As of now, there are no laws that an ISP has to deliver packets to any site, or any port.
IMHO, this is just the start of this type of activity. Eventually (assuming no regulation is done), ISPs will just refuse traffic from any domain who doesn't pay them a certain amount per bit per month. So, if Yahoo doesn't pay ISP "A" a fee so their bits will go across, all that ISP's subscribers would see either the destination unreachable, or even worse, be redirected to another site.
As of now, there are no laws against ISPs doing this. One could in the future attempt to go to their bank, be redirected to another bank because the other bank pays the ISP to carry their traffic and refuse the other bank access.
Letsee... Draconian copy protection, three installs or hardware changes, and now the ability to lock anyone from their paid for online content at a whim.
Sigh... EA has sucked in so many good companies. Westwood, Origin, and Bioware are companies whose games come to mind that I loved and would buy again... if it wasn't for EA's treating their paid customers like convicted criminals.
EA can redeem themselves... Borrow from Stardock Software and actually assume paying customers are not immediately going to steal their works. The game will be on BitTorrent eventually... and no copy protection means more loyal customers go to the store for the game, rather than BT seeds.
If a thug breaks down a door, smashes a window, or takes a chainsaw to a wall for entry, there is an obvious signature of forced entry. One takes a picture of this, and when claiming insurance, will have few problems.
If a lock is picked or bumped, there is no sign of entry, thus an insurance company likely won't pay and probably one will have to obtain their claim in a court of law where they have to prove that the item was there, and it was stolen, not hidden or sequestered somehow.
This is what Assa-Abloy's Cliq technology is for. The cylinder has a small chip which gets power from a battery on the key, and if the key is correct (it uses a challenge/response system to validate the key's serial number), it will retract a small solenoid. The rest of the cylinder is mechanical with the same pick resistance as the line its in, be it Abloy Protech, Mul T Lock, or Medeco.
Chubb (the venerable English lock maker) actually has a prison lock where part of its construction is to make it resistant to eyeballing by inmates, so they can't memorize the cuts on it and create a copy with sheet metal or another source.
Other than that, a few keys that are eyeball resistant that come to mind are the Shlage Primus, and the Medeco3 key, because someone would have to eyeball the slider, the pin depth cuts, and the angles of the cuts for the pins to rotate.
Perhaps one answer for storing data securely, but allowing it to dynamic expand is to create a PGPDisk that is dynamically expanding. Then, the data in can be safe, but the file can be moved to bigger RAID arrays if need be.
If someone is promising a high quality SLA, they almost never will be using one box for their offerings. They will be using two or more machines connected via redundant disk controllers to a common SAN or disk array, and all the boxes will be connected to each other via heartbeat monitors.
The good thing, both VMWare and Hyper-V in Windows Server 2008 help make this task a bit easier, by allowing for a virtual machine to be hosted on a cluster, so if the primary machine fails, the others can take over without missing a step.
For five nines, everything needs to be redundant, from different sets of wires coming in the building so a backhoe doesn't cut everything in one swipe, to multiple power trunks connecting to a machine's redundant power supplies (no "Y" cables), so on and so forth. Some IBM machines even use 2-3 CPUs executing the same task at a time so if one of them glitches on a calculation, the machine can be failed down and a backup take over. A lot of companies even have different hot spare locations, where they mirror their disk I/O over dedicated fiber channel over IP connections.
Uptime is all about planning. You can get lucky... but Murphy rules the roost here, and you don't want to have a signed agreement saying you have 5 nines, then some drunk causes the agreement to be violated because he got into your data center and mashed the Big Red Button, EPO-ing not just your machines, but your business.
Actually, in production critical environments, they go through a staging process where they try a patch on a test box or two, then put the patch (even if its an out of band emergency fix) on a WSUS server that the production boxes update from.
This is very important. I've seen 0.01 revisions for firmware for a hardware issue which are just relatively small fixes to install make terabytes of data inaccessible until the machine was backed off and restored... and a production machine being down for 7 hours usually means that a sysadmin is going to be fired.
A small business with an Exchange server, SMB server, and a SQL box as a Web backend, its OK to let it update and reboot off of Windows update. Once you get into 24/7 server rooms with 3+ nines uptime, there is no way in Hell you would ever let a machine patch unless someone was there babysitting it, there was a plan to reverse the changes (system restore is not it), the patches were tried and certified in house, and they patches were put on a secure server.
I like the fact that they have extended BitLocker, but I really wish they could get BitLocker to do something relatively simple.
As of now, with a TPM chip, you have TPM alone, TPM + a PIN, TPM + a USB flash drive. Without a TPM chip, you just have a USB flash drive.
I really wish they could add a mode for machines without a TPM chip requiring a password and no USB flash drive. Of course, technically I could go out and install TrueCrypt which does the job nicely (TrueCrypt is arguably one of the best security tools out there), but on an enterprise level, it would be nice for the OS which has this functionality to include this relatively small item so I don't have to push out another.MSI file to bunches of machines for security.
