I do admit that the campaigns in NWN were as not as detailed as the BG ones, but the third party modules and Bioware's excellent support for the game more than made up for it. Player modules like "Tortured Hearts" and such were top notch, not to mention the persistant worlds. NWN is the only game where I bought copies just to support Bioware because the extensibility of the game gave me a lot of hours of entertainment.
NWN2 is a disappointment for me, IMHO for third party modules. Its impossible to put as many areas into a NWN2 persistant world as a NWN1 one, just due to the much larger memory footprint. I'm hoping things will get better with the expansion.
Unfortunately, security through obscurity is the name of the game in locksmithing. There are a lot of people out there who just can't afford a new lock that isn't bumpable or Bic pennable, so locksmiths try to keep their part by keeping mum, so people at least have to search for the information.
No lock is 100% secure, and give any new high security lock a couple years, some method will always be available to defeat it. For each high security safe, someone has a drill template for it. Its the name of the game.
Locks are just one tool in a security toolbox. If its of value, you almost always pair a lock with some type of centrally monitored alarm, and perhaps a CCTV camera. Yes, all that is defeatable, but the bar is raised up from some meth-head with a "9 key" to a dedicated professional burglar. This is why, as an end resort, you have property insurance, so you are not totally hosed if someone does manage to decode the Abloy lock, disarm the alarm, and find and erase the camera's HDR.
I've seen some high security ball-locking padlocks had a similar attack (although I never saw it in practice), where one could pass a metal strip and quite possibly turn the mechanism. This only applied to the civilian ones where the key was removable without the lock being locked, and eventually, a number of lock companies did put in a thin metal spacer right behind the removable brass core which protected against this type of attack.
The OP's article really didn't have much detail, but there are other sites that one can check out that have more details on attacks on Medeco locks.
The Medeco reward I've heard about in a number of different forms, so I'm not sure the exact details. Last I heard, if someone can pick 3 Medeco cylinders (the six pin type found in deadbolts, not the four or five that are used as replacement for disk tumbler cylinder replacements.), they get a prize. However I have no clue what the real status of that is.
Nothing is unpickable by someone who knows their stuff and has the manual dexterity. Its slowing people down, to where even a skilled lock manipulator will take hours to open the lock, which will most likely mean detection. Its also forcing someone to leave a signature (scratches), so if stuff does get taken, one can prove to an insurance company that a lock was defeated or something was broken.
Mushroom pins help, but are just one security mechanism, forcing locksmiths to jam the pins up, then let them float downward to the shear line, rather than pushing pins up from their resting place. I'm pretty sure the sidebar is pickable by some tool that rotates the pins, as its talked about on various lockpicking sites.
This is one reason I recommend high security locks. If someone kicks down a door or breaks a window, that leaves a noticable signature where a claim with insurance has more ground. If someone's house is robbed by a bumped lock, there is no trace, and it goes to a word against word thing to prove that stuff was there, and is now not.
It may be the security has nothing to do with the tumbler mechanism. In some locks are weaknesses that have nothing to do with the cylinder used. For example, one lock I have has a very pick resistant cylinder, but one can use a shim and the lock pops right open.
Lastly, some people may state security through obscurity, but I'm glad that the methods of opening Medeco deadbolts are not made public. Physical locks can't be updated like most programs can. Every cylinder in a building would need replacing, and that would amount to hundreds of thousands, if not millions of dollars, factoring in parts, labor, the time it takes to deploy a new keying system, getting the new keys to all the employees, etc.
From what the original poster's article said, this appears to be a valid method against the original Medeco and the Medeco Biaxial line [1], but I don't see how this would have any effect at all versus the latest Medeco3 mechanism (well, latest since 2003), which uses side bitting on the key as well as the usual Medeco rotating pins.
Other than Medeco, there is one type of lock that would be excellent for security, Abloy's Protec line, which from what I read takes 10-12 hours to pick even for the pros at detainer disk type of locks. However, the Protec line isn't sold in the US. Older Abloy lines are decent, but it would take far less time for a pro to pick them open. There are other high security locks out there, and one can read from a lock site what the weaknesses are of each of them.
Nothing is 100% secure. If some thief is determined enough to bypass something, they can.
