Oracle has a SAN (well, SAN/NAS) offering which does similar with a rack of ports/HBAs that were configurable, assuming the right SFP was present. Want FC? Got it. iSCSI? Yep. FCoE? Yep. Want to just share a NFS backing store on a LAG for a VMWare backing store. Easy doing.
The price wasn't that shocking either. It wasn't dirt cheap like a Backblaze storage pod, but it was reasonable, especially with SSD available and autotiering.
There were two forks coming from TC. CipherShed was another, but it hasn't been updated since pre-alpha, so it is probably good to pronounce it dead, so VeraCrypt is arguably the successor for TrueCrypt as of now.
If I were only worrying about Linux, I'd either use LUKS or perhaps a filesystem based encryption process like EncFS. EncFS doesn't provide as much protection (it does let an attacker know file sizes in a directory), but it is definitely a lot more flexible, and the encrypted files can be backed up and restored with ease.
The stego capabilities of Tomb are interesting. The print to QR code for backups for keys is also much appreciated.
For me, what is important in a TrueCrypt replacement is cross-platform compatibility. I could create a TC volume on a NAS with a Windows box, mount and toss some files into it with my Linux machine, then mount it on a Mac (obviously, not having multiple machines mounting it at the same time) for more items. VeraCrypt has kept this, and has added the ability to use TC volumes under W8.1, a long needed feature (well, if you want to actually see more than a permissions denied error, that is.)
I do think it is interesting how Tomb allows one to hide a key within pictures.
Of course, what would be nice for a unique encryption program would be something along the lines of PhonebookFS. Based on EncFS, it allows one to use multiple keys to mount a directory, each key showing a different group of files (called layers). In that directory are random, "chaff" files, just to keep people from guessing the contents of the directory by file sizes. The advantage of this system is that plausible deniability is always present.
I do applaud anyone who takes the "cypherpunks write code" motto to heart and actually writes something to benefit the community.
I recall reading around 2012, Japanese researchers getting similar results on this study. It is good it is confirmed... but not groundbreaking research by any means.
I do agree that it isn't a remote root shell hole, but it can be combined with something like the SSH brute force vulnerability or another attack that can execute shell commands as an unfettered user... and then the box is compromised.
The good thing is that Macs have functionality similar to SELinux as well as sandbox capabilities via the App Sandbox. This should be something used by all programs whenever possible, since it allows the OS to isolate the program from the rest of the filesystem and OS, helping mitigate a compromised program.
Hopefully Apple can issue a fix in a short amount of time, because this is an easy exploit to use, and combined with something like a broken Java variant, could be used via the Web browser to hijack the entire box.
Websites existed well before ads came around. There are other models to make revenue, be it subscriptions, microtransaction based clearinghouses [1], grants, or other ways.
People are inventive. The Internet as we know it would survive if all the third party behavioral monitoring, tracking, ad-slinging, and shovelware/malware companies took a powder.
[1]: None of these solutions are perfect, but the current ad model can be abused as well.
The ad industry is a bubble. Look at the clickbait ads pushed at you constantly. Obama's HARP, reverse mortgages, asking how much your car is worth, "free" [1] $100 Amazon gift cards. Programs that are dodgy at best. "criminal background checks" that demand a ton of your info... then want $35-50 for the check. Yes, there are a few relevant items, but most presented are at best dodgy.
What they are selling are not ads. They are selling the data that gets slurped off your phone or computer, which is why browser fingerprinting, supercookies, add-ons galore, and other stuff are the norm. The ads are secondary to watching what the person is doing, 24/7.
[1]: TANSTAAFL. I read the T&C on a "free" offer, and it required subscribing to three different things on a gold/silver/bronze level, as well as many other hoops to jump through before you would even be considered for the card.
You pretty much nailed it. The good thing is that we have plenty of tools to help with compartmentalizing info, to the point where it is almost surprising to see them not used.
