I used to like Atomic, but it no longer is updated (last update was in 2012), and does not work with tap-and-hold gestures since iOS 7, so I have wound up using the Mercury browser for similar functionality.
I wish the author would update it, so it works fully with iOS 8.x.
That is one idea. There is also getting a virtual machine and running one's own VPN with ad blocking functionality (transparant proxy.) The downside of this is that it can get slow if the VPN server is a number of hops away.
If jailbreaking is an option, that is another route. There are adblockers on the Cydia store which are useful, as well as utilities like PMP (Protect My Privacy.) Without jailbreaking, a lot of sites you will go to will let you view the site for 15 seconds... then kick you to the App Store to download some app the advertiser is trying to foist on you, or redirect to a page that is pointless.
Android (especially rooted, XPrivacy installed, a decent host file in place, IP block rules, and adblocking tools installed) is pretty decent. So far the worst I've seen are sites trying to get you to download a "securityupdate.apk" file, assuming the user is dump enough to sideload it.
I'm with the parent -- an adblocking program is a must have. Adblocking utilities do more for malware stopping in my experience than AV programs.
Oh, with their Knox stuff and the permanent eFuse blowing, their stuff will be "secure".
(/sarcasm)
If Samsung offered a way to unlock bootloaders similar to what Sony and HTC do, I'd might consider them, but with having to put a bounty just for root access... I'll find a vendor that will allow me full access to my device first.
Of course, there is the payment mechanism. Is it like CurrentC where there is zero protection as it directly grabs money from your account? If the payment mechanism isn't credit card based (so there is protection against fraud), I wouldn't want to get near it.
I do agree -- It isn't the best thing, especially with how few people such a large building needs... but it does pay the rent and keep the physical building occupied, so it isn't a total loss.
Plus, I don't see how Apple could have done better. They have plenty of office space, and moving a call center would take a lot of cash. Similar with moving a factory.
A data center is probably the most effective use of that space anyway. Plus, even though it takes a lot of cash to get started, it becomes something quite usable.
Even though a data center doesn't employ that many people, the services it uses does:
1: The people needed to maintain grid power. 2: The people needed for CNG (if it uses gas for HVAC.) 3: HVAC techs. 4: Building people.
Of course, there are the taxes which Apple pays, which do help the surrounding area.
So, it isn't perfect... but it is better than an empty husk there.
There is one big difference: The New World colonies could live off the land, completely independent of any imports from Europe. There isn't much on the moon other than fine powder, so if the parties on Earth decided to cut off shipments, whatever people are on the moon would be dead in a few months, just due to lack of basic things like oxygen, food, water, or the ability to keep a temperature high enough to exist.
Sadly, it seems that the times in history where people cooperate are after the human population is so decimated that it is either cooperate or go extinct. This happened after the Black Plague where the dukedoms and duchies just couldn't continue squabbling with one another and had to merge into larger nations.
I have a feeling we will see space exploration and such happen after some event nearly wipes humanity off the globe. Hopefully I am wrong, but history doesn't show many examples of cooperation, especially when each party wants the entire pie for themselves.
I thought Russia's SCAA (State Civil Aviation Administration) might have a say as well. Mainly because they are the -only- country able to actually make a manned moon landing these days.
The last thing the world needs is another pissing contest over new territory. However, I have a feeling that there will be enough retarded players who will try to send stuff into space and blow up their rivals (yes, and I am using the "R" word here) that Kessler Syndrome will kick in soon, and nobody will be able to get past geosync, much less to the moon for a few centuries.
The P2W model is what ran me off from Rift. When you could spend cash in their store and buy raid gear, that was it for me.
Both EQ and EQ2 offer gear from the store... but it would be about the equivalent of a set of WoW greens. Decent gear, but it won't annoy the people raiding because it doesn't compete with what comes from the bosses. It is mainly so someone can get caught up on gear, or at least get to a baseline offered, saving time that route.
I'm just glad WoW hasn't buckled under. Even that MMO has taken a beating with the last expansion, and it took some interesting innovation [1] to bring subscribers back to that game.
I think gaming is in the doldrums... something new will be around sooner or later, and the cycle will begin again new. It happened with "multimedia" games like MYST, then FPS, then MMOs, then smartphone/tablet apps, and now it is stagnant. Who knows. Maybe consoles will be a must have in a year or two.
