All it takes is one ad server where the owners don't care what code some client uploads, and it means massive, almost instantaneous infections. With IP limiting tools, it could be a targeted attack from a direction that is relatively unexpected.
Next to the excellent suggestions of the parent, I would also recommend 1-2 additions:
If possible, run your Web browsing as a non-admin user, and switch to the admin user when needed. This adds one additional layer.
Of course, the best thing is to use some form of virtualization so that malware doesn't ever get to touch bare metal. Even though they have happened, exploits that allow malware to leak out of a VM tend to be rare. In fact, the norm should be to run as little on bare metal as possible, but in the real world, that isn't doable for more than web browsing.
It isn't just Lenovo. On most major brands of PC laptops, there is a BIOS setting that once set, can't be unset, which either enables LoJack for Laptops permanently, or permanently disables it. If it is set, it will always load the LoJack executables when Windows is installed, even if the hard disk is blank and the install media is clean.
Of course, this is a mechanism that can be both used for good or ill... I wouldn't be surprised to see BIOS attacks that allow an attacker to flash a Trojan dropper which will always be present even on a reinstall with the only fix being either a firmware upgrade (if the attacker didn't already block that), or replacement hardware. The only real way to prevent it is to virtualize everything, with the bare metal OS as thin as possible [1].
[1]: Would be nice to see something like VMWare ESXi, except with the ability to use the console graphically, one step up from a dumb terminal.
You can see this with tower defense games before and after IAP was put in. Before, they had varying difficulty levels and were tuned to be solvable.
After IAP, the games are tuned at a far higher difficulty level, expecting people to buy new towers, buy extra points for powerups, or pay money so they don't have to wait a few hours before trying again.
This is true with other genres. Bejeweled has morphed to Candy Crush Saga so losing a game goes from starting over to having to pay money, beg friends to play on Facebook, or wait a time period.
Games as a genre have changed too, where items like playing video poker, slots, and other gambling simulations have become popular. The main reason is that animating a one armed bandit is relatively cheap compared to trying to do a decent innovative game, or even a run of the mill tower defense game. Plus, people will pay for the virtual currency used.
Of course, new IP is hard to come by. This seems to be a mirror of the gaming industry as a whole, where the focus isn't on generating new content, but monetizing the same tired, old IP that was in games last year. Instead of a new Call of Duty game, it is another app doing the same thing, except with more demands for IAP, and more attempts to download and copy the user's data for "market research" purposes.
At first, I was thinking it was along the lines of "create a root key, push the key out to all machines in the domain as a trusted item, use WSUS or SCCM to push out a package. However, this attack only requires control of the WSUS server.
What is a workaround? Probably the usual common sense. Put WSUS on its own VM or machine, restrict RDP access into the box to a management network, enable Windows Firewall, have multiple WSUS machines [1] for separation, so one hacked box in receiving won't hose finance, and so on.
Unlike SCCM/SCOM/SCVMM, the WSUS box tends to be something that is just left forgotten, oftentimes just set to "approve all", or just used to log in to release patches.
[1]: Bonus points if the machines have backend LUNs that deduplicate so that all the files stashed on the multiple WSUS instances don't take up that much space.
There are a lot of tools you can use to help with capacity, be it VM farms, SANs/NASes, cloud providers, chassis/blades. Only a few points of advice:
1: Everyone will sell their product as the silver hammer, where each target is a nail. The VNX guys will sell their SAN as a be all and end all, even if you just use CIFS/SMB. The security vendor will be selling you exotic appliances for encryption for your tape silos. The PC guy will be selling you tons of 1U racks and try to convince you that the onboard drive array is better than a SAN if they don't have a SAN product, otherwise, how slick their HBAs work when used with their SAN.
2: Don't forget security. It may be cheaper to have one VM cluster for everything, but it be wiser to keep one client's hyper-sensitive stuff on one VMWare datacenter [1], while the other client who is running some backend stuff for an app would be in a different container.
3: Before committing to purchase something, grab manuals and documentation, and read on the device. You might find it doesn't do what you want. Don't forget to take into account type of I/O and other items. I have had to deal with a terabyte/hour of random writes, and the only solution for that was going with either a caching HBA that had that much SSD so it would turn the random writes into an easy to digest sequential stream for the SAN, or go pure SSD. Sequential I/O is a lot easier and a lot cheaper to deal with than random I/O. Similar with I/O that is often cached versus I/O that never is reused.
[1]: A datacenter is a VMWare object type. Can't vMotion across it, and is intended to provide distinct separation between items.
The ideal would be to not use a bitmap, but store some type of hash with a salt, as well as a part of the hashed value coming from a secure key store, for example sha3 (regular_nonce + fingerprint bitmap + nonce_stashed_in_secure_storage) . This means that if the hash was pulled off the phone, there is no way that it would be usable on other media.
