Another idea that comes to mind is to use a feature that all web browsers have had for over 10 years (even Lynx) -- client certificates.
This way, on setup, the website asks the user if the current client certificate presented is the one he or she wants to use, then from there on, authentication is completely transparent.
It goes without saying to have SMS as a backup, but the absolute easiest way to authenticate on a "known good" computer is to have a client cert.
The ideal would be to use the standard TOTP method that Amazon, Google, EMC, and other companies use. The Google Authenticator is just one implementation of the standard, and there are others (Amazon has one, for example.)
I really wish Yahoo would have SMS as an -option-, but would allow TOTP as well. This way, if one has the seed keys in an app, they don't need to get a SMS, but if they are on a new machine, SMS still works.
You just hit the nail on the head. As of now, if someone steals my phone in an unlocked state, they will be able to get the second factor... but they won't be able to log into the account due to the password. What having just one factor does is make a phone theft all the more crippling where a bad guy can do a lot of damage.
2FA is 2FA because it covers at least two of these properties: Something you know, somewhere you are located, something you are, and something you have. For example, a secure biometric system uses the fingerprint/retina scan as a username, then a PIN for access, or a remote access system uses a password and a OTP so that if the password gets sniffed, the OTP is still an obstacle.
On the other hand, perfect is the enemy of the good. In general, someone is going to be less likely to have their phone stolen than to have their password sniffed or cracked, so moving to a SMS message can be argued to be a security improvement.
This is a solved problem, although by a commercial solution. Symantec's Encryption Desktop (formerly PGP desktop) allows one to either decrypt/check signature and view what is on the clipboard or decrypt/check signature and view what is in the current window.
We don't need a Web browser plugin. This is like drilling a hole in a boat that has one hole already in it, expecting the water to drain out.
Instead, we need something with functionality similar to SED that is completely standalone from other applications and functions completely independent of the Web browser. This is tougher than it sounds. GPG4Win is a good effort, but it does not come anywhere close to the ease of use that SED has. Macs and Linux have decent utilities like GPGTools (which was pictured.) If PGP decryption is put into something, it should not be part of a Web browser, but should be in the MUA. Web browsers should have as little running as possible, just so they have as small an attack surface since they are the biggest frontline for computer compromise these days.
The beauty about the OpenPGP spec is that it is completely independent of any transport mechanism, be it Slashdot posts, E-mail, MMS, AIM, Facebook's PM, or a file saved to a ZIP drive. Tethering it to a protocol can easily render a quite secure system extremely insecure, if only for the fact that a specific program or browser extension would be needed for the decryption.
Ideally, fetching E-mail via the Web should be more of an item of last resort, where one is using another machine. A high quality MUA (Thunderbird, Mail.app, Outlook, even mutt) is a lot more secure than a Web browser.
For me, it is not "why put up panels", it is "why not?"
Solar won't drive my A/C here in Austin... But, I can do two things with a roof full of panels:
1: I can have the panels plug into an inverter and have it feed the grid.
2: I can buy a set of storage batteries and have them feed that.
Option #1 is nice, but option #2 is quite useful, especially when Elon Musk's Tesla starts offering battery banks for houses. Done right, this will be a whole-house UPS that gets a good chunk of its power from panels.
The big problem I see with IoT devices is focusing on the sizzle... and there is little, to any effort focused on security. With how inexpensive 3G boards are, it is easy to get a device online with its own Internet connection... but why should it be connected even in the first place?
What is wrong with having devices in a house communicate to a central server that has a hardened Internet connection, and that communicates out/in? This way, it lowers the attack surface from being able to nail the device from anywhere on the Internet to having to be in radio range of the item.
Even with that, there is really no point for most of the uses of Internet connected items in the first place, and because budgets usually place security dead last, they are just disasters waiting to happen, especially when the only way to fix the security exploits would likely be to replace the entire device.
It doesn't seem like much of a step, but it is an advance for the bad guys.
As always, even though save game files may not be something people consider as valuable, it is still something that can be lost.
Ransomware seems like it is just starting to ramp up this year. I would not be surprised to see the next generation of it starts checking if the user has any AD rights and attacks entire AD forests. A company that loses access to AD (especially if they use rights management servers) likely will pay a criminal organization top BTC to get their access back.
