FreeOTFE supports LUKS/dm-crypt volumes, so you can read encrypted partitions with that on Windows.
I see two solutions: The most secure is using dm-crypt and having a recovery key given to the user, and the device store one on a place of memory that is overwritten multiple times if the phone is erased. The advantage of this is that an attacker has zero clue what is on the card. The whole card is an encrypted blob. There is no way to figure out a filesystem, much less data is stored. The disadvantage is that it is hard to encrypt an unencrypted card. One could do a "dd if=/dev/loop0 of=/dev/sdcard" which allows zero forgiveness if the process is interrupted. Or the card would have to be formatted before encrypted data is allowed on.
The second solution is what Windows Mobile 6+ devices do. They use a FAT filesystem, but they have a layer on top of it. When a file is written, it encrypts the file, and stores it with a key hash and the.menc extension. So foo.txt would be stored as foo.txt.123456.menc. On reading, WM automatically decrypts any known.menc files that it has keys for (the keys being stored in main memory in \Windows\system\default.mky) If WM doesn't have a key that matches a signature, it will ignore the file. This allows for multiple devices with different keys to use the same card. To the applications on WM, this encryption is transparant, like EFS.
I'm hoping that three carriers moving to LTE for their next generation will help remedy this. AT&T and T-Mobile are moving to LTE because it is the next step in GSM. Verizon is going to be moving to it as well because it is easier to make tower sharing agreements and use a standard than try to roll their own. Only Sprint is doing something different, but they are betting the farm on Clear and WiMax.
Windows Mobile post 6.0 has one feature I wish Android had. The ability to encrypt everything on a memory card. This way, should a device be stolen, it would erase itself by too many wrong password guesses, or erase itself if told to, and the items on the memory card would be useless to the thief.
This is very easy to do in Linux, either via a filesystem method (encfs), or just block loopback encryption.
I just wish this was implemented properly, so when an Android phone tells an Exchange server it supports encryption; it actually does.
I'll probably reiterate a bunch from the parent poster, but when I saw Avatar, it borrowed from a number of movies, but the closest thing it seemed to follow was first book of Harry Harrison's "Deathworld". The core plot twists are the same or similar, the military base constantly under siege, the people finding natives and siding with them, the intelligent planet that finally fights back.
I consider it a noble tribute to that book. It was worth seeing the movie because of the FX, especially in 3D. The touches of futuristic details were excellent, from how data was moved from one screen to another, to the slap bracelet handcuffs.
Another book I also have seen tribute from was Asimov's Foundation series with Gaea. Yes, the Gaeans were not an advanced situation, but they didn't have to be, because they were all interlinked.
I didn't consider it an "environment uber Alles" type of movie, nor was it a guilt trip type of flick (Star Trek IV grated on nerves about the whole "save the whales" theme). The natives recognized the scientists and their avatars for what they were, but allowed them to live and even work on trade.
All and all, I hope Cameron puts out the two other movies in the series. All sci fi books and movies borrow from each other, and Avatar does a great job as a tribute to a lot of good works.
Clear sounds like something I'd like on a netbook or a laptop. However, 200ms latency if playing an online game really makes it killer.
LTE has yet to be rolled out, but I read somewhere they are promising sub 40 ms for most destinations on their network, and an average of 75 ms to an average server. I'd love to see this, but historically, radio has always had a lot more latency than wired connections like DSL that require less processing per bit over the wire.
I'm looking forward to LTE because it would standardize three providers -- Verizon, T-Mobile, and AT&T. Then if they use the same frequency, swapping a sim to use in an unlocked device shouldn't be as painful as it is now, as even on GSM networks, phones need quad-band capability to use T-Mobile's G3 and AT&T's G3 bands.
In companies I worked at, there is a fear of IPv6 even though most modern devices support it. They weathered the packet storms and glitches of land, teardrop, SYN flooding, fake ICMP resets, smurf, ping of death, and so on with IPv4.
Now, the PHBs I've encountered are worried stiff about the same bugaboos once the Pandora's Box of IPV6 comes from the edge into the core fabric. Some places may end up using IPv6 edge routing with hardened routers, but then use IPV4 and NAT so they can keep their internal machines (especially the older boxes which have no IPV6 support) going. It is a kludge, because the beauty of IPv6 is being able to have such a large address space. However, it might be the best in between technology.
