I have not dealt with the Great Firewall, but I've seen some quite restrictive stuff here at home. One coffee shop near me actually tries to MITM traffic to my E-mail provider with a bogus SSL key coming from 192.168.168.168, and the people there have zero clue on it, and say it is corporate's decision.
I've seen other crap as well on store Wi-Fi networks, be it ads inserted in-flight (www.google.com doesn't have Flash ads, nor does it try to install "securityupdate.apk" files if on Android), as well as executables that were downloaded and demanded to be run/installed in order to use the Wi-Fi connection. Websites were blocked or redirected willy-nilly (Google would be redirected to another search engine or some no-name site.)
Because of that, I always use a VPN on Wi-Fi networks. Either the Wi-Fi network allows the traffic (and it will be obvious if they attempt to spoof the VPN keys), it will throttle the traffic, or it will disallow it. In this case, the real network traffic is allowed and protected, or it is blocked. The dodgy Wi-Fi AP can't tamper with it.
One common thing I see [1] is crapware doing two things. The first is creating a proxy daemon that sits on the local computer, then forces all Web browsers to use that. The second thing is to use a Web extension stuffed into IE/FF/Chrome/etc. to reload the settings and/or insert ads even into SSL transactions. Not to mention trying to ensure that a home page and search engine is set and locked to a certain site. Not new stuff (adware has been doing this since the Windows 98 and ME days), but having Web browsers require signed extensions means that it is one less avenue the bad guys to have to throw pop-ups at users who fetch a download from a popular PC download site and forget to uncheck some hidden box among the 10-20 dialog screens.
So, having extensions have to go through some type of gatekeeper process is a good thing. This has kept Apple's ecosystems (both OS X and iOS) quite clean. Similar with Linux repositories.
[1]: I've been shielded from it because I run virtually everything in VMs, use adblocking software, and even in the VMs, I use sandboxes, so it has not been an issue here.
This is the first time I've read about this distro... and instead of reading about their UI improvements, it is their way of trying to add revenue streams?
I'm guessing they are subscribing to the "all publicity is good publicity" school of thought. However, there are many good distros out there already and the fact this distro maker does the equivalent of holding out their hat and demanding a tip before the performance begins... ensures that their distro isn't one I will be trying anytime soon.
I wonder why isopropyl alcohol is used. If I had the choice of alcohols, I'd go with ethanol, just because it is the safest in the bunch, and a lot of vehicles can use some alcohol mix (E85) without damage.
In Australia, a year or go, it was mentioned on Slashdot that this was a common scam tactic. The seller would sell a phone, call it in as stolen, then pocket both the cash for the phone and either get insurance money or have a new phone. The buyer would be out both, and possibly even have to deal with the law for possessing stolen property.
Only real protection is to make sure to have a bill of sale with the phone's ID numbers on it and a promise that if it is reported stolen by the seller after the sale, this would trigger a fine... likely too much legal work for most people.
This is definitely lucrative, especially around the time when a new iPhone rev comes out and people start breaking/bending their latest device. Even a disabled phone still has an intact screen/digitizer that can go for a C-note or two until the market starts getting cheaper ones in.
In one criminal justice class, this is a common MO for high dollar stolen goods... if the item can't be sold, the parts can. For example, a stolen high-end Cannondale bicycle may not be able to be sold as a gestalt due to the serial number being in a police database, but part out the fork, shifting group, brakes, and other items, and a fence can still obtain a good chunk of change from all that even if the frame is never used.
I'm glad the fact that phones being disabled has helped slow down device theft, but I don't think it will go away anytime soon, just because the demand for parts is always there.
What would be nice would be a multi-key "gaming" keyboard, except with color e-ink on each key so one can not just map keys, but show where they are mapped.
Looks like I just need a router with the same smarts as the TV, where the telly would be on its own network segment (so it can't change its IP and get around it.)
Maybe this is a harbinger of things to come where IoT devices in general would need firewalled due to privacy and security concerns.
Of course, the next counter from the TV makers, will be the TV either just not working at all with any inputs unless it has the ability to phone home (think games that require a constant network connection), or it gets a 3G antenna... so even without a direct Net connection, it still can phone home.
Maybe the best of all worlds is as described above... a HTPC + a large monitor. Smart TVs seem dumb to me, as they don't add any useful features, but seem be another vector for ad-slinging and invading privacy.