The ironic thing is that tape drives are starting to see a resurgence. The market share for tape drives grew 13% in 2013, and 26% in 2014 (as per Extremetech). Add Sony's sputtered deposition technology (similar to how some high-end studio microphone elements are made) that offers 185 terabytes per cartridge, and we have a decent tool to combat ransomware.
Of course, the best solution for a small installation is a dedicated backup server that pulls backups (optionally encrypted), and plops data on a disk array as well as tape. Tape isn't perfect, but its advantage is that it is easily stored offline, where physical presence is needed to put a tape in, and cartridges have a read/write switch that is honored, barring a covert reflash of the tape drive's firmware. For larger installations, it is hard to beat WORM media, SPIN/SPOUT encryption on the drives, and silos.
Long term, what really is needed are more sophisticated backup programs than the stuff we have now since once SSD fails, it fails for good. Backup programs not just for recovering files, but can handle bare metal restores, and are initated by the backup device (so malware on the backed up client can't trash the backup data.)
For desktops, this isn't too bad, because one can buy a NAS, or an external drive at minimum. For laptops, it becomes harder, especially if one factors in robust security measures while not on the LAN.
As swap, it is nowhere near good as RAM, but it has one advantage -- SSD excels at random writes, which is what swap is usually doing, so just because of this, it is better than regular disk. To boot, if one has the bay for it in a desktop, it might just be worth tossing in a 100-200 gig drive and using it for swap, as well as possibly moving the OS's partition to it as well, although it is good to have a lot of free pages on a SSD to wear-level a swapfile.
If you can't get more RAM (especially with the trend in newer laptops being to have soldered in chips), buy as large a SSD as possible that you can dedicate to swap. The reason is that this gives the drive more cells to wear-level the swapfile writes over, prolonging the drive's life.
NiFe batteries (i.e. Iron Edison) models are starting to get a foothold in the solar storage battery market. Their main selling point is the fact that they have a very long usable life and are very stable. They have a relatively poor energy density in volume compared to lithium variants, but for storage battery installations, this isn't as big an issue as in a smartphone.
If space isn't a problem, why not NiFe batteries? Those don't damage themselves if they drop below 50% SoC, and unlike lithium batteries, don't lose most of their capacity in 2-3 years.
Another energy storage medium would be flywheels.
I do like the idea of a battery bank at residences, because this is an ideal whole-house UPS.
If someone has physical access, they can also slice a break line, cut a belt, drain the oil pan, put engine-kill into the crankcase, or many, many other things.
The fallout of this lawsuit is going to be bad for all consumers, and it actually puts car makers in a better spot:
Need an air filter? For security reasons, only Powell Motors filters will work, which have to be installed and activated by equipment only the dealer will have. Need a new battery? It has to be a genuine Powell part [1] because the battery has special authentication circuitry. New tires? Better be Powell authorized with built in TPMs, and they can only be installed at a Powell dealer because only they have the proper equipment.
We have seen enough of this hogwash already, and this lawsuit is only going to make it far, far worse when it comes time to do basic vehicle maintenance.
[1]: One foreign make of cars actually will have vehicles not start if the battery is replaced until it is "registered" at the dealer because they state an "unregistered" battery might fry their precise engine components.
To me, if Apple wants to price a watch at $10,000 because it is gold colored while there is an offering with the same exact functionality for a few C-notes, that's just fine. Let people who want to spend that much for a watch help finance Apple's R&D so "the rest of us" can get new and cool things. Same if Apple decided to buy Vertu and make diamond-encrusted iPhone 7s. If people want them, so much the better.
iPhones are not that expensive either relatively. I still remember when one of HTC's phones ran $1200, and that was with a two year contract.
There are times when locking it down comes in handy. For example, being at a crowded library, got a useful table, and need to use the restroom. Locking the laptop down to the table means the table will still be available, and someone trying to forcefully yank it off the cable will definitely get noticed.
Of course, there is always using a PacSafe security laptop bag that is cut resistant, but it would be nice if the device itself had this security built in.