What I did for a place that had to be seriously locked down (no external direct connections to the Internet in or out. Windows updates were handled by WSUS) was put on the subnets a Windows Server box with a bunch of RDP licenses (the place was a MS shop, so other solutions were not as viable. This Windows Server machine had a direct connection to the Internet, and policies blocking exchange of clipboard or any data between the RDP client and server. Similar policies were applied clientside.
Now with this in place, employees could RDP to the server and browse the Web all they wanted to with no site blocks. Between using an application whitelist, A/V software, and profiles, the chance of a user-level infection because someone was browsing pr0n was minimal.
At least holo storage made it to something concrete... but InPhase markets it as a replacement for optical storage, which is a high end market that companies shell out the big bucks for, so they can have top reliability in WORM archiving for legal reasons.
What would really be remarkable is one of these technologies making it not just to the boutique high end archiving market, but to something that can replace tape drives, ZIP drives, or USB flash drives. Enterprises would be beating down the door of a company who can make something that can be cheaper than tape, but on spinning platters and be easily moved around a robotic autochanger. Especially if the capacity is high enough that significantly fewer pieces of media are needed for storage and transport than the existing hard disk VTL or tape system. If the media company had a standardized way of encrypting the data with AES-256 in hardware that would be even nicer.
The best compromise I've seen when it comes to web filters is to have the standard corporate filter for pr0n and the like. This is to be there for the legal eagles and to fill out a checkbox. Then, off the record, is a certain VPN proxy which tunnels to a network outside of the company. This way, if someone does watch what traffic the company is doing, the pr0n traffic won't be registered as going to their IP. Of course, if people overtly abuse the VPN proxy, it can poof anytime because it officially doesn't exist.
What cracks me up is people who say that, especially the IT dude thing, then when asked what they would do differently, it seems they get the deer in the headlights thing going.
If one wants to know what running a MMO is like on a small scale, some Neverwinter Nights and NWN2 persistant worlds used a core database (MySQL + NWNX) and zone servers so they could deploy an immense world spanning a sizable number of PCs. It gets pretty scary how much CPU a zone server which just handles the mechanics of gameplay chews up, even with a relative small number of players. Now multiply that times the crazy-big amount of players a full size MMO has, and one sees why virtualization isn't used because every CPU cycle is precious.
Another example of CPU time are old fashioned MUDs. A popular LPMud with a number of imms making objects and regular players out battling stuff could not just jam a box with multiple CPUs, but also eat up a lot of RAM and I/O moving areas, zones, and mobiles in and out of memory.
1: You can move the VM between physical hardware with little trouble. Power off VM, robocopy the files, power it on. For older Windows operating systems that required a reinstall if the underlying HAL changed, this is a large lifesaver.
2: Fast backups with the snapshot functionality.
3: Cloning -- need more instances, grab more hardware, fire up Hyper-V or ESXi, slap the VM on and go to town.
4: Clustering -- several physical machines can host one VM through a SAN and if one box fails, the failover can pick up where the main machine left off on the machine (not the app) level. This means you don't need to worry about how apps will deal with jumping MACs or hardware changes unexpectedly.
5: Security. If a VM got infected, it can be powered off and rolled back to a safe snapshot, and also a snapshot taken of its dirty state for forensics.
6: Ability to run on future hardware. Say everyone ditches x86 and amd64 and decides to go to IBM's POWER architecture and emulate legacy stuff. The stuff in the VM won't care that is is actually isn't running on a different CPU.
Of course, virtualization's disadvantage is performance losses due to the added overhead of more context switching.
For a MMO, virtualization isn't really needed except at the database core. If a zone server [1] goes down, there will be people nerd raging on the forums, but in reality if someone gets to it in 24 hours or so, people won't be pulling their subscriptions. The only real thing that would cause people to bail is a large player database rollback, so days to weeks of playing are lost. However if you have a good database cluster, this isn't going to happen.
Virtualization is just one of many IT tools. Sometimes it is an excellent thing to have. Other times, there isn't any real need to have it, especially for CPU intensive stuff on a server that can be cloned or easily reimaged with the apps on it.
[1]: I'm assuming zone servers handle the combat mechanics, only sending updates to the core player database when a player loots an item, dies, logs out, disconnects, or at a periodic interval if nothing else changes.