Lastly, high security locks just one tool, in a toolbox of security options. If its worth locking with a high security cylinder, its worth having a centrally monitored alarm system (with a duress code [2] option.)
[1]: Biaxial isn't that much more secure than the original Medeco, but it allows for (IIRC) 10 times as many key combinations, allowing for more flexible keying options.
[2]: Yes, home invasions are on the rise, so make sure an alarm system has a duress feature (where it disarms, but silently calls the central station)... and USE the alarm. If at home, use the alarm's "at home" feature which monitors the doors and windows, but doesn't arm the IR detectors. A high security lock is no good when it is opened by the owner at gunpoint.
There is another reason too, and one that is a major factor of why Windows is a corporate staple: Due diligence with corporate regulations.
Windows is certified, both in FIPS and Common Criteria. This allows corporate legal, should something happen, show the auditors, press, and possibly law enforcement (as some SOX or HIPAA violations mean prison time) documentation that every piece of the system, from the OS on up, is certified secure.
Few operating systems have these certifications other than Windows. Solaris, AIX, and HP-UX do, because it costs a lot of cash to pass the OS in front of certifying bodies for approval. Even fewer operating systems intended for the desktop have this.
Redhat does. This positions Redhat in a place that very few desktop operating systems are qualified (and this is not a technical or quality item, but a presence/absence of very expensive papers with signatures. I'm pretty sure that any UNIX variant out there can easily qualify for FIPS 141-1 certification.) Apple states on their website (http://www.apple.com/itpro/federal/) that they have Common Criteria validation, but FIPS certification is still in the works. Even though pretty much any UNIX based OS can technically support FIPS, its having the certification that is critical, so companies can show to their internal auditors (and the SEC) that due diligence is being followed.
Regardless of which distribution of Linux people advocate, having another option on corporate desktops is a plus for everybody.
Because Word, since Office XP, supports signing of documents via client certificates (you can download one free from Comodo, or pay a small fee from Verisign for one), I always sign both PDF files and.doc files I send out. I also password the documents so they are read-only (using a randomly generated password for each document.) This slows down people trying to rebrand my resume. No, its not 100% foolproof, but it does stop the muckety mucks who can open and save in MS word, but little else.
Volume shadow copies and snapshotting since Windows 2003 is one of its best features. No, its not a new technology, because NetApp had it on its servers for a decade, but its an extremely useful feature to have, especially for servers with user directories on them, as users, if they delete or maul one of their critical files, they can restore it back to a known good point and time without needing to put in a helpdesk ticket.
Doesn't Office 2007 already support ODF?
on
Does ODF Have a Future?
·
· Score: 4, Interesting
I'm pretty sure ODF isn't dying. Correct me if I'm wrong, but I'm pretty sure that Office 2007 natively (or with a plugin available from MS's website) supports ODF as a native format to save and open from, just like you can specify that Word uses.doc instead of.docx.
Agreed here. Its less of a specific issue with Vista specifically, but the cost of migrating to a new platform.
For example, Windows 2008, even though it is still a beta, is remarkably stable. However, it can have 99.99999999 percent uptime, but because it is a distinct platform change (with additions to the Active Directory schema), I would deploy it over a period of time, in slow, reversible steps, so a glitch on the migration does not affect E-mail, or the ability for employees to log on.
This platform migration is an issue with any OS. AIX 4 to AIX 5, Solaris 9 to 10, etc. In a production environment, its better safe than sorry, so going slow on major OS migrations is a plus.
I do think in the long run, Vista and Windows 2008 will be an asset to both businesses and individual users. The protected mode functionality of IE 7 (this functionality is only in Vista, IE7 on XP doesn't have this) is well thought out, and unless malware finds a way of duping the user to add sites to the Trusted sites list (and disabling protected mode), it will be difficult for bad software to get out of the sandbox. The new domain functionality is a plus too, as an administrator can push out a policy blocking outgoing port 25 on all boxes but the mail server, ensuring that a spam from an infected Vista machine doesn't even get on the network.
All and all, Vista is an improvement over XP (IMHO of course), but its going to take a year or two for hardware to catch up to it.
Windows Automotive is Microsoft's entry into the car OS field. Its not XP or Vista based, but based on Windows CE, pretty much a totally different OS (intended for embedded use), only sharing the name Windows.