Wi-Fi has its advantages... but it has its insecurities as well. For example, if I want to use a wireless HDD, I have to have the device and the HDD on some SSID. If the SSID is hacked, then an intruder can gain access to the HDD and all data stored in... no physical access needed... just park nearby with a Pringle's can antenna.
What would be ideal would be Bluetooth covering this, and allowing one drive to pair to multiple machines, and multiple machines to one drive. This way, after pairing, the connections will remain secure indefinitely. Even though Bluetooth is meant for low bandwidth, low power functions, it would be nice to have a high I/O mode so it can be used with mass storage devices.
Of course, the most secure of all of this is just a humble wire, which makes physical presence all but a requirement (barring innovations in Van Eck monitoring.)
Maybe the fact that this laptop has no expansion ports might bring along a wave of hardware advances, mainly in the NAS department. This happened with USB when Macs ditched the ADB, serial, and other ports for USB and FireWire.
Of course, with the wave of mini-NAS boxes (i.e. wireless hard drives), using Apple's Disk Utility and encrypted sparse bundles will be a must if one wants decent security.
If one doesn't download pirated.ipa files, the main repos are quite clean.
There are still a ton of features that JB-ing makes useful:
1: The ability to have an app check a number against a database and drop it/send it to voice mail before ringing the phone. Mr. Number does this on Android, and severely cuts down on spam.
2: An app like PMP (Protect My Privacy) comes in quite handy when an app like Snapchat won't run unless it has access to the camera. Well, it can have camera access... but the lens cap will be on it.
3: Ability to get data in and out of the phone without playing app gymnastics or using iTunes.
4: Better backups. On Android, if I'm tired of a game that takes a lot of space, I archive it off with Titanium Backup and delete it. Can't delete an app from iOS unless the data wants to come with it.
Easier said than done in a lot of cases. For example, if a newer Macbook has this bug, the only way to fix the problem is to toss the entire thing.
Having some form of software remedy, even if it is something that might see it happening and do a hard reset or a power down, may be better than a compromise in come environments, especially with regards to virtualization where getting ring 0 on the bare metal can be an incredible catastrophe.
Apple exists by giving consumers what they will buy, not what they want. For example, you will never see a "Mac Pro Mini" which is what consumers want, but Apple will not sell, forcing people to buy the canister or go with a Mini or iMac, and replace it in a year or two.
This MacBook (not a MacBook Air, nor a MacBook Pro) is aimed at a definite market segment, arguably the biggest buyer of Apple's computers... college students.
It appears to be aimed at getting rid of the two MBA offerings, being a 12 inch model. I would guess that in a year or so, the 11 and 13 inch MacBook Air models will get pulled.
For the college student segment, this MacBook will sell. It has enough disk space/RAM/CPU to run what most students will need for classwork (Web browser, office suite, basic gaming, BootCamp, and so on.) It has decent security, especially if FileVault is turned on and the user has a good password (the password is arguably the weakest link.)
Of course, I can see the accessory market for this thing:
1: Bluetooth and Wi-Fi connected hard drives. Apple definitely has a dog in this hunt with their Time Capsule appliance. Other devices will be usable, but it might be good to use Apple's Disk Utility and store data in an encrypted sparse bundle image.
2: Even cheap printers would get BT or Wi-Fi connections.
3: A good port replicator/dock, which can take the entire laptop, and offer basic ports (Thunderbolt, USB 3/2/1, HDMI, VGA, common power plug, FireWire, etc.), but offer a way to lock the device down.
4: This is a head scratcher for me. Laptops are easy money for thieves. Why can't Apple come up with a Kensington slot lock replacement, or just use a Kensington slot lock, even if it is a small metal tab that slides out just enough to allow the mechanism to be attached, but sturdy enough that removal will cause obvious damage.
The only real way I can see right now to physically secure this MacBook is to put it into a locking metal enclosure and use a keyboard/mouse/monitor with it... and not all locking metal enclosures are the same. For example, I can have one fabbed that uses two Abloy PROTEC2 cam locks (one on each side of the drawer. This will resist picking attempts, and if forced open, will be obvious enough that the insurance company will just rubber-stamp the claim as approved.
TOR exit nodes are on a public list. Banning them by IP address is quite easy, and it is pretty common for admins to ban or severely restrict services to exit nodes, just because they have a reputation for abuse.