The problem is that separation of function and defense in depth tends to be set aside because it costs money to implement, and in my experience, "security has no ROI" is quite a mantra for some PHBs... just because there are little to no consequences that will happen to a company if there is a breach.
The VW engineer is enlightening. It is actually surprising to me to find a company engineering security, as opposed to strapping it on after everything else is done as a token gesture. Now, if VW could start making Crafters here in the US, it would be quite a nice thing.
I've made them before, although not truly network level. Two PCs, each on separate subnets connected to each other with a serial cable that had the Rx line cut. Data on the secure network would hit the first PC and go out the serial port to the second PC that would spool the data to disk. Nothing is 100%, but barring physical access, it would be extremely hard for an intruder to try to affect the PC on the secure network in any way, even if the machine on the receiving network was completely rooted.
Now, this is something I'd assert is a proper use for Google Glass -- a way to help improve workflow. I can see this being useful not just at the airport, but for bank tellers and other retail staff. It not just is a way of presenting info, but if something bad does happen, it is a way of helping prove who did it, especially if it takes place out of the arc of the overhead CCTV cameras.
This is a lot better use of the technology than trying to cam at the local Alamo Drafthouse.
Hate replying to myself, but there is one major con I forgot:
Network access. If you have a dodgy, metered, or slow connection, this can be a major hindrance not just with access for a restore, but initial file storage.
I treat the cloud as I do a type of storage medium.
The pros of cloud storage:
1: Depending on the type, one can store a lot of stuff on it. 2: Is it durable, and data stashed there is likely to persist even if a site goes down, or your drive array dies. 3: There are auditing tools available and access can be well controlled, depending on the cloud server. 4: It is easy to use. In fact, with OS X, it pretty much comes with the OS.
The cons of cloud storage:
1: The data can be stored anywhere geographically. You have zero clue who has access to it, what security measures (if any) are in place, if the data is stored on reliable hardware or on a cast-off laptop used to prop up a cat litterbox.
2: You have no control of the data. The cloud provider can go out of business, sell the servers, and the buyer of the servers now has your document stash and can do anything they please with it, even make a torrent out of it, without any legal liability.
So, with cloud storage, encryption is a must, be it image based (TrueCrypt, BitLocker, Apple Disk), file based (EncFS, BoxCryptor), or archive based (WinZIP, OpenPGP, WinRAR, StuffIt Deluxe, BCArchive [1]). The best encryption is what is vetted (TrueCrypt, GnuPG, PGP, NetPGP), but any third party encryption tool is better than no encryption.
[1]: It isn't TrueCrypt, but Jetico has a number of interesting, useful tools, from an archiving utility to a clipboard utility for decoding OpenPGP messages, to disk encryption.
SSL connections out or in? Most machines (other than webservers) should not be accepting SSL connections from the Internet.
SSL connections out are a different story. For general Web browsing, running a browser without a sandbox, VM, or both is going to get one nailed, no matter what the OS. Even on Android, there are sites which try to foist "securityupdate.apk" on the user.
Only downside of cygwin is that because it installs so many files with a full install, it makes a CHKDSK take a lot longer, so it is a good idea to put the cygwin files on a filesystem mounted on a junction point (no need to waste a drive letter.)
With a bank, they could shut down, and the government would handle their losses, so I'd say a bank is a lot freer to do stuff.
However, BitCoin is a buzzword, similar to how "MP3" was in the early 2000s, where one could have something related, use that term and sell it, such as "MP3 headphones", "MP3 batteries", even an ordinary cassette tape (as opposed to the MP3 player shaped as a cassette which worked in car stereos) marked as "good enough to copy MP3 files to it."
Same with BitCoin. Do a pyramid scheme, stick the term "BitCoin" on it, sit back, rake in the dough. Even though it has -nothing- to do with the cryptocurrency at all, it is just the same type of scam as previously.
What is needed is a data diode with a CAN firewall. This way, there can be two CANs, one for the data that can crash the vehicle, and one for the gewgaws. This way, the radio can know how fast one is going and so on, but can't decide to interrupt spark plug timing.
Easy in theory, but can this be done by companies, even auto makers? Hopefully, but not many companies have a good reputation for security when heavily attacked.
Don't put the fscking radio, XM satellite stuff, BlueTooth toys and other garbage on the same CAN as the ECM/TCM.
