The funny thing is that back in the 80s, every company that used computers thought of this. Back then, diskettes and other media was notoriously unreliable, so even the accounting firm had a grandfather/father/son backup rotation system in place, with tapes/disks going somewhere offsite.
Sensitive data had some form of PW protection. Because someone had to have physical access, usually basic physical access controls worked. Then the fact that very often, the "computer" in use was a terminal, which likely would lock permanently after 3 missed passwords, didn't hurt either.
Now, it seems all those cautions get tossed out the window. I see companies considering RAID as backup (especially those who use their SAN for backup/archiving purposes), and assume that no intruder can get onto their SAN's management network.
This worked adequately... but the Sony hack changed things with the data being destroyed. Now, there is a good chance that after the intruders copy off the data, they will just log onto the SAN and purge things. A simple dropping of LUNs, then rebuilding all drives as one RAID array will ensure all data is overwritten and unrecoverable.
I am a strong advocate of offline media like tapes, mainly because it addresses the parent poster's two points:
1: LTO-4 and newer can be set with an encryption key on the tape drive itself (via SPIN/SPOUT), so if a cartridge falls of the back of the Iron Maiden truck, it can be treated as just a loss of a $10 tape.... with data well protected.
2: Just by being offline, it requires "boots on the ground" to destroy the media. An attacker can't just do a "rm -rf/" and destroy the entire business.
Yes, businesses can get destroyed by data loss. Texas Textbooks, around 20 years ago, used to be the top dog for student textbooks and items in Austin. Their main computer croaked... and the company went down for good with it due to the loss of payroll, accounts payable/receivable/sales info, inventory, and other items.
Stuxnet showed that line of thinking can be wrong. Even though the Internet has made it easy for attackers to do a lot of damage for relatively little work (compared to getting boots on the ground), one still needs defense in depth. All it takes is a MicroSD card gotten in or out of a secure facility.
Securing a task is one thing, but if the endpoint hardware is compromised on any level, nothing you can do higher up on the chain matters. This is the same reason why DRM tends to fail on the PC unless it uses a very elaborate system of obfuscation.
Yes, task security is important, but what the task depends on is also critical.
Take sending secure E-mail for instance. The task requires the computer, the storage medium, RAM, the CPU, and anything on the bus that can read/interfere with the encryption/decryption to be "clean". However, once the encrypted data is on the wire, the only real protection needed is to keep a bad guy from blocking packets, since they can't tamper with the contents.
This is a different task from sending normal E-mail, but both require the same security (clean endpoint) to function.
I wouldn't call it the "answer" to the Internet... but in a country like Cuba which can skip generations of technology (i.e. no worry about having a POTS infrastructure), it can provide reasonable services.
I consider this more of a Redbox-like service, except instead of DVDs, one is copying movies to a SD card to be consumed, which could be easily made into a kiosk. If the kiosk supported formatting the SD card, it would be a reasonably malware-free way to do that.
I am surprised this isn't done more often. Not just movies, but things like operating system ISOs, cumulative patch updates, applications, larger games like MMOs, and other items, this might be a useful future.
I can see Redbox making some money from a similar thing. Select movies, plug in a USB, SD, or MicroSD device, have it copy them, and go from there. Since there are already thorough DRM systems in place, the movies would expire after a time, and can easily be renewed via the Web (passing keys and licensing info is a lot less than the actual MPEG data). Bonus points where one obtain ISO images of an OS and all the latest patches.
The funny thing is that Apple doesn't play that much (it does a little with iAds) in the ad game... but among the big tech companies, they are by far the most profitable.
If the ad wars get too hot and heavy, with every new desktop computer winding up like a Bonzi-Buddy Windows ME box, there may just be a mass exodus to Macs. People in the past paid big bucks for an entry level desktop computer, and if driven to, they might do the same now, leaving the only people on the ad platforms the people who don't have the cash to buy stuff.