The ideal is to use TOR, then a VPN service past the exit node, so services on the Internet don't give you the middle finger.
I wonder if there is -any- way to mitigate this in software, similar to how the Linux kernel intercepted the instructions to prevent the FDIV bug from happening in early Pentium chips. The only way I see would be to use a Bochs style emulator, and deal with its immense performance hit that its style of emulation does (where hardware virtualization hooks are not used.)
It is out for the HTC One M8, the unlocked version. It works decently, although all the privacy utilities like XPrivacy and others don't work, so one is left vulnerable until those are fixed.
My ideal would be one MagSafe descendant connector for high bandwidth stuff, a descendant of Bluetooth for other stuff, and NFC that is used so two Bluetooth devices can pair initially in a secure manner.
The MagSafe descendant would be similar to Thunderbolt and be a bus design (with the ability to be used in various bus and switched configurations, similar to Infiniband), but the OS and hardware would have protection against DMA attacks. This would also allow for networking of different machines with a switch that would combine networking abilities (like a regular Ethernet switch), but allow devices to be hooked up to specific machines (like a Fiber Channel switch and zoning of FC logical devices.) Even stuff like PCIe breakout boxes would be usable. Power would be transmitted over the wires to charge/run devices plugged in, perhaps up to 48 volts assuming some safety measures in the cable design and voltage negotiation protocol where the voltage is selected by both devices so someone licking the connector doesn't get electrocuted.
The other is a Bluetooth descendant that uses NFC for pairing (bring device "A" near the laptop until the LED glows blue), then uses PFS and other measures to keep the connection encrypted. Done right, the session key can be kept and used for a while, just to save on the power it takes to do a D-H key exchange. Done right, all the other devices (keyboard, mouse, smartphone, etc.) can use that for local communication without having to go to Wi-Fi and requiring an IP address and an access point.
Will agree with you on that, mostly... but I am guessing the MacBook is called just a MacBook, not a MBA or MBP.
The only two ports a USB 3.1 port and a headphone jack? Meh... As for USB 3.1 devices for sale... I'm sure Apple will have USB hubs for sale, and this will be a non-issue. I do miss the MagSafe connector, and going back to a connector like USB 3.1 is a net loss. It would have been nice if Apple included a Thunderbolt connector, as I don't see using a charger, external hard disk, network connection, keyboard, and monitor all through a single USB port. However, Apple does its market research, and I'm sure this will be a hit for college students who will end up buying NAS boxes to store data. Of course, Apple can sell them a Time Capsule as well.
I think because of Power Computing and the philosophy of not offering what customers want (which is why you will never see a Mac Pro Mini), we won't see a mini tower. It would be ideal to see Apple make the XServe again, so they can get a foothold in the enterprise (and this is a place where Apple could make a mint, as they have a very solid UNIX variant... they just need to get Oracle and others to make their platform a primary one again.)
Agreed on Mini. Have onboard RAM, then have a few DIMM slots. The fact that some machines ship with 4GB of RAM is pretty sad. With virtualization and bloat of Web browsers, an average machine should start out at 16 GB to be useful. Ideally, have some SSD on the motherboard, then at least 1-2 hard drive bays, so RAID can be used (as this machine is Apple's low-end "server" machine.)
OSX seems to work well for a number of people. I know it is anecdotal, but I've had very little trouble with it in general.
It would be nice if iOS had a rooted/jailbroken mode... but that horse has been beaten to death into component atoms.
I do agree... would be nice if there were a Bochs style PPC/680x0 emulator, so one can run a game of Crystal Quest or fire up MacPaint on a System 1 floppy image... but most applications are using in the past decade are on x86, so I don't see Apple ever doing this. Similar with Linux and making a.out support for binaries circa 1993.
Development is a walled garden... but it can be argued to be a good thing. It has kept iOS very secure, and OS X pretty well locked down as well. It would be nice if iOS could allow the user full root, but again, that subject has been beaten to death in many places.
As for prices, if you compare like-for-like and chip for chip, Macs are actually priced lower than the HP and Dell competitors.