One CAN for the basic stuff that is vital to life safety. As for wanting to turn the climate control system on and off via an app? How about no. Automobiles are dangerous, and there is a point where you just can't let the entire Internet have access to a vehicle, in the name of security.
Even things like OnStar are disasters waiting to happen. If/when it gets breached an attacker can turn an evacuation into an epic disaster by disabling all GM cars trying to get out of an area that is about to get nailed by a hurricane. A microcosm of this happened in Austin when a car dealer's immobilization system (the buyers of cars had to type in a code each week or else their vehicle was disabled) got "hacked" (by an ex-employee who knew the manager's user info), and all cars that were in that dealer's system shut off and made to honk until their batteries died.
I hope car makers have sense, and don't take the IoT bait. It will mean certain loss of life in the future, when some intruder disables the power brakes on vehicles at random (for example.) Or for cars that are totally drive by wire, just disable the steering wheel, or have it turn randomly. Nobody could prove that it was anyone's fault but the driver's in that condition.
I wonder when the footage from these TVs will be considered plain view, so when someone smokes a bowl while watching "Driving over Miss Daisy", it would be considered sufficient evidence for arrest, a search warrant, and conviction.
I can see something similar to O365. However, would the enterprise want to license production servers on this scale and have a glitch cause them to shut down? Good luck with that. The only way I can see something like this happening is using a KMS-like mechanism, but even then, there are many companies who run Windows air-gapped where a KMS would be unacceptable.
To be real, MS needs to take their stock private, just like Dell, and get off the stock market where they don't have to just look at each quarter and little else. This way, MS can expand into a lot more markets (which mean a lot more long term growth) than they can now. A few examples:
1: MS can make money by licensing their IP... same thing that keeps IBM from collapsing. If MS licensed Active Directory and Exchange to Apple and UNIX makers, it would mean ongoing profits for them with zero work. Oracle, IBM, and RedHat would pay MS for licensing so their products could run MS technologies. This is a win for everyone in the picture, because it means core functionality that would be forced to be on Windows could be on other environments.
2: MS could start working on new technologies to leverage their software advantage. For example, with a two phase deduplication process similar to PureStorage devices (where basic deduplication is done on writes, and a second pass is done in the background for even better space savings), coupled with better RAM management in Hyper-V, coupled with the ability for Hyper-V nodes to access each other's drives via Infiniband connections... they would have made the SAN obsolete while offering just as much, if not more redundancy.
3: Re-engineer for security. Vista was a major step in this regard, but it has been ten years, and the Windows kernel needs to be re-engineered again. This time, it might be good to have Hyper-V be always on, so any machine, desktop or workstation is a VM, and the user can load an AV utility at the hypervisor level to catch rootkits, even RAM based ones. Of course, this makes backups easy since the whole machine's snapshot, RAM and all, can be done.
As for a subscription for consumers, it is an option, but it has to be priced right. Too high, and users will stick to previous of Windows indefinitely.
If one thinks about it, there are really few crypto products out there that are open source, trustworthy, and independent. GnuPG is one effort. NetPGP is another.
The reason why OpenPGP implementations are important is for a number of reasons:
1: They are the top-most layer of communications. For example, if I get an encrypted E-mail, it doesn't matter what my MUA is, and if there are hooks in it for viewing OpenPGP packets. Worst case, I copy the.asc blob or attachment and paste it to decrypt it. By having a crypto format independent of everything else on the stack (the mail program, the network protocols, the mail server, etc.), the messages are encrypted and can't be tampered with unless the endpoint is compromised. A bad SSL key, compromised Exchange mailbox, or other items don't matter. Plus, OpenPGP packets can be sent over any message system. AIM? Just fine. FB PM? Assuming FB doesn't consider it spam and toss it. A USENET post on alt.anonymous.messages? Works.
There are a lot of people trying to bundle encryption with their own messaging protocol, but having it separate, with the key management and web of trust not reliant on one company or organization is important. Being forced to trust CAs only results in DigiNotar hacks eventually, while a WoT tends to be more robust.
2: For long term storage on insecure media, using OpenPGP packets is a useful tool. Using PGP/GPG keys for securing files not just makes it impossible for an attacker to try brute forcing passwords, but also allows for one to check signatures (assuming a sign after encryption) to check for bit rot or tampering. Even secure media, the ability to store files in a signed format is useful.
