One idea I've found that works, provided this is possible (i.e. you own the property), and one has the electrical ability, is to have a dedicated circuit for the little devices that comes from an inverter [1] and a set of batteries that charge from a PV panel array.
This doesn't have to be expensive. A common setup winds up being two 6VDC golf cart batteries in series (12 volts total), 2-3 PV panels, a decent charge controller [2], and an inverter. This won't run your air conditioner unit, but it will be big enough to handle a number of low amperage devices, and one can build a decent setup for well under $1000.
In fact, I did a jerry rigged setup to light a shed on the far side of a friend's farm using a cast off extension cord (it had the proper gauge wires when stripped), a cast off 200 watt panel, a $8 PWM charge controller from eBay, an old deep cycle battery, and a DC-DC converter so I could use some 340 lumen SunJack LED bulbs (with built in switches) that run from a USB port. All of this cost well under $100. The SunJack LED bulbs would run 8-10 hours on a 1.2 amp (or 12,000 mAh as the packaging says), so a 200 amp-hour battery that only has 50-75 amp-hours left can run the bulbs for a very long time without solar.
Another added benefit of having all the devices on their own circuit is that they are essentially on a UPS, so if power fails, they will still keep running.
[1]: Don't skimp here... buy a reliable PSW (pure sine wave) inverter, and go for a 1500-2000 watt model even though running at full tilt will discharge the batteries quickly. This is so that if one plugs something in that has an inrush current (refrigerator compressor, microwave), the inverter can handle it.
[2]: You can go with a MPPT controller, which allows for higher voltage panels (as it converts the voltage higher than what the batteries use into a lower voltage with more amps), or have more panels to handle how a PWM controller "lops" off any voltage it doesn't need.
Platter technology will end up being pushed to the NAS/SAN, which is why WD is making their red line of drives.
Perhaps HDDs, now that speed and capacity are secondary, they will start evolving down the path of reliability, perhaps replacing tape as an archival medium.
NAS drives are going to be a big market, especially with devices like Apple's new MacBook with limited expansion capability, so people will use WiFi Direct hard drives as their main backup source, as opposed to USB drives. In this use, capacity is limited on the MacBook, and speed is limited, so drive makers (hopefully) will end up working on leapfrogging each other for reliability and security.
I have a third option: An admin passphrase that is a lot longer than my user passphrase, but had more retry attempts. That way, if the short passphrase gets typoed, I can still unlock the device with the admin one.
You are right about backups... that is why I have three of the USB tokens, just in case.
Had a similar choice when giving a laptop to a relative. I went SSD instead of SSHD because SSDs are physically more resistant to shock.
However, if given the choice with a desktop... I'd probably still use SSD, just because when I delete a file and fstrim the drive, the file is -gone- for good, since the drive controller will come around, write "1"s to all the pages that file used and call it done. Of course, keeping good backups when using SSDs is wise, just due to this exact thing.
I wonder if the ideal password manager would be one that would use a typed in password as a seed/IV (hash a seed and the sitename), with exceptions stored for sites which don't allow passwords generated with that tool to work. Some sites require a number, a capital letter, lower case letter, a symbol (well, not all symbols work), or some other random, annoying combination of the above.
Of course, the ideal password manager would store the password database with a master volume key, then each device accessing it would have the MVK encrypted to its public key. This way, if someone wants to add a device, they just allow access on another device. If someone wants to remove access, it is doable, but it would be wise to re-encrypt the DB to a new key for security. This is how PGPDisk did its encryption, and it completely deters brute-forcing, should someone get access to the data stored on the cloud, since there is no password, so the attacker has to deal with the entire key's keyspace.
Since the private key is on the device, the user just needs a PIN to unlock (with a timeout after too many wrong attempts), rather than a longer passphrase. Both iOS and Android have secure storage (KeyChain for example) which makes this easy to implement securely.
I prefer 2FA when possible. Even a very tough password means nothing if by some means, it gets sniffed by some keylogger, or the password database on a cloud provider gets brute-forced.