Stuff like this is why I wind up using Windows Server editions for my desktop OSes. W2016 has no GUI available on install (you can easily add it as a feature, but having it default to Server Core means a lot less stuff running out of the box.) That, and the fact that Windows Server editions also have a very functional backup program included.
Of course the downside is the cost, ($700 for the OEM version), but since I repurpose desktops as servers when I upgrade, it isn't too bad.
The second best of all worlds is the voicemail system at one place I was at. The VMs were handled just like E-mail messages with phone-number@voicemail.blah.com for the address. This way, they could be filtered. As an attachment, the message was included as a MP3 file and played.
This way, people like I mentioned who believe in clobbering people's VMs in hopes of a sale get the kibosh put on them, while calls from real customers and contacts get through easily.
Best of all worlds is if the messages were transcribed and the.MP3 file included, of course.
I use YouMail for exactly this reason. Someone calls, leaves a voicemail, it gets transcribed, and I see a text transcript of what they wrote. If I don't want to hear from them, I block them on the phone, and have Youmail ditch them, so they can't even leave a voice message.
The problem is that doesn't work sometimes. In fact, one vendor actually told me that he will keep contacting people until they buy something or block him because "all publicity is good publicity" and it gets his name and company in people's minds. In fact, he considers it his duty to keep on people until they block him. He compared himself to the GE burglar alarm sellers that might get 10,000 hang-ups, but out of that, he gets 100 buyers paying his living.
Thank $DEITY for hidden/blocked caller ID bans, and YouMail's caller ID ditching, so certain numbers can't even leave voice mails.
They need to look at their network's topology as well. One compromised network segment shouldn't allow an attacker complete and unfettered access to everything else.
WAN-wise, they should look at building something like SIPRNet or NIPRNet so as little traffic as possible is on the Internet, even flying over a VPN. The ideal is physically separate cables and leased lines, coupled with some form of IPSec so that it would be very difficult for someone to set up a rogue machine and attack that network. Long term, it might be wise to even consider a different protocol than IP just because it would make hidden routers or bridges a lot more difficult.
There are other tools that come to mind. App-V and Citrix for example, which would allow people to access and use an application, but not physically copy the data or access the OS directly on the application servers. Not a 100% solution, but it is a way to keep things separated.
Reversing this concept, there might be offices that need to have no machines on the Internet, but workers can use App-V, RDP, or Citrix to access a terminal server so they can browse the web on a virtual desktop that cannot access the physical internal machines.
There are a lot of security tools that are usable. VDI comes to mind as an extension to virtualization. Virtualization goes without saying because it separates what programs run on from the hardware, so if a VM is compromised, there is still a hypervisor to punch through before hardware can be re-flashed and attacked.
The trick is defense in depth, be it at the desktop level (for machines that are terminals used by numerous people, a utility like DeepFreeze is useful), at the network topo level (so a compromise in Receiving doesn't trash Finance), at the network appliance level, the server level, and of course, the HUMINT factor with policies, and physical security.
Isn't this something similar to a switching apparatus that Russia was working on, except with switching done by jets of water, where two jets would cancel each other out, creating a zero? I remember reading about half-adders done this way, as well as far more complex hydrofluidic building blocks.
One advantage of this form of switching is that it is EMP-proof (barring a blast that actually causes physical damage), something that has been the Achilles heel of almost all technology made today.
Very true. However, it is a karma thing, because it makes life easier for the person who is cleaning up the mess.
It also makes life easier when the next potential employer calls the previous employer for reference checking, and even though technically there is only a limited things that can be asked for, there are ways to communicate about people's performance (or lack of without worrying about a lawsuit. Silence is one way, or the statement "works well when supervised" is another.)
Since there may be legal items with just archiving a PST file and leaving it for a successor, it may take some time, but creating an internal wiki on a secure computer may be the best thing, even if it just is copying documents from E-mail attachments and throwing them in the wiki's file structure.
That is wise in any case. A machine running Windows Server 2003 is likely over the decade mark in age, and is a relative power hog compared to a modern server which can run the same OS [1] in a VM.