If it comes to a pissing contest of users versus IT security, the users will eventually win, either by cunning, or just telling PHBs they can't do their jobs... and if it is a guy out of sales who is making the numbers, the PHBs will listen to that guy almost certainly, since they view security has having no ROI, but the "quarterback" making the "touchdowns" is earning real money for the company. In the past, one could scare management by pointing out Sarbanes-Oxley laws, but those are pretty much not enforced (well, unless one is fishing over their bag limit and decides to hide their caught grouper), so that argument tends not to have teeth these days.
Realistically, IT needs to do like plumbers, electricians, and HVAC tradespeople: They need licensing across the board with a vendor independent group doing the licensing.
Certs in plumbing would be like a PVC company having tests to see how good a plumber is at gluing their pipes together. Does it matter in plumbing overall, such as selecting the rise and tilt of pipes so poop runs downhill? Nope.
Similar if certs were similar for electricians. Square D could make certs for their circuit breakers and boxes, but does that mean an electrician knows not to run 440 three-phase through a set of nipple clamps? Nope.
They are not really worthless. They get you in the door and past HR, as "CCIE ID #12345" is a lot better on a resume than "Cisco fabric experience". Similar with RHCE ID "111-1111" as opposed to "I know Linux". From there, you now have access to the tech people, which without the certs, you wouldn't even been allowed near them.
There are also jobs that require certs on the job. I worked at one place that had auditors that did spot checks, and one's certs lapsed, the IT person would be fired on the spot and escorted off the premises for something along the lines of "failure to maintain proper training for the equipment used."
No, certs don't substitute for experience, but a cert gets you in the door, far more than "gee, I learn quick."
The article didn't describe what type of spirits, so I'm assuming the type that most sysadmins are familiar with... and I am pretty sure that dropping a high ABV drink down a computer's vent or on top of a printer will do bad things to it.
My recommendation to protect computer stuff from spirits: Put a tray outside the server room and stick up a "no open alcoholic containers" sign on the door. This way, if someone needs to tipple at work, they can still leave their bottle of vodka in the incoming cold air duct, but at least don't spill it on any items inside.
Have to agree here. Lot of people appreciate/. being up and going.
One can armchair quarterback and talk about how corruption wouldn't happen with this filesystem or this SAN, but corruption and problems happen no matter what the platform.
I will add another voice into this list in agreement. The problem is that what is needed is so vague.
There is just no way to recommend hardware. Do you need a lord-king-God-Almighty interconnect backbone switch between all nodes so they can push 40 gigs/sec between each other? A blade/enclosure is a must. Do you need I/O performance above all else, or CPU performance? It might be cheaper to buy a ton of 1U ProLiant G7s with HBAs[1] and 10GigE cards.
Oracle RAC? Again, need a hefty SAN connection, perhaps with a beefy HBA that has up to a terabyte of temporary storage which can help deal with heavy I/O for the active/active needs.
What is your SAN topology like, or do you even have a SAN, as Windows Server 2016 Storage Spaces Direct is being readied as a SAN alternative, provided the links between each of the machines is fast. (The ideal would be InfiniBand... but for the fastest speed, it may wind up being 10GigE.)
Then comes software. Throwing ESXi on the entire cluster will make life a lot easier than spinning up, updating, and wiping bare metal OS installs. However, virtualization does come at a slight performance price and a hefty licensing price.
If I had to recommend hardware for the OP's project, there is no way I can even point in a usable direction, and one mistake can be disasterous when it comes to time/money.
[1]: HBA as in fiber channel or Ethernet CNA. Whatever your heart desires. If you have fiber channel switches, even old 8G fiber channel will handle more than most operating systems can chug out.
With all the Android phones out, why can't we get one that is actually worth the cost, and not just a run of the mill device? For example:
A vape stick + a phone. Since the vape battery has a lot of amp-hours, might as well have a phone built in.
A phone made by a musical instrument company should be up to snuff for musicians. For example, it would have a beefed up DAC, at least 128-256 gigs of storage (or at the minimum, two MicroSDxC ports with 16-128 GB of base internal storage), FLAC, and bundled with some high-quality, name-brand apps for basic mixing/mastering/recording. Maybe even have more than one USB slot so the phone can function with a breakout box as a decent recorder, with the breakout box having a tube or two as well as a good DAC/ADC pair.
