The only reason I can see for use for a smart TV is because it might have native support for Hulu, YouTube, or other content channels. Even then, there are appliances for this sort of thing, and one can put a firewall appliance to allow connections to the content provider, deny them everywhere else.
Smart TVs are like IoT in general. Not needed, a solution looking for a problem, and will bring in far more security issues than it will bring benefits. Yes, there are ways to secure IoT, for example, having devices be paired with a central, hardened hub server which does the Internet stuff (as opposed to direct Internet connections), but because there are no downsides for device makers to slacking on security when it comes to IoT devices, one just has to view them as extremely insecure.
What would be nice is something like UL, but for security. A third party independent testing house that does security checks before giving approval, similar to how UL checks the safety of a device when it is plugged in.
What might be interesting would be a signing/timestamping app that has a portion sitting on the SIM card. This way, when a screenshot is taken, it is cryptographically signed, with the private key residing in a tamper resistant area, with no way to forge when the screenshot was signed.
As for unsend functionality, it is part of Exchange as well, but if one reads mail fairly quickly (or has a mail filter to move mail) the unsend attempt will be not successful, and tends to let the receiver know the sender wanted to take it back.
Oddly enough, one can find external drives cheaper than internals, especially this time of year for the same capacity.
Caveat: The drive quality in an external drive may not be as good as an internal (as you know 100% what you are buying for an internal drive.) However, there are applications where that is fine, such as a NAS with RAID 1, 5, 6, or other redundancy. However, sometimes you can luck out. I shucked an external HDD I bought, found a WD Red inside (which can't be found by hdparm because the USB controller masks the actual drive mechanism/ROM.) Yes, the WD Red is only 5400 RPM... but for a low-end NAS, it is good enough.
I wouldn't be surprised to find more clients using it because it is a TCP/UDP mishmash that is good for multicasting, IPTV, and telco stuff. Of course, it will require new firewalls, since most will look at the packets, go, "is it TCP/UDP/IGMP/ICMP... if not, just drop them."
As for local attacks, I'm glad they are taken care of. Although not as show-stopping as a remote root bug, with containerization becoming mainstream, a bug that panics a kernel and drops a compute node can cause some headaches, even if the services are redundant.
In 1991, NeXTStep had ECC encryption for E-mail in version 3.0 (called FastECC.) If there were a patent made then, it definitely would be expired by now.
That precedent is an uphill battle. Most devices will come with some type of EULA to use the "software" on the item, which has been proven in court to make software makers sue-proof.
The fact that there are EULAs that allow IoT devices to have unfettered access info, and allow third parties to have it is another reason those devices need to remain at the store.
In the UK, "Insurance lock rated" means something. It means that a bike or moped that was secured with the lock would be covered as a condition of the insurance policy.
Here in the US, it doesn't mean that much, as there are fewer third party testers, so the next best thing is to use Europe's, which do mean something other than advertising hype.
A capacitor stores electricity in a physical form. A battery stores it in chemical form. Capacitors can store energy a lot faster, but have a fraction of the energy per cubic unit volume that a battery does. However, a capacitor can charge and discharge extremely quickly, allowing them to be used to smooth out rectified A/C, for example.
1: Ransomware is on the rise, with new vectors. 2: There is zero incentive (financial or otherwise) for IoT vendors to do anything but lip service to security. As a PHB told me a few years ago, "show me where purchasing a padlock, a card access reader, or a secure appliance has ever shown a financial gain for any company other than to Assa-Abloy or a lock maker." Of course, this is fallacious reasoning, but it is pretty common. 3: Testing is abbreviated at best. The goal is to get the IoT devices to market fast... worry about glitches, bugs, and security items later, or maybe fix them in the 2.0 version. 4: There are no IoT security standards, or architectures [1]. 5: There is no assurance about security, other than maybe a pretty lock icon, or "protected by 256 bit AES"... generic drivel. When I buy a padlock, I can buy one with "Sold Secure", "Insurance lock rated", or other ratings that the lock passed some heavy testing. When I have an electrical appliance, it is UL listed. There is no body that can show security compliance for an IoT device. So, I have nothing but the word of an advertiser.