For optimal security, the parent has it right, but I'd also P2V the instance of WS2003, and put it in a VM with archive snapshots and vShield in place. (vShield is useful because it can catch rootkits that might hide from the client OS, but can't hide from a hypervisor.) Plus, on a VM server, the WS2003 instance can be easily placed behind firewall appliances (PfSense), as well as IDS/IPS appliances (Nagios comes to mind.)
[1]: This is assuming no legacy drivers locking the machine to W2003. If this is the case, the machine should be treated as an insecure appliance and well firewalled, if not air-gapped.
A good example of this is what my dash cam has on video: The light changed, a subcompact stopped at an intersection. It got rear-ended by a larger vehicle, pushed in the intersection, and then got hit again.
Where I live, the subcompact's insurance is responsible for the wreck, even though the vehicle's owner/operator had nothing to do with the collision.
So, even with self-driving cars and a 100% [1] wreck avoiding rate, insurance will still be needed.
[1]: I'm sure there will be people who will deliberately leap in front of an autonomous vehicle in order to get lawsuits going, since this is uncharted territory, and could make some law firm extremely rich.
An autoformer is a device used often by RV-ers here in the US which turns lower voltage at an outlet into a usable one, around 120 VAC. The cost is higher amperage, since it is a voltage multiplier, but given the choice between using more amps versus burning out compressors and appliances due to low voltage, the former is a lot more palatable.
IIRC, didn''t they have some article about someone breaking into their company and stealing product samples? Please correct me if I'm wrong.
However, lets be real here. This voltage booster is just a mini autoformer, using a coil, a transistor, and a capacitor. This technology isn't new. MPPT controllers for solar units use this.
What is new is the form factor. However, to boost volts, there has to be a trade... and what is trades is amperage, so that a battery with a voltage drop now has to put out more current, which only accelerates the discharge process.
Of course, there is the downside... high amps being demanded, without some form of fusing or limiter can result in leakage, or even worse, fire, as a potential failure mode.
I vote no on this. Instead, my recommendation is just to spend the 30 bones and get an Apple Battery Charger or something similar, and some rechargeable batteries. This is a far safer option, and no part of the system is being driven past its engineered tolerances.
Thanks, I was still thinking crypto keys, thus the brain fart.
It definitely hits diminishing returns, but it is a way to gain capacity, although where it will hit a wall is when the losses due to ECC are more than the capacity gained.
There are always tricks to getting more bits stuffed in a cell. Each bit doubles the capacity, so (for example) if one bit causes more errors per cell, with ECC, it might be a net win.
I do agree, eventually moving to 3D NAND storage is going to be a must, but shrinking dies is another way to increase capacity at this point and time.
This is how Moore's law keeps up. Once one technology starts having diminishing returns, another can be used to keep things going.
Not just in third world countries. I used a $14 candybar Nokia when camping where my smartphone would remain in the car, or at home, and that the cell number used was only known to a few people.
I'd not hesitate to buy one. Since it is a dual-SIM model, it can always have its own line, and when I don't need to carry a smartphone with me, I can move my main phone's SIM into it just in case I needed to call out.
They also tend to know what they are doing, so this does give some passing credibility to this project.
I've seen a lot of things come and go, be it Tamarak's holographic storage, InPhase's holo storage, bubble memory, digital paper, optical tape drives, and so on. Since this has actual companies signing on, this appears to be more than just hype.
Time will tell though. Lots of innovations have been announced and discussed, and lots have wound up long forgotten.
The best managing (IMHO) of Windows ACLs with UNIX permissions I've seen would be the EMC Isilons. You can lop off all permissions except the bare UNIX ones (user, group, rwx), use Windows permissions for everything, and stuff in between.
Adding GPO friendliness to Linux would go a long way in getting more boxes on the desktop The biggest reason why Windows is the primary desktop OS is because it has a lot of management tools.
