolant in a reactor and if the coolant reaches a certain temperature, scram the reactor and drop the rods), DOS will do that and not crash (unless someone goes happy with TSR programs.)
Yes, there are other embedded operating systems, but if the task is simple, then why not use DOS? DOS does little other than deal with interrupts and the hardware driver functionality has been worked out over decades. If I were to make a life support device, a version of DOS is a good candidate for this because it has so little overhead and can be rebooted almost instantly by a watchdog controller.
This is why data centers I've worked at have multiple transfer switches and multiple power line drops. Machines with two PSUs get one plug that is fed by one switch, and the other plug by another. I've also seen some online UPSes [1] use two separate power cables for this reason too.
[1]: UPSes that don't switch, but always have the computers use the batteries 24/7, unless the batteries are manually shunted for maintenance. Compared to standby UPS models that has a couple milliseconds to switch over, these are a lot more reliable... and more expensive.
We had this in the past. It was called PostScript. PostScript sent would work regardless of printer, be it inkjet, laser, dye sublimation, or high velocity platypus sweat sprayed onto paper.
I wish Adobe would relicense PostScript making the cost on a sliding scale so a low end printer (the usual $50 inkjet that takes cartridges more than what the printer costs) could use it.
Now, drivers are more of for using printer-specific features, not just getting it to print at all.
Even better, how about a list of either PGP/gpg public keys (fingerprints or actual keys stored), or S/MIME keys (either by fingerprint or key material, or trusting the certificate?)
This way, unless the key is compromised by malware that knows exactly what it is doing, it would be extremely difficult to send spam to the printer.
Of course, as a pale second, a passphrase would work, but E-mail is easily forged, and non encrypted E-mail can be sniffed to glean contents.
With net neutrality not an issue, I wonder if AT&T will have its arm twisted into giving "free" passage to any Apple specified content where it doesn't contribute to the cap, while anything from Hulu, YouTube, and other places get charged the metered rates. This way, users end up going to Apple's content because it doesn't cost them anything.
Why should I trust unknown servers with critical data? If I were forced to use cloud-based services for banking and file storage, I have no clue who has access to the data. Even with the best security, there are some individuals who will happily loan a blackhat their badge, PIN, and offline authentication device in return for a princely sum of cash, and barring that, there are always other exploits.
Cloud services have some uses, but not for everything. Cloud storage is a decent method of keeping files in a secure location, provided you have some sort of encryption layer, and that you have another method of storage. For example, an external hard disk with a backup program (Retrospect, Time Machine) coupled with a cloud backup service like Mozy, Carbonite, or BackBlaze should go a long way in protecting a home/SOHO user. The external hard disk protects against "oh shit" happenings that trash the machine, while the cloud backup allows files to be obtained even if the machine (and the backup drive) were destroyed.
Cloud based VMs also have their uses, but in reality these uses are limited because one would not want to store confidential data on them. One use could be a point where external network traffic from a business gets redirected to, or perhaps a mirror of publically available downloads. Anything past that is playing with fire when it comes to security.
I don't know... if users were considered non profitable because they use more than 2GB a month, then it sounds like AT&T needs to do a quarterly charge-off, and put in some infrastructure so they can support the hordes of users. At least they did a better job at this SXSW in ensuring coverage than last year.
In all honesty, 2GB is nothing. If you pile on the Adobe updates, Windows Update files, DRM updates, antivirus defs pushed daily, updates for Web browsers and add-ons, 2GB can vanish in a heartbeat, and this isn't a user who is a bandwidth hog.
Bandwidth is part of computing, and is one of the places where growth of all Internet apps is stunted because ISPs can't/won't upgrade their pipes. Picture gigabit WAN connections, and the app services they can provide. Not just the tired old video streaming and videoconferencing that people talk about, but honest to goodness cloud syncing of critical files with a trustworthy encryption layer, ability to store data on personal servers accessible securely from anywhere, ease of doing backups (separating the data center that does archives from everything else geographically), separating computers so a family can not just have a core server at home, but a "clan" server room.
However, until ISPs decide to do add something more than additional user fees, we are stuck with 2000 technology. If ISPs were like this in the 1990s and the world was stuck at 28.8k dialup, most of computing would have never happened, no cloud computing, no Mozy backups, no Net radio other than low res RealAudio, no security updates of software (people would have to update their machines via CDs sent via the mail), no real games, no console multiplayer gaming, no DLC, essentially most industries that are thriving on the Internet would never have been possible.
So, until ISPs stop thinking about next quarter's profits and start working on infrastructure so they can make more money, computing as a whole has stopped evolving. Yes, we will get a new iWhatever every so often, or a program going from 1.0 to 1.1, but serious improvements are not going to happen.