For storage where one is using a passphrase for encryption, as opposed to authentication, I like using cryptographic tokens. TrueCrypt used to work with a PKCS#11 library so I could store a keyfile on a set of Aladdin/SafeNet eTokens. This not just made the key immune to brute force guessing... someone who physically possesses the token has three guesses of my unlocking passphrase before the token locks itself forever and zeroes out the stored keyfile. This also works with Symantec's PGP version, except that generates a public/private keypair, the private keypair always remaining on the token, while the public part is used for the file/drive encryption.
If 2FA isn't possible, then as above, some mechanism to help with password reuse is very wise. This is useful just in case some website decides to store passwords in plain text, so a person's secure "correct horse battery staple" is now compromised and added to every blackhat's brute forcing library.
All consumer level ones are that shitty. Time Machine does have some OS level protection, but most just dump data to an external drive. Overwriting the files or just a format of the filesystem can easily destroy that backup.
Windows Server Essentials 2012 R2 has "pull" functionality to grab data from desktops. Another utility is Retrospect which can have a client installed on desktops.
Of course, the ideal would be a backup appliance like an EMC Avamar that deduplicated. Think Time Capsule, except that the appliance initiated the backups, stored them securely, and did the deduplication. Add decent disk encryption (perhaps a startup password or PIN entered on the appliance's webpage to mount the backup drives), and this would help versus malware.
Most backups would be erased or encrypted by the ransomware. The problem is that people think in terms of disk failures or hardware failures, so have their backup solution based around this. Just this in mind, going with two SANs that replicate with each other asynchronously is the best thing to do, since the data is always available.
However, this doesn't factor in software designed to corrupt/encrypt backups over a long haul. This is going to take a dedicated backup server that pulls backups and stores them in a place where a machine cannot access (and thus tamper) with stored data. It also takes a long data retention policy, just in case.
However, in a lot of places, backups are like security -- they are viewed as having no ROI, so at best, you might get some mechanism to stash stuff on disk, but if a machine can back up to the disk directly, it likely can erase/modify stored data.
One scenario that I worry about with cloud providers is exactly this. The provider goes bankrupt, sells all data to someone else, and they now have all the servers and can use the container information, free, clear, with nothing the clients of the former cloud provider able to do about it legally, barring copyright violations.
Both Borders and RS both show a lesson -- yes, there is a privacy policy with company "A", but when the servers get under the ownership of a new company, that policy is out the window, and the data can be used for anything that the new owners desire. Multi-TB torrent? Perfectly legal.
If a cloud provider changes hands, I can see a new company digging through data just to extort people. Say they find a sex toy maker's customer list on a server. They can then send out a note that all customers of this maker will have their named published unless they "buy into" a privacy policy (removing the name from the list) for the low price of $99.99. Since the new company 100% owns the data, free and clear, this is perfectly legal.
Those are some good suggestions. I might add a few myself:
1: If your device is rooted, you can separate the password that unlocks the/data partition from the PIN that unlocks the screen. This way, you have 4-5 digits that are quickly typed in... but if a thief decides to reboot the phone or power it off, they are facing the 20-30+ character passphrase... and most newer Android ROMs only allow 30 guesses before they do an erase.
2: Enable encryption of the/data partition. This is worth mentioning.
3: There is an app that will detect if the power button is pressed six times quickly, and send out a duress code. Forgot the name, but might be worth having.
4: Some ROMs will do some form of encryption on the SD card. If not, you can get an EncFS app, or BoxCryptor (which is a commercial/subscription version that uses EncFS as its base.)
5: Consider a backup program like Titanium Backup which uses a very reliable encryption mechanism (it uses a passphrase for a private key, and uses a public key for backups), and can save the encrypted backups to a cloud provider.
6: Consider a utility that requires a PIN to access some apps. For example, the app for a terminal and other rooted apps on my Android phone is PIN protected, FB and other apps are under another PIN, etc... so if a bad guy gets the phone while its unlocked, they might have access to the Web browser, but not the other parts. If they reboot the phone, they are faced with a very long/data encryption password as stated in #1.