If the bitmap -had- to be decrypted, again, it should be either encrypted and the key stashed in a protected part of the system, or at the minimum, encrypted by the user's PIN/password that is used when the device is first unlocked after a reboot.
It is good to have to know what is coming your way sooner or later:
1: Storage Spaces Direct -- interesting feature where you hook up machines with JBOD drives, and let Windows handle not just drive arrays locally, but on multiple nodes, so all the machines present one volume, with redundancy so if a node or drive fails, the volume keeps running. Sort of like Isilon OneFS, but without InfiniBand [1].
2: Guarded machines, shielded VMs. Basically a way to have BitLocker/TPM protection on virtual machines and provide physical protection. Interesting concept, and is good enough to allow a Hyper-V cluster on a remote site where there are no admins.
3: Multipoint users. This is basically similar concept of different terminals in X-windows (where multiple users can have keyboards and monitors on one machine.) However, MS is working on improving VDI support, so this can be useful.
4: Windows Server Antimalware. Does it provide security? Not to 0-days. Does it check off that damned box that every auditor demands? Yes. So, you don't have to worry if a server has the latest company antivirus utility anymore.
The Hyper-V advances are interesting and worth taking a look at, especially coupled with AVMA [2].
As for using it as a desktop OS... W2016 is what Windows 10 should have been. No, it does not install a GUI completely by default... but it is easily added as a feature. Once installed, it is how Windows should be, without the nonsense. If you want a user account, you create it yourself and assign it what privs it should have.
[1]: InfiniBand really kills the deal, because what makes the EMC offering so good is the fact that disk I/O will come from a fast source in the node cluster regardless of which physical drive it lives on. Without that and "just" an Ethernet switch, Storage Spaces Direct will be a lot less dlower.
[2]: Put a generic license code in, and VMs will auto-activate for 7 days under Hyper-V.
The HTC M8 and M9 came with SDxC card slots, and they are quite happy with 128 GB cards.
However, these are their flagship, top dollar phones, so the license for exFAT is probably baked in somewhere for the device cost, or perhaps amortized against their entire lineup. Similar with the patent license for Android's parts that Microsoft holds. As for exFAT, it runs as a native filesystem under Linux, and not through FUSE.
Since the Linux kernel is still GPL v2.0 licensed, having a binary blob as a filesystem is just fine. A lot of companies have their own vendor-specific code sans source on the Linux platform.
If a cheap smartphone has a SDxC slot, for most things, it will do just as well as a flagship phone for a lot of people.
All and all, smartphone prices are lower than they were about 8-10 years ago, when a high end HTC Windows Mobile phone (HTC Athena for example) would run you $1200, and that with a two year plan on top of it.
With phones starting to hit the "good enough" market point like how desktops and laptops have done, I wouldn't be surprised to see Android as an OS adapt to this in the next year or so, evolving to try to bring more to lower-tier hardware with 512 megs of RAM and at most 8 GB of storage (including apps.)
Of course, people will want the latest and greatest, but the last round of updates for phones was for pay functionality, which is used by a few people, but for the masses, generally not bothered with as opposed to sliding a credit card through the machine.
I wonder if a $200 phone will wind up being the new normal. In this market, with people paying full price for the phone up front, I wouldn't be surprised if ZTE or Huawei becomes the popular makes of devices as opposed to HTC, Samsung, or Apple.
The same advice was given to me back when MS-DOS and Windows was king. Make utilities, not games. A game only has a small chance of making it big, and even then, you have to make sure to keep your market share or else someone will make a clone and grab it all, like how Candy Crush took over Bejeweled's market niche.
Utilities, on the other hand, tend to have a long tail. They may not be blockbusters, but they can be a constant, reliable source of income. For example, Raymond Lau's StuffIt for the Mac is still kicking, similar with WinRAR. Make sure that your utility is in its own territory, and doesn't fall completely within another group, as there are plenty of unarchivers.
There are plenty of niches for a utility these days written for smartphones or tablets... a few examples:
1: PGP/gpg encrypting/decrypting and key management. Yes, there are other utilities out there, but using iOS's KeyChain or Android's KeyStore coupled with the fingerprinter scanner as a way to confirm signing/decryption once the key is unlocked is something not done yet. Using the OS to securely store keys isn't as secure as a HSM, but it is far better than just leaving them sitting on a drive or filesystem, even if they are encrypted.
2: An implementation of PhonebookFS. That way, the same directory on a cloud provider can have many different layers of files, and even if all the layers are known, there is still chaff for plausible deniability.
3: A utility that archives loads of files to Amazon Glacier (preferably with some sort of encryption.) It also would retain a robust index, so if a file needs retrieved, it can be gotten with as little data having to be downloaded as possible.