Commodore's smartphone should not just have some apps to emulate the PET, but perhaps come with a breakout box that can actually allow for a monitor and keyboard. Even better would be functionality like the Atrix, a docking station and a Linux distro for better desktop emulation.
There are ways to have a generic Android phone and build on it. Vertu makes money hand over fist selling smartphones for insane prices, and bundling concierge service at the press of a button.
It can be done. For every firm that hits the news, there are plenty that thwart attacks, but attacks repelled don't make the news.
Take one large, recent breach as an example. If they had any type of lockout or alerting protection on their Active Directory service accounts, the brute force on their AD accounts would have been stopped in its tracks. In fact, the AD default is a 20 minute lockout every few bad guesses.
Target and others would have the attacks stopped cold by an IDS/IPS. No, these are not cheap, but neither are losses due to stolen credit cards, and an IDS/IPS is part of the PCI-DSS3 spec, so not having one can get a business's merchant account yanked. This is the cost of doing business.
Security isn't rocket science. Physical security is well tested and does a decent job from all but armed robbers, and it just takes the same mindset of setting the alarm to go off when the last authorized employee leaves the store at night, having this apply to network protection.
There are also advances in the server room which can make it attractive to focus on moving data in-house. Denser blade/enclosure chassis come to mind. I won't be surprised to see variants on HP's Moonshot with 45 blades in a 5U chassis, future models perhaps sporting liquid cooling, with a dedicated radiator/fan/heat exchanger. Even though Moore's Law has slowed, it still is going fairly strong, and the computers that we will be stuffing in racks in five years will have at least 4-8 times the transistors as the ones we have now.
VDI and remote access isn't standing still either. By allowing for -access- to the data via an application, but blocking access to the machines, this creates another security barrier. Again, not a 100% thing, but it is significant enough to reduce attacks, since sensitive data would be fenced in.
Cloud computing isn't going to disappear. It has its place. However, a business pays for servers, either by buying the physical machines and stuffing them in the data center, or renting usage via a cloud provider. Another downside is that cloud computing (or more specifically cloud storage) requires high bandwidth WAN connections, which can get expensive. A data center can rely mainly on LAN bandwidth which can be a lot cheaper. Smaller businesses can be better off with cloud solutions, but larger businesses may benefit by keeping everything in-house.
[1]: Going on the security tangent, I will toss one thing out that just might help security in general which might be added on in the next few years: Add a time value. A restaurant doesn't need the same physical protection at 12:00 noon as they do at 12:00 AM when nobody is in the store. Same with stores and businesses and their network connections. If a store is closed for the night, their subnets should be isolated from the Internet for everything but security patches, alarms/traps, and other essential communication.
Take a law firm. Unless there is an exception, their individual partner offices, floor, and entire building is locked at night. This should be the same with networks. If nobody is needing access, and exceptions are in place for remote use, then why should there be any Internet access (in/out) when nobody is there? Assuming the blackhats are attacking evenly 24/7, by cutting network access to say, 0700 to 1900, it means that half the attacks mounted against the network would fail.
I wonder if we will see a swing from cloud computing back to a central managed system, similar to the mainframe concept (first go around), XStations (second go around), JavaSations (third go around), except using VDI and a remote desktop protocol, where the computer on the desk mainly is there to run remote apps, and instead of the apps being on the cloud, they would be moved back to the central datacenter for security reasons.
I have a feeling we will be seeing some major breaches, perhaps a cloud provider getting nailed, divulging a lot of personal and private info. Because of this, I wouldn't be surprised to see a return to having a core data center and all assets going behind the glass walls, especially if insurance companies start dropping coverage if a company doesn't toe the line on regulations, or regulators start doing more than slap-on-the-wrist fines.
Will a move back to keeping the data in one place, and using the next generation of terminals be a mainstay in IT? Not 100%, but a possibility.
I was wondering that too. A cashless economy only makes one more dependent on banks because if the card doesn't work, one is SOL.