I have read about mandatory voting in other countries... what can happen is that in elections that people really don't care about, they wind up voting for Mickey Mouse, the FSM, or some other character just for kicks.
However, the perfect is the enemy of the good, and maybe it might be a wise idea to at least get people to the polls somehow, even if they just play Tetris with the checkboxes on the voting machines, just to get rid of voter apathy.
The hybrid didn't have that much towing capacity, I think it was 3500 to 5000 pounds.
The 1/2, 3/4, and 1 ton truck designations tend to be there for name only, and to deal with some municipal codes (where a 3/4 ton and heavier is a "commercial vehicle", and a 1/2 ton can be a POV.)
However, with most of the truck lines, the 1/2 ton is a different model, and the 3/4 and 1 ton are very similar. For example, the difference between a F-250 and a F-350 from Ford is a leaf spring in the rear and a different GVWR/GCVWR.
The reason for the separation is that 1/2 ton trucks are popular sellers in the US, so for automakers to keep up with CAFE standards, they are made to save weight and MPG, as well as make an attempt at general hauling/pulling.
3/4 and one ton pickups get less MPG... but because they are generally built for commercial/farm use, they tend to be better at constant towing, carrying loads, or both. For example, if one wants to have a truck camper, there are almost zero models (other than tent-tops) available for half-ton models, while a 3/4 to one ton has a fairly wide range of choices, from a basic model to one with three sides, movie chair seating, and a dry bath.
I think part of it is a Robin Hood type of mystique. Someone anonymous having something that bypasses the establishment, similar to being able to sneak on the King's grounds and hunt deer without being drawn and quartered as a poacher... but Robin Hood is most often a myth, and most often, it could be someone like O'Brian from "1984" looking to see who dissents... or a mercenary who would then turn right around and hand the people with the deer to the Sheriff for a reward.
BitCoin does have its place. Right now, it is still in its "cool" stage so it gets used for everything... similar to how radioactive substances were put in bath water and soaps until people realized they got cancer and other unpleasant things by doing so.
GM has tried a decent hybrid system on their 1500 Silverados.
Where a hybrid system would be very usable, would be on the heavier duty pickups like the 3/4 and one ton models:
First, electric motors provide their best torque at near 0 RPM, which is quite useful.
Second, on a rural jobsite, if a PSW inverter is available, this would allow the truck to completely replace a generator in the field. Just plug the welder, saw, or other tools into that and use the onboard battery for that, perhaps running the IC engine to keep everything topped off.
Third, for farms, it might be economical to have the trucks charge and run on batteries, as it saves on fuel.
My question: Would we see this technology being used on the heavier duty series of pickups?
I've found 8.1 not that bad. BitLocker can be used to protect the startup drive without a TPM needed, chkdsk can be run on a drive without needing to be dismounted, Storage Spaces, ReFS, and deduplication are quite nice features. Even running BitLocker on drives without needing a key protector is useful, since a format command zeroes out the master volume keys, making data virtually impossible to retrieve. Plus, Hyper-V is a decent hypervisor (tier 1 hypervisors are relatively rare... especially ones which let you use the computer's main console for daily work.)
Only complaint I have is that 8.1 needs the same backup utility that Windows Server 2012R2 has. Technically both are wbadmin utilities, but the server version is extremely useful.
The ironic thing is that MS has nothing to lose. If they get pirates paying yuan for licenses, MS has a net gain.
MS will always make their numbers. If they fail in every other venture, they just do a price hike for their enterprise software, and they have more than made up for the losses. Most big businesses have made the move in the past five years from SPARC/POWER/PA-RISC equipment to commodity x86 machines, then from hardware to virtualization and VM farms... so it is highly unlikely there would be a move away from MS even if they double their prices for all customers.
A friend of mine tried that idea with another service. When he got nailed while on vacation, instead of the bank saying, "sorry, no funds" and stopping transactions, the bank still allowed it and added a hefty NSF charge onto each transaction. Even more of a kicker was the fact that he was out on vacation and didn't realize the negative quad-digit balance until he got back... and by that time, he got stuck in Chex Systems's database, which means you are pretty much fscked credit-wise (or even trying to get a savings account) for seven years.