3: PGP/gpg is available on many platforms. It isn't just limited to OS X/Windows/Linux. I can write a message on AIX and sent it with dtmail or mutt, and the receiver using Windows can read it in Outlook, having it decoded by Symantec's successor of PGP Desktop.
The problem is that PGP, gnuPG, and NetPGP are not flashy. They form a secure foundation, but tend to be forgotten about because a lot of startups want their own, private security solution to sell. I'm glad that GnuPG has gotten funding. I'm also hoping that other OpenPGP implementations get some cash as well, be it NetPGP, and even commercial items like Symantec's offering keep maintained, just because of how important it is to have a lowest-common-denominator messaging format that works over any messaging protocol.
"Luddite technology" may just be something that might be salable.
We have come to a point where modern items are more reliable... but when they break, there is no repairing, there is only replacement. This started back in the 1980s with consumer electronics. However, the trade-off was in the past, an item would be more reliable than one that needed constant work... but now, where an older appliance or vehicle would need a part replaced, a newer model just has to be replaced. Great for business, extremely hard on farms and consumers.
I wonder how long it will be before a black market starts opening up where people start making 40s-60s era tractors and other farm equipment and selling it. Since there was no registration at that time, and with parts being replaced, there is no way to tell that a tractor was truly from the 40s, except everything has been replaced (similar to the "100 year old axe" which has had the handle replaced numerous times, and the axe head replaced just as often) from something that was fabbed together in a machine shop. For a small farm, an "old" tractor that was "restored" might be the ideal, as it would require more maintenance than a modern tractor... but parts would be available, and 10-100 years from now, parts would still be around.
Couple the want for vintage machinery that "just worked" with 3D printing shops and metal shops, and it wouldn't be surprising to see "1940s-era" tractors selling left and right, all mechanical, with all parts being available either directly, or as files for a CNC mill. Mitsubishi has a 3D printer/CNC mill that does both additive (3D printing) and subtractive (multi axis cutting.) One of those with a high grade Iconel can do almost anything, and the metal used is at least as good, if not better than anything up to the 1970s, so a 1940s-era design would work well.
Between regulation, manufacture lockdown, and the invasion of privacy happening now, as well as when the deluge hits with IoT, a company using 3D printing technology and basic metal shop work could do a booming business by making relatively vintage appliances, since other than being made cheaply, not much has changed with most dishwashers between the 1950s and now (for example.)
Dongles are cheap, but only give generic info for the most part. A lot of it is hidden behind a wall that only the car maker's own software can access.
For example, on a Mercedes Sprinter, there is one level of resetting fault codes that can be done by a Scanguage. Then there is a different level if the vehicle goes into limp-home mode, it takes a different type of reset to fix that.
Of course, EPA regulations come into play so it isn't all the auto maker's fault. For example, they are forced to have a mechanism which permanently disables the vehicle if the pee can on newer diesel engines runs empty.
It is both. Some manufacturers use the added regulations (take DEF and DPF mandates for example for diesel emissions) in order to ensure repeat business for their repair shops, as well as planned obsolescence when the ECU dies and there isn't another to be found, as it was an ASIC that was fabbed only for a span of 2-3 model years and even an ECM firmware upgrade wouldn't change that.
The Feds mandated things like nonadjustable governors so one can't adjust the RPM of some items unless done manually by twisting the throttle rod. However, some companies are happy to take that even further to ensure people come back to get stuff fixed.
There is blowback to this. For example, a RV refrigerator that runs on propane made 10-15 years ago which uses a pilot light can cost more than a new refrigerator, just because it requires no 12 volt current to keep the contents cold, while newer models often have issues with the control board.
How does this get fixed? With state and federal governments still looking to add more regulations compounded with companies that want their own "DRM" to keep the next quarter looking good, the only real solution will be for relatively small startups to hit the market with simple products that do the same thing, but don't have all the bells and whistles. For fridges, companies like Unique Gas Products come to mind, who may not have appliances that have the latest 5000 pixel count in the LCD screen... but keep the contents in the fridge cold without issue.
The future will probably wind up people having to fudge to get around various regulations. For example, the EPA ban on wood stoves will just mean that a building gets built with a propane stove, which gets swapped out for a wood stove the second the inspectors leave. If this isn't the case, there will be a heavy market for people to purchase jailbreaks for their appliances and vehicles... with bounties going up as steep as what was paid for access to root on the latest Samsung devices.