Another thing I wish Windows 7 came with would be a more configurable backup utility. You can sort of kludge ntbackup from an XP CD, but that's no solution. I'd like to see something similar to Retrospect or Backup Exec that offers backups, but offers the option to encrypt the backups (perhaps similar to how EFS is done with recovery policies.) Encrypted backups are a must these days, and its a shame that no operating system offers this.
What I have noticed is that what is one of the major culprits in long boot times is antivirus software starting up and doing its integrity checks. Reduce this, and you will reduce times perhaps by five minutes on some machines. However, with Windows, I doubt AV makers could do it without reducing security though.
This is my personal opinion, but the computer that runs the pro audio software should not be used for general computing use, and should never be connected directly to the Internet. If you can, have two OS partitions, one for normal computing use, and one dedicated to the music applications.
There are several reasons for this:
First, latency. AV software sucks CPU cycles, which adds latency. This is one of the musician's worst enemies. You want just the OS and the music software if possible. One single swap to disk may screw up a long mix you are working on. This is also why you want to load a music workstation with as much RAM as you possibly can.
Second, music programs are prone to crashing, especially with use of a lot of plugins. You want as few things that can go wrong as possible. Some programs not just work with tons of plugins, but bring with it a metric ton of DRM code, from CD-ROM copy protection, to USB dongles and the drivers those require. All this can conflict with A/V software.
Last, music programs do a lot of I/O. An AV program that hooks onto the system and scans every bit flying by a pipe in real time is going to put a crimp on matters.
For the music partition, if possible it should never touch the Internet directly... connect through another machine with internet file sharing, or best of all, a hardware firewall.
Another reason to have two partitions. You can boot the normal computing one, and A/V scan the one dedicated to the music apps which has a higher chance of detecting rootkits if any are installed.
I personally even recommend using a different operating system than normal for the OS partition with the music apps. If you have the volume license, WinFLP is recommended, as well as XP 64. If you need Vista compatibility, consider Windows Server 2008 which installs almost nothing by default.
This is why I wish more music companies would write commercial stuff for Linux. Linux is extremely low latency. Plus, its not like it doesn't exist. The Korg Oasys, their flagship $8500 keyboard uses Linux as its base OS.
AV software takes a lot cash. You have to pay major cash to get FIPS, Common Criteria, ICSA, and other certifications. These take cash for independent validation.
AV software also takes a lot of research, from honeypots to catch stuff that is happening, to getting people to submit possible zero day variants.
AV software takes a lot of bandwidth. Virus definitions are updated daily (if not more often) by the larger AV vendors, so one needs to have the not just the bandwidth for thousands of definition requests at a time, but a high bandwidth cap because the requests will be hitting 24/7. Not many F/OSS projects have this bandwidth.
Finally, AV software needs to be secured. You have to get a code signing certificate, then make sure your signing key is in a secure hardware container so it can't be hacked. You not just have to sign your code signing certificates with a HSM, but you have to sign your virus definitions so if your virus definition download site gets compromised, the definitions can't be tampered with.
All the above makes AV by noncommercial entity a highly daunting task, especially the bandwidth and the independent vendor certifications.
Its sad to say, I'm in the same boat. As a student graduating this semester, I don't have the cash for a modern (read $2000+) tape drive, so instead, I use a good backup program that can support moving data between backup volumes. I then back up to a Samba server which has a software RAID array. Then, every quarter or so, I buy 200-300 DVD+Rs (the single density as the double layer are still a tad expensive for the capacity increase), then burn all the data on the backup volumes on that server over a couple weeks. Those go offsite immediately, and stay offsite.
For me, a backup doesn't just consist of critical documents (which also are copied onto dedicated media and saved), but the ability to completely bare metal restore a machine. This has saved me probably hours, if not days, of time when I have had hard disk failure, and restoring the machine (after replacing the drive) consists of booting a restore CD, partitioning, mounting the samba server, clicking "restore all", restarting, and calling it done. Also, there are always files that are outside the document directories that are needed, and sometimes lost when just backing up only home directories. CD key files and license keys are good examples of this.
I'm sure some company with the ability to do high volume sales would rake in the bucks if they made a backup device for the SOHO market, especially if the media had a long shelf life and a decent capacity (250GB native, preferably 500-750GB, so a modern computer can be completely backed up to one cartridge.) Unfortunately, hard disks are not it. Drop a tape, dust it off, put it back on the shelf, nobody will be the wiser. Drop a hard disk, you have a good chance of kissing all the data on it goodbye. Especially if the platters are ceramic.
Another issue with hard disks is that (for the most part) they can't be set read-only via a physical switch. Even the most redundant RAID system is going to lose its data if some malware decides to zap it. A backup system needs a way to make media read-only, so if one is restoring a file on a compromised machine, the backup tape will not be damaged.
