I wonder about airships. If we can build some that can handle the cargo of a larger plane, it takes far less fuel to keep those going than it does an average plane (mainly because an airship won't crash if the engines stop.) I can see those being quite effecient at moving cargo. Since they only go 20-60 mph (32-100 km/hr), they won't be replacing high speed rail... but airships require relatively little energy to operate compared to a plane which needs airspeed to maintain lift.
You know what you are doing. Ransomware makers don't prey on the Slashdot crowd. In general, people here are well inoculated from malware, just because we tend not to run files from the Web, our Web browsers are well sandboxed (or run in a VM), and if someone calls up and demands we run software to "fix our Windows box", the response will make the caller's brain ooze out their ears.
However, most people on the Net don't. They go to a pr0n site, and get presented with "you must download this application in order to get past this point"... download it, and get infected. Or, their browser isn't patched and some add-on gets compromised. Or, a phishing E-mail says they have a UPS package, and they need to just open the "foo.pdf.exe" file to see more details. The ones that get nailed by those are the ones that the ransomware guys know are going to pay up.
It isn't that simple. Some ransomware variants will find the backup device (external hard drive, NAS share, etc.) and zero those out. In fact, if the hard disk is encrypted, malware can just zero out the locations where the volume encryption key is stored, then dismount the drive.
Other variants will encrypt files, but will transparently allow access them until a point and time where it zeroes out the decryption key and puts up the ransom dialog. This makes backup utilities like Mozy and Carbonite ineffective since they may not have a usable copy.
For effective backups, one needs a backup server that pulls backups from clients, so malware cannot tamper with already stored files on the server side. However, outside of larger enterprises that use NetBackup on desktops, this isn't something that is often done. On a small scale, one can use Windows Server 2012 R2 Essentials, Retrospect, or a file share from all clients which is mounted by the backup server to copy documents off.
One also needs to keep good backups since the scrambled files might be around for a long time without someone knowing that they were tampered with. This requires multiple backup rotations and data lifetimes (again something only really found in enterprise-grade backup programs.)
I have personally found that if you mount normal panels (as opposed to the flexible panels that you tape/glue in place directly on the surface), you create some clearance under the panels that air circulates under, insulating the roof from the sun.
To me, solar is a "why not" item. Not just for saving on electric bills, but providing electricity in areas where it isn't worth the hassle to run code-compliant wiring to, especially if all one is needed is basic lighting or a place to charge cordless drill batteries. For RV-ing, solar goes without saying, because it keeps house batteries topped off and helps minimize engine or generator use. Even for a plain old house, one can use a set of panels, storage battery, and inverter as a UPS so one can move all the parasitic draw devices (set top boxes, consoles, USB chargers) to that circuit, where they get clean power... and are not on the electric bill.
I think the key to that $13k outlay is the life of the batteries. If it is like conventional lithium-whatever technology, the batteries will have to be replaced in 4-5 years, making that $13k a $26k expenditure every decade.
However, if the battery life is like NiFe with an automatic watering system, the batteries could run indefinitely, and 100 years from now, the battery bank would still be useful and relevant.
I'm in agreement with the parent. If cars were like reactors, a lot of the press would be pointing to an old Packard or Studebaker and saying how unsafe it is over 55 mph, so all cars should be banned.
I have looked at off grid in Texas, and unless a house is buried deep within the earth, or can take advantage of some natural feature (a nearby water turbine on a stream), keeping the place cooled in the summer is virtually impossible without mains power.
For everything else, a house can run from propane for heating, the gas dryer, water heater, and even the refrigerator. Electric for the smaller appliances can easily be handled by a set of panels, battery bank, inverter, and charge controller. However, HVAC needs will tie a residence to the grid.
I wonder if someone can scale the mechanism up for an RV fridge and make a propane based water chiller. This way, power needs would be a lot less (mainly to move air through a heat exchanger), as the propane would be the energy source for the refrigerator. Bonus points in using the Einstein cycle where that uses ammonia, butane, and water.
If HVAC needs can be moved from the grid, that will help immensely, especially in warmer states.
There are always flywheels. If those are good enough for IBM UPS systems in the days of mainframes, they are good enough for local electricity storage. I don't know how they compare for energy density compared to batteries, but they are a lot less toxic to the environment than all but NiFe batteries, catastrophic failure of a flywheel is a solved problem, and "recharging" a flywheel is all mechanical, so it is relatively quick. Plus, there is no memory effect, or damage done if a flywheel is drawn to a 0% SoC... it just stops.
I feel the same way. Hydrogen takes a lot of effort to store compared to a compound like diesel or even gasoline which can be stored in a (mostly) unpressurized tank.
TFA has me wondering a number of points:
1: What is the energy density of this fuel compared to diesel or gasoline. Is it as dense as diesel, or is it about half to 3/4 as much, like ethanol?
2: How easy is it to have a fuel cell use it, as opposed to direct combustion?
3: How toxic is it? Ethanol is arguably the least toxic, but one atom away is methanol which will cause blindness.
4: How flammable is it? Diesel is flammable, but gasoline not just has liquid, but gasoline vapors give a risk of explosion.
5: Is the process to make it encumbered in patents, or will there be some help to provide the initial impetus to make a working infrastructure to get vehicles to take this fuel?