IMHO, its not too bad, Windows CE is maturing and is standing up well to the test of time, so Windows Automotive 5.0 shouldn't be as bad as people think. However, time will tell. Also, Windows Automotive doesn't appear to be for the critical controls of a car (if stuff is drive-by-wire), but more for powering and controlling the car's gadgets (radio, A/C.) For critical control of a vehicle, I'd much rather go with an embedded OS that has done its time in life safety areas(Green Hills Integrity RTOS for example)
Maybe this is something MS should look into (and I'm not being sardonic, as any research in this field where even a single bug can kill or cause tremendous damage is good research), making a version of Windows CE that is intended for safety applications.
If the cryptochip automatically encrypted all I/O to and from the flash memory, storing the actual key in an area easily overwritten a ton of times the instant its tamper detection circuitry noticed something awry, I can see the data being secure, and resistant to someone reading it off device.
However, until there is a way to enter the password that is not on the physical host, I'm not sure what security this provides (other than being allowed to run as a non admin user) over TrueCrypt in Traveller mode.
If the Ironkey had some type of PINpad integrated into itself, then it would have some decent security, where the host, no matter how compromised it may be, could not intercept the password entered onto it.
This is something that I wonder about too. The reason why most people end up using backup systems without encryption is because very few backup programs offer it. For example, bru at best uses encryption between network nodes, but I saw no mention of it using encryption to store the data on the backup media. The only real commercially available solutions that sport encryption are high end solutions like TSM, Networker, or ArcServe, and a relative few Windows based programs like Retrospect and Backup Exec offer it. There are a few programs on the Linux side like Amanda/Zmanda that offer it, but it seems to be not an integral part, just passing data to gpg.
Of course, one can roll their own solution by piping tar or dd through some utility that takes stdin, encrypts it, and passes it to stdout, but in a number of businesses (especially ones subject to SOX, HIPAA, and other regs), one needs to have solutions that are commercial, mainly for CYA/"due diligence" reasons, so one can point fingers at a vendor should something go wrong. gpg is an excellent program and highly secure, but in a lot of environments, programs like that have to pass certifications (FIPS, Common Criteria) to make auditors (and sometimes the SEC) happy, and regardless of how really secure an app is, if it doesn't have the certifications, it is legally risky to use.
I think every backup program from GNU tar on up should have some facility built in for at least AES-128 encryption, and preferably AES-256. However, since this isn't the case, the next best thing is to use something like EncFS so filesystems can be dumped to tape exactly as they are present on the hard disk, but still be encrypted securely. (There is block/device level encryption obviously, but when backing up, one still ends up with plaintext files unless one backs up the whole encrypted image). On the Windows side, at least there are a few utilities like Retrospect available that have had encryption built in for 15+ years. (Retrospect originally started out as a backup program for the Mac in 1989, and was the only one at the time that offered true DES encryption.)
I use encryption for exactly what the parent poster described. On my laptop, why allow what would be "just" a hardware theft with use of encryption turn into a hardware, data, and possibly identity theft? This is why I use some form of whole disk encryption (BestCrypt Volume encryption, PGP WDE, WinMagic MySecureDoc, etc.)
There is a definite need for encryption, and more than just the tired (and flawed) logic of "hiding from forensics", or "hiding illegal stuff" that a lot of people state.
For most companies, physical theft of equipment or media is a valid concern. For example, if someone steals a backup tape that is part of an encrypted backup set (or storage pool, depending on the terminology of the backup system), the company owning the tape can hire some private investigators to quietly hunt down the tape. Without encryption, it can mean serious losses (or prison time)if the info on the tape was any way sensitive, and SOX, HIPAA, or other corporate regulations get violated.
If there is a solid encryption system [1] in place, there isn't anything wrong with this at all, (although a service like Iron Mountain would be the best.)
Encrypted backups are not hard to do, although its not in that many backup programs on the Windows side (unless you go to Networker or Tivoli Storage Manager) support solid encryption. The main one that does support encryption is EMC/Insignia's Retrospect on the Windows side, and Arkeia on the UNIX side.