I just wish all the density improvements that hard disks get would propagate to tape. Tape used to be a decent backup mechanism, matching hard disk capacities, but in recent time, tape drives that have the ability to back up a modern hard disk are priced well out of reach for most home users. Pretty much, you are looking at several thousand as your ticket of entry for the mechanism, not to mention the card and a dedicated computer because tape drives have to run at full speed, or they get "shoe-shining" errors, similar to buffer underruns in a CD burn, where the drive has to stop, back up, write the data again and continue on, shortening tape life.
I'd like to see some media company make a tape drive that has a decently sized RAM buffer (1-2GB), USB 2, USB 3, or perhaps eSATA for an interface port, and bundled with some decent backup software that offers AES encryption (Backup Exec, BRU, or Retrospect are good utilities that all have stood the test of time.)
Of course, disk engineering and tape engineering are solving different problems. Tape heads always touch the actual tape while the disk heads do not touch the platter unless bumped. Tape also has more real estate than disk, but tape needs a *lot* more error correction because cartridges are expected to last decades and still have data easily retrievable from them.
I think that is the exact problem with the gaming industry. Games seem to be for the most part stagnant, and companies are relying on either sequels or expansions to generate new sales.
The one game company I miss is Origin. Their games were buggy at times, but they almost always had an interesting story to tell and were unique and engaging, from the Ultima fantasy world to unique games like Privateer.
Those new games seem to be gone. I'd rather see a new game with a unique plot as opposed to the same old FPS except with perhaps more arm hair on the aliens visible.
Origin also handled "DRM" pretty well in the early to mid 90s. It was part of the game where to progress past a certain point, one needed to consult the manual (and it was random where.) Yes, people could copy the manual, but it stopped casual piracy cold because people were forced to make a deliberate effort.
Maybe its time for someone to return back to the roots of gaming and crank out something new, perhaps a remake of a classic game, if copyright permissions could be granted. I can think of a lot of old games that would be excellent remakes. The early Wizardry series for one (although combat and graphics would be obviously redone of course.) The Ultima series also comes to mind if one could license the IP from EA. Ultima 1 would be perfect for a remake especially.
As for copy protection, the best is none, of course, but a CD key system which what NWN 1 uses seems to be the least intrusive. Especially if there is content online to obtain. With no Draconian DRM, there will be a lot of peer pressure against people pirating a game as well.
Even games that don't charge still can make money this way. For example, Neverwinter Nights 1 patched out its CD copy protection, but piracy remained low on the game because a big part of the game was automatic updates (which requires unique serial numbers), online persistent worlds, and the sheer numbers of player made modules available which equaled or surpassed the single player campaign of the game.
That is an interesting feature, and useful especially for tagging log files which have to expire for policy reasons. However, there is so much potential for abuse here that it may not be worth having.
A disgruntled employee can tag all files on a Web server to expire at the end of the month, then have a manual script they run weekly to retag them so they exist until the end of the next month. Then, if they get fired, the files get purged, and the admin can blame the filesystem for trashing everything while snickering.
Another issue could be the clock. A hacker could just skew the clock forward on a box a year, forcing destruction of all the objects tagged with an expiration date.
If it has to exist, it should just be a piece of metadata as opposed to an active destruction object.
This exists in both NTFS (Windows Server 2003 and 2008 have the Previous Versions... feature, but it needs to be explicitly enabled), and on NetApp servers. The NetApp server snapshots are lifesavers. Users can just pull out an old version of a file out of the.snapshot directory (well,.snapshot/hourly.0 or what time they want) and not have to ask IT for a restore.
I'd like to see Linux have this, as well as MacOS (before they move to ZFS) without requiring the use of Time Machine, but it does take up a good amount of space to store the snapshots.
Unless ZFS has patent issues, why not just work on having ZFS as Linux's standard FS, after ext3?
ZFS offers a lot of capabilities, from no need to worry about a LVM layer, to snapshotting, to excellent error detection, even encryption and compression hooks.
If a company has a chief compliance officer, they are likely bound under some corporate regulation like Sarbanes-Oxley, HIPAA, or something else. To keep the officers from going to prison, one of the things they need to do is "due diligence".
This is making sure that every product in a chain is certified by a vendor in some way. For example, operating systems must be FIPS and Common Criteria certified, encryption products must be listed in the US Governments certified AES libraries, and so on.
Yes, some open source products make this list. SUSE and RedHat Enterprise Linux both have the certificates. However, not many open source solutions do, which is why businesses just go with a Microsoft stack for their applications.
For example, if a business is running a MS stack, and there is a serious data breach, said business can show their policies in place, show that they have done due diligence by using commercial software everywhere, with certified configurations, they will not have to worry about civil stuff like stockholder lawsuits, or criminal stuff like the SEC coming in with audit papers and handcuffs.