IMHO, Windows 2000 is the "unsung hero" of this. XP provided new window decorations, a DRM stack (Trusted Audio Path), activation (for non VLK copies), a few EncFS improvements (no need for a recovery agent, multiple users have access to a file), and shadow copies. However, it didn't change the game as in fundamental OS mechanics like moving from a DOS "shell" to a true 32 bit protected mode OS has done.
Windows 2000 provided essentially the OS we are sitting on now on most Windows installs. The server side gave us Active Directory, IPSec, a decent privilege/ACL model mostly inherited from NT, user rights (user with versus without admin privs), decent crash protection (especially compared to 9x/ME). The workstation edition gave us a full 32 bit executables, additions onto a decent journaling filesystem, innate separation of users (versus the kludgy.PWL files from the 9x era), and so on.
XP is a decent OS, and has weathered the test of time, and this by in its own right gives it mentioned, but it would gain recognition for being evolutionary, not revolutionary. Windows 2000 was revolutionary both on the client and server sides.
This is a matter of preference. For me, I prefer a slider such as the Droid, Cliq, or Moment because I'm used to typing on physical keys as opposed to making sure I got the right key pressed on a touchscreen. Even worse, some touchscreen phones I've used are not calibrated and do not register the contact on the screen at the right point. You hit a "p", and get an "o". Of course, you can't go any further right to get the "p" to register, and the phone does not have any method to recalibrate the screen to fix this.
4G is split up here in the US between Sprint/Clear's WiMax endeavor and LTE (which is going to be pushed out by T-Mobile, VZW, and AT&T).
My hope is that LTE frequencies are all standardized so I can use an unlocked device on any of the three networks. Part of the LTE spec is a standardized SIM card, so I have some hopes for this.
The problem with the Motorola Q and PocketPC devices is that they were running different editions of Windows Mobile.
Windows Mobile has two editions. One is for non touchscreen devices (Windows Mobile Standard), so even though it looks similar, the method of getting around in it is quite different than the Windows Mobile Professional which is based around a touchscreen UI. Apps for Windows Mobile Standard are far fewer than for Professional, so this is something which hurt the Q in a number of ways.
The good thing about Android is that it isn't split into two completely different UI methods (although the fact that Android devices run different versions of the OS is a hair puller.)
This is where Apple excels: There are three models of the iPhone, and apps can run on all three unless they take advantage of a specific feature (GPS, 3G, or compass.) Android has to avoid this trap of fragmenting, where a customer has to know that the app they are about to buy works on their version of the OS, and their model phone. If Android does fragment where one app has to be written for different versions to work, it might weaken the OS to the point where people just go back to Apple/AT&T where stuff "just works".
I'm just hoping that Motorola, Samsung, and HTC understand this, and hopefully keep their Android devices updated. It may seem counterproductive because they want to keep selling new models, but if a customer leaves the platform algother after the average two year commitment, it means no new devices purchases down the line.
I wouldn't say the N900 is running dead end OS, but I also wouldn't say that root is required to do everything on an Android device either.
The main three reasons I'd root an Android phone are to either upgrade the underlying Android version, to disable vendor specific stuff (such as the spinning cube on the Behold II which doesn't do much UI-wise, but takes up space and CPU time), and being able to run apps from the SD card via unionfs or other means.
If someone knows what they are doing, (or at least the ramifications of the # prompt), rooting isn't an issue. However, some Android phones do not yet have a complete flash image out there to recover back to, so if someone trashes stuff outside the user modifiable data directories (the stuff that is normally mounted read only), a hard reset may not be able to clear up a bootloop [1]. So, unless there is a way to drop into a recovery mode to re-flash (and have a default non-rooted Flash image handy), I'd be *VERY* careful about rooting. I like cautioning people against rooting unless they have a good reason for it because Android phones are not like iPhones. Unlike Apple's product, you don't need to go through a store to install all apps you want. Instead, you can install what you like via adb on Android. And of course, it is only a matter of time before some maliciously written apps make it to Androids store which can detect a rooted phone with no su protection and start wreaking mayhem [2].
[1]: Technically, this isn't bricking a phone if you can get to a recovery mode, but in reality, if you can't hop to a recovery mode and re-flash, it essentially is a brick until someone puts out a.shx file or similar with a usable image.
[2]: Most rooting processes have a defense against this, using a superuser.apx app, where it prompts the user to allow the app to have root. However, my fear is that users who don't realize that VERY few apps need root would just click "allow", and all hell breaks loose... which makes it look bad for the whole modding scene, and makes devices makers redouble their efforts to make their phones root-proof, or hostile to flashing custom firmware.