All and all, IoT devices are a win/win for tracking companies and blackhats... but for the people shelling out cash for the devices? Not much. I don't have any BlueTooth light bulbs, nor deadbolts accessible from the Internet. And I plan to keep it that way. In fact, if I were to pay for an expensive fridge, it would be a fridge that used propane or natural gas, so a power outage would only turn off the light inside, not affect cooling.
[1]: An example of a reasonably secure architecture would be devices that communicated via BlueTooth or Wi-Fi to a hardened hub appliance, which then communicated to the Internet. This way, there would be no direct access from the outside to IoT devices, and the hub appliance could be configured with IDS/IPS rules to block out a compromised appliance.
I would probably go with a different term of succeeding and failing.
Until we get battery technology that can store in the range of energy per cubic unit as gasoline or diesel, or we have some way of pulling CO2 out of the air and turning that into a stored fuel (propane, or ethanol), renewables will hit a wall, and can't do much for base energy usage.
However, peak energy, on the other hand... is a completely different story. Renewables have helped a lot in this department.
The payoff with renewables is the relatively low upkeep over time. For the most part, once a solar install is in place, one has to maintain the batteries, wash the panels off, and if the panels are on a tracking system (which gives 20-35% more energy depending if it is one or two axis), keep that maintained.
Wind is similar, batteries need maintained, but other than that, if the turbine hasn't had damage, a number of them are rated to not need maintenance for 120,000 hours.
What would fundamentally change things (next to fusion, of course), would be very energy dense batteries. Think Tesla's PowerWall. This would change the grid for the better.
For a little bit more, I can get a pair of studio grade monitors and perhaps a subwoofer. No, they may not have Bluetooth or whatnot, but that is what a stereo receiver is for.
Of course, monitors are supposed to have a flat response across the board, but that is what equalizers are for, if one wants boominess.
For a decent home system, speakers should have ports for audio, and that's it. Other equipment takes care of the other items. This way, no matter what upgrades to audio receivers happen, the speakers will always be usable. Adding electronics just means the component now is dated. For example, with 4K coming out, unless every component of a system is HDCP 2.2 compliant, you will wind up with blank video.
Of course, it is quite obvious that none of this should be connected to the Internet other than maybe the audio receiver which is used for streaming. Everything else, if a firmware upgrade is needed, should be done by a USB flash or a SD card. Ideally, another physical switch or button used so the flashing process requires someone to actually have initiated it.
I see this with computers. Someone has an issue with their desktop machine, they toss the old one and buy a new one. Phones? Instead of worrying about ROMs, they just toss theirs and buy a new one.
People are conditioned to buy something new when stuff breaks. The TV goes bad? Buy a new one, and make sure to get the Geek Squad warranty so it can be exchanged if it breaks.
Lets look at scenarios:
Scenario 1: The TV maker puts in an "oh shit, reset all", which reloads a "1.0" OS from a ROM, or at least some onboard flash with writing disabled. This costs money for them to have it, and support costs to tell the user to press these keys while turning on the TV.
Scenario 2: The TV maker just has their support tell customers they are hosed, and buy a new unit. Support costs are far less, since it is far quicker to tell someone to go to Best Buy than it is to hang on the phone. In addition, the TV maker makes a profit on a new set.
With Scenario 2 being more profitable, which would they go with?
There are many webhost providers. Lunarpages, Rackspace, Amazon, etc. I personally prefer IaaS offerings, and would rather run my own VM on a provider like linode, just so I have assurance that everything from the OS on up is properly secure.
Very true. Blockchains definitely are truly proof of where the coins went. However, there are ways to launder BTC, such as tumblers, CoinJoin, exchanging for another currency and then back, and so on.
Because of this, BitCoin is still used for nefarious purposes, as the transactions may be 100% traceable, but once moved out of the BTC arena into another currency, that is where the trail can go cold quickly.