BitCoin is another alternative... but it requires Internet access or else one is at risk of being the victim of double-spending, and to be really sure, one needs the entire blockchain (going on 40+ gigs.)
Were I worried about banks, I'd be doing what our ancestors did almost a century ago -- getting cash out and stashing the currency in mattresses. However, no currencies today are backed by precious metals, so even with this, it might mean one has a bunch of wads of toilet paper instead of a currency that is usable.
DES did serve its purpose, and I'm surprised it has lasted as long as it has without a real break. 3DES is still usable and secure, although the world is slowly moving to 256 bit encryption algos from 128 bit ones.
These days, if one was wanting to be sure about encrypted data, it might be best to use a cascade, similar to what TrueCrypt does. AES, Threefish, and Serpent would be ideal, since Threefish doesn't use S-Boxes, Serpent has the best security margin of all the former AES candidates, and AES is... well, the standard for the market.
I like the idea of a smartphone maker paying the devs over at CyanogenMod a fee to write a rev tailed for them, and let CM guys do the writing, while the smartphone maker just has to do a "blessing" of a release.
Win for everyone, as once the phone is obsolete, it still gets support and updates.
Other than YaST, unless something has changed, SuSE is a downstream RedHat distribution, and about a month ago, RedHat started producing their ARM-64 port.
I wonder what Novell will be adding to the mix. Just by adding SuSE and having the OS tested for Common Criteria, FIPS, and other compliance items will help get it in the door, although ARM servers are still an odd man out in the enterprise, for the most part.
If Commodore wanted to make a smartphone that ran Android, they should have gotten a decent vaping device and added the phone to that. That way, one can have their vape stick and text in one unit (due to the large battery required.)
Nostalgia is nice, but Commodore is 25-30 year old technology. Trying to capitalize on people wanting to rehash C64 and Amiga days is like trying to stoke the demand for Vanilla Ice or MC Hammer albums... a few people might buy it, but definitely not millenials, and just that segment of the market isn't going to be viable for the long haul.
There are still places for a company to eke out a market share and have their fan base, especially one that still has name recognition as Commodore. A few examples:
1: Car audio heads. Even the meth-heads don't bother breaking into cars to snag a radio these days. This is an area where the market is stagnant.
2: Vaping, perhaps as described above. Even now, the market is growing.
3: Music industry. Selling the "emulator of emulators" which is licensed to do everything from a Leslie speaker to the old "Orbit the Dance Planet" type "ROMplers". Stuff that used to take a full rack back in the 1990s, with a skumorphic interface as an option. Want an Akai synth? Can be used, with a virtual switching center. Want tube sound? The device would have an option to actually have a vacuum tube or two and a pair of DACs/ADCs.
4: Vertical markets. There are a lot of markets out there that might require some digging.
Of course, they can watch Kickstarter, and if a project is really, really cool... make an offer and buy the people out, and have something what people want.
Deep Freeze is a usable solution. In fact, if one runs a school lab, library computers, or others where there are multiple people using the boxes, Deep Freeze is the only way to keep sane.
The reason I didn't mention it is that if I'm using a virtual machine, the VM software (be it Hyper-V, VirtualBox, VMWare, or something else) handles snapshot rollbacks in a fairly easy manner. For example, VMWare Workstation can configure VMs to drop all changes when they are shut down.
Another reason is ease of use. DeepFreeze is all or nothing, while running the browser in a VM or sandbox means I can be doing other tasks where persistant changes are useful at the time.
Definitely an option though, and it can be argued that if one didn't mind taking time to thaw their machine, do application and system updates, then flip it back to freeze mode, using a separate partition for documents, this would be a useful and secure way of doing things.
I might be totally off base, but I wonder about a program like TeamViewer or LogMeIn. If the security trade-off is acceptable, that might be an alternative to trying to create VPNs.
That would be the best of all worlds. I find it ironic that Iran can go forward with working reactors and cutting-edge technology, while the US still is stuck with 70+ year old reactor tech.