[1]: The garrison is an interesting mechanism. Player housing has been around since the MUD days, but WoW's implementation has made a way for people not playing often to catch up in raiding, something to advance with limited time, a place to start quests, and in general, something to help keep players involved in the game.
That wouldn't be too bad. Everquest and EQ2 have a difficulty level that is significantly higher than the mainstream MMO out there. Not too high, but it takes some planning before running in a raid zone and pulling mobs willy-nilly. If more hipsters learned how to raid, that would be nice.
Yep, every year or so, it gets an expansion. The engine is dated, but it has the most content of any MMO out there just due to its age. The old quests are still there, but the game has moved to missions. The grinding is somewhat present, but with missions, one does level up decently quickly. If you die, summon your corpse to the guild lobby, have your merc res you, then go back swinging.
There is an "EQ3" in the works, or Everquest Next. It is interesting how that develops over time with the press releases, and it appears the devs are doing it right, and will release when it is ready, and no earlier.
This is exactly what is killing the app model. Once IAP became standard, almost all games went from decent standalone apps with a reasonable difficulty level to ratty treadmills designed to stymie, obstruct, and frustrate the user so they would pay for more brains/smurfberries/tokens/simoleans/whatever to just clear that one hurdle... only to run into another one shortly after.
Even the old tower defense games had their difficulty changed from doable to impossible unless one spent cash for additional points. Expansion content like towers or levels is understandable, but having to spend cash -per play- is something I'd do at an arcade, but not on my phone.
CS is already badly damaged as it is. From the feeling that jobs are going to be at minimum wage rates, to the fact that there is extremely heavy H-1B competition for every single position, be it an entry level coder on up, to the fact that it is looked down upon [1]... all gets people to look for other professions. I've even met high school counselors steering kids away from STEM in general, and into law or business with the phrase, "there is no such thing as an unemployed attorney or CPA".
The last thing the industry needs is a state's foot on the neck of a section of the population interested in this occupation. It just means that that aspiring programmer is now doing other things, and that could be the next Linus Torvalds or Wietse Venema that gets shooed out of the field.
[1]: CS and IT get relatively little respect as a profession compared to others that take as much education and experience. Tell someone you are a veteran IT person, they will immediately ask you what to do because their Windows PC seems slow.
One of my E-mail accounts (relegated to being the spam/swill account with filters to scoop up anything from the sources I might use) that has been around since the 1990s still gets plenty of those, either "foo.jpg.exe or "foo.jpg.exe" with plenty of spaces between the two.
Part of why this happens is the Dancing Bunnies hole. The receiver really wanted to see what the sender wanted to send, so ignored common sense.
I've had this happen, when I thought the other person decided to have an auto-extracting document. Since it wasn't confidential, I uploaded the executable to virustotal, found that others had uploaded the same thing, it was a known Trojan. End of story. Had I still been unsure, I'd have put it in a virtual machine that is isolated from any physical network as a sandboxed user with zero privs. This, I do sometimes if I need to download some program from a download mirror, one notorious for wrapping the installer with their own scumware, so I can pull out the actual program installer out of the archive. The scumware happily installs and seizes control of the VM, but I then can use the extracted original files on a clean VM after I roll back to a known good snapshot.
The best defense we have against malware is virtualization. Infecting a machine is relatively easy. Jumping out and nailing the hypervisor or the bare metal... not so much.
MS could seriously trump EMC/VMWare by updating Hyper-V so it had similar memory management features as VMWare, but had support for deduplicated VM images and a filesystem that can handle true clustering (not add-ons to NTFS, but either add to ReFS or have a dedicated filesystem like WAFL or VMFS where it handles file locking automatically without any additional fencing or other items.)
Another add-on that would put MS in first place would be infiniband support. Say one has three boxes with disk arrays. Add support so box #1 can use the infiniband network for disk I/O from the other boxes (which allows for the backend where VMs are stored to appear as one large filesystem... think EMC Isilon), so when more VMs are needed, the line between computer nodes and storage nodes can wind up blurred. This wouldn't be easy -- MS would have to work on something like an add-on to Storage Spaces that would allow for redundancy across nodes, as well as across hard drives. However, if they do this, they can kill the SAN completely. Need tier 1 I/O for a virtualized DB server? Add a couple 1U boxes with SSD (assuming they have a decent local disk array controller that can configure them as JBOD), plug them into the Infiniband switch and call it done. Add background autotiering and the old HSM (where data can be moved to/from tape in real time), and now backups are handled in a decent way.