For home/SOHO usage, what also might help is adding a router and virtualization. The router ideally should be a small PFSense appliance with snort on it.
Virtualization helps because it keeps things isolated. Nothing is perfect (as in theory, the hypervisor can be compromised), but with a layer separating the desktop OS from the bare metal, and an active gatekeeper that can easily block stuff phoning home, this will help with mitigation.
For example, web browsing. Running the day to day browser in a VM [1] will go far in ensuring that a compromise via the browser won't go far. Since most browsers will sync bookmarks, a complete rollback to a known good snapshot every so often (Patch Tuesday, for example) will not waste much time.
Later companies/enterprises are a different story. However, they have a lot more tools, such as VDI, better IDS/IPS monitors, and so on.
On a side note, the parent poster has presented a good argument about why a desktop should be AMD. Definite food for thought.
[1]: Running the VM on a SSD will help performance out, otherwise the main OS and the VM will always be fighting for control of the drive heads.
In companies, using a device like BlueCoat, or another, and dropping the root cert into AD for it to be auto-trusted isn't unheard of.
However, I'm seeing this being done more and more with adware. In fact, when helping to clean some infections, when I was doing a quick forensic check before saving documents and wiping the box, almost all the machines with adware/scumware had a root cert added, and all traffic going through some local VPN or proxy. This is of course fixable, but if this is done, who knows what other stuff is installed, so it is best to just save critical stuff and start all over.
There is one way around the WPBT install (which has been around for almost a decade, mainly used to reinstall LoJack for Laptops), and that is to install an OS which acts as a hypervisor (ideally a non-Windows OS which doesn't give a hoot about WPBT), then do the rest of your work in a VM. Of course, this makes gaming almost impossible, but it is a way to mitigate the damage that WPBT installed software is able to do.
I personally don't mind software that an OEM wants to have installed with Windows, especially drivers for NICs and core items which are difficult to just fetch and download. However, the ideal would be to have an install/recovery image of Windows on a read-only flash partition, ideally with the ability to boot more than one Windows edition (so a machine that initially came with Windows 7, got upgraded to Windows 10 has the option to boot and install from either.) At the minimum, the user should be prompted and given the option to install each signed package, or just decline everything.
e-Ink displays on more devices would be useful in general. For example, on a home router, it could display the initial password on it, and with a button or two, have minimal configuration done (set the IP), so it can have the rest of its configuration done via a web page (or SSH.)
For external devices like a home NAS, it can show a snapshot of what is going on every so often (5-10 minutes), as well as show that there is an issue with a downed drive or fan. Even external hard disks could benefit, since the display could show SMART status, or number of writes for a SSD.
For a time back in the 1990s, every device had a LCD readout that had verbose info on it. The computer case showed what was going on via POST. The monitor (CRTs, at the time) showed resolution and refresh rate. Printers showed stats like how much toner/ink was left in real time. Even tape drives showed how long until they needed cleaned, what density and blocksize was in use, and the capacity of the cartridge. If those displays could come back as e-Ink items, it would be quite useful.
For laptops, how about Kensington lock slots? Computers are not cheap, and it would be nice to be able to chain it down to a desk without having to either go with a laptop cage, lock it in a drawer, or use some slapdash method like a piece of metal between the hinges.
For desktops, I'd like to see real keylocks return. Not the crappy round-key cheapie type, but the real 5-6 pin Medeco locks that IBM used on their PS/2 machines. The keylock in front would be a soft-switch to the OS to disable all HID devices and blank the screen (so someone plugging in a USB keyboard or mouse would still be locked out.) The keylock in back would keep the case from being opened without leaving obvious damage. Combine this with some type of cable, and it will help ensure the desktop stays put.
Of course, it might be nice to have a fiber optic cable that each end plugs into a set of S/PDIF slots. If the cable is cut or unplugged, it acts as an intrusion sensor, and immediately hard-powers off the machine. This way, if a machine is physically grabbed, the data is protected.