Great, another ACH debit mechanism, which means that when a fraudster empties a bank account, it stays emptied because there is nowhere the protection present that a credit card has in place.
I would place this on the heap of "run, don't walk away from", also-ran payment standards like CurrenC... avoid at all costs.
Now, if they had used the Visa/MC credit mechanism, things would be different. Fraud wouldn't completely destroy an end user's bank account.
It would be nice to see some improvements in OS X security though just to keep ahead of the bad guys:
1: A TPM chip that can be used with FileVault 2 for additional protection (so a Mac can be set to ask for a boot password which can be a log longer than the user password.) The TPM chip would also combat brute force attacks. Since all Windows 8.1 certified machines have to have a TPM 2.0 chip, and Apple uses x86 hardware, might as well use this functionality, as it is pretty much built into all new PCs.
2: Apple should look into SED (OPAL SSC 2) functionality for their SSDs.
3: If Apple can't put in a Kensington lock slot, then why not they design something for basic physical security?
The goal isn't to keep away the guy with the blowtorch or plasma cutter, but so that one can be sitting at a table at a library, tie the laptop to the table, go use the restroom and come back, and the laptop would still be there. Yes, one can buy a PacSafe laptop bag that can be chained to an object... but shouldn't a multi-thousand dollar piece of gear at least have a little bit of design for anti-theft, even if it is a small piece of metal that flips out for a lock slot? Thin is in, yes... but Dells, HPs, and other laptop brands have similar dimensions of machines, but they can put a Kensington lock slot on their models.
Yubikey looks interesting, but I've used eTokens in the past (generated a key on a computer with FDE, imported the key into three tokens, then physically destroyed the HDD that had the key on it since it was giving SMART errors anyway), as a way to have physical security of keys (if I have the three tokens, I know the key isn't going anywhere.)
eTokens served me well, although it is impossible to find PKCS drivers for them for newer Windows and OS X versions these days.
They also serve as great ways to counter brute force attacks on a machine with FDE if using PGP's whole disk encryption (no token, no unlock key for the HDD unless one has a WDRT, or whole disk recovery token, stashed away.)
Two hashes are better because if one algorithm fails, you have a backup. However, with CPU and I/O time so precious in most cases, two hashes are not really feasible.
Were I going with an algo, I'd be using SHA3 or Skein, something that is as secure as one can get presently.
Depends on filesystem and device. One SAN vendor (forgot name, but sells all SSD units) purports to be able to dedupe code even if it doesn't align at the same boundaries. It does a block level dedup on a write, then has a background process which does the file level deduplication after the data is on the disks.
If this could be done in software (and hopefully not sacrificing performance or reliability), having every executable on the system static would simplify things on that level.
The advantage of moving to this is that is simplifies software management. No/usr/lib needed. It also simplifies file isolation since an executable can be given a jailed, chrooted filesystem without any need to worry that it won't have a core routine available. It also gets rid of the "DLL hell" which has not just plagued Windows, but also UNIX variants.
Isn't Update Cache similar to WSUS? This makes sense since LAN bandwidth is almost always a lot more plentiful than having every box pull their updates via the Internet.
AFIAK, Apple's updates are signed, so if someone does tamper with the update cache server, it will be detected.
IMHO, the perfect is the enemy of the good. Even though metadata is not protected, data is, so if Yahoo gets hacked, people's E-mail is protected.
One doesn't have to use their OpenPGP extension, nor their authentication. I'm glad it is available.
As for metadata, we already have a way for this. NNTP and alt.anonymous.messages. There is a DEFCON report on how good/bad this security is... but if you really want privacy, this is the next step up because the messages go to nobody in particular... just the newsgroup.
Overall, I'm happy someone is working on PGP/gpg stuff. It is boring to developers compared to shiny new (and likely insecure) stuff, and has been neglected for years, but it is one of the few security protocols that actually works and has stood the test of time.
Slashdot Mirror
One idea I've found that works, provided this is possible (i.e. you own the property), and one has the electrical ability, is to have a dedicated circuit for the little devices that comes from an inverter [1] and a set of batteries that charge from a PV panel array.