As for security, MS could always have an API that can snapshot the RAM and disk of a machine, then scan that for malware. A rootkit can hide from an OS, but if the entire image is snapshotted where it can't run anything against a hypervisor, this might be a big step in active defense. This mechanism is out there for VMWare, but having it part of the core hypervisor would be useful.
Another security add-on could be having a TPM based infrastructure where some virtual machines can have their image encrypted (similar to BitLocker, except it would be outside the VM.) This way, if a rogue employee copies a.vhd file, it will be useless to them. As with BitLocker, having a recovery mechanism isn't difficult as well, it can be a data recovery agent, or the recovery key stashed in an AD schema.
tl;dr, MS would make a lot of cash if they worked on an VM infrastructure that could run "SAN-less", with working deduplication.
If worried about existing VPS offerings, there is always the old standby, a VPS or a cloud instance. It is more money and work, and the VPS owners can always snoop the traffic going in, but if one wants to pack their own parachute, this works.
These days, I just use a local VPN. I'm not needing something NSA-proof, so what they have is more than enough, as I'm using their services to protect against attacks by a Wi-Fi AP (which are surprisingly common [1].)
[1]: One coffee shop near me always tries to replace my hosted Exchange server's SSL/TLS key with its own from a local 192.168.168.168 IP, for some oddball reason. The people running it have zero clue about it, and don't know how to fix it, as it is a corporate appliance.
It can be gotten around... just hash the UIDs obtained, and look for the valid one that persists between transactions, especially with other supercookie data that most browsers hand over (font order is quite identifable, same with plugins... and we are not even near LSOs or other items.)
The only solution to this is a trustworthy VPN so traffic is encrypted from the device on out (and can't be modified without parties noticing.)
VirtualBox has one advantage now, and that is that it is licensed at no charge. On Linux, this isn't a big deal (as KVM and Xen are decent alternatives), but a hypervisor on Windows or OS X, this can be important.
However, if one can choose a non-free solution, the competition has lapped VirtualBox several times. VMWare is extremely strong, both with Workstation on Windows or Linux [1], as well as Fusion on Mac. For a dedicated box with a tier 1 hypervisor, both Hyper-V (can be downloaded separately from Windows) and ESXi are quite useful (although there are limitations without the commercial management tools.)
I've tried various VM products, and the main reason that I chose to just go with VMWare is the universal-ness, and because it is at least a generation past the competition with dealing with RAM overcommits, snapshots, clustering [2], and other features. Plus, if a company sells an appliance, it almost always will be distributed as an.ova file, and other hypervisor architectures come in second. The downside of VMWare is the price... it isn't cheap ($250 for Workstation, ~$70 for Fusion), but it does work well.
Hyper-V isn't bad, as the latest iteration auto-activates Windows VMs sitting on it (no need to worry about a KMS server accessible by all VMs... just the operating system instances running on bare metal). However, usually it is implemented with the full Windows Server OS underneath, making an attack surface, as well as a point of downtime. However, for a Windows shop, the price is right, and it does a good job. VMware is great... but you do pay a king's ransom for the features it brings with it.
[1]: If one needs a home machine to run VMWare stuff on, one might be better off running VMWare Workstation ontop of Linux because ESXi cannot use USB hard drives as backing stores, while VMWare Workstation really doesn't care since it is a type 2 hypervisor and lets the OS handle the disk stuff. Of course, don't expect vMotion or other stuff... but if one wants a dedicated box just for virtual machines, this is a usable alternative.
[2]: Clustering and fault tolerance is brain-dead easy, either using VMFS on a logical drive from a SAN or a NFS backing store.
Same as how upkeep is done in submarines. They also have very low oxygen, but enough for a person not to die. Of course, there are side effects... your thinking is slower, and wounds take a lot longer to heal, but it does work, and the low O2 in the air does keep fires from spreading.