Slashdot Mirror
Another idea that comes to mind is to use a feature that all web browsers have had for over 10 years (even Lynx) -- client certificates.
This way, on setup, the website asks the user if the current client certificate presented is the one he or she wants to use, then from there on, authentication is completely transparent.
It goes without saying to have SMS as a backup, but the absolute easiest way to authenticate on a "known good" computer is to have a client cert.
The ideal would be to use the standard TOTP method that Amazon, Google, EMC, and other companies use. The Google Authenticator is just one implementation of the standard, and there are others (Amazon has one, for example.)
I really wish Yahoo would have SMS as an -option-, but would allow TOTP as well. This way, if one has the seed keys in an app, they don't need to get a SMS, but if they are on a new machine, SMS still works.
You just hit the nail on the head. As of now, if someone steals my phone in an unlocked state, they will be able to get the second factor... but they won't be able to log into the account due to the password. What having just one factor does is make a phone theft all the more crippling where a bad guy can do a lot of damage.
2FA is 2FA because it covers at least two of these properties: Something you know, somewhere you are located, something you are, and something you have. For example, a secure biometric system uses the fingerprint/retina scan as a username, then a PIN for access, or a remote access system uses a password and a OTP so that if the password gets sniffed, the OTP is still an obstacle.
On the other hand, perfect is the enemy of the good. In general, someone is going to be less likely to have their phone stolen than to have their password sniffed or cracked, so moving to a SMS message can be argued to be a security improvement.
This is a solved problem, although by a commercial solution. Symantec's Encryption Desktop (formerly PGP desktop) allows one to either decrypt/check signature and view what is on the clipboard or decrypt/check signature and view what is in the current window.
We don't need a Web browser plugin. This is like drilling a hole in a boat that has one hole already in it, expecting the water to drain out.
Instead, we need something with functionality similar to SED that is completely standalone from other applications and functions completely independent of the Web browser. This is tougher than it sounds. GPG4Win is a good effort, but it does not come anywhere close to the ease of use that SED has. Macs and Linux have decent utilities like GPGTools (which was pictured.) If PGP decryption is put into something, it should not be part of a Web browser, but should be in the MUA. Web browsers should have as little running as possible, just so they have as small an attack surface since they are the biggest frontline for computer compromise these days.
The beauty about the OpenPGP spec is that it is completely independent of any transport mechanism, be it Slashdot posts, E-mail, MMS, AIM, Facebook's PM, or a file saved to a ZIP drive. Tethering it to a protocol can easily render a quite secure system extremely insecure, if only for the fact that a specific program or browser extension would be needed for the decryption.
Ideally, fetching E-mail via the Web should be more of an item of last resort, where one is using another machine. A high quality MUA (Thunderbird, Mail.app, Outlook, even mutt) is a lot more secure than a Web browser.
For me, it is not "why put up panels", it is "why not?"
Solar won't drive my A/C here in Austin... But, I can do two things with a roof full of panels:
1: I can have the panels plug into an inverter and have it feed the grid.
2: I can buy a set of storage batteries and have them feed that.
Option #1 is nice, but option #2 is quite useful, especially when Elon Musk's Tesla starts offering battery banks for houses. Done right, this will be a whole-house UPS that gets a good chunk of its power from panels.
The big problem I see with IoT devices is focusing on the sizzle... and there is little, to any effort focused on security. With how inexpensive 3G boards are, it is easy to get a device online with its own Internet connection... but why should it be connected even in the first place?
What is wrong with having devices in a house communicate to a central server that has a hardened Internet connection, and that communicates out/in? This way, it lowers the attack surface from being able to nail the device from anywhere on the Internet to having to be in radio range of the item.
Even with that, there is really no point for most of the uses of Internet connected items in the first place, and because budgets usually place security dead last, they are just disasters waiting to happen, especially when the only way to fix the security exploits would likely be to replace the entire device.
It doesn't seem like much of a step, but it is an advance for the bad guys.
As always, even though save game files may not be something people consider as valuable, it is still something that can be lost.
Ransomware seems like it is just starting to ramp up this year. I would not be surprised to see the next generation of it starts checking if the user has any AD rights and attacks entire AD forests. A company that loses access to AD (especially if they use rights management servers) likely will pay a criminal organization top BTC to get their access back.