6: Is it bad for the environment if spilled? Propane if spilled will eventually disperse in the air (or go boom). Gasoline and diesel spills make Superfund sites.
7: What catalysts are needed?
8: How much retrofitting does an existing engine take? Here in the US, newer diesel engines only go up to B5 because any more biodiesel hoses the DPF.
Of course, assuming the best, this fuel would be useful assuming an energy density of existing diesel, but there are just a lot of questions to be asked first.
I wouldn't say it will be cracked in a week. The latest gen consoles don't even have a single crack or mod in place, much less an actual break, and with hardware DRM, it will be the same thing.
However, what will kill it is that DVDs, streaming, and Blu-Ray is "good enough". If people realize that their UHD content only can play on PlayReady hardware using only PlayReady monitors, cables, and other items... they will give it the same treatment as they did DIVX players and just not bother to buy it.
In fact, it might even slow down PC sales (which are stagnant already) if some misguided, false rumor gets around that the latest DRM spies on you or lets malware on your system. There was a lot of FUD about Secure UEFI booting... just wait until people encounter hardware DRM and cannot play their new 4k content.
Then there is bandwidth. 4K content is great... but bandwidth in a lot of places just can't handle it, so people will not be streaming it for the most part.
The big issue with going to offsite data centers is that WAN links are expensive. Try moving a terabyte of data on a cellular connection, and the bill may be in the tens of thousands of dollars. Even on normal lines, it can be more expensive in the long run to pay the metered bandwidth as opposed to putting a disk array or a tape silo in house.
This also affects recovery. Something happens and a bare metal restore is needed. One -might- be able to ask a cloud provider to mail a bunch of tapes, but it might take a long while to fetch all the data over the wire for a restore, and the tapes would be expensive, while pulling data from a local backup appliance would cost almost nothing.
This isn't to say that cloud storage is a bad thing. However, it needs to be treated as a type of data storage media, just like disks, SSDs, tapes, optical, punch cards, and hard copies, with the advantages/disadvantages thought out.
As for cloud computing, that is a harder model, because some tasks might be easily pushed offsite without worry about security (mirrors of application code), but others may be best kept in-house.
Elaborating on the concept, the good thing is that businesses have a lot of security tools that are not too expensive:
IDS/IPS.
AD's innate protection and logging.
Management and Alerting software like SolarWinds, SCOM/SCVMM/SCCM, or Splunk/Puppet/Chef/Webmin.
Encapsulating network segments by offering access to data without the ability to fetch the raw items, which can be done with App-V, Remote Desktop, or Citrix.
Disk encryption is in virtually every OS.
Basic routing/firewalling/segmenting either via dedicated appliances or a general purpose PC with a routing OS.
Virtualization/containers to separate applications from each other as well as completely revert the damage done to malware by snapshots.
Backup servers. Even a SMB can buy an edition of Windows Server 2012R2, enable the Essentials package, and back up a number of clients via a pull mechanism which prevents malware on the target clients from being able to tamper with or modify stored data on the server. For larger installs, MS's SCDPM is one alternative, NetBackup, TSM, and other enterprise tier utilities are another.
Now the bad news:
The tools we have are decent. However, it takes not just putting them together to make a cohesive security structure, but also putting policies, procedures, and dealing with the human element. Piss the employees off, and no amount of glued USB ports and Draconian policies will keep them from slurping data offsite out of spite. This is where the expenses come in. It takes people who know what the heck they are doing and know each tools uses and what they can't do (for example, not think that BitLocker to protect against threats over the network.)
A whitehat's job is hard. It requires a broad spectrum of knowledge of products, as well as being able to configure things in a failsafe manner [1] so if one item with security fails, all isn't lost.
Another problem is that there has been such a disincentive for so long for people interested in computer security. I have been told by managers at different companies, "Security has no ROI and if we do get hacked, Tata/Infosys/Geek Squad can fix the problem with a phone call." Because security has been hind teat in the IT world for so long, finding experienced people is hard, and can be expensive.
Maybe this will change, and if companies want security people, more people will start going that route, creating a positive feedback loop. However, I fear this is going to take a major event that causes loss of life before this ever will happen [2].
It may not have to be that expensive a fix... if Sony had an alerting system to notify their SOC that someone was brute-forcing AD, the attack against them likely would have been far less widespread.
[1]: For example, an anonymous FTP site would have the/pub directory NFS mounted read-only with permissions squashing root, but allowing everyone to read that directory. That way, if the FTP server gets compromised, the data offered for public FTP can't be tampered with. Of course, the intruder can dismount/pub and put their own Trojaned downloads in its place, but security is about mitigation about attacks as well as prevention, and cleaning up a hacked FTP server can just be as easy as rolling back to an earlier VMWare snapshot.
[2]: Before the term "cyber 9/11" was coined, it was termed the "Warhol event".
A Mac is basically a UEFI x86 box. It will happily allow a recent Windows version to be installed on it, with or without BootCamp. In fact, in some scenarios, if one compares hardware features to hardware features, Apple's offerings are actually cheaper than the PCs with the exact same specs.
Of course, Apple isn't really gunning for the enterprise, so some company ordering 10,000 iMacs with a specific company-custom Windows image isn't likely, but their hardware is definitely usable.
Apple isn't going anywhere. At worst, their smartwatch has mediocre sales like iPods do now, where the line is kept and maintained, but not actively updated like iPhones are.