Slashdot Mirror
I have not dealt with the Great Firewall, but I've seen some quite restrictive stuff here at home. One coffee shop near me actually tries to MITM traffic to my E-mail provider with a bogus SSL key coming from 192.168.168.168, and the people there have zero clue on it, and say it is corporate's decision.
I've seen other crap as well on store Wi-Fi networks, be it ads inserted in-flight (www.google.com doesn't have Flash ads, nor does it try to install "securityupdate.apk" files if on Android), as well as executables that were downloaded and demanded to be run/installed in order to use the Wi-Fi connection. Websites were blocked or redirected willy-nilly (Google would be redirected to another search engine or some no-name site.)
Because of that, I always use a VPN on Wi-Fi networks. Either the Wi-Fi network allows the traffic (and it will be obvious if they attempt to spoof the VPN keys), it will throttle the traffic, or it will disallow it. In this case, the real network traffic is allowed and protected, or it is blocked. The dodgy Wi-Fi AP can't tamper with it.
One common thing I see [1] is crapware doing two things. The first is creating a proxy daemon that sits on the local computer, then forces all Web browsers to use that. The second thing is to use a Web extension stuffed into IE/FF/Chrome/etc. to reload the settings and/or insert ads even into SSL transactions. Not to mention trying to ensure that a home page and search engine is set and locked to a certain site. Not new stuff (adware has been doing this since the Windows 98 and ME days), but having Web browsers require signed extensions means that it is one less avenue the bad guys to have to throw pop-ups at users who fetch a download from a popular PC download site and forget to uncheck some hidden box among the 10-20 dialog screens.
So, having extensions have to go through some type of gatekeeper process is a good thing. This has kept Apple's ecosystems (both OS X and iOS) quite clean. Similar with Linux repositories.
[1]: I've been shielded from it because I run virtually everything in VMs, use adblocking software, and even in the VMs, I use sandboxes, so it has not been an issue here.
This is the first time I've read about this distro... and instead of reading about their UI improvements, it is their way of trying to add revenue streams?
I'm guessing they are subscribing to the "all publicity is good publicity" school of thought. However, there are many good distros out there already and the fact this distro maker does the equivalent of holding out their hat and demanding a tip before the performance begins... ensures that their distro isn't one I will be trying anytime soon.
At least RedHat supported En_RN as a language type. This is quite useful, especially in Texas.
I wonder why isopropyl alcohol is used. If I had the choice of alcohols, I'd go with ethanol, just because it is the safest in the bunch, and a lot of vehicles can use some alcohol mix (E85) without damage.
In Australia, a year or go, it was mentioned on Slashdot that this was a common scam tactic. The seller would sell a phone, call it in as stolen, then pocket both the cash for the phone and either get insurance money or have a new phone. The buyer would be out both, and possibly even have to deal with the law for possessing stolen property.
Only real protection is to make sure to have a bill of sale with the phone's ID numbers on it and a promise that if it is reported stolen by the seller after the sale, this would trigger a fine... likely too much legal work for most people.
This is definitely lucrative, especially around the time when a new iPhone rev comes out and people start breaking/bending their latest device. Even a disabled phone still has an intact screen/digitizer that can go for a C-note or two until the market starts getting cheaper ones in.
In one criminal justice class, this is a common MO for high dollar stolen goods... if the item can't be sold, the parts can. For example, a stolen high-end Cannondale bicycle may not be able to be sold as a gestalt due to the serial number being in a police database, but part out the fork, shifting group, brakes, and other items, and a fence can still obtain a good chunk of change from all that even if the frame is never used.
I'm glad the fact that phones being disabled has helped slow down device theft, but I don't think it will go away anytime soon, just because the demand for parts is always there.
What would be nice would be a multi-key "gaming" keyboard, except with color e-ink on each key so one can not just map keys, but show where they are mapped.
Looks like I just need a router with the same smarts as the TV, where the telly would be on its own network segment (so it can't change its IP and get around it.)
Maybe this is a harbinger of things to come where IoT devices in general would need firewalled due to privacy and security concerns.
Of course, the next counter from the TV makers, will be the TV either just not working at all with any inputs unless it has the ability to phone home (think games that require a constant network connection), or it gets a 3G antenna... so even without a direct Net connection, it still can phone home.
Maybe the best of all worlds is as described above... a HTPC + a large monitor. Smart TVs seem dumb to me, as they don't add any useful features, but seem be another vector for ad-slinging and invading privacy.