I hope the RAM is installed is replaceable. If not, 8GB was something acceptable back in 2008... but a laptop should be at 16, if not 32 gigs of RAM. This is the biggest turnoff of the MacBook Airs. Disk space can be worked around using the third party SSD that goes in the SD card. Network connectivity can be augmented via a Thunderbolt or USB NIC. The CPU is good enough for most tasks, but RAM is the biggest bottleneck.
The paucity of RAM is my biggest complaint. For a lightweight laptop, the other stuff is acceptable. It would be nice if Dell and other PC vendors would hop on the Thunderbolt bandwagon which would allow for an external GPU (assuming enough PCI lanes are available to make it worthwhile.)
Of course it would be nice to have dock connector, but Dimensions are consumer level models, and they would likely never get used.
I would guess it would be cheaper in most cases for an attacker to black-bag the hardware (evil maid attack), or just use xkcd.com/538 and a wrench.
TEMPEST attacks are very low on my worry list. If I were running an organization that dealt with that sensitive a data, it would be well tucked away in a building designed from the ground up to keep cameras and detectors quite a ways from the juicy stuff. However, before I even bothered with that, I'd be working on physical security, network security, various encryption levels, and having pentesters in to actually verify that the stuff in place is actually doing the job versus looking cool.
Cooling costs come to mind as well. SSDs are one thing, as they can be powered off and not used. However, HDDs have to be either spinning (which creates a lot of heat, especially at 10k+ RPMs that enterprise disks spin at), or spun up/down, and spinning enterprise disks up and down isn't good for them, and might even cause array faults unless the array firmware is designed to deal with it.
There is also expense. If I have five hard disks worth of data, I need (5*4)/2, or ten HDDs by the OP's metrics. However, I've had batches of hard drives all fail at once. If I get multiple failures, even RAID 6 isn't going to help. If HDDs popped at random times, I might be OK, but not in this case.
Of course, I've ranted about this before... RAID is solid for protecting data against disk failure... but that is just one of -many- failure scenarios. I have seen disk controllers fail and write garbage to the entire array. One goober doing an rm or a dd command will toss the array. If you want serious backups, you need to not just focus on disk. Tape isn't perfect, but done right, after the initial cost of the drive, the cartridges are inexpensive, take zero watts (other than climate control), last decades, have innate encryption (LTO-4 and newer), and can have hardware write protect enabled, as well as WORM media. This is great for people with the "keep it forever" mindset. Just set a password [1], stream the data off to a pile of WORM tapes, and stuff those in a closet somewhere. If the tapes vanish, since they were encrypted, and assuming only a few people have the password, it can be written off has "just" a hardware loss.
[1]: It is boneheadedly easy to set encryption on LTO media via SPIN/SPOUT, so might as well set something, even if it is a variant of "correct horse battery staple". Ideally, the password should change every year or so... but just setting -something- is better than nothing.
If someone gets physical access to my machine while I'm away and the screen locker has not activated, regardless of OS I am on, I am screwed. Be it Windows where a utility can be run to hook into the keyboard, OS X and a.kext that flashes a custom ROM to the keyboard so it doubles as a keystroke logger, AIX could have the bootlist modifed to boot from an unauthorized rootvg, Solaris could have the root role moved to all users, and so on.
Realistically, X-Windows authentication and running rogue clients has been a non-issue since the late 1990s. By default, X is locked down quite tightly, taking an explicit "xhost +" to undo those measures. Even when SSH-ing into a remote machine, by default, the X-windows port is not authorized or forwarded unless both the client and server are explicitly changed to permit this. These days, relatively few applications are X-windows clients, other than legacy stuff. Most enterprise level items (be it an Isilon, VNX, VMWare vSphere, tape silo, and so on) either have a dedicated client, allow SSH in, or have a web page for their configuration. The last time I've used a X-Windows client from a remote machine was running the NetBackup administrative client application from a master server, because it was the most reliable way I could watch what was going on.
One cannot make light of security holes, but there are things to work on and ones that are too difficult for an attacker to ignore. It takes some explicit commands to force X-windows to allow clients other than from the local machine to connect (including disabling the kernel packet filter or actively allowing connections through it.) So, someone connecting remotely to an X server before xlock activates can be a hole... but it is something extremely hard to take advantage of.
It does have its appeal. For the average user who isn't that technical, and who doesn't know/care how to use PGP or gnuPG, this phone is a step up. At least a user who bought this will get better fixes with regards to security issues than with a lot of smartphones.