4: A utility similar to #3, but can work with any offline media, so if one is using the program on a computer, it can burn DVDs, and keep an index to find files (with their creation times) no matter where they are. The only thing similar would be Retrospect, but they have very limited support for optical drives, and zero support for USB BD-R drives.
5: A superset of utility #3 and 4, but is able to cycle and copy files automatically to new media every so often (and cloud providers can be considered media). This way, something sitting on a corner of hard drive forgotten eventually winds up being copied onto newer media, to minimize the chances of bit rot and time killing the data. Error correction records and redundancy are important as well. Pretty much a "meta" zpool scrub that would occasionally prompt for offline media, check and copy it somewhere.
6: A utility that does a share split of a public key among peers/clients of the app. This would either expire access to a file (where requests for a key would be declined after a time/date), or deny access before a certain point in time. Because it is distributed, an attacker would have to create a bunch of nodes that hopefully are the ones chosen for stashing the pieces of the decryption key.
This would allow one to guarantee that data is expired and inaccessible after a time (financial/hospital archives) as well as ensure data that should not be seen until a future time is kept secure.
7: A duress mode utility that can do proper notifications and shutdowns if triggered.
tl;dr... there is a lot more for app writing than just trying to get a game out.
On a real note, it is an interesting application using a bunch of small form factor servers. I wonder if there is a switch between each of the nodes, so they can communicate between each other faster than 1-10GB.
It is a tough choice. Build in your own PDF viewer, or use an existing one that pops up security holes now and then. In general, the built in ones have far fewer features, so there are fewer security holes.
Chrome is better at this because it does more compartmentalization than Firefox. Firefox runs plugins in a separate process, but that is about the extent of the isolation they get, while Chrome runs everything in separate tasks, and you can even kill them in the browser.
The only real long term solution is to have the OS cooperate with the browser, and completely isolate each individual browser tab (not just a lower security context, but filesystem and other space), so a rogue process is well isolated. That, and focus on not requiring third-party programs for Web content.
Because everything, across the board, is being slammed hard, be it BIOS/EFI firmware, holes like F0 0F in the CPU, open source items, closed source items, IoT devices, you name it... the amount of attacks have risen in number and sophistication by an extreme.
A lot of them have wound up as niche items, a sub base good enough to keep the lights on and updates coming, but not blockbuster hits.
EVE still is pretty popular. It may not get the front page press as of now, but there are people throwing $1500 in Plex, selling that for ISK, and getting their alts skilled enough to pilot a Titan or two.
As virtualization makes it easier to run servers on less hardware, it may only take a few machines to run an entire MMO farm these days. Even the old separation of the core server and zone server can be easily kept by having a vSwitch, or if it requires it, be on a blade/enclosure system with a fast backbone.
As far as what I've seen, EQ1 still has a bigger playerbase than EQ2.
I do agree things are stagnant. EQ:Next is sort of dead in the water, with a part of it being like Minecraft but with better graphics.
The only real MMO that looks promising is Pantheon: Rise of the Fallen, but I am worried they are wanting to re-create EQ1, but not factor in that most subscribers have jobs and other things to tend to, and can't really sit LFG until asked to join a group in a dungeon, then grind for 4-8 hours. It does have some promise though, as something more challenging than just tapping a rotation endlessly [1].
[1]: I'd love to see a MMO that has some skill involved, and not just tapping the exact rotation of stuff that the local theorycraft states. The closest to this is probably Rift, where for one boss, every character doing DPS might want to load a melee damage spec, then for the boss that spins around in a circle with his insta-death ray, people switch to doing all ranged DPS. For the boss that makes you run around all the time, you switch to a spec with a melee pet, so you have constant DPS on the boss no matter how you run. Of course, for the boss that pulses an insta-kill that you can't run away from, you switch to a spec that saves you from a death-blow. EQ1 and EQ2 used to be about preparing beforehand, finding potions, buffs, and other things, even if items only made a single percentage point of difference. Now, it is pretty much arcade action with no real thought or pre-planning.
PvE: Rift is not too bad. It doesn't have flight which causes people not to pick up the game, but it has a lot of features and ways to advance (PvE, PvP, groups, IAs, raids, solo quests, crafting quests, etc.) What I like about Rift is the customization aspect. You can't just read a site like Icy Veins, copy down the class, spec, and keys to use in a rotation, and expect to go far. Yes, there are predefined Rift templates available, but being able to switch between specs to handle various bosses is the difference between loot and wipes. You can buy some lower tier gear on the market, but for real stuff, it still is earned.
EQ and EQ2 are also good. Neither has stuff on the marketplace (other than XP potions) that allow someone to "P2W".