Slashdot Mirror
Oracle has a SAN (well, SAN/NAS) offering which does similar with a rack of ports/HBAs that were configurable, assuming the right SFP was present. Want FC? Got it. iSCSI? Yep. FCoE? Yep. Want to just share a NFS backing store on a LAG for a VMWare backing store. Easy doing.
The price wasn't that shocking either. It wasn't dirt cheap like a Backblaze storage pod, but it was reasonable, especially with SSD available and autotiering.
There were two forks coming from TC. CipherShed was another, but it hasn't been updated since pre-alpha, so it is probably good to pronounce it dead, so VeraCrypt is arguably the successor for TrueCrypt as of now.
If I were only worrying about Linux, I'd either use LUKS or perhaps a filesystem based encryption process like EncFS. EncFS doesn't provide as much protection (it does let an attacker know file sizes in a directory), but it is definitely a lot more flexible, and the encrypted files can be backed up and restored with ease.
The stego capabilities of Tomb are interesting. The print to QR code for backups for keys is also much appreciated.
For me, what is important in a TrueCrypt replacement is cross-platform compatibility. I could create a TC volume on a NAS with a Windows box, mount and toss some files into it with my Linux machine, then mount it on a Mac (obviously, not having multiple machines mounting it at the same time) for more items. VeraCrypt has kept this, and has added the ability to use TC volumes under W8.1, a long needed feature (well, if you want to actually see more than a permissions denied error, that is.)
I do think it is interesting how Tomb allows one to hide a key within pictures.
Of course, what would be nice for a unique encryption program would be something along the lines of PhonebookFS. Based on EncFS, it allows one to use multiple keys to mount a directory, each key showing a different group of files (called layers). In that directory are random, "chaff" files, just to keep people from guessing the contents of the directory by file sizes. The advantage of this system is that plausible deniability is always present.
I do applaud anyone who takes the "cypherpunks write code" motto to heart and actually writes something to benefit the community.
I recall reading around 2012, Japanese researchers getting similar results on this study. It is good it is confirmed... but not groundbreaking research by any means.
I do agree that it isn't a remote root shell hole, but it can be combined with something like the SSH brute force vulnerability or another attack that can execute shell commands as an unfettered user... and then the box is compromised.
The good thing is that Macs have functionality similar to SELinux as well as sandbox capabilities via the App Sandbox. This should be something used by all programs whenever possible, since it allows the OS to isolate the program from the rest of the filesystem and OS, helping mitigate a compromised program.
Hopefully Apple can issue a fix in a short amount of time, because this is an easy exploit to use, and combined with something like a broken Java variant, could be used via the Web browser to hijack the entire box.
Websites existed well before ads came around. There are other models to make revenue, be it subscriptions, microtransaction based clearinghouses [1], grants, or other ways.
People are inventive. The Internet as we know it would survive if all the third party behavioral monitoring, tracking, ad-slinging, and shovelware/malware companies took a powder.
[1]: None of these solutions are perfect, but the current ad model can be abused as well.
The ad industry is a bubble. Look at the clickbait ads pushed at you constantly. Obama's HARP, reverse mortgages, asking how much your car is worth, "free" [1] $100 Amazon gift cards. Programs that are dodgy at best. "criminal background checks" that demand a ton of your info... then want $35-50 for the check. Yes, there are a few relevant items, but most presented are at best dodgy.
What they are selling are not ads. They are selling the data that gets slurped off your phone or computer, which is why browser fingerprinting, supercookies, add-ons galore, and other stuff are the norm. The ads are secondary to watching what the person is doing, 24/7.
[1]: TANSTAAFL. I read the T&C on a "free" offer, and it required subscribing to three different things on a gold/silver/bronze level, as well as many other hoops to jump through before you would even be considered for the card.
You pretty much nailed it. The good thing is that we have plenty of tools to help with compartmentalizing info, to the point where it is almost surprising to see them not used.