This doesn't have to be expensive. A common setup winds up being two 6VDC golf cart batteries in series (12 volts total), 2-3 PV panels, a decent charge controller [2], and an inverter. This won't run your air conditioner unit, but it will be big enough to handle a number of low amperage devices, and one can build a decent setup for well under $1000.
In fact, I did a jerry rigged setup to light a shed on the far side of a friend's farm using a cast off extension cord (it had the proper gauge wires when stripped), a cast off 200 watt panel, a $8 PWM charge controller from eBay, an old deep cycle battery, and a DC-DC converter so I could use some 340 lumen SunJack LED bulbs (with built in switches) that run from a USB port. All of this cost well under $100. The SunJack LED bulbs would run 8-10 hours on a 1.2 amp (or 12,000 mAh as the packaging says), so a 200 amp-hour battery that only has 50-75 amp-hours left can run the bulbs for a very long time without solar.
Another added benefit of having all the devices on their own circuit is that they are essentially on a UPS, so if power fails, they will still keep running.
[1]: Don't skimp here... buy a reliable PSW (pure sine wave) inverter, and go for a 1500-2000 watt model even though running at full tilt will discharge the batteries quickly. This is so that if one plugs something in that has an inrush current (refrigerator compressor, microwave), the inverter can handle it.
[2]: You can go with a MPPT controller, which allows for higher voltage panels (as it converts the voltage higher than what the batteries use into a lower voltage with more amps), or have more panels to handle how a PWM controller "lops" off any voltage it doesn't need.
Platter technology will end up being pushed to the NAS/SAN, which is why WD is making their red line of drives.
Perhaps HDDs, now that speed and capacity are secondary, they will start evolving down the path of reliability, perhaps replacing tape as an archival medium.
NAS drives are going to be a big market, especially with devices like Apple's new MacBook with limited expansion capability, so people will use WiFi Direct hard drives as their main backup source, as opposed to USB drives. In this use, capacity is limited on the MacBook, and speed is limited, so drive makers (hopefully) will end up working on leapfrogging each other for reliability and security.
I have a third option: An admin passphrase that is a lot longer than my user passphrase, but had more retry attempts. That way, if the short passphrase gets typoed, I can still unlock the device with the admin one.
You are right about backups... that is why I have three of the USB tokens, just in case.
Had a similar choice when giving a laptop to a relative. I went SSD instead of SSHD because SSDs are physically more resistant to shock.
However, if given the choice with a desktop... I'd probably still use SSD, just because when I delete a file and fstrim the drive, the file is -gone- for good, since the drive controller will come around, write "1"s to all the pages that file used and call it done. Of course, keeping good backups when using SSDs is wise, just due to this exact thing.
I wonder if the ideal password manager would be one that would use a typed in password as a seed/IV (hash a seed and the sitename), with exceptions stored for sites which don't allow passwords generated with that tool to work. Some sites require a number, a capital letter, lower case letter, a symbol (well, not all symbols work), or some other random, annoying combination of the above.
Of course, the ideal password manager would store the password database with a master volume key, then each device accessing it would have the MVK encrypted to its public key. This way, if someone wants to add a device, they just allow access on another device. If someone wants to remove access, it is doable, but it would be wise to re-encrypt the DB to a new key for security. This is how PGPDisk did its encryption, and it completely deters brute-forcing, should someone get access to the data stored on the cloud, since there is no password, so the attacker has to deal with the entire key's keyspace.
Since the private key is on the device, the user just needs a PIN to unlock (with a timeout after too many wrong attempts), rather than a longer passphrase. Both iOS and Android have secure storage (KeyChain for example) which makes this easy to implement securely.
I prefer 2FA when possible. Even a very tough password means nothing if by some means, it gets sniffed by some keylogger, or the password database on a cloud provider gets brute-forced.