When I get bored with Rift, I may try DDO or Neverwinter. DDO is more "pay currency for each thing", and Neverwinter is more "pay currency for a cool mount or a pet". Both games are chugging along, so they must be doing something right. Same with LOTRO.
Hell, DAoC is still limping along, and just had some life breathed into it.
If you want PvP, UO-style, no rules, no holds barred, full loot, Darkfall comes to mind.
IBM POWER7 and POWER8 have a feature called Turbo Cores. This turns off half the cores on the CPU, but allowed the cores that are on to use the caches of the ones not in use. It also allows for a higher clock speed to be used.
The reason for this feature is exactly as mentioned above -- Oracle (and Sybase) licensing. Say you have a box with 128 cores in it. You have to pay not just for what cores are in use, but what cores can -possibly- be used for the database. Turn off Turbo Cores... double your licensing fees.
Intel and AMD chips have something similar, but those just switch off the cores... but don't allow the cores in use to use the resources of the ones that are offline.
Of course, MS is there in the wings, making a killing with their product that isn't cheap, but has a different license model.
I'm concerned about this being a double edged sword. A "security update" can be something to get rid of root or harden the bootloader against the user just as much as something to block a remote attack. Heck, a "security update" could also bring along bloatware with it.
The good thing about Android is that you can replace most components. I've moved to Dolphin Browser, which works well, and has a good choice of extensions. Hangouts gets replaced by a secure SMS application. Even the launcher gets tossed and replaced by Nova Launcher.
The only real app that I cannot find a replacement for is the default mail one, as it works well with both Exchange (mail, calendaring, contacts, tasks), and IMAP.
I've looked at an off grid cabin for weekend vacations. A few portable propane cylinders would cover the fridge (assuming a pound/liter of LP gas a day), and it would also cover a water heater.
Solar wouldn't be cheap, but for a few thousand, I could place a number of solar panels, have them feed in via 1-2 decent MPPT controllers into a set of AGM batteries (so watering the batteries isn't an issue), then have a decent PSW inverter coming off for use. Because lead-acid batteries destroy themselves if they go under 50% SoC, take the expected ampere-hours you plan to use, and double it, at the least. This would easily handle almost anything but heating/cooling and the well pump (which can use 1500-2000 watts each.)
The trick with the well pump and an off-grid cabin, would be to run a generator so the pump can move water into an above ground storage tank 250-2500 gallons, then from there, a much smaller pump that runs from 12 volts can pump water from the tank into the cabin.
Of course, come Texas summers, that is what a generator is for on a weekend basis. I can get 8-20 hours of use from three gallons of gasoline in a 3000 watt Yamaha inverter generator, and for a small cabin, a 10k BTU A/C is more than enough to cool it down, assuming some semblance of insulation [1]. As an added bonus, with a converter (rectifier), it is a way to help keep the batteries topped off if the panels can't keep up with use.
Disclaimer: This is a vacation cabin. For a real house, it would cost over $40,000 for a solar panel setup that can handle the amp draw of the well pump and the A/C.
Of course, there are other items like waste water (I like using a cassette toilet and having cartridges on hand, since those can be dumped down the commode safely and legally once back home, and gray water can be filtered and recycled in a settling tank so it doesn't destroy the ground around it.)
[1]: Ironic thing is that if solar panels are mounted with air space between them and the rest of the roof, they function as shade, doing a decent job at keeping the place cooler, even though the panels are likely at around 150 degrees (66 degrees C) on a hot day.
Early inkjet printers basically did this. The ink bottle was replaceable, but what ended up happening is that the nozzles got easily clogged, so a number of printer makers went with replaceable ink reservoir/nozzle assemblies. Similar with laser printers which had separate toner/drum parts, but eventually, those were merged into one unit, so all consumables were in one unit.
I'd just be happy with larger ink cartridges. It is sad how few milli-liters most cartridges have, and when one weighs the cartridge full, before loading, and empty, it drives the point home.
I've been using ad-blocking extensions for 10+ years... I've found that blocking ads is a lot more useful than any AV program (barring Malwarebytes which actually blocks by IP) ever can do.
Toss a VM/sandbox into the mix, and security is decent. Not 100%, but good enough to resist most attacks.
Holo storage was supposed to be out back in 1991-1992 (Tamarak), then about 10 years later, InPhase supposedly had a drive for it, but never made it to the market (IIRC).
Would be nice if that technology would get off the ground, but so far, it has been nothing but vapor. I would wager Half Life 3 comes out well before then.
Slashdot Mirror
All it takes is one ad server where the owners don't care what code some client uploads, and it means massive, almost instantaneous infections. With IP limiting tools, it could be a targeted attack from a direction that is relatively unexpected.
Next to the excellent suggestions of the parent, I would also recommend 1-2 additions:
If possible, run your Web browsing as a non-admin user, and switch to the admin user when needed. This adds one additional layer.