Unfortunately, should a similar breach happen with a company that has an open source stack, and can't really prove due diligence by showing that every piece of their IT puzzle was certified by someone (usually a US government agency)... well, they are facing a world of civil and criminal liability.
To be honest, the chance of getting open source software into an environment that has to be so heavily audited and regulated is almost zero. Commercial, closed source software dost cost, but part of the cost is insurance and the ability to blame someone else other than the company or its officers and staff should something bad happen.
Another legal issue of why businesses choose closed source solutions is patent indemnification. If a software company doesn't have this protection for its customers, should a patent violation occur with the software, not just the software company, but all its customers can wind up being sued for obnoxious amounts of money, and possibly shut down. Again, RedHat is one of the companies that offers this protection for an open source product, but few others do.
None of this is related in any way to the quality of programming of open source software. Its all security theater, but its what keeps a company in business and its officers out of prison with the regulations in the US.
My quick comments while I'm erasing the hard disk and reinstalling it: (I always erase the HDD on all new machines to check for any SMART errors, and to know that the install is clean)
First, the package it comes in is 20% smaller than the black MacBook's tote box. Styrofoam is a thing of the past, replacing it is plastic. Its easy to pull out the MacBook and peel off the plastic on it, easy to yank out the power adapter, but you have to use a thin piece of cardboard to pull the OS media box out as it is set flush, with no fingertip grips to make it easier. This is a very minor thing, though.
Second, the MacOS CDs are not 10.5.0 as with the black MacBook. You get 10.5.5, and a DVD with the applications.
Third, like every article says, if you need FireWire for mLAN or other music tasks, go for a Pro, or hit Apple Refurb for a previous model. FireWire is a thing of the past with this model. For what I'm using it for, the two USB ports are good.
Fourth, its noticably thinner than the MacBook it replaced. Its not thin enough to slide into an envelope, but its definitely able to be slipped in a briefcase. Its definitely a nice student notebook for sling through classes.
Fifth, I personally have not noticed any significant changes to the screen between the previous generation, but I'm glad Apple went this route, because LEDs supposedly have a much longer life than the CCFL backlights.
Those are my first impressions for now, while I blank the disk on it. Overall, for what I need it for (slinging it around campus) it should do the job well.
I personally recommend KeePass for password generation. It can generate 63 char passwords for WPA/WPA2 keys with cryptographically random unpredictability as it uses keyboard/mouse movements as part of seeding. Because its done on the local machine, there is no chance of the password being leaked as compared over the web. With a 63 character password, that is far more entropy than the 128 or 256 bits keys used for AES, so for someone to guess a password of that length, they either have to be able to brute force AES at full strength, or find a weakness in the algorithm's implementation.
I generate a KeePass password, save it to a USB flash drive, then paste it into my router's config. I then take the USB flash drive to the physical machines and do a copy and paste of the 63 char key into their network preferences. This is a lot easier than typing it. Should I lose the key... not hard to fix -- generate another one and rekey the 3-4 machines on my network. Because the WPA/WPA2 key is easily resettable with physical access to the machines, there is no reason to go less than the maximum character length, and it doesn't matter if the password gets forgotten, as long as you remember your router and machine's access passwords. (This for a home network. Businesses should use a RADIUS server where all the machines are not reliant on a single shared encryption key.)
If you have to use fewer characters, I'd say never use fewer than 20 characters, but even that is cutting it thin, factoring in Moor's law, botnets, and usage of GPUs for additional number crunching.
As an alternative, use tape. It may not have the shine of offsite backups, but if you need data backed up reliably, one easy option might be a DLT or another recent capacity tape drive. Combine a backup program that does encryption (bru, amanda, zmanda) and then set up a contract with Iron Mountain.
Then, if you do a basic tape rotation schedule, periodically running recent tapes offsite, you should be protected against known disasters. And, because the tapes are encrypted with a high quality and long passphrase (this is assuming), if the tapes get lost or stolen, they won't do an attacker any good.
On the low end, if tape is too expensive, there is purchasing external mini hard disks that only require power via the USB ports, combining those with TrueCrypt or another sturdy encryption program and using those instead of tapes.
This won't be a be all and end all to spam, but maybe for new accounts that are freshly created, have an escalating delay for each message sent out? This would go away after some certain rules are matched (date of account creation.)
One can add and subtract modifiers. For example, multiple E-mails sent out to many recipients will have a longer delay than messages sent to the same person, a longer delay if the outgoing content is flagged spam through a heuristic filter, etc.
This in no means would stop spam, but a delay of 10-15 seconds won't affect users much, but will definitely put a crimp on spammers.
I could be wrong but this sounds like the heuristic scanning features that has been in Norton Antivirus and other A/V utilities for almost a decade now, where it searches for out of the norm items and reports or blocks them, such as a program deciding to write to the MBR, or a program using raw disk I/O to write to the hard disk.