It sounds like you know what you are doing and are able to cook ROMs worth downloading. I just think that because compromising phones is so lucrative [1] that it will only be a matter of time before the modding community (be it Windows Mobile, Android, jailbroken iPhone utilities, even the N900) will be strongly hit by this. This is why I like the idea of PGP/gpg signing ROMS, and perhaps urging a popular modding forum (xda-developers, modmymoto, etc.) to sign and store copies of developers' PGP/gpg keys for easy retrieval and validation (so someone impersonating a dev cert wouldn't go far.)
I worry about two things when it comes to modding phones: Piracy and compromised ROMs. Piracy gets app developers to put more pressure on Google, phone makers, and carriers to make their devices more hostile. A compromised ROM, regardless of platform, if it affected a good amount of people would cause phone makers and cell carriers to start putting more root-hostile "features" on their devices, such as the signed kernels on the Milestone, to daemons that run that kill any root process that isn't on a manifest list.
At least PGP/gpg signing of ROMs means an attacker has to go to serious lengths to try to get around it, perhaps by hacking one of the bigger Web forums. Even then, if people already have a copy of the public key, it will be obvious that a ROM was tampered with on download.
[1]: Tons of ways to make money from a compromised phone. Repeatedly dial a long distance number, send out spam via SMS, send out traditional spam via a smtp server, grab user contacts and info for use for targeted phishing or extortion, use the phone's storage for a BitTorrent seed or FTP server, use the phone as a proxy to further hide a blackhat's IP tracks, and so on.
I'd like to see an antivirus scanner put into the fastboot or recovery image. This way, if a phone is rootkitted, someone can boot to the recovery, and run Tripwire like software which would catch unknown kernel modules, and for known malware signatures, a signature based AV would deal with those.
However, lets be realistic: AV software is the absolutely last bastion of defense. Before malware can trip the AV software, the OS or application should have dealt with it by either ignoring it and forbidding it to run, or actively killing what it was doing.
Maybe this is where Android "fragmentation" might be good. An exploit that works for Android 1.5 and the Samsung Behold 2 likely won't work on a Droid running 2.1, especially if it uses a kernel module, and will almost definitely won't work if neither phone is rooted.
Even if a user gives permissions, they may get their account and messages compromises, but unless there is an exploit the malware uses that isn't known by the modding/rooting community, there is NO WAY that something installed as an APK in a user account on a phone is going to be able to get root access to drop in a kernel module. Even if it did, phones like the Motorola Milestone have signed Linux kernels and are not built with the ability to load modules, so all it would do is nothing or cause the phone to bootloop.
Don't forget, that a lot of kernels on Android phones are built monolithic and not allowing kernel extensions. A custom kernel that is explicitly built to allow .ko files on a G1 is likely what is needed for this exploit.
I can see three ways that this kernel rootkit (which is nothing new -- there have been Linux kernel modules for rootkits since the late 1990s) can get on an Android device, and all three require a rooted phone:
1: The app masquerades as a root utility. There are some utilities which are very useful for rooted phones. Droidwall, Autostarts, Wireless Tether, Wired Tether, root explorer, Titanium Backup, SQLite Editor, and a terminal emulator are must have utilities, because they add a lot of useful functionality. I can see a utility masquerading as something useful for rooted phones, getting installed, then going to town on the phone, replacing BusyBox with a utility that hides the rootkit, opening up a command port, and so on.
2: Some malware is put on a custom ROM. This would kill the custom modding scene as we know it if this happens, and makes me wish that people who "cook" ROMs would PGP or gpg sign the images, so a determined blackhat would not be able to tamper with things.
3: An app gets access to the SD card, manages to alter nandroid backups on the card and/or add an update.zip file which is signed, and then runs an update. This way, the malware package would be sucked in implicitly.
So, for the average user with Android, a rootkit isn't going to happen unless it uses an exploit, and these days, RAMDLD exploits and such are rare for phones.
A closed device could make life much worse for privacy. How does one know that history and cookies are actually deleted, as opposed to saved off to a protected area? And of course, there are items like Flash/Java shared objects that are normally not deleted and on a closed system, there likely is no way a user can delete those. And there is always the ability to have an undocumented add-on which reports a unique ID to any Web server that asks for it.
Privacy on normal computers is an uphill battle, but at least if worst comes to worst, you can run your Web browser in a VM, or on Macs, do your web browsing as guest and log out periodically so all files are deleted. If a platform is closed, where one has to trust the Web browser to guard privacy, does it really do so? Cookies are not the only way to uniquely identify a machine.
I can see in the future this becoming a tool for "law enforcement" -- because most devices that are closed are tied by some sort of unique ID to some central place, it wouldn't be hard to push an update to a device to upload those "deleted" cookies and other data. The end user wouldn't know, and if he or she did, there would be nothing they could do other than trash the device. Or push a program out on a mass scale to look for certain items (say a MP3 file that was leaked), confirm it was on a number of devices, then file a large amount of lawsuits.