Now here is the ironic thing. MS doesn't lose if Linux gains. For example, they make money on almost all Android devices, and if MS moves to selling their programs Linux, they will be able to tell distribution makes exactly what they want, and the distro makers will do it, just because there would be a high demand for a Linux box to do AD, SQL Server, or other tasks.
tl;dr, both MS and Linux would win big. Especially if Windows had the ability to run Linux applications in Hyper-V wrapped Docker containers.
If you want a connector that can take a direct hit, it was hard to beat a type 1 token ring connector.
Of course, the connector I wish were still in use was the Apple 30 pin connector. The advantage it had over the current Lightning connector is structural support. Just the connector was good enough to hold a tablet vertical in a docking station without issue, and could stand a lot of insertions and removals.
I did the exact same thing in 2000 when I worked for a consulting company... except with an AIX machine which was password-locked (with the admin who skipped town and I was hired on to clean up the mess, especially the fact that he enabled every password he could find.) Thankfully these were the days before 5L and disk encryption (AIX's EFS), so I was able to do as the parent did -- unplug the HDD, boot the AIX media on CD, plug the HDD in, pull out the root PW, then go from there.
Another AIX issue with booting on an older machine (the 500 series boxes, if anyone remembers those) was solved by my using an old printer that had an onboard SCSI port (font cache drive) as a temporary rootvg.
As for other hacks, I can't decide between the seat cushion that was a momentary on switch, which was attached to the serial port of the box I used. That way, when I got up, I knew it would auto-xlock. This was when I worked at a university, and wanted to have a failsafe, since we all know how tempting unlocked terminals are.
That, or an el cheapo car alarm system with the siren ripped out, and the dome light circuit connected to a relay, where I could press a remote, the port went low or high, the machine it was connected to would immediately execute a new set of firewall rules when it detected this. The result was a firewall that would change ACLs when I hit the remote (for example, when I'm gone, no machine should be communicating out, but SSH from the outside should be enabled.)
Since FB is already into the authenticating business, they would be an ideal CA for personal S/MIME certificates as well as a CA for people's OpenPGP keys. Having a web of trust is still an important thing, but FB leveraging their identity business would be useful here.
Slashdot Mirror
The funny thing is that back in the 80s, every company that used computers thought of this. Back then, diskettes and other media was notoriously unreliable, so even the accounting firm had a grandfather/father/son backup rotation system in place, with tapes/disks going somewhere offsite.
Sensitive data had some form of PW protection. Because someone had to have physical access, usually basic physical access controls worked. Then the fact that very often, the "computer" in use was a terminal, which likely would lock permanently after 3 missed passwords, didn't hurt either.
Now, it seems all those cautions get tossed out the window. I see companies considering RAID as backup (especially those who use their SAN for backup/archiving purposes), and assume that no intruder can get onto their SAN's management network.
This worked adequately... but the Sony hack changed things with the data being destroyed. Now, there is a good chance that after the intruders copy off the data, they will just log onto the SAN and purge things. A simple dropping of LUNs, then rebuilding all drives as one RAID array will ensure all data is overwritten and unrecoverable.
I am a strong advocate of offline media like tapes, mainly because it addresses the parent poster's two points:
1: LTO-4 and newer can be set with an encryption key on the tape drive itself (via SPIN/SPOUT), so if a cartridge falls of the back of the Iron Maiden truck, it can be treated as just a loss of a $10 tape.... with data well protected.
2: Just by being offline, it requires "boots on the ground" to destroy the media. An attacker can't just do a "rm -rf /" and destroy the entire business.
Yes, businesses can get destroyed by data loss. Texas Textbooks, around 20 years ago, used to be the top dog for student textbooks and items in Austin. Their main computer croaked... and the company went down for good with it due to the loss of payroll, accounts payable/receivable/sales info, inventory, and other items.
Stuxnet showed that line of thinking can be wrong. Even though the Internet has made it easy for attackers to do a lot of damage for relatively little work (compared to getting boots on the ground), one still needs defense in depth. All it takes is a MicroSD card gotten in or out of a secure facility.
Devil's advocate here:
Securing a task is one thing, but if the endpoint hardware is compromised on any level, nothing you can do higher up on the chain matters. This is the same reason why DRM tends to fail on the PC unless it uses a very elaborate system of obfuscation.