As of now, there are no laws that an ISP has to deliver packets to any site, or any port.
IMHO, this is just the start of this type of activity. Eventually (assuming no regulation is done), ISPs will just refuse traffic from any domain who doesn't pay them a certain amount per bit per month. So, if Yahoo doesn't pay ISP "A" a fee so their bits will go across, all that ISP's subscribers would see either the destination unreachable, or even worse, be redirected to another site.
As of now, there are no laws against ISPs doing this. One could in the future attempt to go to their bank, be redirected to another bank because the other bank pays the ISP to carry their traffic and refuse the other bank access.
Letsee... Draconian copy protection, three installs or hardware changes, and now the ability to lock anyone from their paid for online content at a whim.
Sigh... EA has sucked in so many good companies. Westwood, Origin, and Bioware are companies whose games come to mind that I loved and would buy again... if it wasn't for EA's treating their paid customers like convicted criminals.
EA can redeem themselves... Borrow from Stardock Software and actually assume paying customers are not immediately going to steal their works. The game will be on BitTorrent eventually... and no copy protection means more loyal customers go to the store for the game, rather than BT seeds.
If a thug breaks down a door, smashes a window, or takes a chainsaw to a wall for entry, there is an obvious signature of forced entry. One takes a picture of this, and when claiming insurance, will have few problems.
If a lock is picked or bumped, there is no sign of entry, thus an insurance company likely won't pay and probably one will have to obtain their claim in a court of law where they have to prove that the item was there, and it was stolen, not hidden or sequestered somehow.
This is what Assa-Abloy's Cliq technology is for. The cylinder has a small chip which gets power from a battery on the key, and if the key is correct (it uses a challenge/response system to validate the key's serial number), it will retract a small solenoid. The rest of the cylinder is mechanical with the same pick resistance as the line its in, be it Abloy Protech, Mul T Lock, or Medeco.
Chubb (the venerable English lock maker) actually has a prison lock where part of its construction is to make it resistant to eyeballing by inmates, so they can't memorize the cuts on it and create a copy with sheet metal or another source.
Other than that, a few keys that are eyeball resistant that come to mind are the Shlage Primus, and the Medeco3 key, because someone would have to eyeball the slider, the pin depth cuts, and the angles of the cuts for the pins to rotate.
Perhaps one answer for storing data securely, but allowing it to dynamic expand is to create a PGPDisk that is dynamically expanding. Then, the data in can be safe, but the file can be moved to bigger RAID arrays if need be.
If someone is promising a high quality SLA, they almost never will be using one box for their offerings. They will be using two or more machines connected via redundant disk controllers to a common SAN or disk array, and all the boxes will be connected to each other via heartbeat monitors.
The good thing, both VMWare and Hyper-V in Windows Server 2008 help make this task a bit easier, by allowing for a virtual machine to be hosted on a cluster, so if the primary machine fails, the others can take over without missing a step.
For five nines, everything needs to be redundant, from different sets of wires coming in the building so a backhoe doesn't cut everything in one swipe, to multiple power trunks connecting to a machine's redundant power supplies (no "Y" cables), so on and so forth. Some IBM machines even use 2-3 CPUs executing the same task at a time so if one of them glitches on a calculation, the machine can be failed down and a backup take over. A lot of companies even have different hot spare locations, where they mirror their disk I/O over dedicated fiber channel over IP connections.
Uptime is all about planning. You can get lucky... but Murphy rules the roost here, and you don't want to have a signed agreement saying you have 5 nines, then some drunk causes the agreement to be violated because he got into your data center and mashed the Big Red Button, EPO-ing not just your machines, but your business.
Actually, in production critical environments, they go through a staging process where they try a patch on a test box or two, then put the patch (even if its an out of band emergency fix) on a WSUS server that the production boxes update from.
This is very important. I've seen 0.01 revisions for firmware for a hardware issue which are just relatively small fixes to install make terabytes of data inaccessible until the machine was backed off and restored... and a production machine being down for 7 hours usually means that a sysadmin is going to be fired.
A small business with an Exchange server, SMB server, and a SQL box as a Web backend, its OK to let it update and reboot off of Windows update. Once you get into 24/7 server rooms with 3+ nines uptime, there is no way in Hell you would ever let a machine patch unless someone was there babysitting it, there was a plan to reverse the changes (system restore is not it), the patches were tried and certified in house, and they patches were put on a secure server.
I like the fact that they have extended BitLocker, but I really wish they could get BitLocker to do something relatively simple.
As of now, with a TPM chip, you have TPM alone, TPM + a PIN, TPM + a USB flash drive.
Without a TPM chip, you just have a USB flash drive.
I really wish they could add a mode for machines without a TPM chip requiring a password and no USB flash drive. Of course, technically I could go out and install TrueCrypt which does the job nicely (TrueCrypt is arguably one of the best security tools out there), but on an enterprise level, it would be nice for the OS which has this functionality to include this relatively small item so I don't have to push out another .MSI file to bunches of machines for security.