The ironic thing is that tape drives are starting to see a resurgence. The market share for tape drives grew 13% in 2013, and 26% in 2014 (as per Extremetech). Add Sony's sputtered deposition technology (similar to how some high-end studio microphone elements are made) that offers 185 terabytes per cartridge, and we have a decent tool to combat ransomware.
Of course, the best solution for a small installation is a dedicated backup server that pulls backups (optionally encrypted), and plops data on a disk array as well as tape. Tape isn't perfect, but its advantage is that it is easily stored offline, where physical presence is needed to put a tape in, and cartridges have a read/write switch that is honored, barring a covert reflash of the tape drive's firmware. For larger installations, it is hard to beat WORM media, SPIN/SPOUT encryption on the drives, and silos.
Long term, what really is needed are more sophisticated backup programs than the stuff we have now since once SSD fails, it fails for good. Backup programs not just for recovering files, but can handle bare metal restores, and are initated by the backup device (so malware on the backed up client can't trash the backup data.)
For desktops, this isn't too bad, because one can buy a NAS, or an external drive at minimum. For laptops, it becomes harder, especially if one factors in robust security measures while not on the LAN.
As swap, it is nowhere near good as RAM, but it has one advantage -- SSD excels at random writes, which is what swap is usually doing, so just because of this, it is better than regular disk. To boot, if one has the bay for it in a desktop, it might just be worth tossing in a 100-200 gig drive and using it for swap, as well as possibly moving the OS's partition to it as well, although it is good to have a lot of free pages on a SSD to wear-level a swapfile.
If you can't get more RAM (especially with the trend in newer laptops being to have soldered in chips), buy as large a SSD as possible that you can dedicate to swap. The reason is that this gives the drive more cells to wear-level the swapfile writes over, prolonging the drive's life.
NiFe batteries (i.e. Iron Edison) models are starting to get a foothold in the solar storage battery market. Their main selling point is the fact that they have a very long usable life and are very stable. They have a relatively poor energy density in volume compared to lithium variants, but for storage battery installations, this isn't as big an issue as in a smartphone.
If space isn't a problem, why not NiFe batteries? Those don't damage themselves if they drop below 50% SoC, and unlike lithium batteries, don't lose most of their capacity in 2-3 years.
Another energy storage medium would be flywheels.
I do like the idea of a battery bank at residences, because this is an ideal whole-house UPS.
If someone has physical access, they can also slice a break line, cut a belt, drain the oil pan, put engine-kill into the crankcase, or many, many other things.
The fallout of this lawsuit is going to be bad for all consumers, and it actually puts car makers in a better spot:
Need an air filter? For security reasons, only Powell Motors filters will work, which have to be installed and activated by equipment only the dealer will have. Need a new battery? It has to be a genuine Powell part [1] because the battery has special authentication circuitry. New tires? Better be Powell authorized with built in TPMs, and they can only be installed at a Powell dealer because only they have the proper equipment.
We have seen enough of this hogwash already, and this lawsuit is only going to make it far, far worse when it comes time to do basic vehicle maintenance.
[1]: One foreign make of cars actually will have vehicles not start if the battery is replaced until it is "registered" at the dealer because they state an "unregistered" battery might fry their precise engine components.
To me, if Apple wants to price a watch at $10,000 because it is gold colored while there is an offering with the same exact functionality for a few C-notes, that's just fine. Let people who want to spend that much for a watch help finance Apple's R&D so "the rest of us" can get new and cool things. Same if Apple decided to buy Vertu and make diamond-encrusted iPhone 7s. If people want them, so much the better.
iPhones are not that expensive either relatively. I still remember when one of HTC's phones ran $1200, and that was with a two year contract.
There are times when locking it down comes in handy. For example, being at a crowded library, got a useful table, and need to use the restroom. Locking the laptop down to the table means the table will still be available, and someone trying to forcefully yank it off the cable will definitely get noticed.
Of course, there is always using a PacSafe security laptop bag that is cut resistant, but it would be nice if the device itself had this security built in.