[1]: A solid encryption system is not just clicking a checkbox that says "backup will be encrypted", and typing in a password on two blank fields, but knowing who has access to what passwords, and preferably having it that the guy who has the encryption keys or passwords is not the same guy in physical custody of the tapes 24/7, assuming a large company.
You have a point. Iron Mountain tape vaulting is not a bank breaking service, and one can keep a provable (read: CYA) chain of custody trail of tape media with them.
I just don't get why companies/organizations don't use a service like this in the first place.
I liked the 1998-1997 Thunderbird. Yes, it was a larger car, but it was perfect for people who wanted a two-door coupe that had decent performance, but could do the daily stuff too, like sticking the kid in the back, groceries, and other everyday stuff. The redesigned 2002-2005 was pretty nice, but it seemed to me more of a toy car than anything else, trying to appeal to a market segment that other companies like BMW, Mercedes, Lexus, Acura, and even Lincoln have locked down.
I think Ford would be well served with a larger two door coupe, because it does fill in a niche -- cool car, but yet able to do the needs of a family.
This is something where I agree 100%. Unless the Vista machine is on a domain, someone who is bored and has physical access can play guess the password on all the users showing.
At least in XP, one can disable the user Welcome screen and go back to the Windows 2000 username/password dialog.
Are any companies selling flash hard disks in a 2.5" or even a 3.5" SATA or ATA form factor retail, or is it an OEM-only product? Other than IBM selling a 15.8 gig drive for around a grand, I've seen a few companies that I've never heard of before selling these, but that seems to be basically it.
One hop proxies are good enough for browsing, when I'm on a questionable wireless link. However, I dislike the fact that Anonymizer requires special software to use. There are a couple of other proxy services which allow for stunnel, VPN, ppp over ssh, or other protocols.
Special software that is closed source is just too fishy for me.
I delete the directory that the Flash player stores its shared objects in, and create a file with the exact same name. Now, Flash works normally, but sites that try to store persistant stuff when they shouldn't are totally blocked from doing so.
I do admit that the campaigns in NWN were as not as detailed as the BG ones, but the third party modules and Bioware's excellent support for the game more than made up for it. Player modules like "Tortured Hearts" and such were top notch, not to mention the persistant worlds. NWN is the only game where I bought copies just to support Bioware because the extensibility of the game gave me a lot of hours of entertainment.
NWN2 is a disappointment for me, IMHO for third party modules. Its impossible to put as many areas into a NWN2 persistant world as a NWN1 one, just due to the much larger memory footprint. I'm hoping things will get better with the expansion.
Unfortunately, security through obscurity is the name of the game in locksmithing. There are a lot of people out there who just can't afford a new lock that isn't bumpable or Bic pennable, so locksmiths try to keep their part by keeping mum, so people at least have to search for the information.
No lock is 100% secure, and give any new high security lock a couple years, some method will always be available to defeat it. For each high security safe, someone has a drill template for it. Its the name of the game.
Locks are just one tool in a security toolbox. If its of value, you almost always pair a lock with some type of centrally monitored alarm, and perhaps a CCTV camera. Yes, all that is defeatable, but the bar is raised up from some meth-head with a "9 key" to a dedicated professional burglar. This is why, as an end resort, you have property insurance, so you are not totally hosed if someone does manage to decode the Abloy lock, disarm the alarm, and find and erase the camera's HDR.
I've seen some high security ball-locking padlocks had a similar attack (although I never saw it in practice), where one could pass a metal strip and quite possibly turn the mechanism. This only applied to the civilian ones where the key was removable without the lock being locked, and eventually, a number of lock companies did put in a thin metal spacer right behind the removable brass core which protected against this type of attack.
The OP's article really didn't have much detail, but there are other sites that one can check out that have more details on attacks on Medeco locks.
The Medeco reward I've heard about in a number of different forms, so I'm not sure the exact details. Last I heard, if someone can pick 3 Medeco cylinders (the six pin type found in deadbolts, not the four or five that are used as replacement for disk tumbler cylinder replacements.), they get a prize. However I have no clue what the real status of that is.
Nothing is unpickable by someone who knows their stuff and has the manual dexterity. Its slowing people down, to where even a skilled lock manipulator will take hours to open the lock, which will most likely mean detection. Its also forcing someone to leave a signature (scratches), so if stuff does get taken, one can prove to an insurance company that a lock was defeated or something was broken.