I would say that the PC company that will be left standing is Apple in the consumer sector.
However, what isn't mentioned is enterprise sales. Businesses buy just as many PCs as individuals. In this market, I'd say it will be a tossup between Dell, Lenovo, and HP.
Dell isn't under the lash of the quarterly shareholders, so they can do what they well please. Charge off a quarter just for R&D? Dell can do that and not face shareholder lawsuits from the HFT guys.
Lenovo is China. They also can do what they well please because of the government/company interaction involved. They are not going anywhere because Chinese businesses need desktops, laptops, servers, and other items.
HP... who knows. They have a solid ground in the enterprise, but are shackled by being publically traded. However, their products are decent.
As for PC vendors, they just need to start realizing that the desktop is now a role that can be done by a tower, mini tower, laptop, tablet, or even a cellphone (as in the case of the Motorola Atrix). They also need to start adding functionality into their machines. A few examples:
1: There is a reason why NAS drives are hitting the market. Apple's MacBook and fast wireless connections are creating a market for NAS drives as well as larger servers for home use. Plus, backups don't hurt either, and file servers will only get more buyers as ransomware and other malicious software gets more common. There is a market here. For wired machines, sell iSCSI, 10gigE, and the ability to boot from the NAS (well, used as a SAN in this case.) One drive array then handles all the home files, and is easily backed up and managed.
2: Virtualization. Windows 10 is going whole hog with Docker containers, both "plain" and in Hyper-V VMs. It might be wise for EMC/VMWare to get with hardware makers and put ESXi into BIOS of computers before MS overruns the market with Hyper-V, or both players have to deal with OpenStack/Xen/KVM.
3: SAN functionality like snapshots, copying backups on the array level, deduplication, and other tools would be useful on PCs. Malware can't touch previous backups if done on the snapshot level.
4: Time to bite the bullet and move to SSD wholesale, at least for the OS. HDD bays are still useful, but the machine should at least boot, if not run its apps and data from SSD.
5: Consumer level backup media. Malware isn't going away anytime soon, and there is nothing out there that actually gives resistance from malware overwriting backup media, except for CD/DVD/BD-R drives. What would be ideal would be some form of inexpensive tape drive with the media able to be write-protected, maybe even WORM media available, so if some CryptoWall or CryptoLocker variant does its nasty work, stuff is still recoverable.
PC companies just need to open their eyes, perhaps move some enterprise features down the chain, and they will still have not just a market, but the ability to expand and get people to buy new stuff.
If that is the case, then using tiny VMs might just be a useful tool, as it might come in handy for honeypot research, or just for browsing the Web securely. Since a common (if not the most common) cause of compromise is the Web browser, might as well not just have logical separation (sandbox, VMs), but physical separation, so damage is limited. With multiple devices, it becomes a matter of hacking via remote if malware on one device obtained by general web browsing wanted to attack the compute stick holding the browser instance with the banking data.
I do agree that it does add a non-trivial amount of load, but the purpose of it being there is for isolation (keep the malware away from the bare metal like the actual HDD firmware) and snapshot capabilities -- if the VM gets completely compromised, the entire thing can be rolled back fairly quickly. With 2GB of RAM [1], it can support some low-end OS partitions.
[1]: I've seen some low-end netbooks ship with Windows 8.1 and 2GB RAM, so even though it is a painfully low amount of RAM, I'm guessing someone can use a machine with that small amount of memory.
Its hardware specs are modest, but the Compute Stick does have one item that might be useful -- slap VMWare or a hypervisor on it, and use it for a Web browsing VM, using App-V so that the browser appears seamless.
The advantage of doing things this way a hardware level of isolation. Should the browser (or add-ons) get compromised, the malware has to get out of the VM, and even then... the compromise is limited to a rather small amount of hardware so if there is some attack that is able to fry the CPU or motherboard, replacing this is a lot less pain than a blade or 1U server.
Of course, it can't run much, but for just running a Web browser in an isolated environment with a 32 GB drive, it is good enough.
I know I will fall into the Slashdot cliche of "a Beowulf cluster"... but these could be useful for physical separation and containerization of tasks. Small applications like NTP which are security sensitive so end up on a dedicated box, a small RODC for a branch office, a syslog drop box (especially with the ability to use a USB drive for storage), VDI, and other things which physical separation (as opposed to containers or VMs) would be a good thing.
It is understandable to be worried... but similar functionality has been in Windows for a while.
Secure Device is basically AppLocker, except on a driver level. AppLocker is a function that can be turned on since Windows 7 that can allow applications by signature or by their hash.
For the enterprise, this is a useful tool. One use case would be on servers, as a way to prevent an attacker from trying to install a driver for keylogging or to hook into disk I/O in efforts to try to grab a key or a password. Another use case would be in groups of locked down desktops (finance and point of sale systems come to mind.)
What Device Guards adds is that the business can choose which companies to trust. That way, if someone wants to install a product not on the list, even though the code may be signed, the install would be stopped.
All and all, this is a useful feature to have, especially on machines which should be locked down thoroughly (edge webservers, for example.)