IIRC, China and other places also uses CDMA technology. China also uses R-UIM cards, which allow one to switch devices without having to place a call to an operator to change out the IMEI numbers.
There is a third option: If you have an account in good standing with T-Mobile, they will finance a chunk of the phone for you over some months. And there is no contract, although you are responsible for the balance for the phone.
The key is having the humor that the last DN3D had, but updated for modern times. The "GUILTY?" signs, the white Bronco chase scene, and 867-5309 in the restroom were all touches that set that game apart from the scads of FPS games that followed.
FrontMotion (http://www.frontmotion.com/Firefox/) keeps (fairly) updated copies of Firefox on their website ready to push in.MSI format. They are also signed.
This may not be something usable in a lot of places (Frontmotion isn't a company that everyone knows, so people would be leery of trusting their signatures), but it can be useful in some cases.
If I could ask for one thing with Flash, I wish it had a security model where on operating systems that supported it, it could run the foreign.swf containers either jailed or with highly restricted permissions. For example, a YouTube vid might need access to a shared object to set video preferences, but it needs no access other than that, or perhaps a way to connect back to YouTube to rate stuff or get the next video in a series.
This isn't hard in Windows. IIRC, one can create a restricted hToken, then use CreateProcessAsUser and have the child instance of whatever add-on do the heavy lifting. It isn't as elegant as a BSD jail, but it keeps stuff out of the user context, and you can lock a child process from touching the Registry or the filesystem.
I think this is an issue that affects all operating systems essentially:
There needs to be a central place for programs to check versions, then be directed to their repositories. The checking would be done in SSL, the version numbers placed on the repositories would be signed.
And this doesn't have to be centralized. As part of a package's manifest, it would have a URL that the updater daemon would use and pull a signed list of latest versions. If the program isn't the latest, the OS update utility would be able to find where exactly to go (perhaps even supporting torrents) and grab the latest rpm,.deb,.msp/.msi,.installp, or tarball.
Of course, the update daemon can be configured to only check an internal repository. This is VITAL when it comes to staging upgrades, so a production machine doesn't slurp some update from a repository, eat its spleen and take a dirt nap, taking your production webserver with it.
This can also be multiplatform. This allows an updater on the staging server to check Linux packages on internal machines, grab all that need updated and store them in a mirror, then go out and grab the OS X ones, then the Windows ones, and whatever operating systems are in use. Then once the sysadmin approves the upgrade, the machines internally do the rest of the work.
Try to get a standard on an alternative technology that has been around a while? If Oracle could update Java so it had better video processing, it could possibly go head to head with Flash for movies. Unlike Flash, Java has a decent security model so sandboxed stuff won't be jumping out to execute crap as a user, or perhaps as a superuser.
Also, unlike Flash, Java runs almost anywhere. Yes, there are JVM issues, but a Java applet can be coded to run on any platform. The only platform it doesn't work on that is mainstream is a non jailbroken iPhone (jailbroken ones run it happily.) And there are utilities like alcheMo to natively port bytecode to BREW.
Oracle really should see about throwing some serious development man-hours at JMF and making something that can go head to head with Flash. This would be great because if Java takes back the standard role, it means one less extension that can be compromised.
Another to do is consider running a browser that separates add-ons from the user context. IE8 does this by running things in a restricted mode. Chrome goes one step better and has the add-ons run essentially in a VM.
Of course, the most secure way of all is to run your Web browsing in a virtual machine (and use snapshots to roll back when done, dropping all changes), with the Web browser and its add-ons running as an unpriviliged user (no UAC or sudo access). This way, malicious software will have to get the user context in the VM, get to administrator, find a hole in the hypervisor, then find a way to get to some context in the host OS, which is a daunting task.
I'd be tickled pink to see a sequeal of DN3D, even if it isn't the legendary DNF, but "just another " Duke Nukem game. Save the legendary title for something else, find a decent 3D engine, and allow us cool places to read the daily newspaper again.
This is why GSM was invented. In the days of analog phones, it was not hard at all for a decently equipped thief to clone a phone and either make calls, or sell the cloned phone for cash. This goes until the victim calls the cellphone provider about the multi-thousand dollar bills.
For a long while, GSM's security through obscurity did well for protection, but if this guy can decrypt the algorithm, I'm sure blackhat organizations have been exploiting this for fraud for years.