Bingo. The Internet caught the big content providers by surprise, back in the 1990s. For a while, there was a war between computers (and AOL/CIS) versus TV set top boxes on what would provide the interactive media coming into households. Fortunately, in that case, the good guys won. However, that was a battle, and it is a war, and if we don't resist it at every turn, we might just find that all our computers wind up as locked down consoles. Great for the 0% piracy rate and ensuring constant revenue streams for quarter figures. Not great for the users because you don't know who or what is spying on you, or if the backdoor reserved for the maker now just got old on the black market, and is now being used for botnets.
People need to vote with their feet. Never buy a phone without a bootloader that is easily unlocked. Do not buy consoles, which one has zero control over.
We also need batteries with higher energy density per volume, and it would be nice if MPPT charge controller prices go down (where the most expensive part is likely the inductor coil for the buck/boost charging.)
Batteries would change everything. If a stable, long-life battery that holds even an order of magnitude less than what gasoline stores in unit volume, this would fundamentally change the structure of the power grid.
Agreed. I also have nothing but respect for the TrueCrypt forum members as well, which had some highly intelligent discussions.
What TrueCrypt brought to the table which few other programs do is the cross platform compatibility, where I can have a TC container created on a Linux box able to be opened and used on a Mac or a Windows machine. There are other utilities like FreeOTFE, but TrueCrypt was well maintained, and the hidden volume functionality is quite useful, especially for someone on a business trip who travels abroad.
I'm hoping VeraCrypt is able to keep up TrueCrypt's legacy, because TrueCrypt definitely has a niche that few other products can fill. There are commercial products like BestCrypt [1] and DriveCrypt which have similar functionality, but TC has been audited, and the source code has seen scrutiny.
[1]: Jetico's BestCrypt is a good commercial product. Before TC, this is something I used for containers as well as FDE.
I just want to see a way to implement either a file-level sharing (think Samba/CIFS/NFS), or block level sharing (think iSCSI) over BlueTooth. No, it won't be extremely fast, but for computers with no ports on them like the MacBook, tablets, and smartphones, it would give the ability to access mass storage without needing to piggyback onto Wi-Fi.
This not just would allow drive access, but a backup mechanism that isn't dependant on the cloud, and if done right, decently fast, with security an ingrained part of it via BT pairing.
Other than an "enhanced advertising experience", and perhaps viewing some web content, what does a smart TV actually give as a service? Especially if one has a set top box from their provider, or something like a Roku, Chromecast, Apple TV, or a HTPC. At best, I can see the TV streaming Netflix as a feature... but with all the data sent back, it isn't worth the privacy invasion.
Of course, if the TV can't work unless it has Internet access, it will go back to the store -stat-.
It is a good idea, but for transport encryption, S/MIME should be used between clients, or even better, PGP/GnuPG because it isn't relying on a root CA key for security.
For DAR (data at rest), I have done complex setups in the past which have bitten me in the rear more often than not... these days, I wind up using gnupg for files, EncFS for directories, VeraCrypt for file based drive images, and the OS's native block encryption (BitLocker, FileVault, LUKS) for physical drives.
Long term, I should consider setting up a VM [1] that actively uses fetchmail to grab data, then SSH in and use mutt to read it, but right now, I'm mainly looking at yanking moldy stuff from mail providers, and stashing it in a place where it is accessible via SSH, VPN, or a 2FA mechanism [2].
[1]: I like virtualizing all servers that don't require bare metal, if at all possible. For a home user, it makes life easy when you can tote an external USB flash drive [3] from one box to another with the virtual machine on it.
[2]: 2FA isn't a cure for all ills, but it does take a number of attacks off the table, especially coupled with Fail2Ban or another blocking utility.
[3]: Or an external USB SSD. Even on such a low speed port like USB 3, the fact that there isn't any seek time on the SSD is noticable with multiple VMs running on it.