The drawbacks are significant. In fact, this has been done before in the early 1990s with Macintosh LocalTalk-based NICs which one would aim every NIC in a room (assuming the usual cubicle based office) to a spot on the ceiling, adjust aim until all the devices sported a green LED, then they all could communicate with each other. It wasn't fast (LocalTalk did most of its stuff via broadcasts), but it was a way to network a bunch of machines in a dynamic environment without hardwiring and before the days of Wi-Fi.
After seeing this device reviewed in MacWorld, I've not seen hide nor hair or this being used since, so it apparently flopped, or just was overtaken by 10baseT.
I wonder why this technology can't get folded into basic IR output. Until 2012, MacBooks have had this built in... perhaps this might be something useful to put in a spec as a NIC option?
Of course, the downside are the security issues, but IR has been around quite a long time, and might just need a protocol update for this.
I'm not sure why this is news. Sticking any device on the PCIe bus is going to allow for a lot more speed than using the SATA bus, and because SSDs are not limited by any mechanical mechanism, many layers of RAID 0 striping can be used to keep increasing performance.
Where I see this a big help personally is virtualization [1]. Even a SSD that is stuffed into an enclosure and is run over USB 3, because VMs do a lot of random I/O, performance is distinctively better than HDDs.
[1]: With all the Web based compromises lying in wait, it is wise to run VMs and separate tasks. Plus, with App-V, Unity, and other methods, it doesn't take much from usability.
I've personally played around with the Moonshot and being able to squeeze 45 blades in a 5U rack (the specs say 4.3U...) is a nice thing. Each blade has two DIMM spaces and a SSD, which is good enough to load a hypervisor, then use the onboard bus for going to a storage array.
I wouldn't say that each blade is as powerful as a blade in HP's conventional 16 blade enclosure (which takes 10 rack units), nor as powerful as a 1U standalone server... but you can choose what goes in, from a low end Xeon on the m710 to an AMD offering, to an Intel Atom, to ARM based procs.
High density enclosures like the HP Moonshot are quite useful. VM farms come to mind as well as privilege separation for security sensitive tasks. VDI also comes to mind (so the extremely sensitive stuff can be used and manipulated by RDP or Citrix Receiver as seamless applications, but a compromise of a user's desktop doesn't allow the entire database to be taken.) It also makes a decent testbed when doing production to test copies and staging OS/program updates for soak testing before they updates are pushed into the field. I wouldn't say high density server platforms will replace everything else (due to physical limitations, the blades are not going to outperform standard 2 Xeon machines), but they are a useful thing to have and help save space in the server room.
To me, there needs to be a paper trail. Like the lottery issue a few days ago, if someone tampers with the RNG and does it in a manner that their modifications can be backed out, there is no way to tell it was done.
This doesn't have to be in a way that causes hanging chads. It just has to be a way of logging people's votes to a physical medium that is both machine readable and human readable.
This way, when someone votes, they get a paper ballot printed out that they can doublecheck. Then it shouldn't be an issue to tally up the votes via the printed cards. Hell, universities do this all the time with Scantrons for tests and finals, in far greater volume per location than voting precincts do.
Add Chaum's verifiable voting, and one has an open, secure system.
The concept of a workstation has been pretty much marginalized due to things being "good enough". I might see one that is mainly to interact with a dedicated appliance (CNC mill), or perhaps a few workstations when working with definite tasks, but they tend to be bit players compared to desktops or laptops.
The desktop is becoming a role, as opposed to a device. For example, the Surface Pro when plugged into a dock functions as a desktop role. Same with most laptops.
As for laptops, they are nowhere near as expandable as a desktop... but they will do. A laptop with a decent SSD, 8-16 GB of RAM, and four cores can do OK at virtualization for small tasks.
I have worked with people who could stick any object in any connector... they just had to get a big enough of a hammer. The most common I've encountered are VGA plugs into serial ports (which bend the pins in all directions.)
I am guessing that the people who designed this connector's configuration assumes it is not going to be user accessible for the post part, so they didn't really worry about it being 100% foolproof.
Does the tool need to be run on MS just once (like a firmware flash), or is it a driver in the OS? If the former, I can probably slap Windows on briefly just to run the fix. If it has to be loaded and run... heck with that. Intel may not be perfect, but they are a good baseline of what SSD should be measured by.
One thing about work passwords (and in general, I'm assuming this is an AD or LDAP user account), any sane setup should lock the account after a certain number of guesses [1], so 15-20+ character passwords are not as needed, assuming the account isn't an admin account or a service account which never will have its password changed. (For service accounts, I like using a randomly generated 128 character Unicode passphrases because those accounts are set to not get locked due to brute force attempts, so they have to have actual brute-force resistance.)
With this in mind, a "work" password with the Microsoft defaults (as shipped with Windows server releases) is reasonably secure.
For finances, I use not just a completely different password, but an E-mail address on a private domain that doesn't get used anywhere else. I also try to enable 2FA if possible.
For other passwords, I just use a mechanism that asks for a master passphrase, then uses a MD5 hash of the site + the passphrase to derive the password for that website. This way, there isn't much to store, and they are easily regenerated.
[1]: Of course, unlock it after a period of time has passed. I've seen some companies have a "keep accounts locked until manually unlocked" policy... only to discover that it takes more time in manning a phone bank 24/7 to have someone unlock accounts as opposed to just locking an account for a few minutes (which is good enough to help mitigate a brute force password guess attack, especially if logs that alert someone are used.)