Of course, the best thing is to use some form of virtualization so that malware doesn't ever get to touch bare metal. Even though they have happened, exploits that allow malware to leak out of a VM tend to be rare. In fact, the norm should be to run as little on bare metal as possible, but in the real world, that isn't doable for more than web browsing.
It isn't just Lenovo. On most major brands of PC laptops, there is a BIOS setting that once set, can't be unset, which either enables LoJack for Laptops permanently, or permanently disables it. If it is set, it will always load the LoJack executables when Windows is installed, even if the hard disk is blank and the install media is clean.
Of course, this is a mechanism that can be both used for good or ill... I wouldn't be surprised to see BIOS attacks that allow an attacker to flash a Trojan dropper which will always be present even on a reinstall with the only fix being either a firmware upgrade (if the attacker didn't already block that), or replacement hardware. The only real way to prevent it is to virtualize everything, with the bare metal OS as thin as possible [1].
[1]: Would be nice to see something like VMWare ESXi, except with the ability to use the console graphically, one step up from a dumb terminal.
You can see this with tower defense games before and after IAP was put in. Before, they had varying difficulty levels and were tuned to be solvable.
After IAP, the games are tuned at a far higher difficulty level, expecting people to buy new towers, buy extra points for powerups, or pay money so they don't have to wait a few hours before trying again.
This is true with other genres. Bejeweled has morphed to Candy Crush Saga so losing a game goes from starting over to having to pay money, beg friends to play on Facebook, or wait a time period.
Games as a genre have changed too, where items like playing video poker, slots, and other gambling simulations have become popular. The main reason is that animating a one armed bandit is relatively cheap compared to trying to do a decent innovative game, or even a run of the mill tower defense game. Plus, people will pay for the virtual currency used.
Of course, new IP is hard to come by. This seems to be a mirror of the gaming industry as a whole, where the focus isn't on generating new content, but monetizing the same tired, old IP that was in games last year. Instead of a new Call of Duty game, it is another app doing the same thing, except with more demands for IAP, and more attempts to download and copy the user's data for "market research" purposes.
At first, I was thinking it was along the lines of "create a root key, push the key out to all machines in the domain as a trusted item, use WSUS or SCCM to push out a package. However, this attack only requires control of the WSUS server.
What is a workaround? Probably the usual common sense. Put WSUS on its own VM or machine, restrict RDP access into the box to a management network, enable Windows Firewall, have multiple WSUS machines [1] for separation, so one hacked box in receiving won't hose finance, and so on.
Unlike SCCM/SCOM/SCVMM, the WSUS box tends to be something that is just left forgotten, oftentimes just set to "approve all", or just used to log in to release patches.
[1]: Bonus points if the machines have backend LUNs that deduplicate so that all the files stashed on the multiple WSUS instances don't take up that much space.
There are a lot of tools you can use to help with capacity, be it VM farms, SANs/NASes, cloud providers, chassis/blades. Only a few points of advice:
1: Everyone will sell their product as the silver hammer, where each target is a nail. The VNX guys will sell their SAN as a be all and end all, even if you just use CIFS/SMB. The security vendor will be selling you exotic appliances for encryption for your tape silos. The PC guy will be selling you tons of 1U racks and try to convince you that the onboard drive array is better than a SAN if they don't have a SAN product, otherwise, how slick their HBAs work when used with their SAN.
2: Don't forget security. It may be cheaper to have one VM cluster for everything, but it be wiser to keep one client's hyper-sensitive stuff on one VMWare datacenter [1], while the other client who is running some backend stuff for an app would be in a different container.
3: Before committing to purchase something, grab manuals and documentation, and read on the device. You might find it doesn't do what you want. Don't forget to take into account type of I/O and other items. I have had to deal with a terabyte/hour of random writes, and the only solution for that was going with either a caching HBA that had that much SSD so it would turn the random writes into an easy to digest sequential stream for the SAN, or go pure SSD. Sequential I/O is a lot easier and a lot cheaper to deal with than random I/O. Similar with I/O that is often cached versus I/O that never is reused.
[1]: A datacenter is a VMWare object type. Can't vMotion across it, and is intended to provide distinct separation between items.
Wonder what the patch is:
The ideal would be to not use a bitmap, but store some type of hash with a salt, as well as a part of the hashed value coming from a secure key store, for example sha3 (regular_nonce + fingerprint bitmap + nonce_stashed_in_secure_storage) . This means that if the hash was pulled off the phone, there is no way that it would be usable on other media.
If the bitmap -had- to be decrypted, again, it should be either encrypted and the key stashed in a protected part of the system, or at the minimum, encrypted by the user's PIN/password that is used when the device is first unlocked after a reboot.