Slashdot Mirror
The only reason I can see for use for a smart TV is because it might have native support for Hulu, YouTube, or other content channels. Even then, there are appliances for this sort of thing, and one can put a firewall appliance to allow connections to the content provider, deny them everywhere else.
Smart TVs are like IoT in general. Not needed, a solution looking for a problem, and will bring in far more security issues than it will bring benefits. Yes, there are ways to secure IoT, for example, having devices be paired with a central, hardened hub server which does the Internet stuff (as opposed to direct Internet connections), but because there are no downsides for device makers to slacking on security when it comes to IoT devices, one just has to view them as extremely insecure.
What would be nice is something like UL, but for security. A third party independent testing house that does security checks before giving approval, similar to how UL checks the safety of a device when it is plugged in.
What might be interesting would be a signing/timestamping app that has a portion sitting on the SIM card. This way, when a screenshot is taken, it is cryptographically signed, with the private key residing in a tamper resistant area, with no way to forge when the screenshot was signed.
As for unsend functionality, it is part of Exchange as well, but if one reads mail fairly quickly (or has a mail filter to move mail) the unsend attempt will be not successful, and tends to let the receiver know the sender wanted to take it back.
Oddly enough, one can find external drives cheaper than internals, especially this time of year for the same capacity.
Caveat: The drive quality in an external drive may not be as good as an internal (as you know 100% what you are buying for an internal drive.) However, there are applications where that is fine, such as a NAS with RAID 1, 5, 6, or other redundancy. However, sometimes you can luck out. I shucked an external HDD I bought, found a WD Red inside (which can't be found by hdparm because the USB controller masks the actual drive mechanism/ROM.) Yes, the WD Red is only 5400 RPM... but for a low-end NAS, it is good enough.
I wouldn't be surprised to find more clients using it because it is a TCP/UDP mishmash that is good for multicasting, IPTV, and telco stuff. Of course, it will require new firewalls, since most will look at the packets, go, "is it TCP/UDP/IGMP/ICMP... if not, just drop them."
As for local attacks, I'm glad they are taken care of. Although not as show-stopping as a remote root bug, with containerization becoming mainstream, a bug that panics a kernel and drops a compute node can cause some headaches, even if the services are redundant.
In 1991, NeXTStep had ECC encryption for E-mail in version 3.0 (called FastECC.) If there were a patent made then, it definitely would be expired by now.
That precedent is an uphill battle. Most devices will come with some type of EULA to use the "software" on the item, which has been proven in court to make software makers sue-proof.
The fact that there are EULAs that allow IoT devices to have unfettered access info, and allow third parties to have it is another reason those devices need to remain at the store.
In the UK, "Insurance lock rated" means something. It means that a bike or moped that was secured with the lock would be covered as a condition of the insurance policy.
Here in the US, it doesn't mean that much, as there are fewer third party testers, so the next best thing is to use Europe's, which do mean something other than advertising hype.
A capacitor stores electricity in a physical form. A battery stores it in chemical form. Capacitors can store energy a lot faster, but have a fraction of the energy per cubic unit volume that a battery does. However, a capacitor can charge and discharge extremely quickly, allowing them to be used to smooth out rectified A/C, for example.
Bingo.
1: Ransomware is on the rise, with new vectors.
2: There is zero incentive (financial or otherwise) for IoT vendors to do anything but lip service to security. As a PHB told me a few years ago, "show me where purchasing a padlock, a card access reader, or a secure appliance has ever shown a financial gain for any company other than to Assa-Abloy or a lock maker." Of course, this is fallacious reasoning, but it is pretty common.
3: Testing is abbreviated at best. The goal is to get the IoT devices to market fast... worry about glitches, bugs, and security items later, or maybe fix them in the 2.0 version.
4: There are no IoT security standards, or architectures [1].
5: There is no assurance about security, other than maybe a pretty lock icon, or "protected by 256 bit AES"... generic drivel. When I buy a padlock, I can buy one with "Sold Secure", "Insurance lock rated", or other ratings that the lock passed some heavy testing. When I have an electrical appliance, it is UL listed. There is no body that can show security compliance for an IoT device. So, I have nothing but the word of an advertiser.