Another thing I wish Windows 7 came with would be a more configurable backup utility. You can sort of kludge ntbackup from an XP CD, but that's no solution. I'd like to see something similar to Retrospect or Backup Exec that offers backups, but offers the option to encrypt the backups (perhaps similar to how EFS is done with recovery policies.) Encrypted backups are a must these days, and its a shame that no operating system offers this.
What I have noticed is that what is one of the major culprits in long boot times is antivirus software starting up and doing its integrity checks. Reduce this, and you will reduce times perhaps by five minutes on some machines. However, with Windows, I doubt AV makers could do it without reducing security though.
This is my personal opinion, but the computer that runs the pro audio software should not be used for general computing use, and should never be connected directly to the Internet. If you can, have two OS partitions, one for normal computing use, and one dedicated to the music applications.
There are several reasons for this:
First, latency. AV software sucks CPU cycles, which adds latency. This is one of the musician's worst enemies. You want just the OS and the music software if possible. One single swap to disk may screw up a long mix you are working on. This is also why you want to load a music workstation with as much RAM as you possibly can.
Second, music programs are prone to crashing, especially with use of a lot of plugins. You want as few things that can go wrong as possible. Some programs not just work with tons of plugins, but bring with it a metric ton of DRM code, from CD-ROM copy protection, to USB dongles and the drivers those require. All this can conflict with A/V software.
Last, music programs do a lot of I/O. An AV program that hooks onto the system and scans every bit flying by a pipe in real time is going to put a crimp on matters.
For the music partition, if possible it should never touch the Internet directly... connect through another machine with internet file sharing, or best of all, a hardware firewall.
Another reason to have two partitions. You can boot the normal computing one, and A/V scan the one dedicated to the music apps which has a higher chance of detecting rootkits if any are installed.
I personally even recommend using a different operating system than normal for the OS partition with the music apps. If you have the volume license, WinFLP is recommended, as well as XP 64. If you need Vista compatibility, consider Windows Server 2008 which installs almost nothing by default.
This is why I wish more music companies would write commercial stuff for Linux. Linux is extremely low latency. Plus, its not like it doesn't exist. The Korg Oasys, their flagship $8500 keyboard uses Linux as its base OS.
AV software takes a lot cash. You have to pay major cash to get FIPS, Common Criteria, ICSA, and other certifications. These take cash for independent validation.
AV software also takes a lot of research, from honeypots to catch stuff that is happening, to getting people to submit possible zero day variants.
AV software takes a lot of bandwidth. Virus definitions are updated daily (if not more often) by the larger AV vendors, so one needs to have the not just the bandwidth for thousands of definition requests at a time, but a high bandwidth cap because the requests will be hitting 24/7. Not many F/OSS projects have this bandwidth.
Finally, AV software needs to be secured. You have to get a code signing certificate, then make sure your signing key is in a secure hardware container so it can't be hacked. You not just have to sign your code signing certificates with a HSM, but you have to sign your virus definitions so if your virus definition download site gets compromised, the definitions can't be tampered with.
All the above makes AV by noncommercial entity a highly daunting task, especially the bandwidth and the independent vendor certifications.
Its sad to say, I'm in the same boat. As a student graduating this semester, I don't have the cash for a modern (read $2000+) tape drive, so instead, I use a good backup program that can support moving data between backup volumes. I then back up to a Samba server which has a software RAID array. Then, every quarter or so, I buy 200-300 DVD+Rs (the single density as the double layer are still a tad expensive for the capacity increase), then burn all the data on the backup volumes on that server over a couple weeks. Those go offsite immediately, and stay offsite.
For me, a backup doesn't just consist of critical documents (which also are copied onto dedicated media and saved), but the ability to completely bare metal restore a machine. This has saved me probably hours, if not days, of time when I have had hard disk failure, and restoring the machine (after replacing the drive) consists of booting a restore CD, partitioning, mounting the samba server, clicking "restore all", restarting, and calling it done. Also, there are always files that are outside the document directories that are needed, and sometimes lost when just backing up only home directories. CD key files and license keys are good examples of this.
I'm sure some company with the ability to do high volume sales would rake in the bucks if they made a backup device for the SOHO market, especially if the media had a long shelf life and a decent capacity (250GB native, preferably 500-750GB, so a modern computer can be completely backed up to one cartridge.) Unfortunately, hard disks are not it. Drop a tape, dust it off, put it back on the shelf, nobody will be the wiser. Drop a hard disk, you have a good chance of kissing all the data on it goodbye. Especially if the platters are ceramic.
Another issue with hard disks is that (for the most part) they can't be set read-only via a physical switch. Even the most redundant RAID system is going to lose its data if some malware decides to zap it. A backup system needs a way to make media read-only, so if one is restoring a file on a compromised machine, the backup tape will not be damaged.