Mushroom pins help, but are just one security mechanism, forcing locksmiths to jam the pins up, then let them float downward to the shear line, rather than pushing pins up from their resting place. I'm pretty sure the sidebar is pickable by some tool that rotates the pins, as its talked about on various lockpicking sites.
This is one reason I recommend high security locks. If someone kicks down a door or breaks a window, that leaves a noticable signature where a claim with insurance has more ground. If someone's house is robbed by a bumped lock, there is no trace, and it goes to a word against word thing to prove that stuff was there, and is now not.
It may be the security has nothing to do with the tumbler mechanism. In some locks are weaknesses that have nothing to do with the cylinder used. For example, one lock I have has a very pick resistant cylinder, but one can use a shim and the lock pops right open.
Lastly, some people may state security through obscurity, but I'm glad that the methods of opening Medeco deadbolts are not made public. Physical locks can't be updated like most programs can. Every cylinder in a building would need replacing, and that would amount to hundreds of thousands, if not millions of dollars, factoring in parts, labor, the time it takes to deploy a new keying system, getting the new keys to all the employees, etc.
From what the original poster's article said, this appears to be a valid method against the original Medeco and the Medeco Biaxial line [1], but I don't see how this would have any effect at all versus the latest Medeco3 mechanism (well, latest since 2003), which uses side bitting on the key as well as the usual Medeco rotating pins.
Other than Medeco, there is one type of lock that would be excellent for security, Abloy's Protec line, which from what I read takes 10-12 hours to pick even for the pros at detainer disk type of locks. However, the Protec line isn't sold in the US. Older Abloy lines are decent, but it would take far less time for a pro to pick them open. There are other high security locks out there, and one can read from a lock site what the weaknesses are of each of them.
Nothing is 100% secure. If some thief is determined enough to bypass something, they can.
Lastly, high security locks just one tool, in a toolbox of security options. If its worth locking with a high security cylinder, its worth having a centrally monitored alarm system (with a duress code [2] option.)
[1]: Biaxial isn't that much more secure than the original Medeco, but it allows for (IIRC) 10 times as many key combinations, allowing for more flexible keying options.
[2]: Yes, home invasions are on the rise, so make sure an alarm system has a duress feature (where it disarms, but silently calls the central station)... and USE the alarm. If at home, use the alarm's "at home" feature which monitors the doors and windows, but doesn't arm the IR detectors. A high security lock is no good when it is opened by the owner at gunpoint.
There is another reason too, and one that is a major factor of why Windows is a corporate staple: Due diligence with corporate regulations.
Windows is certified, both in FIPS and Common Criteria. This allows corporate legal, should something happen, show the auditors, press, and possibly law enforcement (as some SOX or HIPAA violations mean prison time) documentation that every piece of the system, from the OS on up, is certified secure.
Few operating systems have these certifications other than Windows. Solaris, AIX, and HP-UX do, because it costs a lot of cash to pass the OS in front of certifying bodies for approval. Even fewer operating systems intended for the desktop have this.
Redhat does. This positions Redhat in a place that very few desktop operating systems are qualified (and this is not a technical or quality item, but a presence/absence of very expensive papers with signatures. I'm pretty sure that any UNIX variant out there can easily qualify for FIPS 141-1 certification.) Apple states on their website (http://www.apple.com/itpro/federal/) that they have Common Criteria validation, but FIPS certification is still in the works. Even though pretty much any UNIX based OS can technically support FIPS, its having the certification that is critical, so companies can show to their internal auditors (and the SEC) that due diligence is being followed.
Regardless of which distribution of Linux people advocate, having another option on corporate desktops is a plus for everybody.
Because Word, since Office XP, supports signing of documents via client certificates (you can download one free from Comodo, or pay a small fee from Verisign for one), I always sign both PDF files and .doc files I send out. I also password the documents so they are read-only (using a randomly generated password for each document.) This slows down people trying to rebrand my resume. No, its not 100% foolproof, but it does stop the muckety mucks who can open and save in MS word, but little else.