All and all, IoT devices are a win/win for tracking companies and blackhats... but for the people shelling out cash for the devices? Not much. I don't have any BlueTooth light bulbs, nor deadbolts accessible from the Internet. And I plan to keep it that way. In fact, if I were to pay for an expensive fridge, it would be a fridge that used propane or natural gas, so a power outage would only turn off the light inside, not affect cooling.
[1]: An example of a reasonably secure architecture would be devices that communicated via BlueTooth or Wi-Fi to a hardened hub appliance, which then communicated to the Internet. This way, there would be no direct access from the outside to IoT devices, and the hub appliance could be configured with IDS/IPS rules to block out a compromised appliance.
I would probably go with a different term of succeeding and failing.
Until we get battery technology that can store in the range of energy per cubic unit as gasoline or diesel, or we have some way of pulling CO2 out of the air and turning that into a stored fuel (propane, or ethanol), renewables will hit a wall, and can't do much for base energy usage.
However, peak energy, on the other hand... is a completely different story. Renewables have helped a lot in this department.
The payoff with renewables is the relatively low upkeep over time. For the most part, once a solar install is in place, one has to maintain the batteries, wash the panels off, and if the panels are on a tracking system (which gives 20-35% more energy depending if it is one or two axis), keep that maintained.
Wind is similar, batteries need maintained, but other than that, if the turbine hasn't had damage, a number of them are rated to not need maintenance for 120,000 hours.
What would fundamentally change things (next to fusion, of course), would be very energy dense batteries. Think Tesla's PowerWall. This would change the grid for the better.
For a little bit more, I can get a pair of studio grade monitors and perhaps a subwoofer. No, they may not have Bluetooth or whatnot, but that is what a stereo receiver is for.
Of course, monitors are supposed to have a flat response across the board, but that is what equalizers are for, if one wants boominess.
For a decent home system, speakers should have ports for audio, and that's it. Other equipment takes care of the other items. This way, no matter what upgrades to audio receivers happen, the speakers will always be usable. Adding electronics just means the component now is dated. For example, with 4K coming out, unless every component of a system is HDCP 2.2 compliant, you will wind up with blank video.
Of course, it is quite obvious that none of this should be connected to the Internet other than maybe the audio receiver which is used for streaming. Everything else, if a firmware upgrade is needed, should be done by a USB flash or a SD card. Ideally, another physical switch or button used so the flashing process requires someone to actually have initiated it.
This, in a nutshell.
I see this with computers. Someone has an issue with their desktop machine, they toss the old one and buy a new one. Phones? Instead of worrying about ROMs, they just toss theirs and buy a new one.
People are conditioned to buy something new when stuff breaks. The TV goes bad? Buy a new one, and make sure to get the Geek Squad warranty so it can be exchanged if it breaks.
Lets look at scenarios:
Scenario 1: The TV maker puts in an "oh shit, reset all", which reloads a "1.0" OS from a ROM, or at least some onboard flash with writing disabled. This costs money for them to have it, and support costs to tell the user to press these keys while turning on the TV.
Scenario 2: The TV maker just has their support tell customers they are hosed, and buy a new unit. Support costs are far less, since it is far quicker to tell someone to go to Best Buy than it is to hang on the phone. In addition, the TV maker makes a profit on a new set.
With Scenario 2 being more profitable, which would they go with?
There are many webhost providers. Lunarpages, Rackspace, Amazon, etc. I personally prefer IaaS offerings, and would rather run my own VM on a provider like linode, just so I have assurance that everything from the OS on up is properly secure.
Very true. Blockchains definitely are truly proof of where the coins went. However, there are ways to launder BTC, such as tumblers, CoinJoin, exchanging for another currency and then back, and so on.
Because of this, BitCoin is still used for nefarious purposes, as the transactions may be 100% traceable, but once moved out of the BTC arena into another currency, that is where the trail can go cold quickly.