I just wish all the density improvements that hard disks get would propagate to tape. Tape used to be a decent backup mechanism, matching hard disk capacities, but in recent time, tape drives that have the ability to back up a modern hard disk are priced well out of reach for most home users. Pretty much, you are looking at several thousand as your ticket of entry for the mechanism, not to mention the card and a dedicated computer because tape drives have to run at full speed, or they get "shoe-shining" errors, similar to buffer underruns in a CD burn, where the drive has to stop, back up, write the data again and continue on, shortening tape life.
I'd like to see some media company make a tape drive that has a decently sized RAM buffer (1-2GB), USB 2, USB 3, or perhaps eSATA for an interface port, and bundled with some decent backup software that offers AES encryption (Backup Exec, BRU, or Retrospect are good utilities that all have stood the test of time.)
Of course, disk engineering and tape engineering are solving different problems. Tape heads always touch the actual tape while the disk heads do not touch the platter unless bumped. Tape also has more real estate than disk, but tape needs a *lot* more error correction because cartridges are expected to last decades and still have data easily retrievable from them.
I think that is the exact problem with the gaming industry. Games seem to be for the most part stagnant, and companies are relying on either sequels or expansions to generate new sales.
The one game company I miss is Origin. Their games were buggy at times, but they almost always had an interesting story to tell and were unique and engaging, from the Ultima fantasy world to unique games like Privateer.
Those new games seem to be gone. I'd rather see a new game with a unique plot as opposed to the same old FPS except with perhaps more arm hair on the aliens visible.
Origin also handled "DRM" pretty well in the early to mid 90s. It was part of the game where to progress past a certain point, one needed to consult the manual (and it was random where.) Yes, people could copy the manual, but it stopped casual piracy cold because people were forced to make a deliberate effort.
Maybe its time for someone to return back to the roots of gaming and crank out something new, perhaps a remake of a classic game, if copyright permissions could be granted. I can think of a lot of old games that would be excellent remakes. The early Wizardry series for one (although combat and graphics would be obviously redone of course.) The Ultima series also comes to mind if one could license the IP from EA. Ultima 1 would be perfect for a remake especially.
As for copy protection, the best is none, of course, but a CD key system which what NWN 1 uses seems to be the least intrusive. Especially if there is content online to obtain. With no Draconian DRM, there will be a lot of peer pressure against people pirating a game as well.
Even games that don't charge still can make money this way. For example, Neverwinter Nights 1 patched out its CD copy protection, but piracy remained low on the game because a big part of the game was automatic updates (which requires unique serial numbers), online persistent worlds, and the sheer numbers of player made modules available which equaled or surpassed the single player campaign of the game.
That is an interesting feature, and useful especially for tagging log files which have to expire for policy reasons. However, there is so much potential for abuse here that it may not be worth having.
A disgruntled employee can tag all files on a Web server to expire at the end of the month, then have a manual script they run weekly to retag them so they exist until the end of the next month. Then, if they get fired, the files get purged, and the admin can blame the filesystem for trashing everything while snickering.
Another issue could be the clock. A hacker could just skew the clock forward on a box a year, forcing destruction of all the objects tagged with an expiration date.
If it has to exist, it should just be a piece of metadata as opposed to an active destruction object.
This exists in both NTFS (Windows Server 2003 and 2008 have the Previous Versions... feature, but it needs to be explicitly enabled), and on NetApp servers. The NetApp server snapshots are lifesavers. Users can just pull out an old version of a file out of the .snapshot directory (well, .snapshot/hourly.0 or what time they want) and not have to ask IT for a restore.
I'd like to see Linux have this, as well as MacOS (before they move to ZFS) without requiring the use of Time Machine, but it does take up a good amount of space to store the snapshots.
Unless ZFS has patent issues, why not just work on having ZFS as Linux's standard FS, after ext3?
ZFS offers a lot of capabilities, from no need to worry about a LVM layer, to snapshotting, to excellent error detection, even encryption and compression hooks.
If a company has a chief compliance officer, they are likely bound under some corporate regulation like Sarbanes-Oxley, HIPAA, or something else. To keep the officers from going to prison, one of the things they need to do is "due diligence".
This is making sure that every product in a chain is certified by a vendor in some way. For example, operating systems must be FIPS and Common Criteria certified, encryption products must be listed in the US Governments certified AES libraries, and so on.
Yes, some open source products make this list. SUSE and RedHat Enterprise Linux both have the certificates. However, not many open source solutions do, which is why businesses just go with a Microsoft stack for their applications.
For example, if a business is running a MS stack, and there is a serious data breach, said business can show their policies in place, show that they have done due diligence by using commercial software everywhere, with certified configurations, they will not have to worry about civil stuff like stockholder lawsuits, or criminal stuff like the SEC coming in with audit papers and handcuffs.