Slashdot Mirror
I wonder about airships. If we can build some that can handle the cargo of a larger plane, it takes far less fuel to keep those going than it does an average plane (mainly because an airship won't crash if the engines stop.) I can see those being quite effecient at moving cargo. Since they only go 20-60 mph (32-100 km/hr), they won't be replacing high speed rail... but airships require relatively little energy to operate compared to a plane which needs airspeed to maintain lift.
You know what you are doing. Ransomware makers don't prey on the Slashdot crowd. In general, people here are well inoculated from malware, just because we tend not to run files from the Web, our Web browsers are well sandboxed (or run in a VM), and if someone calls up and demands we run software to "fix our Windows box", the response will make the caller's brain ooze out their ears.
However, most people on the Net don't. They go to a pr0n site, and get presented with "you must download this application in order to get past this point"... download it, and get infected. Or, their browser isn't patched and some add-on gets compromised. Or, a phishing E-mail says they have a UPS package, and they need to just open the "foo.pdf .exe" file to see more details. The ones that get nailed by those are the ones that the ransomware guys know are going to pay up.
It isn't that simple. Some ransomware variants will find the backup device (external hard drive, NAS share, etc.) and zero those out. In fact, if the hard disk is encrypted, malware can just zero out the locations where the volume encryption key is stored, then dismount the drive.
Other variants will encrypt files, but will transparently allow access them until a point and time where it zeroes out the decryption key and puts up the ransom dialog. This makes backup utilities like Mozy and Carbonite ineffective since they may not have a usable copy.
For effective backups, one needs a backup server that pulls backups from clients, so malware cannot tamper with already stored files on the server side. However, outside of larger enterprises that use NetBackup on desktops, this isn't something that is often done. On a small scale, one can use Windows Server 2012 R2 Essentials, Retrospect, or a file share from all clients which is mounted by the backup server to copy documents off.
One also needs to keep good backups since the scrambled files might be around for a long time without someone knowing that they were tampered with. This requires multiple backup rotations and data lifetimes (again something only really found in enterprise-grade backup programs.)
I have personally found that if you mount normal panels (as opposed to the flexible panels that you tape/glue in place directly on the surface), you create some clearance under the panels that air circulates under, insulating the roof from the sun.
To me, solar is a "why not" item. Not just for saving on electric bills, but providing electricity in areas where it isn't worth the hassle to run code-compliant wiring to, especially if all one is needed is basic lighting or a place to charge cordless drill batteries. For RV-ing, solar goes without saying, because it keeps house batteries topped off and helps minimize engine or generator use. Even for a plain old house, one can use a set of panels, storage battery, and inverter as a UPS so one can move all the parasitic draw devices (set top boxes, consoles, USB chargers) to that circuit, where they get clean power... and are not on the electric bill.
I think the key to that $13k outlay is the life of the batteries. If it is like conventional lithium-whatever technology, the batteries will have to be replaced in 4-5 years, making that $13k a $26k expenditure every decade.
However, if the battery life is like NiFe with an automatic watering system, the batteries could run indefinitely, and 100 years from now, the battery bank would still be useful and relevant.
I'm in agreement with the parent. If cars were like reactors, a lot of the press would be pointing to an old Packard or Studebaker and saying how unsafe it is over 55 mph, so all cars should be banned.
I have looked at off grid in Texas, and unless a house is buried deep within the earth, or can take advantage of some natural feature (a nearby water turbine on a stream), keeping the place cooled in the summer is virtually impossible without mains power.
For everything else, a house can run from propane for heating, the gas dryer, water heater, and even the refrigerator. Electric for the smaller appliances can easily be handled by a set of panels, battery bank, inverter, and charge controller. However, HVAC needs will tie a residence to the grid.
I wonder if someone can scale the mechanism up for an RV fridge and make a propane based water chiller. This way, power needs would be a lot less (mainly to move air through a heat exchanger), as the propane would be the energy source for the refrigerator. Bonus points in using the Einstein cycle where that uses ammonia, butane, and water.
If HVAC needs can be moved from the grid, that will help immensely, especially in warmer states.
There are always flywheels. If those are good enough for IBM UPS systems in the days of mainframes, they are good enough for local electricity storage. I don't know how they compare for energy density compared to batteries, but they are a lot less toxic to the environment than all but NiFe batteries, catastrophic failure of a flywheel is a solved problem, and "recharging" a flywheel is all mechanical, so it is relatively quick. Plus, there is no memory effect, or damage done if a flywheel is drawn to a 0% SoC... it just stops.
I feel the same way. Hydrogen takes a lot of effort to store compared to a compound like diesel or even gasoline which can be stored in a (mostly) unpressurized tank.
TFA has me wondering a number of points:
1: What is the energy density of this fuel compared to diesel or gasoline. Is it as dense as diesel, or is it about half to 3/4 as much, like ethanol?
2: How easy is it to have a fuel cell use it, as opposed to direct combustion?
3: How toxic is it? Ethanol is arguably the least toxic, but one atom away is methanol which will cause blindness.
4: How flammable is it? Diesel is flammable, but gasoline not just has liquid, but gasoline vapors give a risk of explosion.
5: Is the process to make it encumbered in patents, or will there be some help to provide the initial impetus to make a working infrastructure to get vehicles to take this fuel?