My biggest complaint is that it is a closed ecosystem. It would be nice if other devices that are not BlackPhones can run the apps so there can be a wider customer base. Otherwise, the device's acceptance will be hindered because everyone has to have that specific maker's phone. Plus, for every closed application, there is an open alternative.
Maybe the ideal would be to get PGP working independently and transparently with text messaging [1], mail, voice, video, and other items. That way, the metadata can be protected via one layer, but the actual contents are protected no matter what, even if the protocol is completely broken wide open.
[1]: An ideal would be something where sender's device would check if the receiver had the ability to receive (likely having the app poll a server every so often), and if so, send it over the Internet (mainly so it can be acknowledged it was received). If not, send it via SMS/MMS. Unlike iMessage, it would fall back and not assume that a specific app was installed and running.
This is one reason why I have hedged on buying one. How are they better from CyanogenMod, and for tools, open-source items, be it apg, K-9, EncFS (so files can be secured on both SD cards and cloud providers), RedPhone, TextSecure, and other apps that have their source available if one wants to manually look it it.
I respect PRZ incredibly, but one of the reasons why I continue to use PGP even though he states that it is obsolete is that PGP (and GnuPG) are open source... and they are platform and transport mechanism independent. I can send an OpenPGP ASCII armored packet via E-mail, texting, XMPP, Facebook, or any other messaging protocol. I do respect PRZ by founding a security company in an era where most "security" is PR, but I prefer to pack my own parachute and use the tried and true.
The problem is that a company that has security as part of their mindset is hard to find. Most at best have it as an afterthought, something strapped on at the last moment.
Security takes R&D, just like everything else. Would I expect a v1.0 product to be secure, especially from focused attack by people who want to bypass it? No, and not even in a v1.0.10 product. Breaches will happen for the first few years.
However, I will state one thing about BlackPhone: They fixed the issue. Other vendors would just tell their customers to buy a new smartphone or go pound sand. Where the rubber meets the road is how security flaws are handled. Are they acknowledged and patched, or are they covered up, flagged as FNR (fixed in next release), and only threats of litigation able to actually get the vendor to make a patch. There will -always- be flaws. However, part of a company selling security is how they respond to issues, and here, BlackPhone has performed quite well. There was a problem, they fixed it, and that is what matters.
Slashdot Mirror
I used to like Atomic, but it no longer is updated (last update was in 2012), and does not work with tap-and-hold gestures since iOS 7, so I have wound up using the Mercury browser for similar functionality.
I wish the author would update it, so it works fully with iOS 8.x.
That is one idea. There is also getting a virtual machine and running one's own VPN with ad blocking functionality (transparant proxy.) The downside of this is that it can get slow if the VPN server is a number of hops away.
If jailbreaking is an option, that is another route. There are adblockers on the Cydia store which are useful, as well as utilities like PMP (Protect My Privacy.) Without jailbreaking, a lot of sites you will go to will let you view the site for 15 seconds... then kick you to the App Store to download some app the advertiser is trying to foist on you, or redirect to a page that is pointless.
Android (especially rooted, XPrivacy installed, a decent host file in place, IP block rules, and adblocking tools installed) is pretty decent. So far the worst I've seen are sites trying to get you to download a "securityupdate.apk" file, assuming the user is dump enough to sideload it.
I'm with the parent -- an adblocking program is a must have. Adblocking utilities do more for malware stopping in my experience than AV programs.
Oh, with their Knox stuff and the permanent eFuse blowing, their stuff will be "secure".
(/sarcasm)
If Samsung offered a way to unlock bootloaders similar to what Sony and HTC do, I'd might consider them, but with having to put a bounty just for root access... I'll find a vendor that will allow me full access to my device first.
Of course, there is the payment mechanism. Is it like CurrentC where there is zero protection as it directly grabs money from your account? If the payment mechanism isn't credit card based (so there is protection against fraud), I wouldn't want to get near it.
I do agree -- It isn't the best thing, especially with how few people such a large building needs... but it does pay the rent and keep the physical building occupied, so it isn't a total loss.
Plus, I don't see how Apple could have done better. They have plenty of office space, and moving a call center would take a lot of cash. Similar with moving a factory.