From what I've seen, it does the same behavior as previous iterations of Windows Server.
If MS forced updated on WS customers, there would be pain, because almost all companies have a test, then release to production process for fixes.
Of course, you can have everything auto install by installing WSUS, auto-approve all updates.
Windows Server 2016 doesn't have the capability to use wireless NICs out of the box. It is installed as a feature.
It is good to have to know what is coming your way sooner or later:
1: Storage Spaces Direct -- interesting feature where you hook up machines with JBOD drives, and let Windows handle not just drive arrays locally, but on multiple nodes, so all the machines present one volume, with redundancy so if a node or drive fails, the volume keeps running. Sort of like Isilon OneFS, but without InfiniBand [1].
2: Guarded machines, shielded VMs. Basically a way to have BitLocker/TPM protection on virtual machines and provide physical protection. Interesting concept, and is good enough to allow a Hyper-V cluster on a remote site where there are no admins.
3: Multipoint users. This is basically similar concept of different terminals in X-windows (where multiple users can have keyboards and monitors on one machine.) However, MS is working on improving VDI support, so this can be useful.
4: Windows Server Antimalware. Does it provide security? Not to 0-days. Does it check off that damned box that every auditor demands? Yes. So, you don't have to worry if a server has the latest company antivirus utility anymore.
The Hyper-V advances are interesting and worth taking a look at, especially coupled with AVMA [2].
As for using it as a desktop OS... W2016 is what Windows 10 should have been. No, it does not install a GUI completely by default... but it is easily added as a feature. Once installed, it is how Windows should be, without the nonsense. If you want a user account, you create it yourself and assign it what privs it should have.
[1]: InfiniBand really kills the deal, because what makes the EMC offering so good is the fact that disk I/O will come from a fast source in the node cluster regardless of which physical drive it lives on. Without that and "just" an Ethernet switch, Storage Spaces Direct will be a lot less dlower.
[2]: Put a generic license code in, and VMs will auto-activate for 7 days under Hyper-V.
The HTC M8 and M9 came with SDxC card slots, and they are quite happy with 128 GB cards.
However, these are their flagship, top dollar phones, so the license for exFAT is probably baked in somewhere for the device cost, or perhaps amortized against their entire lineup. Similar with the patent license for Android's parts that Microsoft holds. As for exFAT, it runs as a native filesystem under Linux, and not through FUSE.
Since the Linux kernel is still GPL v2.0 licensed, having a binary blob as a filesystem is just fine. A lot of companies have their own vendor-specific code sans source on the Linux platform.
If a cheap smartphone has a SDxC slot, for most things, it will do just as well as a flagship phone for a lot of people.
All and all, smartphone prices are lower than they were about 8-10 years ago, when a high end HTC Windows Mobile phone (HTC Athena for example) would run you $1200, and that with a two year plan on top of it.
With phones starting to hit the "good enough" market point like how desktops and laptops have done, I wouldn't be surprised to see Android as an OS adapt to this in the next year or so, evolving to try to bring more to lower-tier hardware with 512 megs of RAM and at most 8 GB of storage (including apps.)
Of course, people will want the latest and greatest, but the last round of updates for phones was for pay functionality, which is used by a few people, but for the masses, generally not bothered with as opposed to sliding a credit card through the machine.
I wonder if a $200 phone will wind up being the new normal. In this market, with people paying full price for the phone up front, I wouldn't be surprised if ZTE or Huawei becomes the popular makes of devices as opposed to HTC, Samsung, or Apple.
The same advice was given to me back when MS-DOS and Windows was king. Make utilities, not games. A game only has a small chance of making it big, and even then, you have to make sure to keep your market share or else someone will make a clone and grab it all, like how Candy Crush took over Bejeweled's market niche.
Utilities, on the other hand, tend to have a long tail. They may not be blockbusters, but they can be a constant, reliable source of income. For example, Raymond Lau's StuffIt for the Mac is still kicking, similar with WinRAR. Make sure that your utility is in its own territory, and doesn't fall completely within another group, as there are plenty of unarchivers.
There are plenty of niches for a utility these days written for smartphones or tablets... a few examples:
1: PGP/gpg encrypting/decrypting and key management. Yes, there are other utilities out there, but using iOS's KeyChain or Android's KeyStore coupled with the fingerprinter scanner as a way to confirm signing/decryption once the key is unlocked is something not done yet. Using the OS to securely store keys isn't as secure as a HSM, but it is far better than just leaving them sitting on a drive or filesystem, even if they are encrypted.
2: An implementation of PhonebookFS. That way, the same directory on a cloud provider can have many different layers of files, and even if all the layers are known, there is still chaff for plausible deniability.