6: Is it bad for the environment if spilled? Propane if spilled will eventually disperse in the air (or go boom). Gasoline and diesel spills make Superfund sites.
7: What catalysts are needed?
8: How much retrofitting does an existing engine take? Here in the US, newer diesel engines only go up to B5 because any more biodiesel hoses the DPF.
Of course, assuming the best, this fuel would be useful assuming an energy density of existing diesel, but there are just a lot of questions to be asked first.
I wouldn't say it will be cracked in a week. The latest gen consoles don't even have a single crack or mod in place, much less an actual break, and with hardware DRM, it will be the same thing.
However, what will kill it is that DVDs, streaming, and Blu-Ray is "good enough". If people realize that their UHD content only can play on PlayReady hardware using only PlayReady monitors, cables, and other items... they will give it the same treatment as they did DIVX players and just not bother to buy it.
In fact, it might even slow down PC sales (which are stagnant already) if some misguided, false rumor gets around that the latest DRM spies on you or lets malware on your system. There was a lot of FUD about Secure UEFI booting... just wait until people encounter hardware DRM and cannot play their new 4k content.
Then there is bandwidth. 4K content is great... but bandwidth in a lot of places just can't handle it, so people will not be streaming it for the most part.
The big issue with going to offsite data centers is that WAN links are expensive. Try moving a terabyte of data on a cellular connection, and the bill may be in the tens of thousands of dollars. Even on normal lines, it can be more expensive in the long run to pay the metered bandwidth as opposed to putting a disk array or a tape silo in house.
This also affects recovery. Something happens and a bare metal restore is needed. One -might- be able to ask a cloud provider to mail a bunch of tapes, but it might take a long while to fetch all the data over the wire for a restore, and the tapes would be expensive, while pulling data from a local backup appliance would cost almost nothing.
This isn't to say that cloud storage is a bad thing. However, it needs to be treated as a type of data storage media, just like disks, SSDs, tapes, optical, punch cards, and hard copies, with the advantages/disadvantages thought out.
As for cloud computing, that is a harder model, because some tasks might be easily pushed offsite without worry about security (mirrors of application code), but others may be best kept in-house.
Elaborating on the concept, the good thing is that businesses have a lot of security tools that are not too expensive:
IDS/IPS.
AD's innate protection and logging.
Management and Alerting software like SolarWinds, SCOM/SCVMM/SCCM, or Splunk/Puppet/Chef/Webmin.
Encapsulating network segments by offering access to data without the ability to fetch the raw items, which can be done with App-V, Remote Desktop, or Citrix.
Disk encryption is in virtually every OS.
Basic routing/firewalling/segmenting either via dedicated appliances or a general purpose PC with a routing OS.
Virtualization/containers to separate applications from each other as well as completely revert the damage done to malware by snapshots.
Backup servers. Even a SMB can buy an edition of Windows Server 2012R2, enable the Essentials package, and back up a number of clients via a pull mechanism which prevents malware on the target clients from being able to tamper with or modify stored data on the server. For larger installs, MS's SCDPM is one alternative, NetBackup, TSM, and other enterprise tier utilities are another.
Now the bad news:
The tools we have are decent. However, it takes not just putting them together to make a cohesive security structure, but also putting policies, procedures, and dealing with the human element. Piss the employees off, and no amount of glued USB ports and Draconian policies will keep them from slurping data offsite out of spite. This is where the expenses come in. It takes people who know what the heck they are doing and know each tools uses and what they can't do (for example, not think that BitLocker to protect against threats over the network.)
A whitehat's job is hard. It requires a broad spectrum of knowledge of products, as well as being able to configure things in a failsafe manner [1] so if one item with security fails, all isn't lost.
Another problem is that there has been such a disincentive for so long for people interested in computer security. I have been told by managers at different companies, "Security has no ROI and if we do get hacked, Tata/Infosys/Geek Squad can fix the problem with a phone call." Because security has been hind teat in the IT world for so long, finding experienced people is hard, and can be expensive.
Maybe this will change, and if companies want security people, more people will start going that route, creating a positive feedback loop. However, I fear this is going to take a major event that causes loss of life before this ever will happen [2].
It may not have to be that expensive a fix... if Sony had an alerting system to notify their SOC that someone was brute-forcing AD, the attack against them likely would have been far less widespread.
[1]: For example, an anonymous FTP site would have the /pub directory NFS mounted read-only with permissions squashing root, but allowing everyone to read that directory. That way, if the FTP server gets compromised, the data offered for public FTP can't be tampered with. Of course, the intruder can dismount /pub and put their own Trojaned downloads in its place, but security is about mitigation about attacks as well as prevention, and cleaning up a hacked FTP server can just be as easy as rolling back to an earlier VMWare snapshot.
[2]: Before the term "cyber 9/11" was coined, it was termed the "Warhol event".
A Mac is basically a UEFI x86 box. It will happily allow a recent Windows version to be installed on it, with or without BootCamp. In fact, in some scenarios, if one compares hardware features to hardware features, Apple's offerings are actually cheaper than the PCs with the exact same specs.
Of course, Apple isn't really gunning for the enterprise, so some company ordering 10,000 iMacs with a specific company-custom Windows image isn't likely, but their hardware is definitely usable.
Apple isn't going anywhere. At worst, their smartwatch has mediocre sales like iPods do now, where the line is kept and maintained, but not actively updated like iPhones are.