Volume shadow copies and snapshotting since Windows 2003 is one of its best features. No, its not a new technology, because NetApp had it on its servers for a decade, but its an extremely useful feature to have, especially for servers with user directories on them, as users, if they delete or maul one of their critical files, they can restore it back to a known good point and time without needing to put in a helpdesk ticket.
I'm pretty sure ODF isn't dying. Correct me if I'm wrong, but I'm pretty sure that Office 2007 natively (or with a plugin available from MS's website) supports ODF as a native format to save and open from, just like you can specify that Word uses .doc instead of .docx.
IMHO, ODF is far from being dead.
http://support.microsoft.com/lifecycle/?LN=en-us&x =8&y=10&p1=3223
Mainstream support stops on 4/14/2009
Extended support goes out the door 4/8/2014
Agreed here. Its less of a specific issue with Vista specifically, but the cost of migrating to a new platform.
For example, Windows 2008, even though it is still a beta, is remarkably stable. However, it can have 99.99999999 percent uptime, but because it is a distinct platform change (with additions to the Active Directory schema), I would deploy it over a period of time, in slow, reversible steps, so a glitch on the migration does not affect E-mail, or the ability for employees to log on.
This platform migration is an issue with any OS. AIX 4 to AIX 5, Solaris 9 to 10, etc. In a production environment, its better safe than sorry, so going slow on major OS migrations is a plus.
I do think in the long run, Vista and Windows 2008 will be an asset to both businesses and individual users. The protected mode functionality of IE 7 (this functionality is only in Vista, IE7 on XP doesn't have this) is well thought out, and unless malware finds a way of duping the user to add sites to the Trusted sites list (and disabling protected mode), it will be difficult for bad software to get out of the sandbox. The new domain functionality is a plus too, as an administrator can push out a policy blocking outgoing port 25 on all boxes but the mail server, ensuring that a spam from an infected Vista machine doesn't even get on the network.
All and all, Vista is an improvement over XP (IMHO of course), but its going to take a year or two for hardware to catch up to it.
Shotguns fall under the category of LARTs, and we all know how useful LARTs are.
Windows Automotive is Microsoft's entry into the car OS field. Its not XP or Vista based, but based on Windows CE, pretty much a totally different OS (intended for embedded use), only sharing the name Windows.
IMHO, its not too bad, Windows CE is maturing and is standing up well to the test of time, so Windows Automotive 5.0 shouldn't be as bad as people think. However, time will tell. Also, Windows Automotive doesn't appear to be for the critical controls of a car (if stuff is drive-by-wire), but more for powering and controlling the car's gadgets (radio, A/C.) For critical control of a vehicle, I'd much rather go with an embedded OS that has done its time in life safety areas(Green Hills Integrity RTOS for example)
Maybe this is something MS should look into (and I'm not being sardonic, as any research in this field where even a single bug can kill or cause tremendous damage is good research), making a version of Windows CE that is intended for safety applications.
If the cryptochip automatically encrypted all I/O to and from the flash memory, storing the actual key in an area easily overwritten a ton of times the instant its tamper detection circuitry noticed something awry, I can see the data being secure, and resistant to someone reading it off device.
However, until there is a way to enter the password that is not on the physical host, I'm not sure what security this provides (other than being allowed to run as a non admin user) over TrueCrypt in Traveller mode.
If the Ironkey had some type of PINpad integrated into itself, then it would have some decent security, where the host, no matter how compromised it may be, could not intercept the password entered onto it.
This is something that I wonder about too. The reason why most people end up using backup systems without encryption is because very few backup programs offer it. For example, bru at best uses encryption between network nodes, but I saw no mention of it using encryption to store the data on the backup media. The only real commercially available solutions that sport encryption are high end solutions like TSM, Networker, or ArcServe, and a relative few Windows based programs like Retrospect and Backup Exec offer it. There are a few programs on the Linux side like Amanda/Zmanda that offer it, but it seems to be not an integral part, just passing data to gpg.