FreeOTFE supports LUKS/dm-crypt volumes, so you can read encrypted partitions with that on Windows.
I see two solutions: The most secure is using dm-crypt and having a recovery key given to the user, and the device store one on a place of memory that is overwritten multiple times if the phone is erased. The advantage of this is that an attacker has zero clue what is on the card. The whole card is an encrypted blob. There is no way to figure out a filesystem, much less data is stored. The disadvantage is that it is hard to encrypt an unencrypted card. One could do a "dd if=/dev/loop0 of=/dev/sdcard" which allows zero forgiveness if the process is interrupted. Or the card would have to be formatted before encrypted data is allowed on.
The second solution is what Windows Mobile 6+ devices do. They use a FAT filesystem, but they have a layer on top of it. When a file is written, it encrypts the file, and stores it with a key hash and the .menc extension. So foo.txt would be stored as foo.txt.123456.menc. On reading, WM automatically decrypts any known .menc files that it has keys for (the keys being stored in main memory in \Windows\system\default.mky) If WM doesn't have a key that matches a signature, it will ignore the file. This allows for multiple devices with different keys to use the same card. To the applications on WM, this encryption is transparant, like EFS.
I'm hoping that three carriers moving to LTE for their next generation will help remedy this. AT&T and T-Mobile are moving to LTE because it is the next step in GSM. Verizon is going to be moving to it as well because it is easier to make tower sharing agreements and use a standard than try to roll their own. Only Sprint is doing something different, but they are betting the farm on Clear and WiMax.
Windows Mobile post 6.0 has one feature I wish Android had. The ability to encrypt everything on a memory card. This way, should a device be stolen, it would erase itself by too many wrong password guesses, or erase itself if told to, and the items on the memory card would be useless to the thief.
This is very easy to do in Linux, either via a filesystem method (encfs), or just block loopback encryption.
I just wish this was implemented properly, so when an Android phone tells an Exchange server it supports encryption; it actually does.
I'll probably reiterate a bunch from the parent poster, but when I saw Avatar, it borrowed from a number of movies, but the closest thing it seemed to follow was first book of Harry Harrison's "Deathworld". The core plot twists are the same or similar, the military base constantly under siege, the people finding natives and siding with them, the intelligent planet that finally fights back.
I consider it a noble tribute to that book. It was worth seeing the movie because of the FX, especially in 3D. The touches of futuristic details were excellent, from how data was moved from one screen to another, to the slap bracelet handcuffs.
Another book I also have seen tribute from was Asimov's Foundation series with Gaea. Yes, the Gaeans were not an advanced situation, but they didn't have to be, because they were all interlinked.
I didn't consider it an "environment uber Alles" type of movie, nor was it a guilt trip type of flick (Star Trek IV grated on nerves about the whole "save the whales" theme). The natives recognized the scientists and their avatars for what they were, but allowed them to live and even work on trade.
All and all, I hope Cameron puts out the two other movies in the series. All sci fi books and movies borrow from each other, and Avatar does a great job as a tribute to a lot of good works.
Clear sounds like something I'd like on a netbook or a laptop. However, 200ms latency if playing an online game really makes it killer.
LTE has yet to be rolled out, but I read somewhere they are promising sub 40 ms for most destinations on their network, and an average of 75 ms to an average server. I'd love to see this, but historically, radio has always had a lot more latency than wired connections like DSL that require less processing per bit over the wire.
I'm looking forward to LTE because it would standardize three providers -- Verizon, T-Mobile, and AT&T. Then if they use the same frequency, swapping a sim to use in an unlocked device shouldn't be as painful as it is now, as even on GSM networks, phones need quad-band capability to use T-Mobile's G3 and AT&T's G3 bands.
In companies I worked at, there is a fear of IPv6 even though most modern devices support it. They weathered the packet storms and glitches of land, teardrop, SYN flooding, fake ICMP resets, smurf, ping of death, and so on with IPv4.
Now, the PHBs I've encountered are worried stiff about the same bugaboos once the Pandora's Box of IPV6 comes from the edge into the core fabric. Some places may end up using IPv6 edge routing with hardened routers, but then use IPV4 and NAT so they can keep their internal machines (especially the older boxes which have no IPV6 support) going. It is a kludge, because the beauty of IPv6 is being able to have such a large address space. However, it might be the best in between technology.