If it comes to a pissing contest of users versus IT security, the users will eventually win, either by cunning, or just telling PHBs they can't do their jobs... and if it is a guy out of sales who is making the numbers, the PHBs will listen to that guy almost certainly, since they view security has having no ROI, but the "quarterback" making the "touchdowns" is earning real money for the company. In the past, one could scare management by pointing out Sarbanes-Oxley laws, but those are pretty much not enforced (well, unless one is fishing over their bag limit and decides to hide their caught grouper), so that argument tends not to have teeth these days.
Realistically, IT needs to do like plumbers, electricians, and HVAC tradespeople: They need licensing across the board with a vendor independent group doing the licensing.
Certs in plumbing would be like a PVC company having tests to see how good a plumber is at gluing their pipes together. Does it matter in plumbing overall, such as selecting the rise and tilt of pipes so poop runs downhill? Nope.
Similar if certs were similar for electricians. Square D could make certs for their circuit breakers and boxes, but does that mean an electrician knows not to run 440 three-phase through a set of nipple clamps? Nope.
They are not really worthless. They get you in the door and past HR, as "CCIE ID #12345" is a lot better on a resume than "Cisco fabric experience". Similar with RHCE ID "111-1111" as opposed to "I know Linux". From there, you now have access to the tech people, which without the certs, you wouldn't even been allowed near them.
There are also jobs that require certs on the job. I worked at one place that had auditors that did spot checks, and one's certs lapsed, the IT person would be fired on the spot and escorted off the premises for something along the lines of "failure to maintain proper training for the equipment used."
No, certs don't substitute for experience, but a cert gets you in the door, far more than "gee, I learn quick."
The article didn't describe what type of spirits, so I'm assuming the type that most sysadmins are familiar with... and I am pretty sure that dropping a high ABV drink down a computer's vent or on top of a printer will do bad things to it.
My recommendation to protect computer stuff from spirits: Put a tray outside the server room and stick up a "no open alcoholic containers" sign on the door. This way, if someone needs to tipple at work, they can still leave their bottle of vodka in the incoming cold air duct, but at least don't spill it on any items inside.
Have to agree here. Lot of people appreciate /. being up and going.
One can armchair quarterback and talk about how corruption wouldn't happen with this filesystem or this SAN, but corruption and problems happen no matter what the platform.
I will add another voice into this list in agreement. The problem is that what is needed is so vague.
There is just no way to recommend hardware. Do you need a lord-king-God-Almighty interconnect backbone switch between all nodes so they can push 40 gigs/sec between each other? A blade/enclosure is a must. Do you need I/O performance above all else, or CPU performance? It might be cheaper to buy a ton of 1U ProLiant G7s with HBAs[1] and 10GigE cards.
Oracle RAC? Again, need a hefty SAN connection, perhaps with a beefy HBA that has up to a terabyte of temporary storage which can help deal with heavy I/O for the active/active needs.
What is your SAN topology like, or do you even have a SAN, as Windows Server 2016 Storage Spaces Direct is being readied as a SAN alternative, provided the links between each of the machines is fast. (The ideal would be InfiniBand... but for the fastest speed, it may wind up being 10GigE.)
Then comes software. Throwing ESXi on the entire cluster will make life a lot easier than spinning up, updating, and wiping bare metal OS installs. However, virtualization does come at a slight performance price and a hefty licensing price.
If I had to recommend hardware for the OP's project, there is no way I can even point in a usable direction, and one mistake can be disasterous when it comes to time/money.
[1]: HBA as in fiber channel or Ethernet CNA. Whatever your heart desires. If you have fiber channel switches, even old 8G fiber channel will handle more than most operating systems can chug out.
With all the Android phones out, why can't we get one that is actually worth the cost, and not just a run of the mill device? For example:
A vape stick + a phone. Since the vape battery has a lot of amp-hours, might as well have a phone built in.
A phone made by a musical instrument company should be up to snuff for musicians. For example, it would have a beefed up DAC, at least 128-256 gigs of storage (or at the minimum, two MicroSDxC ports with 16-128 GB of base internal storage), FLAC, and bundled with some high-quality, name-brand apps for basic mixing/mastering/recording. Maybe even have more than one USB slot so the phone can function with a breakout box as a decent recorder, with the breakout box having a tube or two as well as a good DAC/ADC pair.