3: A utility that archives loads of files to Amazon Glacier (preferably with some sort of encryption.) It also would retain a robust index, so if a file needs retrieved, it can be gotten with as little data having to be downloaded as possible.
4: A utility similar to #3, but can work with any offline media, so if one is using the program on a computer, it can burn DVDs, and keep an index to find files (with their creation times) no matter where they are. The only thing similar would be Retrospect, but they have very limited support for optical drives, and zero support for USB BD-R drives.
5: A superset of utility #3 and 4, but is able to cycle and copy files automatically to new media every so often (and cloud providers can be considered media). This way, something sitting on a corner of hard drive forgotten eventually winds up being copied onto newer media, to minimize the chances of bit rot and time killing the data. Error correction records and redundancy are important as well. Pretty much a "meta" zpool scrub that would occasionally prompt for offline media, check and copy it somewhere.
6: A utility that does a share split of a public key among peers/clients of the app. This would either expire access to a file (where requests for a key would be declined after a time/date), or deny access before a certain point in time. Because it is distributed, an attacker would have to create a bunch of nodes that hopefully are the ones chosen for stashing the pieces of the decryption key.
This would allow one to guarantee that data is expired and inaccessible after a time (financial/hospital archives) as well as ensure data that should not be seen until a future time is kept secure.
7: A duress mode utility that can do proper notifications and shutdowns if triggered.
tl;dr... there is a lot more for app writing than just trying to get a game out.
VM farm seedlings, I take it?
On a real note, it is an interesting application using a bunch of small form factor servers. I wonder if there is a switch between each of the nodes, so they can communicate between each other faster than 1-10GB.
It is a tough choice. Build in your own PDF viewer, or use an existing one that pops up security holes now and then. In general, the built in ones have far fewer features, so there are fewer security holes.
Chrome is better at this because it does more compartmentalization than Firefox. Firefox runs plugins in a separate process, but that is about the extent of the isolation they get, while Chrome runs everything in separate tasks, and you can even kill them in the browser.
The only real long term solution is to have the OS cooperate with the browser, and completely isolate each individual browser tab (not just a lower security context, but filesystem and other space), so a rogue process is well isolated. That, and focus on not requiring third-party programs for Web content.
Because everything, across the board, is being slammed hard, be it BIOS/EFI firmware, holes like F0 0F in the CPU, open source items, closed source items, IoT devices, you name it... the amount of attacks have risen in number and sophistication by an extreme.
A lot of them have wound up as niche items, a sub base good enough to keep the lights on and updates coming, but not blockbuster hits.
EVE still is pretty popular. It may not get the front page press as of now, but there are people throwing $1500 in Plex, selling that for ISK, and getting their alts skilled enough to pilot a Titan or two.
As virtualization makes it easier to run servers on less hardware, it may only take a few machines to run an entire MMO farm these days. Even the old separation of the core server and zone server can be easily kept by having a vSwitch, or if it requires it, be on a blade/enclosure system with a fast backbone.
As far as what I've seen, EQ1 still has a bigger playerbase than EQ2.
I do agree things are stagnant. EQ:Next is sort of dead in the water, with a part of it being like Minecraft but with better graphics.
The only real MMO that looks promising is Pantheon: Rise of the Fallen, but I am worried they are wanting to re-create EQ1, but not factor in that most subscribers have jobs and other things to tend to, and can't really sit LFG until asked to join a group in a dungeon, then grind for 4-8 hours. It does have some promise though, as something more challenging than just tapping a rotation endlessly [1].
[1]: I'd love to see a MMO that has some skill involved, and not just tapping the exact rotation of stuff that the local theorycraft states. The closest to this is probably Rift, where for one boss, every character doing DPS might want to load a melee damage spec, then for the boss that spins around in a circle with his insta-death ray, people switch to doing all ranged DPS. For the boss that makes you run around all the time, you switch to a spec with a melee pet, so you have constant DPS on the boss no matter how you run. Of course, for the boss that pulses an insta-kill that you can't run away from, you switch to a spec that saves you from a death-blow. EQ1 and EQ2 used to be about preparing beforehand, finding potions, buffs, and other things, even if items only made a single percentage point of difference. Now, it is pretty much arcade action with no real thought or pre-planning.
PvE: Rift is not too bad. It doesn't have flight which causes people not to pick up the game, but it has a lot of features and ways to advance (PvE, PvP, groups, IAs, raids, solo quests, crafting quests, etc.) What I like about Rift is the customization aspect. You can't just read a site like Icy Veins, copy down the class, spec, and keys to use in a rotation, and expect to go far. Yes, there are predefined Rift templates available, but being able to switch between specs to handle various bosses is the difference between loot and wipes. You can buy some lower tier gear on the market, but for real stuff, it still is earned.
EQ and EQ2 are also good. Neither has stuff on the marketplace (other than XP potions) that allow someone to "P2W".