Unfortunately, should a similar breach happen with a company that has an open source stack, and can't really prove due diligence by showing that every piece of their IT puzzle was certified by someone (usually a US government agency)... well, they are facing a world of civil and criminal liability.
To be honest, the chance of getting open source software into an environment that has to be so heavily audited and regulated is almost zero. Commercial, closed source software dost cost, but part of the cost is insurance and the ability to blame someone else other than the company or its officers and staff should something bad happen.
Another legal issue of why businesses choose closed source solutions is patent indemnification. If a software company doesn't have this protection for its customers, should a patent violation occur with the software, not just the software company, but all its customers can wind up being sued for obnoxious amounts of money, and possibly shut down. Again, RedHat is one of the companies that offers this protection for an open source product, but few others do.
None of this is related in any way to the quality of programming of open source software. Its all security theater, but its what keeps a company in business and its officers out of prison with the regulations in the US.
My quick comments while I'm erasing the hard disk and reinstalling it: (I always erase the HDD on all new machines to check for any SMART errors, and to know that the install is clean)
First, the package it comes in is 20% smaller than the black MacBook's tote box. Styrofoam is a thing of the past, replacing it is plastic. Its easy to pull out the MacBook and peel off the plastic on it, easy to yank out the power adapter, but you have to use a thin piece of cardboard to pull the OS media box out as it is set flush, with no fingertip grips to make it easier. This is a very minor thing, though.
Second, the MacOS CDs are not 10.5.0 as with the black MacBook. You get 10.5.5, and a DVD with the applications.
Third, like every article says, if you need FireWire for mLAN or other music tasks, go for a Pro, or hit Apple Refurb for a previous model. FireWire is a thing of the past with this model. For what I'm using it for, the two USB ports are good.
Fourth, its noticably thinner than the MacBook it replaced. Its not thin enough to slide into an envelope, but its definitely able to be slipped in a briefcase. Its definitely a nice student notebook for sling through classes.
Fifth, I personally have not noticed any significant changes to the screen between the previous generation, but I'm glad Apple went this route, because LEDs supposedly have a much longer life than the CCFL backlights.
Those are my first impressions for now, while I blank the disk on it. Overall, for what I need it for (slinging it around campus) it should do the job well.
I personally recommend KeePass for password generation. It can generate 63 char passwords for WPA/WPA2 keys with cryptographically random unpredictability as it uses keyboard/mouse movements as part of seeding. Because its done on the local machine, there is no chance of the password being leaked as compared over the web. With a 63 character password, that is far more entropy than the 128 or 256 bits keys used for AES, so for someone to guess a password of that length, they either have to be able to brute force AES at full strength, or find a weakness in the algorithm's implementation.
I generate a KeePass password, save it to a USB flash drive, then paste it into my router's config. I then take the USB flash drive to the physical machines and do a copy and paste of the 63 char key into their network preferences. This is a lot easier than typing it. Should I lose the key... not hard to fix -- generate another one and rekey the 3-4 machines on my network. Because the WPA/WPA2 key is easily resettable with physical access to the machines, there is no reason to go less than the maximum character length, and it doesn't matter if the password gets forgotten, as long as you remember your router and machine's access passwords. (This for a home network. Businesses should use a RADIUS server where all the machines are not reliant on a single shared encryption key.)
If you have to use fewer characters, I'd say never use fewer than 20 characters, but even that is cutting it thin, factoring in Moor's law, botnets, and usage of GPUs for additional number crunching.
As an alternative, use tape. It may not have the shine of offsite backups, but if you need data backed up reliably, one easy option might be a DLT or another recent capacity tape drive. Combine a backup program that does encryption (bru, amanda, zmanda) and then set up a contract with Iron Mountain.
Then, if you do a basic tape rotation schedule, periodically running recent tapes offsite, you should be protected against known disasters. And, because the tapes are encrypted with a high quality and long passphrase (this is assuming), if the tapes get lost or stolen, they won't do an attacker any good.
On the low end, if tape is too expensive, there is purchasing external mini hard disks that only require power via the USB ports, combining those with TrueCrypt or another sturdy encryption program and using those instead of tapes.
This won't be a be all and end all to spam, but maybe for new accounts that are freshly created, have an escalating delay for each message sent out? This would go away after some certain rules are matched (date of account creation.)
One can add and subtract modifiers. For example, multiple E-mails sent out to many recipients will have a longer delay than messages sent to the same person, a longer delay if the outgoing content is flagged spam through a heuristic filter, etc.
This in no means would stop spam, but a delay of 10-15 seconds won't affect users much, but will definitely put a crimp on spammers.
I could be wrong but this sounds like the heuristic scanning features that has been in Norton Antivirus and other A/V utilities for almost a decade now, where it searches for out of the norm items and reports or blocks them, such as a program deciding to write to the MBR, or a program using raw disk I/O to write to the hard disk.