Yes, task security is important, but what the task depends on is also critical.
Take sending secure E-mail for instance. The task requires the computer, the storage medium, RAM, the CPU, and anything on the bus that can read/interfere with the encryption/decryption to be "clean". However, once the encrypted data is on the wire, the only real protection needed is to keep a bad guy from blocking packets, since they can't tamper with the contents.
This is a different task from sending normal E-mail, but both require the same security (clean endpoint) to function.
I wouldn't call it the "answer" to the Internet... but in a country like Cuba which can skip generations of technology (i.e. no worry about having a POTS infrastructure), it can provide reasonable services.
I consider this more of a Redbox-like service, except instead of DVDs, one is copying movies to a SD card to be consumed, which could be easily made into a kiosk. If the kiosk supported formatting the SD card, it would be a reasonably malware-free way to do that.
I am surprised this isn't done more often. Not just movies, but things like operating system ISOs, cumulative patch updates, applications, larger games like MMOs, and other items, this might be a useful future.
I can see Redbox making some money from a similar thing. Select movies, plug in a USB, SD, or MicroSD device, have it copy them, and go from there. Since there are already thorough DRM systems in place, the movies would expire after a time, and can easily be renewed via the Web (passing keys and licensing info is a lot less than the actual MPEG data). Bonus points where one obtain ISO images of an OS and all the latest patches.
The funny thing is that Apple doesn't play that much (it does a little with iAds) in the ad game... but among the big tech companies, they are by far the most profitable.
If the ad wars get too hot and heavy, with every new desktop computer winding up like a Bonzi-Buddy Windows ME box, there may just be a mass exodus to Macs. People in the past paid big bucks for an entry level desktop computer, and if driven to, they might do the same now, leaving the only people on the ad platforms the people who don't have the cash to buy stuff.
Stuff like this is why I wind up using Windows Server editions for my desktop OSes. W2016 has no GUI available on install (you can easily add it as a feature, but having it default to Server Core means a lot less stuff running out of the box.) That, and the fact that Windows Server editions also have a very functional backup program included.
Of course the downside is the cost, ($700 for the OEM version), but since I repurpose desktops as servers when I upgrade, it isn't too bad.
The second best of all worlds is the voicemail system at one place I was at. The VMs were handled just like E-mail messages with phone-number@voicemail.blah.com for the address. This way, they could be filtered. As an attachment, the message was included as a MP3 file and played.
This way, people like I mentioned who believe in clobbering people's VMs in hopes of a sale get the kibosh put on them, while calls from real customers and contacts get through easily.
Best of all worlds is if the messages were transcribed and the .MP3 file included, of course.
I use YouMail for exactly this reason. Someone calls, leaves a voicemail, it gets transcribed, and I see a text transcript of what they wrote. If I don't want to hear from them, I block them on the phone, and have Youmail ditch them, so they can't even leave a voice message.
The problem is that doesn't work sometimes. In fact, one vendor actually told me that he will keep contacting people until they buy something or block him because "all publicity is good publicity" and it gets his name and company in people's minds. In fact, he considers it his duty to keep on people until they block him. He compared himself to the GE burglar alarm sellers that might get 10,000 hang-ups, but out of that, he gets 100 buyers paying his living.
Thank $DEITY for hidden/blocked caller ID bans, and YouMail's caller ID ditching, so certain numbers can't even leave voice mails.
They need to look at their network's topology as well. One compromised network segment shouldn't allow an attacker complete and unfettered access to everything else.
WAN-wise, they should look at building something like SIPRNet or NIPRNet so as little traffic as possible is on the Internet, even flying over a VPN. The ideal is physically separate cables and leased lines, coupled with some form of IPSec so that it would be very difficult for someone to set up a rogue machine and attack that network. Long term, it might be wise to even consider a different protocol than IP just because it would make hidden routers or bridges a lot more difficult.