When I get bored with Rift, I may try DDO or Neverwinter. DDO is more "pay currency for each thing", and Neverwinter is more "pay currency for a cool mount or a pet". Both games are chugging along, so they must be doing something right. Same with LOTRO.
Hell, DAoC is still limping along, and just had some life breathed into it.
If you want PvP, UO-style, no rules, no holds barred, full loot, Darkfall comes to mind.
IBM POWER7 and POWER8 have a feature called Turbo Cores. This turns off half the cores on the CPU, but allowed the cores that are on to use the caches of the ones not in use. It also allows for a higher clock speed to be used.
The reason for this feature is exactly as mentioned above -- Oracle (and Sybase) licensing. Say you have a box with 128 cores in it. You have to pay not just for what cores are in use, but what cores can -possibly- be used for the database. Turn off Turbo Cores... double your licensing fees.
Intel and AMD chips have something similar, but those just switch off the cores... but don't allow the cores in use to use the resources of the ones that are offline.
Of course, MS is there in the wings, making a killing with their product that isn't cheap, but has a different license model.
I'm concerned about this being a double edged sword. A "security update" can be something to get rid of root or harden the bootloader against the user just as much as something to block a remote attack. Heck, a "security update" could also bring along bloatware with it.
The good thing about Android is that you can replace most components. I've moved to Dolphin Browser, which works well, and has a good choice of extensions. Hangouts gets replaced by a secure SMS application. Even the launcher gets tossed and replaced by Nova Launcher.
The only real app that I cannot find a replacement for is the default mail one, as it works well with both Exchange (mail, calendaring, contacts, tasks), and IMAP.
That is a double edged sword. Security patches only is one thing. Security patches plus bloatware that can't be disabled... I'll pass.
Of course, the ideal would be if CM would get OTA updates, since it is is one of the best ROMs to be using on an Android device anyway.
I've looked at an off grid cabin for weekend vacations. A few portable propane cylinders would cover the fridge (assuming a pound/liter of LP gas a day), and it would also cover a water heater.
Solar wouldn't be cheap, but for a few thousand, I could place a number of solar panels, have them feed in via 1-2 decent MPPT controllers into a set of AGM batteries (so watering the batteries isn't an issue), then have a decent PSW inverter coming off for use. Because lead-acid batteries destroy themselves if they go under 50% SoC, take the expected ampere-hours you plan to use, and double it, at the least. This would easily handle almost anything but heating/cooling and the well pump (which can use 1500-2000 watts each.)
The trick with the well pump and an off-grid cabin, would be to run a generator so the pump can move water into an above ground storage tank 250-2500 gallons, then from there, a much smaller pump that runs from 12 volts can pump water from the tank into the cabin.
Of course, come Texas summers, that is what a generator is for on a weekend basis. I can get 8-20 hours of use from three gallons of gasoline in a 3000 watt Yamaha inverter generator, and for a small cabin, a 10k BTU A/C is more than enough to cool it down, assuming some semblance of insulation [1]. As an added bonus, with a converter (rectifier), it is a way to help keep the batteries topped off if the panels can't keep up with use.
Disclaimer: This is a vacation cabin. For a real house, it would cost over $40,000 for a solar panel setup that can handle the amp draw of the well pump and the A/C.
Of course, there are other items like waste water (I like using a cassette toilet and having cartridges on hand, since those can be dumped down the commode safely and legally once back home, and gray water can be filtered and recycled in a settling tank so it doesn't destroy the ground around it.)
[1]: Ironic thing is that if solar panels are mounted with air space between them and the rest of the roof, they function as shade, doing a decent job at keeping the place cooler, even though the panels are likely at around 150 degrees (66 degrees C) on a hot day.
Early inkjet printers basically did this. The ink bottle was replaceable, but what ended up happening is that the nozzles got easily clogged, so a number of printer makers went with replaceable ink reservoir/nozzle assemblies. Similar with laser printers which had separate toner/drum parts, but eventually, those were merged into one unit, so all consumables were in one unit.
I'd just be happy with larger ink cartridges. It is sad how few milli-liters most cartridges have, and when one weighs the cartridge full, before loading, and empty, it drives the point home.
I've been using ad-blocking extensions for 10+ years... I've found that blocking ads is a lot more useful than any AV program (barring Malwarebytes which actually blocks by IP) ever can do.
Toss a VM/sandbox into the mix, and security is decent. Not 100%, but good enough to resist most attacks.
Holo storage was supposed to be out back in 1991-1992 (Tamarak), then about 10 years later, InPhase supposedly had a drive for it, but never made it to the market (IIRC).
Would be nice if that technology would get off the ground, but so far, it has been nothing but vapor. I would wager Half Life 3 comes out well before then.