A data center is probably the most effective use of that space anyway. Plus, even though it takes a lot of cash to get started, it becomes something quite usable.
Even though a data center doesn't employ that many people, the services it uses does:
1: The people needed to maintain grid power.
2: The people needed for CNG (if it uses gas for HVAC.)
3: HVAC techs.
4: Building people.
Of course, there are the taxes which Apple pays, which do help the surrounding area.
So, it isn't perfect... but it is better than an empty husk there.
There is one big difference: The New World colonies could live off the land, completely independent of any imports from Europe. There isn't much on the moon other than fine powder, so if the parties on Earth decided to cut off shipments, whatever people are on the moon would be dead in a few months, just due to lack of basic things like oxygen, food, water, or the ability to keep a temperature high enough to exist.
Sadly, it seems that the times in history where people cooperate are after the human population is so decimated that it is either cooperate or go extinct. This happened after the Black Plague where the dukedoms and duchies just couldn't continue squabbling with one another and had to merge into larger nations.
I have a feeling we will see space exploration and such happen after some event nearly wipes humanity off the globe. Hopefully I am wrong, but history doesn't show many examples of cooperation, especially when each party wants the entire pie for themselves.
I thought Russia's SCAA (State Civil Aviation Administration) might have a say as well. Mainly because they are the -only- country able to actually make a manned moon landing these days.
The last thing the world needs is another pissing contest over new territory. However, I have a feeling that there will be enough retarded players who will try to send stuff into space and blow up their rivals (yes, and I am using the "R" word here) that Kessler Syndrome will kick in soon, and nobody will be able to get past geosync, much less to the moon for a few centuries.
The P2W model is what ran me off from Rift. When you could spend cash in their store and buy raid gear, that was it for me.
Both EQ and EQ2 offer gear from the store... but it would be about the equivalent of a set of WoW greens. Decent gear, but it won't annoy the people raiding because it doesn't compete with what comes from the bosses. It is mainly so someone can get caught up on gear, or at least get to a baseline offered, saving time that route.
I'm just glad WoW hasn't buckled under. Even that MMO has taken a beating with the last expansion, and it took some interesting innovation [1] to bring subscribers back to that game.
I think gaming is in the doldrums... something new will be around sooner or later, and the cycle will begin again new. It happened with "multimedia" games like MYST, then FPS, then MMOs, then smartphone/tablet apps, and now it is stagnant. Who knows. Maybe consoles will be a must have in a year or two.
[1]: The garrison is an interesting mechanism. Player housing has been around since the MUD days, but WoW's implementation has made a way for people not playing often to catch up in raiding, something to advance with limited time, a place to start quests, and in general, something to help keep players involved in the game.
That wouldn't be too bad. Everquest and EQ2 have a difficulty level that is significantly higher than the mainstream MMO out there. Not too high, but it takes some planning before running in a raid zone and pulling mobs willy-nilly. If more hipsters learned how to raid, that would be nice.
Yep, every year or so, it gets an expansion. The engine is dated, but it has the most content of any MMO out there just due to its age. The old quests are still there, but the game has moved to missions. The grinding is somewhat present, but with missions, one does level up decently quickly. If you die, summon your corpse to the guild lobby, have your merc res you, then go back swinging.
There is an "EQ3" in the works, or Everquest Next. It is interesting how that develops over time with the press releases, and it appears the devs are doing it right, and will release when it is ready, and no earlier.
This is exactly what is killing the app model. Once IAP became standard, almost all games went from decent standalone apps with a reasonable difficulty level to ratty treadmills designed to stymie, obstruct, and frustrate the user so they would pay for more brains/smurfberries/tokens/simoleans/whatever to just clear that one hurdle... only to run into another one shortly after.
Even the old tower defense games had their difficulty changed from doable to impossible unless one spent cash for additional points. Expansion content like towers or levels is understandable, but having to spend cash -per play- is something I'd do at an arcade, but not on my phone.
CS is already badly damaged as it is. From the feeling that jobs are going to be at minimum wage rates, to the fact that there is extremely heavy H-1B competition for every single position, be it an entry level coder on up, to the fact that it is looked down upon [1]... all gets people to look for other professions. I've even met high school counselors steering kids away from STEM in general, and into law or business with the phrase, "there is no such thing as an unemployed attorney or CPA".