The problem is that separation of function and defense in depth tends to be set aside because it costs money to implement, and in my experience, "security has no ROI" is quite a mantra for some PHBs... just because there are little to no consequences that will happen to a company if there is a breach.
The VW engineer is enlightening. It is actually surprising to me to find a company engineering security, as opposed to strapping it on after everything else is done as a token gesture. Now, if VW could start making Crafters here in the US, it would be quite a nice thing.
I've made them before, although not truly network level. Two PCs, each on separate subnets connected to each other with a serial cable that had the Rx line cut. Data on the secure network would hit the first PC and go out the serial port to the second PC that would spool the data to disk. Nothing is 100%, but barring physical access, it would be extremely hard for an intruder to try to affect the PC on the secure network in any way, even if the machine on the receiving network was completely rooted.
Now, this is something I'd assert is a proper use for Google Glass -- a way to help improve workflow. I can see this being useful not just at the airport, but for bank tellers and other retail staff. It not just is a way of presenting info, but if something bad does happen, it is a way of helping prove who did it, especially if it takes place out of the arc of the overhead CCTV cameras.
This is a lot better use of the technology than trying to cam at the local Alamo Drafthouse.
Hate replying to myself, but there is one major con I forgot:
Network access. If you have a dodgy, metered, or slow connection, this can be a major hindrance not just with access for a restore, but initial file storage.
I treat the cloud as I do a type of storage medium.
The pros of cloud storage:
1: Depending on the type, one can store a lot of stuff on it.
2: Is it durable, and data stashed there is likely to persist even if a site goes down, or your drive array dies.
3: There are auditing tools available and access can be well controlled, depending on the cloud server.
4: It is easy to use. In fact, with OS X, it pretty much comes with the OS.
The cons of cloud storage:
1: The data can be stored anywhere geographically. You have zero clue who has access to it, what security measures (if any) are in place, if the data is stored on reliable hardware or on a cast-off laptop used to prop up a cat litterbox.
2: You have no control of the data. The cloud provider can go out of business, sell the servers, and the buyer of the servers now has your document stash and can do anything they please with it, even make a torrent out of it, without any legal liability.
So, with cloud storage, encryption is a must, be it image based (TrueCrypt, BitLocker, Apple Disk), file based (EncFS, BoxCryptor), or archive based (WinZIP, OpenPGP, WinRAR, StuffIt Deluxe, BCArchive [1]). The best encryption is what is vetted (TrueCrypt, GnuPG, PGP, NetPGP), but any third party encryption tool is better than no encryption.
[1]: It isn't TrueCrypt, but Jetico has a number of interesting, useful tools, from an archiving utility to a clipboard utility for decoding OpenPGP messages, to disk encryption.
SSL connections out or in? Most machines (other than webservers) should not be accepting SSL connections from the Internet.
SSL connections out are a different story. For general Web browsing, running a browser without a sandbox, VM, or both is going to get one nailed, no matter what the OS. Even on Android, there are sites which try to foist "securityupdate.apk" on the user.
Only downside of cygwin is that because it installs so many files with a full install, it makes a CHKDSK take a lot longer, so it is a good idea to put the cygwin files on a filesystem mounted on a junction point (no need to waste a drive letter.)
With a bank, they could shut down, and the government would handle their losses, so I'd say a bank is a lot freer to do stuff.
However, BitCoin is a buzzword, similar to how "MP3" was in the early 2000s, where one could have something related, use that term and sell it, such as "MP3 headphones", "MP3 batteries", even an ordinary cassette tape (as opposed to the MP3 player shaped as a cassette which worked in car stereos) marked as "good enough to copy MP3 files to it."
Same with BitCoin. Do a pyramid scheme, stick the term "BitCoin" on it, sit back, rake in the dough. Even though it has -nothing- to do with the cryptocurrency at all, it is just the same type of scam as previously.
What is needed is a data diode with a CAN firewall. This way, there can be two CANs, one for the data that can crash the vehicle, and one for the gewgaws. This way, the radio can know how fast one is going and so on, but can't decide to interrupt spark plug timing.
Easy in theory, but can this be done by companies, even auto makers? Hopefully, but not many companies have a good reputation for security when heavily attacked.
This is fixed pretty easily:
Don't put the fscking radio, XM satellite stuff, BlueTooth toys and other garbage on the same CAN as the ECM/TCM.