What I did for a place that had to be seriously locked down (no external direct connections to the Internet in or out. Windows updates were handled by WSUS) was put on the subnets a Windows Server box with a bunch of RDP licenses (the place was a MS shop, so other solutions were not as viable. This Windows Server machine had a direct connection to the Internet, and policies blocking exchange of clipboard or any data between the RDP client and server. Similar policies were applied clientside.
Now with this in place, employees could RDP to the server and browse the Web all they wanted to with no site blocks. Between using an application whitelist, A/V software, and profiles, the chance of a user-level infection because someone was browsing pr0n was minimal.
At least holo storage made it to something concrete... but InPhase markets it as a replacement for optical storage, which is a high end market that companies shell out the big bucks for, so they can have top reliability in WORM archiving for legal reasons.
What would really be remarkable is one of these technologies making it not just to the boutique high end archiving market, but to something that can replace tape drives, ZIP drives, or USB flash drives. Enterprises would be beating down the door of a company who can make something that can be cheaper than tape, but on spinning platters and be easily moved around a robotic autochanger. Especially if the capacity is high enough that significantly fewer pieces of media are needed for storage and transport than the existing hard disk VTL or tape system. If the media company had a standardized way of encrypting the data with AES-256 in hardware that would be even nicer.
The best compromise I've seen when it comes to web filters is to have the standard corporate filter for pr0n and the like. This is to be there for the legal eagles and to fill out a checkbox. Then, off the record, is a certain VPN proxy which tunnels to a network outside of the company. This way, if someone does watch what traffic the company is doing, the pr0n traffic won't be registered as going to their IP. Of course, if people overtly abuse the VPN proxy, it can poof anytime because it officially doesn't exist.
What cracks me up is people who say that, especially the IT dude thing, then when asked what they would do differently, it seems they get the deer in the headlights thing going.
If one wants to know what running a MMO is like on a small scale, some Neverwinter Nights and NWN2 persistant worlds used a core database (MySQL + NWNX) and zone servers so they could deploy an immense world spanning a sizable number of PCs. It gets pretty scary how much CPU a zone server which just handles the mechanics of gameplay chews up, even with a relative small number of players. Now multiply that times the crazy-big amount of players a full size MMO has, and one sees why virtualization isn't used because every CPU cycle is precious.
Another example of CPU time are old fashioned MUDs. A popular LPMud with a number of imms making objects and regular players out battling stuff could not just jam a box with multiple CPUs, but also eat up a lot of RAM and I/O moving areas, zones, and mobiles in and out of memory.
Virtualization gives some advantages:
1: You can move the VM between physical hardware with little trouble. Power off VM, robocopy the files, power it on. For older Windows operating systems that required a reinstall if the underlying HAL changed, this is a large lifesaver.
2: Fast backups with the snapshot functionality.
3: Cloning -- need more instances, grab more hardware, fire up Hyper-V or ESXi, slap the VM on and go to town.
4: Clustering -- several physical machines can host one VM through a SAN and if one box fails, the failover can pick up where the main machine left off on the machine (not the app) level. This means you don't need to worry about how apps will deal with jumping MACs or hardware changes unexpectedly.
5: Security. If a VM got infected, it can be powered off and rolled back to a safe snapshot, and also a snapshot taken of its dirty state for forensics.
6: Ability to run on future hardware. Say everyone ditches x86 and amd64 and decides to go to IBM's POWER architecture and emulate legacy stuff. The stuff in the VM won't care that is is actually isn't running on a different CPU.
Of course, virtualization's disadvantage is performance losses due to the added overhead of more context switching.
For a MMO, virtualization isn't really needed except at the database core. If a zone server [1] goes down, there will be people nerd raging on the forums, but in reality if someone gets to it in 24 hours or so, people won't be pulling their subscriptions. The only real thing that would cause people to bail is a large player database rollback, so days to weeks of playing are lost. However if you have a good database cluster, this isn't going to happen.
Virtualization is just one of many IT tools. Sometimes it is an excellent thing to have. Other times, there isn't any real need to have it, especially for CPU intensive stuff on a server that can be cloned or easily reimaged with the apps on it.
[1]: I'm assuming zone servers handle the combat mechanics, only sending updates to the core player database when a player loots an item, dies, logs out, disconnects, or at a periodic interval if nothing else changes.