For home/SOHO usage, what also might help is adding a router and virtualization. The router ideally should be a small PFSense appliance with snort on it.
Virtualization helps because it keeps things isolated. Nothing is perfect (as in theory, the hypervisor can be compromised), but with a layer separating the desktop OS from the bare metal, and an active gatekeeper that can easily block stuff phoning home, this will help with mitigation.
For example, web browsing. Running the day to day browser in a VM [1] will go far in ensuring that a compromise via the browser won't go far. Since most browsers will sync bookmarks, a complete rollback to a known good snapshot every so often (Patch Tuesday, for example) will not waste much time.
Later companies/enterprises are a different story. However, they have a lot more tools, such as VDI, better IDS/IPS monitors, and so on.
On a side note, the parent poster has presented a good argument about why a desktop should be AMD. Definite food for thought.
[1]: Running the VM on a SSD will help performance out, otherwise the main OS and the VM will always be fighting for control of the drive heads.
In companies, using a device like BlueCoat, or another, and dropping the root cert into AD for it to be auto-trusted isn't unheard of.
However, I'm seeing this being done more and more with adware. In fact, when helping to clean some infections, when I was doing a quick forensic check before saving documents and wiping the box, almost all the machines with adware/scumware had a root cert added, and all traffic going through some local VPN or proxy. This is of course fixable, but if this is done, who knows what other stuff is installed, so it is best to just save critical stuff and start all over.
There is one way around the WPBT install (which has been around for almost a decade, mainly used to reinstall LoJack for Laptops), and that is to install an OS which acts as a hypervisor (ideally a non-Windows OS which doesn't give a hoot about WPBT), then do the rest of your work in a VM. Of course, this makes gaming almost impossible, but it is a way to mitigate the damage that WPBT installed software is able to do.
I personally don't mind software that an OEM wants to have installed with Windows, especially drivers for NICs and core items which are difficult to just fetch and download. However, the ideal would be to have an install/recovery image of Windows on a read-only flash partition, ideally with the ability to boot more than one Windows edition (so a machine that initially came with Windows 7, got upgraded to Windows 10 has the option to boot and install from either.) At the minimum, the user should be prompted and given the option to install each signed package, or just decline everything.
e-Ink displays on more devices would be useful in general. For example, on a home router, it could display the initial password on it, and with a button or two, have minimal configuration done (set the IP), so it can have the rest of its configuration done via a web page (or SSH.)
For external devices like a home NAS, it can show a snapshot of what is going on every so often (5-10 minutes), as well as show that there is an issue with a downed drive or fan. Even external hard disks could benefit, since the display could show SMART status, or number of writes for a SSD.
For a time back in the 1990s, every device had a LCD readout that had verbose info on it. The computer case showed what was going on via POST. The monitor (CRTs, at the time) showed resolution and refresh rate. Printers showed stats like how much toner/ink was left in real time. Even tape drives showed how long until they needed cleaned, what density and blocksize was in use, and the capacity of the cartridge. If those displays could come back as e-Ink items, it would be quite useful.
For laptops, how about Kensington lock slots? Computers are not cheap, and it would be nice to be able to chain it down to a desk without having to either go with a laptop cage, lock it in a drawer, or use some slapdash method like a piece of metal between the hinges.
For desktops, I'd like to see real keylocks return. Not the crappy round-key cheapie type, but the real 5-6 pin Medeco locks that IBM used on their PS/2 machines. The keylock in front would be a soft-switch to the OS to disable all HID devices and blank the screen (so someone plugging in a USB keyboard or mouse would still be locked out.) The keylock in back would keep the case from being opened without leaving obvious damage. Combine this with some type of cable, and it will help ensure the desktop stays put.
Of course, it might be nice to have a fiber optic cable that each end plugs into a set of S/PDIF slots. If the cable is cut or unplugged, it acts as an intrusion sensor, and immediately hard-powers off the machine. This way, if a machine is physically grabbed, the data is protected.