For storage where one is using a passphrase for encryption, as opposed to authentication, I like using cryptographic tokens. TrueCrypt used to work with a PKCS#11 library so I could store a keyfile on a set of Aladdin/SafeNet eTokens. This not just made the key immune to brute force guessing... someone who physically possesses the token has three guesses of my unlocking passphrase before the token locks itself forever and zeroes out the stored keyfile. This also works with Symantec's PGP version, except that generates a public/private keypair, the private keypair always remaining on the token, while the public part is used for the file/drive encryption.
If 2FA isn't possible, then as above, some mechanism to help with password reuse is very wise. This is useful just in case some website decides to store passwords in plain text, so a person's secure "correct horse battery staple" is now compromised and added to every blackhat's brute forcing library.
All consumer level ones are that shitty. Time Machine does have some OS level protection, but most just dump data to an external drive. Overwriting the files or just a format of the filesystem can easily destroy that backup.
Windows Server Essentials 2012 R2 has "pull" functionality to grab data from desktops. Another utility is Retrospect which can have a client installed on desktops.
Of course, the ideal would be a backup appliance like an EMC Avamar that deduplicated. Think Time Capsule, except that the appliance initiated the backups, stored them securely, and did the deduplication. Add decent disk encryption (perhaps a startup password or PIN entered on the appliance's webpage to mount the backup drives), and this would help versus malware.
Most backups would be erased or encrypted by the ransomware. The problem is that people think in terms of disk failures or hardware failures, so have their backup solution based around this. Just this in mind, going with two SANs that replicate with each other asynchronously is the best thing to do, since the data is always available.
However, this doesn't factor in software designed to corrupt/encrypt backups over a long haul. This is going to take a dedicated backup server that pulls backups and stores them in a place where a machine cannot access (and thus tamper) with stored data. It also takes a long data retention policy, just in case.
However, in a lot of places, backups are like security -- they are viewed as having no ROI, so at best, you might get some mechanism to stash stuff on disk, but if a machine can back up to the disk directly, it likely can erase/modify stored data.
One scenario that I worry about with cloud providers is exactly this. The provider goes bankrupt, sells all data to someone else, and they now have all the servers and can use the container information, free, clear, with nothing the clients of the former cloud provider able to do about it legally, barring copyright violations.
Both Borders and RS both show a lesson -- yes, there is a privacy policy with company "A", but when the servers get under the ownership of a new company, that policy is out the window, and the data can be used for anything that the new owners desire. Multi-TB torrent? Perfectly legal.
If a cloud provider changes hands, I can see a new company digging through data just to extort people. Say they find a sex toy maker's customer list on a server. They can then send out a note that all customers of this maker will have their named published unless they "buy into" a privacy policy (removing the name from the list) for the low price of $99.99. Since the new company 100% owns the data, free and clear, this is perfectly legal.
http://goo.gl/z8ti3D
From a root command line, you can do:
vdc cryptfs changepw newpass
(where newpass is your new password for the dm-crypt volume... which is your /data partition.)
There is also apps that do this as well, but you need root.
Of course, when you change your screen lock PIN, it will change the boot password, but that is a given.
Those are some good suggestions. I might add a few myself:
1: If your device is rooted, you can separate the password that unlocks the /data partition from the PIN that unlocks the screen. This way, you have 4-5 digits that are quickly typed in... but if a thief decides to reboot the phone or power it off, they are facing the 20-30+ character passphrase... and most newer Android ROMs only allow 30 guesses before they do an erase.
2: Enable encryption of the /data partition. This is worth mentioning.
3: There is an app that will detect if the power button is pressed six times quickly, and send out a duress code. Forgot the name, but might be worth having.
4: Some ROMs will do some form of encryption on the SD card. If not, you can get an EncFS app, or BoxCryptor (which is a commercial/subscription version that uses EncFS as its base.)
5: Consider a backup program like Titanium Backup which uses a very reliable encryption mechanism (it uses a passphrase for a private key, and uses a public key for backups), and can save the encrypted backups to a cloud provider.
6: Consider a utility that requires a PIN to access some apps. For example, the app for a terminal and other rooted apps on my Android phone is PIN protected, FB and other apps are under another PIN, etc... so if a bad guy gets the phone while its unlocked, they might have access to the Web browser, but not the other parts. If they reboot the phone, they are faced with a very long /data encryption password as stated in #1.