IMHO, Windows 2000 is the "unsung hero" of this. XP provided new window decorations, a DRM stack (Trusted Audio Path), activation (for non VLK copies), a few EncFS improvements (no need for a recovery agent, multiple users have access to a file), and shadow copies. However, it didn't change the game as in fundamental OS mechanics like moving from a DOS "shell" to a true 32 bit protected mode OS has done.
Windows 2000 provided essentially the OS we are sitting on now on most Windows installs. The server side gave us Active Directory, IPSec, a decent privilege/ACL model mostly inherited from NT, user rights (user with versus without admin privs), decent crash protection (especially compared to 9x/ME). The workstation edition gave us a full 32 bit executables, additions onto a decent journaling filesystem, innate separation of users (versus the kludgy .PWL files from the 9x era), and so on.
XP is a decent OS, and has weathered the test of time, and this by in its own right gives it mentioned, but it would gain recognition for being evolutionary, not revolutionary. Windows 2000 was revolutionary both on the client and server sides.
This is a matter of preference. For me, I prefer a slider such as the Droid, Cliq, or Moment because I'm used to typing on physical keys as opposed to making sure I got the right key pressed on a touchscreen. Even worse, some touchscreen phones I've used are not calibrated and do not register the contact on the screen at the right point. You hit a "p", and get an "o". Of course, you can't go any further right to get the "p" to register, and the phone does not have any method to recalibrate the screen to fix this.
4G is split up here in the US between Sprint/Clear's WiMax endeavor and LTE (which is going to be pushed out by T-Mobile, VZW, and AT&T).
My hope is that LTE frequencies are all standardized so I can use an unlocked device on any of the three networks. Part of the LTE spec is a standardized SIM card, so I have some hopes for this.
The problem with the Motorola Q and PocketPC devices is that they were running different editions of Windows Mobile.
Windows Mobile has two editions. One is for non touchscreen devices (Windows Mobile Standard), so even though it looks similar, the method of getting around in it is quite different than the Windows Mobile Professional which is based around a touchscreen UI. Apps for Windows Mobile Standard are far fewer than for Professional, so this is something which hurt the Q in a number of ways.
The good thing about Android is that it isn't split into two completely different UI methods (although the fact that Android devices run different versions of the OS is a hair puller.)
This is where Apple excels: There are three models of the iPhone, and apps can run on all three unless they take advantage of a specific feature (GPS, 3G, or compass.) Android has to avoid this trap of fragmenting, where a customer has to know that the app they are about to buy works on their version of the OS, and their model phone. If Android does fragment where one app has to be written for different versions to work, it might weaken the OS to the point where people just go back to Apple/AT&T where stuff "just works".
I'm just hoping that Motorola, Samsung, and HTC understand this, and hopefully keep their Android devices updated. It may seem counterproductive because they want to keep selling new models, but if a customer leaves the platform algother after the average two year commitment, it means no new devices purchases down the line.
I wouldn't say the N900 is running dead end OS, but I also wouldn't say that root is required to do everything on an Android device either.
The main three reasons I'd root an Android phone are to either upgrade the underlying Android version, to disable vendor specific stuff (such as the spinning cube on the Behold II which doesn't do much UI-wise, but takes up space and CPU time), and being able to run apps from the SD card via unionfs or other means.
If someone knows what they are doing, (or at least the ramifications of the # prompt), rooting isn't an issue. However, some Android phones do not yet have a complete flash image out there to recover back to, so if someone trashes stuff outside the user modifiable data directories (the stuff that is normally mounted read only), a hard reset may not be able to clear up a bootloop [1]. So, unless there is a way to drop into a recovery mode to re-flash (and have a default non-rooted Flash image handy), I'd be *VERY* careful about rooting. I like cautioning people against rooting unless they have a good reason for it because Android phones are not like iPhones. Unlike Apple's product, you don't need to go through a store to install all apps you want. Instead, you can install what you like via adb on Android. And of course, it is only a matter of time before some maliciously written apps make it to Androids store which can detect a rooted phone with no su protection and start wreaking mayhem [2].
[1]: Technically, this isn't bricking a phone if you can get to a recovery mode, but in reality, if you can't hop to a recovery mode and re-flash, it essentially is a brick until someone puts out a .shx file or similar with a usable image.
[2]: Most rooting processes have a defense against this, using a superuser.apx app, where it prompts the user to allow the app to have root. However, my fear is that users who don't realize that VERY few apps need root would just click "allow", and all hell breaks loose... which makes it look bad for the whole modding scene, and makes devices makers redouble their efforts to make their phones root-proof, or hostile to flashing custom firmware.