Commodore's smartphone should not just have some apps to emulate the PET, but perhaps come with a breakout box that can actually allow for a monitor and keyboard. Even better would be functionality like the Atrix, a docking station and a Linux distro for better desktop emulation.
There are ways to have a generic Android phone and build on it. Vertu makes money hand over fist selling smartphones for insane prices, and bundling concierge service at the press of a button.
It can be done. For every firm that hits the news, there are plenty that thwart attacks, but attacks repelled don't make the news.
Take one large, recent breach as an example. If they had any type of lockout or alerting protection on their Active Directory service accounts, the brute force on their AD accounts would have been stopped in its tracks. In fact, the AD default is a 20 minute lockout every few bad guesses.
Target and others would have the attacks stopped cold by an IDS/IPS. No, these are not cheap, but neither are losses due to stolen credit cards, and an IDS/IPS is part of the PCI-DSS3 spec, so not having one can get a business's merchant account yanked. This is the cost of doing business.
Security isn't rocket science. Physical security is well tested and does a decent job from all but armed robbers, and it just takes the same mindset of setting the alarm to go off when the last authorized employee leaves the store at night, having this apply to network protection.
There are also advances in the server room which can make it attractive to focus on moving data in-house. Denser blade/enclosure chassis come to mind. I won't be surprised to see variants on HP's Moonshot with 45 blades in a 5U chassis, future models perhaps sporting liquid cooling, with a dedicated radiator/fan/heat exchanger. Even though Moore's Law has slowed, it still is going fairly strong, and the computers that we will be stuffing in racks in five years will have at least 4-8 times the transistors as the ones we have now.
VDI and remote access isn't standing still either. By allowing for -access- to the data via an application, but blocking access to the machines, this creates another security barrier. Again, not a 100% thing, but it is significant enough to reduce attacks, since sensitive data would be fenced in.
Cloud computing isn't going to disappear. It has its place. However, a business pays for servers, either by buying the physical machines and stuffing them in the data center, or renting usage via a cloud provider. Another downside is that cloud computing (or more specifically cloud storage) requires high bandwidth WAN connections, which can get expensive. A data center can rely mainly on LAN bandwidth which can be a lot cheaper. Smaller businesses can be better off with cloud solutions, but larger businesses may benefit by keeping everything in-house.
[1]: Going on the security tangent, I will toss one thing out that just might help security in general which might be added on in the next few years: Add a time value. A restaurant doesn't need the same physical protection at 12:00 noon as they do at 12:00 AM when nobody is in the store. Same with stores and businesses and their network connections. If a store is closed for the night, their subnets should be isolated from the Internet for everything but security patches, alarms/traps, and other essential communication.
Take a law firm. Unless there is an exception, their individual partner offices, floor, and entire building is locked at night. This should be the same with networks. If nobody is needing access, and exceptions are in place for remote use, then why should there be any Internet access (in/out) when nobody is there? Assuming the blackhats are attacking evenly 24/7, by cutting network access to say, 0700 to 1900, it means that half the attacks mounted against the network would fail.
I wonder if we will see a swing from cloud computing back to a central managed system, similar to the mainframe concept (first go around), XStations (second go around), JavaSations (third go around), except using VDI and a remote desktop protocol, where the computer on the desk mainly is there to run remote apps, and instead of the apps being on the cloud, they would be moved back to the central datacenter for security reasons.
I have a feeling we will be seeing some major breaches, perhaps a cloud provider getting nailed, divulging a lot of personal and private info. Because of this, I wouldn't be surprised to see a return to having a core data center and all assets going behind the glass walls, especially if insurance companies start dropping coverage if a company doesn't toe the line on regulations, or regulators start doing more than slap-on-the-wrist fines.
Will a move back to keeping the data in one place, and using the next generation of terminals be a mainstay in IT? Not 100%, but a possibility.
I was wondering that too. A cashless economy only makes one more dependent on banks because if the card doesn't work, one is SOL.