One CAN for the basic stuff that is vital to life safety. As for wanting to turn the climate control system on and off via an app? How about no. Automobiles are dangerous, and there is a point where you just can't let the entire Internet have access to a vehicle, in the name of security.
Even things like OnStar are disasters waiting to happen. If/when it gets breached an attacker can turn an evacuation into an epic disaster by disabling all GM cars trying to get out of an area that is about to get nailed by a hurricane. A microcosm of this happened in Austin when a car dealer's immobilization system (the buyers of cars had to type in a code each week or else their vehicle was disabled) got "hacked" (by an ex-employee who knew the manager's user info), and all cars that were in that dealer's system shut off and made to honk until their batteries died.
I hope car makers have sense, and don't take the IoT bait. It will mean certain loss of life in the future, when some intruder disables the power brakes on vehicles at random (for example.) Or for cars that are totally drive by wire, just disable the steering wheel, or have it turn randomly. Nobody could prove that it was anyone's fault but the driver's in that condition.
I wonder when the footage from these TVs will be considered plain view, so when someone smokes a bowl while watching "Driving over Miss Daisy", it would be considered sufficient evidence for arrest, a search warrant, and conviction.
I can see something similar to O365. However, would the enterprise want to license production servers on this scale and have a glitch cause them to shut down? Good luck with that. The only way I can see something like this happening is using a KMS-like mechanism, but even then, there are many companies who run Windows air-gapped where a KMS would be unacceptable.
To be real, MS needs to take their stock private, just like Dell, and get off the stock market where they don't have to just look at each quarter and little else. This way, MS can expand into a lot more markets (which mean a lot more long term growth) than they can now. A few examples:
1: MS can make money by licensing their IP... same thing that keeps IBM from collapsing. If MS licensed Active Directory and Exchange to Apple and UNIX makers, it would mean ongoing profits for them with zero work. Oracle, IBM, and RedHat would pay MS for licensing so their products could run MS technologies. This is a win for everyone in the picture, because it means core functionality that would be forced to be on Windows could be on other environments.
2: MS could start working on new technologies to leverage their software advantage. For example, with a two phase deduplication process similar to PureStorage devices (where basic deduplication is done on writes, and a second pass is done in the background for even better space savings), coupled with better RAM management in Hyper-V, coupled with the ability for Hyper-V nodes to access each other's drives via Infiniband connections... they would have made the SAN obsolete while offering just as much, if not more redundancy.
3: Re-engineer for security. Vista was a major step in this regard, but it has been ten years, and the Windows kernel needs to be re-engineered again. This time, it might be good to have Hyper-V be always on, so any machine, desktop or workstation is a VM, and the user can load an AV utility at the hypervisor level to catch rootkits, even RAM based ones. Of course, this makes backups easy since the whole machine's snapshot, RAM and all, can be done.
As for a subscription for consumers, it is an option, but it has to be priced right. Too high, and users will stick to previous of Windows indefinitely.
If one thinks about it, there are really few crypto products out there that are open source, trustworthy, and independent. GnuPG is one effort. NetPGP is another.
The reason why OpenPGP implementations are important is for a number of reasons:
1: They are the top-most layer of communications. For example, if I get an encrypted E-mail, it doesn't matter what my MUA is, and if there are hooks in it for viewing OpenPGP packets. Worst case, I copy the .asc blob or attachment and paste it to decrypt it. By having a crypto format independent of everything else on the stack (the mail program, the network protocols, the mail server, etc.), the messages are encrypted and can't be tampered with unless the endpoint is compromised. A bad SSL key, compromised Exchange mailbox, or other items don't matter. Plus, OpenPGP packets can be sent over any message system. AIM? Just fine. FB PM? Assuming FB doesn't consider it spam and toss it. A USENET post on alt.anonymous.messages? Works.
There are a lot of people trying to bundle encryption with their own messaging protocol, but having it separate, with the key management and web of trust not reliant on one company or organization is important. Being forced to trust CAs only results in DigiNotar hacks eventually, while a WoT tends to be more robust.
2: For long term storage on insecure media, using OpenPGP packets is a useful tool. Using PGP/GPG keys for securing files not just makes it impossible for an attacker to try brute forcing passwords, but also allows for one to check signatures (assuming a sign after encryption) to check for bit rot or tampering. Even secure media, the ability to store files in a signed format is useful.