I have read about mandatory voting in other countries... what can happen is that in elections that people really don't care about, they wind up voting for Mickey Mouse, the FSM, or some other character just for kicks.
However, the perfect is the enemy of the good, and maybe it might be a wise idea to at least get people to the polls somehow, even if they just play Tetris with the checkboxes on the voting machines, just to get rid of voter apathy.
The hybrid didn't have that much towing capacity, I think it was 3500 to 5000 pounds.
The 1/2, 3/4, and 1 ton truck designations tend to be there for name only, and to deal with some municipal codes (where a 3/4 ton and heavier is a "commercial vehicle", and a 1/2 ton can be a POV.)
However, with most of the truck lines, the 1/2 ton is a different model, and the 3/4 and 1 ton are very similar. For example, the difference between a F-250 and a F-350 from Ford is a leaf spring in the rear and a different GVWR/GCVWR.
The reason for the separation is that 1/2 ton trucks are popular sellers in the US, so for automakers to keep up with CAFE standards, they are made to save weight and MPG, as well as make an attempt at general hauling/pulling.
3/4 and one ton pickups get less MPG... but because they are generally built for commercial/farm use, they tend to be better at constant towing, carrying loads, or both. For example, if one wants to have a truck camper, there are almost zero models (other than tent-tops) available for half-ton models, while a 3/4 to one ton has a fairly wide range of choices, from a basic model to one with three sides, movie chair seating, and a dry bath.
I think part of it is a Robin Hood type of mystique. Someone anonymous having something that bypasses the establishment, similar to being able to sneak on the King's grounds and hunt deer without being drawn and quartered as a poacher... but Robin Hood is most often a myth, and most often, it could be someone like O'Brian from "1984" looking to see who dissents... or a mercenary who would then turn right around and hand the people with the deer to the Sheriff for a reward.
BitCoin does have its place. Right now, it is still in its "cool" stage so it gets used for everything... similar to how radioactive substances were put in bath water and soaps until people realized they got cancer and other unpleasant things by doing so.
GM has tried a decent hybrid system on their 1500 Silverados.
Where a hybrid system would be very usable, would be on the heavier duty pickups like the 3/4 and one ton models:
First, electric motors provide their best torque at near 0 RPM, which is quite useful.
Second, on a rural jobsite, if a PSW inverter is available, this would allow the truck to completely replace a generator in the field. Just plug the welder, saw, or other tools into that and use the onboard battery for that, perhaps running the IC engine to keep everything topped off.
Third, for farms, it might be economical to have the trucks charge and run on batteries, as it saves on fuel.
My question: Would we see this technology being used on the heavier duty series of pickups?
I've found 8.1 not that bad. BitLocker can be used to protect the startup drive without a TPM needed, chkdsk can be run on a drive without needing to be dismounted, Storage Spaces, ReFS, and deduplication are quite nice features. Even running BitLocker on drives without needing a key protector is useful, since a format command zeroes out the master volume keys, making data virtually impossible to retrieve. Plus, Hyper-V is a decent hypervisor (tier 1 hypervisors are relatively rare... especially ones which let you use the computer's main console for daily work.)
Only complaint I have is that 8.1 needs the same backup utility that Windows Server 2012R2 has. Technically both are wbadmin utilities, but the server version is extremely useful.
The ironic thing is that MS has nothing to lose. If they get pirates paying yuan for licenses, MS has a net gain.
MS will always make their numbers. If they fail in every other venture, they just do a price hike for their enterprise software, and they have more than made up for the losses. Most big businesses have made the move in the past five years from SPARC/POWER/PA-RISC equipment to commodity x86 machines, then from hardware to virtualization and VM farms... so it is highly unlikely there would be a move away from MS even if they double their prices for all customers.
A friend of mine tried that idea with another service. When he got nailed while on vacation, instead of the bank saying, "sorry, no funds" and stopping transactions, the bank still allowed it and added a hefty NSF charge onto each transaction. Even more of a kicker was the fact that he was out on vacation and didn't realize the negative quad-digit balance until he got back... and by that time, he got stuck in Chex Systems's database, which means you are pretty much fscked credit-wise (or even trying to get a savings account) for seven years.