There are other tools that come to mind. App-V and Citrix for example, which would allow people to access and use an application, but not physically copy the data or access the OS directly on the application servers. Not a 100% solution, but it is a way to keep things separated.
Reversing this concept, there might be offices that need to have no machines on the Internet, but workers can use App-V, RDP, or Citrix to access a terminal server so they can browse the web on a virtual desktop that cannot access the physical internal machines.
There are a lot of security tools that are usable. VDI comes to mind as an extension to virtualization. Virtualization goes without saying because it separates what programs run on from the hardware, so if a VM is compromised, there is still a hypervisor to punch through before hardware can be re-flashed and attacked.
The trick is defense in depth, be it at the desktop level (for machines that are terminals used by numerous people, a utility like DeepFreeze is useful), at the network topo level (so a compromise in Receiving doesn't trash Finance), at the network appliance level, the server level, and of course, the HUMINT factor with policies, and physical security.
Isn't this something similar to a switching apparatus that Russia was working on, except with switching done by jets of water, where two jets would cancel each other out, creating a zero? I remember reading about half-adders done this way, as well as far more complex hydrofluidic building blocks.
One advantage of this form of switching is that it is EMP-proof (barring a blast that actually causes physical damage), something that has been the Achilles heel of almost all technology made today.
Very true. However, it is a karma thing, because it makes life easier for the person who is cleaning up the mess.
It also makes life easier when the next potential employer calls the previous employer for reference checking, and even though technically there is only a limited things that can be asked for, there are ways to communicate about people's performance (or lack of without worrying about a lawsuit. Silence is one way, or the statement "works well when supervised" is another.)
Since there may be legal items with just archiving a PST file and leaving it for a successor, it may take some time, but creating an internal wiki on a secure computer may be the best thing, even if it just is copying documents from E-mail attachments and throwing them in the wiki's file structure.
That is wise in any case. A machine running Windows Server 2003 is likely over the decade mark in age, and is a relative power hog compared to a modern server which can run the same OS [1] in a VM.
For optimal security, the parent has it right, but I'd also P2V the instance of WS2003, and put it in a VM with archive snapshots and vShield in place. (vShield is useful because it can catch rootkits that might hide from the client OS, but can't hide from a hypervisor.) Plus, on a VM server, the WS2003 instance can be easily placed behind firewall appliances (PfSense), as well as IDS/IPS appliances (Nagios comes to mind.)
[1]: This is assuming no legacy drivers locking the machine to W2003. If this is the case, the machine should be treated as an insecure appliance and well firewalled, if not air-gapped.
A good example of this is what my dash cam has on video: The light changed, a subcompact stopped at an intersection. It got rear-ended by a larger vehicle, pushed in the intersection, and then got hit again.
Where I live, the subcompact's insurance is responsible for the wreck, even though the vehicle's owner/operator had nothing to do with the collision.
So, even with self-driving cars and a 100% [1] wreck avoiding rate, insurance will still be needed.
[1]: I'm sure there will be people who will deliberately leap in front of an autonomous vehicle in order to get lawsuits going, since this is uncharted territory, and could make some law firm extremely rich.
An autoformer is a device used often by RV-ers here in the US which turns lower voltage at an outlet into a usable one, around 120 VAC. The cost is higher amperage, since it is a voltage multiplier, but given the choice between using more amps versus burning out compressors and appliances due to low voltage, the former is a lot more palatable.
IIRC, didn''t they have some article about someone breaking into their company and stealing product samples? Please correct me if I'm wrong.
However, lets be real here. This voltage booster is just a mini autoformer, using a coil, a transistor, and a capacitor. This technology isn't new. MPPT controllers for solar units use this.
What is new is the form factor. However, to boost volts, there has to be a trade... and what is trades is amperage, so that a battery with a voltage drop now has to put out more current, which only accelerates the discharge process.
Of course, there is the downside... high amps being demanded, without some form of fusing or limiter can result in leakage, or even worse, fire, as a potential failure mode.