I would say that the PC company that will be left standing is Apple in the consumer sector.
However, what isn't mentioned is enterprise sales. Businesses buy just as many PCs as individuals. In this market, I'd say it will be a tossup between Dell, Lenovo, and HP.
Dell isn't under the lash of the quarterly shareholders, so they can do what they well please. Charge off a quarter just for R&D? Dell can do that and not face shareholder lawsuits from the HFT guys.
Lenovo is China. They also can do what they well please because of the government/company interaction involved. They are not going anywhere because Chinese businesses need desktops, laptops, servers, and other items.
HP... who knows. They have a solid ground in the enterprise, but are shackled by being publically traded. However, their products are decent.
As for PC vendors, they just need to start realizing that the desktop is now a role that can be done by a tower, mini tower, laptop, tablet, or even a cellphone (as in the case of the Motorola Atrix). They also need to start adding functionality into their machines. A few examples:
1: There is a reason why NAS drives are hitting the market. Apple's MacBook and fast wireless connections are creating a market for NAS drives as well as larger servers for home use. Plus, backups don't hurt either, and file servers will only get more buyers as ransomware and other malicious software gets more common. There is a market here. For wired machines, sell iSCSI, 10gigE, and the ability to boot from the NAS (well, used as a SAN in this case.) One drive array then handles all the home files, and is easily backed up and managed.
2: Virtualization. Windows 10 is going whole hog with Docker containers, both "plain" and in Hyper-V VMs. It might be wise for EMC/VMWare to get with hardware makers and put ESXi into BIOS of computers before MS overruns the market with Hyper-V, or both players have to deal with OpenStack/Xen/KVM.
3: SAN functionality like snapshots, copying backups on the array level, deduplication, and other tools would be useful on PCs. Malware can't touch previous backups if done on the snapshot level.
4: Time to bite the bullet and move to SSD wholesale, at least for the OS. HDD bays are still useful, but the machine should at least boot, if not run its apps and data from SSD.
5: Consumer level backup media. Malware isn't going away anytime soon, and there is nothing out there that actually gives resistance from malware overwriting backup media, except for CD/DVD/BD-R drives. What would be ideal would be some form of inexpensive tape drive with the media able to be write-protected, maybe even WORM media available, so if some CryptoWall or CryptoLocker variant does its nasty work, stuff is still recoverable.
PC companies just need to open their eyes, perhaps move some enterprise features down the chain, and they will still have not just a market, but the ability to expand and get people to buy new stuff.
If that is the case, then using tiny VMs might just be a useful tool, as it might come in handy for honeypot research, or just for browsing the Web securely. Since a common (if not the most common) cause of compromise is the Web browser, might as well not just have logical separation (sandbox, VMs), but physical separation, so damage is limited. With multiple devices, it becomes a matter of hacking via remote if malware on one device obtained by general web browsing wanted to attack the compute stick holding the browser instance with the banking data.
I do agree that it does add a non-trivial amount of load, but the purpose of it being there is for isolation (keep the malware away from the bare metal like the actual HDD firmware) and snapshot capabilities -- if the VM gets completely compromised, the entire thing can be rolled back fairly quickly. With 2GB of RAM [1], it can support some low-end OS partitions.
[1]: I've seen some low-end netbooks ship with Windows 8.1 and 2GB RAM, so even though it is a painfully low amount of RAM, I'm guessing someone can use a machine with that small amount of memory.
Its hardware specs are modest, but the Compute Stick does have one item that might be useful -- slap VMWare or a hypervisor on it, and use it for a Web browsing VM, using App-V so that the browser appears seamless.
The advantage of doing things this way a hardware level of isolation. Should the browser (or add-ons) get compromised, the malware has to get out of the VM, and even then... the compromise is limited to a rather small amount of hardware so if there is some attack that is able to fry the CPU or motherboard, replacing this is a lot less pain than a blade or 1U server.
Of course, it can't run much, but for just running a Web browser in an isolated environment with a 32 GB drive, it is good enough.
I know I will fall into the Slashdot cliche of "a Beowulf cluster"... but these could be useful for physical separation and containerization of tasks. Small applications like NTP which are security sensitive so end up on a dedicated box, a small RODC for a branch office, a syslog drop box (especially with the ability to use a USB drive for storage), VDI, and other things which physical separation (as opposed to containers or VMs) would be a good thing.
It is understandable to be worried... but similar functionality has been in Windows for a while.
Secure Device is basically AppLocker, except on a driver level. AppLocker is a function that can be turned on since Windows 7 that can allow applications by signature or by their hash.
For the enterprise, this is a useful tool. One use case would be on servers, as a way to prevent an attacker from trying to install a driver for keylogging or to hook into disk I/O in efforts to try to grab a key or a password. Another use case would be in groups of locked down desktops (finance and point of sale systems come to mind.)
What Device Guards adds is that the business can choose which companies to trust. That way, if someone wants to install a product not on the list, even though the code may be signed, the install would be stopped.
All and all, this is a useful feature to have, especially on machines which should be locked down thoroughly (edge webservers, for example.)