Great, another ACH debit mechanism, which means that when a fraudster empties a bank account, it stays emptied because there is nowhere the protection present that a credit card has in place.
I would place this on the heap of "run, don't walk away from", also-ran payment standards like CurrenC... avoid at all costs.
Now, if they had used the Visa/MC credit mechanism, things would be different. Fraud wouldn't completely destroy an end user's bank account.
It would be nice to see some improvements in OS X security though just to keep ahead of the bad guys:
1: A TPM chip that can be used with FileVault 2 for additional protection (so a Mac can be set to ask for a boot password which can be a log longer than the user password.) The TPM chip would also combat brute force attacks. Since all Windows 8.1 certified machines have to have a TPM 2.0 chip, and Apple uses x86 hardware, might as well use this functionality, as it is pretty much built into all new PCs.
2: Apple should look into SED (OPAL SSC 2) functionality for their SSDs.
3: If Apple can't put in a Kensington lock slot, then why not they design something for basic physical security?
The goal isn't to keep away the guy with the blowtorch or plasma cutter, but so that one can be sitting at a table at a library, tie the laptop to the table, go use the restroom and come back, and the laptop would still be there. Yes, one can buy a PacSafe laptop bag that can be chained to an object... but shouldn't a multi-thousand dollar piece of gear at least have a little bit of design for anti-theft, even if it is a small piece of metal that flips out for a lock slot? Thin is in, yes... but Dells, HPs, and other laptop brands have similar dimensions of machines, but they can put a Kensington lock slot on their models.
Yubikey looks interesting, but I've used eTokens in the past (generated a key on a computer with FDE, imported the key into three tokens, then physically destroyed the HDD that had the key on it since it was giving SMART errors anyway), as a way to have physical security of keys (if I have the three tokens, I know the key isn't going anywhere.)
eTokens served me well, although it is impossible to find PKCS drivers for them for newer Windows and OS X versions these days.
They also serve as great ways to counter brute force attacks on a machine with FDE if using PGP's whole disk encryption (no token, no unlock key for the HDD unless one has a WDRT, or whole disk recovery token, stashed away.)
Two hashes are better because if one algorithm fails, you have a backup. However, with CPU and I/O time so precious in most cases, two hashes are not really feasible.
Were I going with an algo, I'd be using SHA3 or Skein, something that is as secure as one can get presently.
Depends on filesystem and device. One SAN vendor (forgot name, but sells all SSD units) purports to be able to dedupe code even if it doesn't align at the same boundaries. It does a block level dedup on a write, then has a background process which does the file level deduplication after the data is on the disks.
If this could be done in software (and hopefully not sacrificing performance or reliability), having every executable on the system static would simplify things on that level.
The advantage of moving to this is that is simplifies software management. No /usr/lib needed. It also simplifies file isolation since an executable can be given a jailed, chrooted filesystem without any need to worry that it won't have a core routine available. It also gets rid of the "DLL hell" which has not just plagued Windows, but also UNIX variants.
Isn't Update Cache similar to WSUS? This makes sense since LAN bandwidth is almost always a lot more plentiful than having every box pull their updates via the Internet.
AFIAK, Apple's updates are signed, so if someone does tamper with the update cache server, it will be detected.
IMHO, the perfect is the enemy of the good. Even though metadata is not protected, data is, so if Yahoo gets hacked, people's E-mail is protected.
One doesn't have to use their OpenPGP extension, nor their authentication. I'm glad it is available.
As for metadata, we already have a way for this. NNTP and alt.anonymous.messages. There is a DEFCON report on how good/bad this security is... but if you really want privacy, this is the next step up because the messages go to nobody in particular... just the newsgroup.
Overall, I'm happy someone is working on PGP/gpg stuff. It is boring to developers compared to shiny new (and likely insecure) stuff, and has been neglected for years, but it is one of the few security protocols that actually works and has stood the test of time.