Wi-Fi has its advantages... but it has its insecurities as well. For example, if I want to use a wireless HDD, I have to have the device and the HDD on some SSID. If the SSID is hacked, then an intruder can gain access to the HDD and all data stored in... no physical access needed... just park nearby with a Pringle's can antenna.
What would be ideal would be Bluetooth covering this, and allowing one drive to pair to multiple machines, and multiple machines to one drive. This way, after pairing, the connections will remain secure indefinitely. Even though Bluetooth is meant for low bandwidth, low power functions, it would be nice to have a high I/O mode so it can be used with mass storage devices.
Of course, the most secure of all of this is just a humble wire, which makes physical presence all but a requirement (barring innovations in Van Eck monitoring.)
Maybe the fact that this laptop has no expansion ports might bring along a wave of hardware advances, mainly in the NAS department. This happened with USB when Macs ditched the ADB, serial, and other ports for USB and FireWire.
Of course, with the wave of mini-NAS boxes (i.e. wireless hard drives), using Apple's Disk Utility and encrypted sparse bundles will be a must if one wants decent security.
If one doesn't download pirated .ipa files, the main repos are quite clean.
There are still a ton of features that JB-ing makes useful:
1: The ability to have an app check a number against a database and drop it/send it to voice mail before ringing the phone. Mr. Number does this on Android, and severely cuts down on spam.
2: An app like PMP (Protect My Privacy) comes in quite handy when an app like Snapchat won't run unless it has access to the camera. Well, it can have camera access... but the lens cap will be on it.
3: Ability to get data in and out of the phone without playing app gymnastics or using iTunes.
4: Better backups. On Android, if I'm tired of a game that takes a lot of space, I archive it off with Titanium Backup and delete it. Can't delete an app from iOS unless the data wants to come with it.
Easier said than done in a lot of cases. For example, if a newer Macbook has this bug, the only way to fix the problem is to toss the entire thing.
Having some form of software remedy, even if it is something that might see it happening and do a hard reset or a power down, may be better than a compromise in come environments, especially with regards to virtualization where getting ring 0 on the bare metal can be an incredible catastrophe.
Apple exists by giving consumers what they will buy, not what they want. For example, you will never see a "Mac Pro Mini" which is what consumers want, but Apple will not sell, forcing people to buy the canister or go with a Mini or iMac, and replace it in a year or two.
This MacBook (not a MacBook Air, nor a MacBook Pro) is aimed at a definite market segment, arguably the biggest buyer of Apple's computers... college students.
It appears to be aimed at getting rid of the two MBA offerings, being a 12 inch model. I would guess that in a year or so, the 11 and 13 inch MacBook Air models will get pulled.
For the college student segment, this MacBook will sell. It has enough disk space/RAM/CPU to run what most students will need for classwork (Web browser, office suite, basic gaming, BootCamp, and so on.) It has decent security, especially if FileVault is turned on and the user has a good password (the password is arguably the weakest link.)
Of course, I can see the accessory market for this thing:
1: Bluetooth and Wi-Fi connected hard drives. Apple definitely has a dog in this hunt with their Time Capsule appliance. Other devices will be usable, but it might be good to use Apple's Disk Utility and store data in an encrypted sparse bundle image.
2: Even cheap printers would get BT or Wi-Fi connections.
3: A good port replicator/dock, which can take the entire laptop, and offer basic ports (Thunderbolt, USB 3/2/1, HDMI, VGA, common power plug, FireWire, etc.), but offer a way to lock the device down.
4: This is a head scratcher for me. Laptops are easy money for thieves. Why can't Apple come up with a Kensington slot lock replacement, or just use a Kensington slot lock, even if it is a small metal tab that slides out just enough to allow the mechanism to be attached, but sturdy enough that removal will cause obvious damage.
The only real way I can see right now to physically secure this MacBook is to put it into a locking metal enclosure and use a keyboard/mouse/monitor with it... and not all locking metal enclosures are the same. For example, I can have one fabbed that uses two Abloy PROTEC2 cam locks (one on each side of the drawer. This will resist picking attempts, and if forced open, will be obvious enough that the insurance company will just rubber-stamp the claim as approved.
TOR exit nodes are on a public list. Banning them by IP address is quite easy, and it is pretty common for admins to ban or severely restrict services to exit nodes, just because they have a reputation for abuse.