The drawbacks are significant. In fact, this has been done before in the early 1990s with Macintosh LocalTalk-based NICs which one would aim every NIC in a room (assuming the usual cubicle based office) to a spot on the ceiling, adjust aim until all the devices sported a green LED, then they all could communicate with each other. It wasn't fast (LocalTalk did most of its stuff via broadcasts), but it was a way to network a bunch of machines in a dynamic environment without hardwiring and before the days of Wi-Fi.
After seeing this device reviewed in MacWorld, I've not seen hide nor hair or this being used since, so it apparently flopped, or just was overtaken by 10baseT.
I wonder why this technology can't get folded into basic IR output. Until 2012, MacBooks have had this built in... perhaps this might be something useful to put in a spec as a NIC option?
Of course, the downside are the security issues, but IR has been around quite a long time, and might just need a protocol update for this.
I'm not sure why this is news. Sticking any device on the PCIe bus is going to allow for a lot more speed than using the SATA bus, and because SSDs are not limited by any mechanical mechanism, many layers of RAID 0 striping can be used to keep increasing performance.
Where I see this a big help personally is virtualization [1]. Even a SSD that is stuffed into an enclosure and is run over USB 3, because VMs do a lot of random I/O, performance is distinctively better than HDDs.
[1]: With all the Web based compromises lying in wait, it is wise to run VMs and separate tasks. Plus, with App-V, Unity, and other methods, it doesn't take much from usability.
I've personally played around with the Moonshot and being able to squeeze 45 blades in a 5U rack (the specs say 4.3U...) is a nice thing. Each blade has two DIMM spaces and a SSD, which is good enough to load a hypervisor, then use the onboard bus for going to a storage array.
I wouldn't say that each blade is as powerful as a blade in HP's conventional 16 blade enclosure (which takes 10 rack units), nor as powerful as a 1U standalone server... but you can choose what goes in, from a low end Xeon on the m710 to an AMD offering, to an Intel Atom, to ARM based procs.
High density enclosures like the HP Moonshot are quite useful. VM farms come to mind as well as privilege separation for security sensitive tasks. VDI also comes to mind (so the extremely sensitive stuff can be used and manipulated by RDP or Citrix Receiver as seamless applications, but a compromise of a user's desktop doesn't allow the entire database to be taken.) It also makes a decent testbed when doing production to test copies and staging OS/program updates for soak testing before they updates are pushed into the field. I wouldn't say high density server platforms will replace everything else (due to physical limitations, the blades are not going to outperform standard 2 Xeon machines), but they are a useful thing to have and help save space in the server room.
To me, there needs to be a paper trail. Like the lottery issue a few days ago, if someone tampers with the RNG and does it in a manner that their modifications can be backed out, there is no way to tell it was done.
This doesn't have to be in a way that causes hanging chads. It just has to be a way of logging people's votes to a physical medium that is both machine readable and human readable.
This way, when someone votes, they get a paper ballot printed out that they can doublecheck. Then it shouldn't be an issue to tally up the votes via the printed cards. Hell, universities do this all the time with Scantrons for tests and finals, in far greater volume per location than voting precincts do.
Add Chaum's verifiable voting, and one has an open, secure system.
The concept of a workstation has been pretty much marginalized due to things being "good enough". I might see one that is mainly to interact with a dedicated appliance (CNC mill), or perhaps a few workstations when working with definite tasks, but they tend to be bit players compared to desktops or laptops.
The desktop is becoming a role, as opposed to a device. For example, the Surface Pro when plugged into a dock functions as a desktop role. Same with most laptops.
As for laptops, they are nowhere near as expandable as a desktop... but they will do. A laptop with a decent SSD, 8-16 GB of RAM, and four cores can do OK at virtualization for small tasks.
I have worked with people who could stick any object in any connector... they just had to get a big enough of a hammer. The most common I've encountered are VGA plugs into serial ports (which bend the pins in all directions.)
I am guessing that the people who designed this connector's configuration assumes it is not going to be user accessible for the post part, so they didn't really worry about it being 100% foolproof.
Does the tool need to be run on MS just once (like a firmware flash), or is it a driver in the OS? If the former, I can probably slap Windows on briefly just to run the fix. If it has to be loaded and run... heck with that. Intel may not be perfect, but they are a good baseline of what SSD should be measured by.
One thing about work passwords (and in general, I'm assuming this is an AD or LDAP user account), any sane setup should lock the account after a certain number of guesses [1], so 15-20+ character passwords are not as needed, assuming the account isn't an admin account or a service account which never will have its password changed. (For service accounts, I like using a randomly generated 128 character Unicode passphrases because those accounts are set to not get locked due to brute force attempts, so they have to have actual brute-force resistance.)
With this in mind, a "work" password with the Microsoft defaults (as shipped with Windows server releases) is reasonably secure.
For finances, I use not just a completely different password, but an E-mail address on a private domain that doesn't get used anywhere else. I also try to enable 2FA if possible.
For other passwords, I just use a mechanism that asks for a master passphrase, then uses a MD5 hash of the site + the passphrase to derive the password for that website. This way, there isn't much to store, and they are easily regenerated.
[1]: Of course, unlock it after a period of time has passed. I've seen some companies have a "keep accounts locked until manually unlocked" policy... only to discover that it takes more time in manning a phone bank 24/7 to have someone unlock accounts as opposed to just locking an account for a few minutes (which is good enough to help mitigate a brute force password guess attack, especially if logs that alert someone are used.)