BitCoin is another alternative... but it requires Internet access or else one is at risk of being the victim of double-spending, and to be really sure, one needs the entire blockchain (going on 40+ gigs.)
Were I worried about banks, I'd be doing what our ancestors did almost a century ago -- getting cash out and stashing the currency in mattresses. However, no currencies today are backed by precious metals, so even with this, it might mean one has a bunch of wads of toilet paper instead of a currency that is usable.
DES did serve its purpose, and I'm surprised it has lasted as long as it has without a real break. 3DES is still usable and secure, although the world is slowly moving to 256 bit encryption algos from 128 bit ones.
These days, if one was wanting to be sure about encrypted data, it might be best to use a cascade, similar to what TrueCrypt does. AES, Threefish, and Serpent would be ideal, since Threefish doesn't use S-Boxes, Serpent has the best security margin of all the former AES candidates, and AES is... well, the standard for the market.
I like the idea of a smartphone maker paying the devs over at CyanogenMod a fee to write a rev tailed for them, and let CM guys do the writing, while the smartphone maker just has to do a "blessing" of a release.
Win for everyone, as once the phone is obsolete, it still gets support and updates.
Other than YaST, unless something has changed, SuSE is a downstream RedHat distribution, and about a month ago, RedHat started producing their ARM-64 port.
I wonder what Novell will be adding to the mix. Just by adding SuSE and having the OS tested for Common Criteria, FIPS, and other compliance items will help get it in the door, although ARM servers are still an odd man out in the enterprise, for the most part.
Yet another smartphone?
If Commodore wanted to make a smartphone that ran Android, they should have gotten a decent vaping device and added the phone to that. That way, one can have their vape stick and text in one unit (due to the large battery required.)
Nostalgia is nice, but Commodore is 25-30 year old technology. Trying to capitalize on people wanting to rehash C64 and Amiga days is like trying to stoke the demand for Vanilla Ice or MC Hammer albums... a few people might buy it, but definitely not millenials, and just that segment of the market isn't going to be viable for the long haul.
There are still places for a company to eke out a market share and have their fan base, especially one that still has name recognition as Commodore. A few examples:
1: Car audio heads. Even the meth-heads don't bother breaking into cars to snag a radio these days. This is an area where the market is stagnant.
2: Vaping, perhaps as described above. Even now, the market is growing.
3: Music industry. Selling the "emulator of emulators" which is licensed to do everything from a Leslie speaker to the old "Orbit the Dance Planet" type "ROMplers". Stuff that used to take a full rack back in the 1990s, with a skumorphic interface as an option. Want an Akai synth? Can be used, with a virtual switching center. Want tube sound? The device would have an option to actually have a vacuum tube or two and a pair of DACs/ADCs.
4: Vertical markets. There are a lot of markets out there that might require some digging.
Of course, they can watch Kickstarter, and if a project is really, really cool... make an offer and buy the people out, and have something what people want.
Deep Freeze is a usable solution. In fact, if one runs a school lab, library computers, or others where there are multiple people using the boxes, Deep Freeze is the only way to keep sane.
The reason I didn't mention it is that if I'm using a virtual machine, the VM software (be it Hyper-V, VirtualBox, VMWare, or something else) handles snapshot rollbacks in a fairly easy manner. For example, VMWare Workstation can configure VMs to drop all changes when they are shut down.
Another reason is ease of use. DeepFreeze is all or nothing, while running the browser in a VM or sandbox means I can be doing other tasks where persistant changes are useful at the time.
Definitely an option though, and it can be argued that if one didn't mind taking time to thaw their machine, do application and system updates, then flip it back to freeze mode, using a separate partition for documents, this would be a useful and secure way of doing things.
I might be totally off base, but I wonder about a program like TeamViewer or LogMeIn. If the security trade-off is acceptable, that might be an alternative to trying to create VPNs.
That would be the best of all worlds. I find it ironic that Iran can go forward with working reactors and cutting-edge technology, while the US still is stuck with 70+ year old reactor tech.
Part of the agreement is that they hand over their spent fuel. My question... what do we do with it?