3: PGP/gpg is available on many platforms. It isn't just limited to OS X/Windows/Linux. I can write a message on AIX and sent it with dtmail or mutt, and the receiver using Windows can read it in Outlook, having it decoded by Symantec's successor of PGP Desktop.
The problem is that PGP, gnuPG, and NetPGP are not flashy. They form a secure foundation, but tend to be forgotten about because a lot of startups want their own, private security solution to sell. I'm glad that GnuPG has gotten funding. I'm also hoping that other OpenPGP implementations get some cash as well, be it NetPGP, and even commercial items like Symantec's offering keep maintained, just because of how important it is to have a lowest-common-denominator messaging format that works over any messaging protocol.
"Luddite technology" may just be something that might be salable.
We have come to a point where modern items are more reliable... but when they break, there is no repairing, there is only replacement. This started back in the 1980s with consumer electronics. However, the trade-off was in the past, an item would be more reliable than one that needed constant work... but now, where an older appliance or vehicle would need a part replaced, a newer model just has to be replaced. Great for business, extremely hard on farms and consumers.
I wonder how long it will be before a black market starts opening up where people start making 40s-60s era tractors and other farm equipment and selling it. Since there was no registration at that time, and with parts being replaced, there is no way to tell that a tractor was truly from the 40s, except everything has been replaced (similar to the "100 year old axe" which has had the handle replaced numerous times, and the axe head replaced just as often) from something that was fabbed together in a machine shop. For a small farm, an "old" tractor that was "restored" might be the ideal, as it would require more maintenance than a modern tractor... but parts would be available, and 10-100 years from now, parts would still be around.
Couple the want for vintage machinery that "just worked" with 3D printing shops and metal shops, and it wouldn't be surprising to see "1940s-era" tractors selling left and right, all mechanical, with all parts being available either directly, or as files for a CNC mill. Mitsubishi has a 3D printer/CNC mill that does both additive (3D printing) and subtractive (multi axis cutting.) One of those with a high grade Iconel can do almost anything, and the metal used is at least as good, if not better than anything up to the 1970s, so a 1940s-era design would work well.
Between regulation, manufacture lockdown, and the invasion of privacy happening now, as well as when the deluge hits with IoT, a company using 3D printing technology and basic metal shop work could do a booming business by making relatively vintage appliances, since other than being made cheaply, not much has changed with most dishwashers between the 1950s and now (for example.)
Dongles are cheap, but only give generic info for the most part. A lot of it is hidden behind a wall that only the car maker's own software can access.
For example, on a Mercedes Sprinter, there is one level of resetting fault codes that can be done by a Scanguage. Then there is a different level if the vehicle goes into limp-home mode, it takes a different type of reset to fix that.
Of course, EPA regulations come into play so it isn't all the auto maker's fault. For example, they are forced to have a mechanism which permanently disables the vehicle if the pee can on newer diesel engines runs empty.
It is both. Some manufacturers use the added regulations (take DEF and DPF mandates for example for diesel emissions) in order to ensure repeat business for their repair shops, as well as planned obsolescence when the ECU dies and there isn't another to be found, as it was an ASIC that was fabbed only for a span of 2-3 model years and even an ECM firmware upgrade wouldn't change that.
The Feds mandated things like nonadjustable governors so one can't adjust the RPM of some items unless done manually by twisting the throttle rod. However, some companies are happy to take that even further to ensure people come back to get stuff fixed.
There is blowback to this. For example, a RV refrigerator that runs on propane made 10-15 years ago which uses a pilot light can cost more than a new refrigerator, just because it requires no 12 volt current to keep the contents cold, while newer models often have issues with the control board.
How does this get fixed? With state and federal governments still looking to add more regulations compounded with companies that want their own "DRM" to keep the next quarter looking good, the only real solution will be for relatively small startups to hit the market with simple products that do the same thing, but don't have all the bells and whistles. For fridges, companies like Unique Gas Products come to mind, who may not have appliances that have the latest 5000 pixel count in the LCD screen... but keep the contents in the fridge cold without issue.
The future will probably wind up people having to fudge to get around various regulations. For example, the EPA ban on wood stoves will just mean that a building gets built with a propane stove, which gets swapped out for a wood stove the second the inspectors leave. If this isn't the case, there will be a heavy market for people to purchase jailbreaks for their appliances and vehicles... with bounties going up as steep as what was paid for access to root on the latest Samsung devices.