The ideal is to use TOR, then a VPN service past the exit node, so services on the Internet don't give you the middle finger.
I wonder if there is -any- way to mitigate this in software, similar to how the Linux kernel intercepted the instructions to prevent the FDIV bug from happening in early Pentium chips. The only way I see would be to use a Bochs style emulator, and deal with its immense performance hit that its style of emulation does (where hardware virtualization hooks are not used.)
It is out for the HTC One M8, the unlocked version. It works decently, although all the privacy utilities like XPrivacy and others don't work, so one is left vulnerable until those are fixed.
AFAIK, you can turn off the Device Administrator function, and that functionality will be removed.
My ideal would be one MagSafe descendant connector for high bandwidth stuff, a descendant of Bluetooth for other stuff, and NFC that is used so two Bluetooth devices can pair initially in a secure manner.
The MagSafe descendant would be similar to Thunderbolt and be a bus design (with the ability to be used in various bus and switched configurations, similar to Infiniband), but the OS and hardware would have protection against DMA attacks. This would also allow for networking of different machines with a switch that would combine networking abilities (like a regular Ethernet switch), but allow devices to be hooked up to specific machines (like a Fiber Channel switch and zoning of FC logical devices.) Even stuff like PCIe breakout boxes would be usable. Power would be transmitted over the wires to charge/run devices plugged in, perhaps up to 48 volts assuming some safety measures in the cable design and voltage negotiation protocol where the voltage is selected by both devices so someone licking the connector doesn't get electrocuted.
The other is a Bluetooth descendant that uses NFC for pairing (bring device "A" near the laptop until the LED glows blue), then uses PFS and other measures to keep the connection encrypted. Done right, the session key can be kept and used for a while, just to save on the power it takes to do a D-H key exchange. Done right, all the other devices (keyboard, mouse, smartphone, etc.) can use that for local communication without having to go to Wi-Fi and requiring an IP address and an access point.
Will agree with you on that, mostly... but I am guessing the MacBook is called just a MacBook, not a MBA or MBP.
The only two ports a USB 3.1 port and a headphone jack? Meh... As for USB 3.1 devices for sale... I'm sure Apple will have USB hubs for sale, and this will be a non-issue. I do miss the MagSafe connector, and going back to a connector like USB 3.1 is a net loss. It would have been nice if Apple included a Thunderbolt connector, as I don't see using a charger, external hard disk, network connection, keyboard, and monitor all through a single USB port. However, Apple does its market research, and I'm sure this will be a hit for college students who will end up buying NAS boxes to store data. Of course, Apple can sell them a Time Capsule as well.
I think because of Power Computing and the philosophy of not offering what customers want (which is why you will never see a Mac Pro Mini), we won't see a mini tower. It would be ideal to see Apple make the XServe again, so they can get a foothold in the enterprise (and this is a place where Apple could make a mint, as they have a very solid UNIX variant... they just need to get Oracle and others to make their platform a primary one again.)
Agreed on Mini. Have onboard RAM, then have a few DIMM slots. The fact that some machines ship with 4GB of RAM is pretty sad. With virtualization and bloat of Web browsers, an average machine should start out at 16 GB to be useful. Ideally, have some SSD on the motherboard, then at least 1-2 hard drive bays, so RAID can be used (as this machine is Apple's low-end "server" machine.)
OSX seems to work well for a number of people. I know it is anecdotal, but I've had very little trouble with it in general.
It would be nice if iOS had a rooted/jailbroken mode... but that horse has been beaten to death into component atoms.
I do agree... would be nice if there were a Bochs style PPC/680x0 emulator, so one can run a game of Crystal Quest or fire up MacPaint on a System 1 floppy image... but most applications are using in the past decade are on x86, so I don't see Apple ever doing this. Similar with Linux and making a.out support for binaries circa 1993.
Development is a walled garden... but it can be argued to be a good thing. It has kept iOS very secure, and OS X pretty well locked down as well. It would be nice if iOS could allow the user full root, but again, that subject has been beaten to death in many places.
As for prices, if you compare like-for-like and chip for chip, Macs are actually priced lower than the HP and Dell competitors.