Bingo. The Internet caught the big content providers by surprise, back in the 1990s. For a while, there was a war between computers (and AOL/CIS) versus TV set top boxes on what would provide the interactive media coming into households. Fortunately, in that case, the good guys won. However, that was a battle, and it is a war, and if we don't resist it at every turn, we might just find that all our computers wind up as locked down consoles. Great for the 0% piracy rate and ensuring constant revenue streams for quarter figures. Not great for the users because you don't know who or what is spying on you, or if the backdoor reserved for the maker now just got old on the black market, and is now being used for botnets.
People need to vote with their feet. Never buy a phone without a bootloader that is easily unlocked. Do not buy consoles, which one has zero control over.
We also need batteries with higher energy density per volume, and it would be nice if MPPT charge controller prices go down (where the most expensive part is likely the inductor coil for the buck/boost charging.)
Batteries would change everything. If a stable, long-life battery that holds even an order of magnitude less than what gasoline stores in unit volume, this would fundamentally change the structure of the power grid.
Agreed. I also have nothing but respect for the TrueCrypt forum members as well, which had some highly intelligent discussions.
What TrueCrypt brought to the table which few other programs do is the cross platform compatibility, where I can have a TC container created on a Linux box able to be opened and used on a Mac or a Windows machine. There are other utilities like FreeOTFE, but TrueCrypt was well maintained, and the hidden volume functionality is quite useful, especially for someone on a business trip who travels abroad.
I'm hoping VeraCrypt is able to keep up TrueCrypt's legacy, because TrueCrypt definitely has a niche that few other products can fill. There are commercial products like BestCrypt [1] and DriveCrypt which have similar functionality, but TC has been audited, and the source code has seen scrutiny.
[1]: Jetico's BestCrypt is a good commercial product. Before TC, this is something I used for containers as well as FDE.
The file command does exactly this. Type in "file foo", it will tell you what it is.
No need to add any additional software to the Linux box.
I just want to see a way to implement either a file-level sharing (think Samba/CIFS/NFS), or block level sharing (think iSCSI) over BlueTooth. No, it won't be extremely fast, but for computers with no ports on them like the MacBook, tablets, and smartphones, it would give the ability to access mass storage without needing to piggyback onto Wi-Fi.
This not just would allow drive access, but a backup mechanism that isn't dependant on the cloud, and if done right, decently fast, with security an ingrained part of it via BT pairing.
Other than an "enhanced advertising experience", and perhaps viewing some web content, what does a smart TV actually give as a service? Especially if one has a set top box from their provider, or something like a Roku, Chromecast, Apple TV, or a HTPC. At best, I can see the TV streaming Netflix as a feature... but with all the data sent back, it isn't worth the privacy invasion.
Of course, if the TV can't work unless it has Internet access, it will go back to the store -stat-.
It is a good idea, but for transport encryption, S/MIME should be used between clients, or even better, PGP/GnuPG because it isn't relying on a root CA key for security.
For DAR (data at rest), I have done complex setups in the past which have bitten me in the rear more often than not... these days, I wind up using gnupg for files, EncFS for directories, VeraCrypt for file based drive images, and the OS's native block encryption (BitLocker, FileVault, LUKS) for physical drives.
Long term, I should consider setting up a VM [1] that actively uses fetchmail to grab data, then SSH in and use mutt to read it, but right now, I'm mainly looking at yanking moldy stuff from mail providers, and stashing it in a place where it is accessible via SSH, VPN, or a 2FA mechanism [2].
[1]: I like virtualizing all servers that don't require bare metal, if at all possible. For a home user, it makes life easy when you can tote an external USB flash drive [3] from one box to another with the virtual machine on it.
[2]: 2FA isn't a cure for all ills, but it does take a number of attacks off the table, especially coupled with Fail2Ban or another blocking utility.
[3]: Or an external USB SSD. Even on such a low speed port like USB 3, the fact that there isn't any seek time on the SSD is noticable with multiple VMs running on it.