IIRC, China and other places also uses CDMA technology. China also uses R-UIM cards, which allow one to switch devices without having to place a call to an operator to change out the IMEI numbers.
There is a third option: If you have an account in good standing with T-Mobile, they will finance a chunk of the phone for you over some months. And there is no contract, although you are responsible for the balance for the phone.
The key is having the humor that the last DN3D had, but updated for modern times. The "GUILTY?" signs, the white Bronco chase scene, and 867-5309 in the restroom were all touches that set that game apart from the scads of FPS games that followed.
FrontMotion (http://www.frontmotion.com/Firefox/) keeps (fairly) updated copies of Firefox on their website ready to push in .MSI format. They are also signed.
This may not be something usable in a lot of places (Frontmotion isn't a company that everyone knows, so people would be leery of trusting their signatures), but it can be useful in some cases.
If I could ask for one thing with Flash, I wish it had a security model where on operating systems that supported it, it could run the foreign .swf containers either jailed or with highly restricted permissions. For example, a YouTube vid might need access to a shared object to set video preferences, but it needs no access other than that, or perhaps a way to connect back to YouTube to rate stuff or get the next video in a series.
This isn't hard in Windows. IIRC, one can create a restricted hToken, then use CreateProcessAsUser and have the child instance of whatever add-on do the heavy lifting. It isn't as elegant as a BSD jail, but it keeps stuff out of the user context, and you can lock a child process from touching the Registry or the filesystem.
I think this is an issue that affects all operating systems essentially:
There needs to be a central place for programs to check versions, then be directed to their repositories. The checking would be done in SSL, the version numbers placed on the repositories would be signed.
And this doesn't have to be centralized. As part of a package's manifest, it would have a URL that the updater daemon would use and pull a signed list of latest versions. If the program isn't the latest, the OS update utility would be able to find where exactly to go (perhaps even supporting torrents) and grab the latest rpm, .deb, .msp/.msi, .installp, or tarball.
Of course, the update daemon can be configured to only check an internal repository. This is VITAL when it comes to staging upgrades, so a production machine doesn't slurp some update from a repository, eat its spleen and take a dirt nap, taking your production webserver with it.
This can also be multiplatform. This allows an updater on the staging server to check Linux packages on internal machines, grab all that need updated and store them in a mirror, then go out and grab the OS X ones, then the Windows ones, and whatever operating systems are in use. Then once the sysadmin approves the upgrade, the machines internally do the rest of the work.
Try to get a standard on an alternative technology that has been around a while? If Oracle could update Java so it had better video processing, it could possibly go head to head with Flash for movies. Unlike Flash, Java has a decent security model so sandboxed stuff won't be jumping out to execute crap as a user, or perhaps as a superuser.
Also, unlike Flash, Java runs almost anywhere. Yes, there are JVM issues, but a Java applet can be coded to run on any platform. The only platform it doesn't work on that is mainstream is a non jailbroken iPhone (jailbroken ones run it happily.) And there are utilities like alcheMo to natively port bytecode to BREW.
Oracle really should see about throwing some serious development man-hours at JMF and making something that can go head to head with Flash. This would be great because if Java takes back the standard role, it means one less extension that can be compromised.
Another to do is consider running a browser that separates add-ons from the user context. IE8 does this by running things in a restricted mode. Chrome goes one step better and has the add-ons run essentially in a VM.
Of course, the most secure way of all is to run your Web browsing in a virtual machine (and use snapshots to roll back when done, dropping all changes), with the Web browser and its add-ons running as an unpriviliged user (no UAC or sudo access). This way, malicious software will have to get the user context in the VM, get to administrator, find a hole in the hypervisor, then find a way to get to some context in the host OS, which is a daunting task.
I'd be tickled pink to see a sequeal of DN3D, even if it isn't the legendary DNF, but "just another " Duke Nukem game. Save the legendary title for something else, find a decent 3D engine, and allow us cool places to read the daily newspaper again.
This is why GSM was invented. In the days of analog phones, it was not hard at all for a decently equipped thief to clone a phone and either make calls, or sell the cloned phone for cash. This goes until the victim calls the cellphone provider about the multi-thousand dollar bills.
For a long while, GSM's security through obscurity did well for protection, but if this guy can decrypt the algorithm, I'm sure blackhat organizations have been exploiting this for fraud for years.