Of course, one can roll their own solution by piping tar or dd through some utility that takes stdin, encrypts it, and passes it to stdout, but in a number of businesses (especially ones subject to SOX, HIPAA, and other regs), one needs to have solutions that are commercial, mainly for CYA/"due diligence" reasons, so one can point fingers at a vendor should something go wrong. gpg is an excellent program and highly secure, but in a lot of environments, programs like that have to pass certifications (FIPS, Common Criteria) to make auditors (and sometimes the SEC) happy, and regardless of how really secure an app is, if it doesn't have the certifications, it is legally risky to use.
I think every backup program from GNU tar on up should have some facility built in for at least AES-128 encryption, and preferably AES-256. However, since this isn't the case, the next best thing is to use something like EncFS so filesystems can be dumped to tape exactly as they are present on the hard disk, but still be encrypted securely. (There is block/device level encryption obviously, but when backing up, one still ends up with plaintext files unless one backs up the whole encrypted image). On the Windows side, at least there are a few utilities like Retrospect available that have had encryption built in for 15+ years. (Retrospect originally started out as a backup program for the Mac in 1989, and was the only one at the time that offered true DES encryption.)
I use encryption for exactly what the parent poster described. On my laptop, why allow what would be "just" a hardware theft with use of encryption turn into a hardware, data, and possibly identity theft? This is why I use some form of whole disk encryption (BestCrypt Volume encryption, PGP WDE, WinMagic MySecureDoc, etc.)
There is a definite need for encryption, and more than just the tired (and flawed) logic of "hiding from forensics", or "hiding illegal stuff" that a lot of people state.
For most companies, physical theft of equipment or media is a valid concern. For example, if someone steals a backup tape that is part of an encrypted backup set (or storage pool, depending on the terminology of the backup system), the company owning the tape can hire some private investigators to quietly hunt down the tape. Without encryption, it can mean serious losses (or prison time)if the info on the tape was any way sensitive, and SOX, HIPAA, or other corporate regulations get violated.
If there is a solid encryption system [1] in place, there isn't anything wrong with this at all, (although a service like Iron Mountain would be the best.)
Encrypted backups are not hard to do, although its not in that many backup programs on the Windows side (unless you go to Networker or Tivoli Storage Manager) support solid encryption. The main one that does support encryption is EMC/Insignia's Retrospect on the Windows side, and Arkeia on the UNIX side.
[1]: A solid encryption system is not just clicking a checkbox that says "backup will be encrypted", and typing in a password on two blank fields, but knowing who has access to what passwords, and preferably having it that the guy who has the encryption keys or passwords is not the same guy in physical custody of the tapes 24/7, assuming a large company.
You have a point. Iron Mountain tape vaulting is not a bank breaking service, and one can keep a provable (read: CYA) chain of custody trail of tape media with them.
I just don't get why companies/organizations don't use a service like this in the first place.
Now, if AMD/ATI can get open source drivers out that support the card's features reliably, this will be a big gain.
I liked the 1998-1997 Thunderbird. Yes, it was a larger car, but it was perfect for people who wanted a two-door coupe that had decent performance, but could do the daily stuff too, like sticking the kid in the back, groceries, and other everyday stuff. The redesigned 2002-2005 was pretty nice, but it seemed to me more of a toy car than anything else, trying to appeal to a market segment that other companies like BMW, Mercedes, Lexus, Acura, and even Lincoln have locked down.
I think Ford would be well served with a larger two door coupe, because it does fill in a niche -- cool car, but yet able to do the needs of a family.
This is something where I agree 100%. Unless the Vista machine is on a domain, someone who is bored and has physical access can play guess the password on all the users showing.
At least in XP, one can disable the user Welcome screen and go back to the Windows 2000 username/password dialog.
Are any companies selling flash hard disks in a 2.5" or even a 3.5" SATA or ATA form factor retail, or is it an OEM-only product? Other than IBM selling a 15.8 gig drive for around a grand, I've seen a few companies that I've never heard of before selling these, but that seems to be basically it.
One hop proxies are good enough for browsing, when I'm on a questionable wireless link. However, I dislike the fact that Anonymizer requires special software to use. There are a couple of other proxy services which allow for stunnel, VPN, ppp over ssh, or other protocols.
Special software that is closed source is just too fishy for me.
I delete the directory that the Flash player stores its shared objects in, and create a file with the exact same name. Now, Flash works normally, but sites that try to store persistant stuff when they shouldn't are totally blocked from doing so.