I vote no on this. Instead, my recommendation is just to spend the 30 bones and get an Apple Battery Charger or something similar, and some rechargeable batteries. This is a far safer option, and no part of the system is being driven past its engineered tolerances.
Thanks, I was still thinking crypto keys, thus the brain fart.
It definitely hits diminishing returns, but it is a way to gain capacity, although where it will hit a wall is when the losses due to ECC are more than the capacity gained.
There are always tricks to getting more bits stuffed in a cell. Each bit doubles the capacity, so (for example) if one bit causes more errors per cell, with ECC, it might be a net win.
I do agree, eventually moving to 3D NAND storage is going to be a must, but shrinking dies is another way to increase capacity at this point and time.
This is how Moore's law keeps up. Once one technology starts having diminishing returns, another can be used to keep things going.
Not just in third world countries. I used a $14 candybar Nokia when camping where my smartphone would remain in the car, or at home, and that the cell number used was only known to a few people.
I'd not hesitate to buy one. Since it is a dual-SIM model, it can always have its own line, and when I don't need to carry a smartphone with me, I can move my main phone's SIM into it just in case I needed to call out.
They also tend to know what they are doing, so this does give some passing credibility to this project.
I've seen a lot of things come and go, be it Tamarak's holographic storage, InPhase's holo storage, bubble memory, digital paper, optical tape drives, and so on. Since this has actual companies signing on, this appears to be more than just hype.
Time will tell though. Lots of innovations have been announced and discussed, and lots have wound up long forgotten.
The best managing (IMHO) of Windows ACLs with UNIX permissions I've seen would be the EMC Isilons. You can lop off all permissions except the bare UNIX ones (user, group, rwx), use Windows permissions for everything, and stuff in between.
Adding GPO friendliness to Linux would go a long way in getting more boxes on the desktop The biggest reason why Windows is the primary desktop OS is because it has a lot of management tools.
Now here is the ironic thing. MS doesn't lose if Linux gains. For example, they make money on almost all Android devices, and if MS moves to selling their programs Linux, they will be able to tell distribution makes exactly what they want, and the distro makers will do it, just because there would be a high demand for a Linux box to do AD, SQL Server, or other tasks.
tl;dr, both MS and Linux would win big. Especially if Windows had the ability to run Linux applications in Hyper-V wrapped Docker containers.
If you want a connector that can take a direct hit, it was hard to beat a type 1 token ring connector.
Of course, the connector I wish were still in use was the Apple 30 pin connector. The advantage it had over the current Lightning connector is structural support. Just the connector was good enough to hold a tablet vertical in a docking station without issue, and could stand a lot of insertions and removals.
I did the exact same thing in 2000 when I worked for a consulting company... except with an AIX machine which was password-locked (with the admin who skipped town and I was hired on to clean up the mess, especially the fact that he enabled every password he could find.) Thankfully these were the days before 5L and disk encryption (AIX's EFS), so I was able to do as the parent did -- unplug the HDD, boot the AIX media on CD, plug the HDD in, pull out the root PW, then go from there.
Another AIX issue with booting on an older machine (the 500 series boxes, if anyone remembers those) was solved by my using an old printer that had an onboard SCSI port (font cache drive) as a temporary rootvg.
As for other hacks, I can't decide between the seat cushion that was a momentary on switch, which was attached to the serial port of the box I used. That way, when I got up, I knew it would auto-xlock. This was when I worked at a university, and wanted to have a failsafe, since we all know how tempting unlocked terminals are.
That, or an el cheapo car alarm system with the siren ripped out, and the dome light circuit connected to a relay, where I could press a remote, the port went low or high, the machine it was connected to would immediately execute a new set of firewall rules when it detected this. The result was a firewall that would change ACLs when I hit the remote (for example, when I'm gone, no machine should be communicating out, but SSH from the outside should be enabled.)
Since FB is already into the authenticating business, they would be an ideal CA for personal S/MIME certificates as well as a CA for people's OpenPGP keys. Having a web of trust is still an important thing, but FB leveraging their identity business would be useful here.