The last thing the industry needs is a state's foot on the neck of a section of the population interested in this occupation. It just means that that aspiring programmer is now doing other things, and that could be the next Linus Torvalds or Wietse Venema that gets shooed out of the field.
[1]: CS and IT get relatively little respect as a profession compared to others that take as much education and experience. Tell someone you are a veteran IT person, they will immediately ask you what to do because their Windows PC seems slow.
One of my E-mail accounts (relegated to being the spam/swill account with filters to scoop up anything from the sources I might use) that has been around since the 1990s still gets plenty of those, either "foo.jpg.exe or "foo.jpg .exe" with plenty of spaces between the two.
Part of why this happens is the Dancing Bunnies hole. The receiver really wanted to see what the sender wanted to send, so ignored common sense.
I've had this happen, when I thought the other person decided to have an auto-extracting document. Since it wasn't confidential, I uploaded the executable to virustotal, found that others had uploaded the same thing, it was a known Trojan. End of story. Had I still been unsure, I'd have put it in a virtual machine that is isolated from any physical network as a sandboxed user with zero privs. This, I do sometimes if I need to download some program from a download mirror, one notorious for wrapping the installer with their own scumware, so I can pull out the actual program installer out of the archive. The scumware happily installs and seizes control of the VM, but I then can use the extracted original files on a clean VM after I roll back to a known good snapshot.
The best defense we have against malware is virtualization. Infecting a machine is relatively easy. Jumping out and nailing the hypervisor or the bare metal... not so much.
MS could seriously trump EMC/VMWare by updating Hyper-V so it had similar memory management features as VMWare, but had support for deduplicated VM images and a filesystem that can handle true clustering (not add-ons to NTFS, but either add to ReFS or have a dedicated filesystem like WAFL or VMFS where it handles file locking automatically without any additional fencing or other items.)
Another add-on that would put MS in first place would be infiniband support. Say one has three boxes with disk arrays. Add support so box #1 can use the infiniband network for disk I/O from the other boxes (which allows for the backend where VMs are stored to appear as one large filesystem... think EMC Isilon), so when more VMs are needed, the line between computer nodes and storage nodes can wind up blurred. This wouldn't be easy -- MS would have to work on something like an add-on to Storage Spaces that would allow for redundancy across nodes, as well as across hard drives. However, if they do this, they can kill the SAN completely. Need tier 1 I/O for a virtualized DB server? Add a couple 1U boxes with SSD (assuming they have a decent local disk array controller that can configure them as JBOD), plug them into the Infiniband switch and call it done. Add background autotiering and the old HSM (where data can be moved to/from tape in real time), and now backups are handled in a decent way.
As for security, MS could always have an API that can snapshot the RAM and disk of a machine, then scan that for malware. A rootkit can hide from an OS, but if the entire image is snapshotted where it can't run anything against a hypervisor, this might be a big step in active defense. This mechanism is out there for VMWare, but having it part of the core hypervisor would be useful.
Another security add-on could be having a TPM based infrastructure where some virtual machines can have their image encrypted (similar to BitLocker, except it would be outside the VM.) This way, if a rogue employee copies a .vhd file, it will be useless to them. As with BitLocker, having a recovery mechanism isn't difficult as well, it can be a data recovery agent, or the recovery key stashed in an AD schema.
tl;dr, MS would make a lot of cash if they worked on an VM infrastructure that could run "SAN-less", with working deduplication.
If worried about existing VPS offerings, there is always the old standby, a VPS or a cloud instance. It is more money and work, and the VPS owners can always snoop the traffic going in, but if one wants to pack their own parachute, this works.
These days, I just use a local VPN. I'm not needing something NSA-proof, so what they have is more than enough, as I'm using their services to protect against attacks by a Wi-Fi AP (which are surprisingly common [1].)
[1]: One coffee shop near me always tries to replace my hosted Exchange server's SSL/TLS key with its own from a local 192.168.168.168 IP, for some oddball reason. The people running it have zero clue about it, and don't know how to fix it, as it is a corporate appliance.
It can be gotten around... just hash the UIDs obtained, and look for the valid one that persists between transactions, especially with other supercookie data that most browsers hand over (font order is quite identifable, same with plugins... and we are not even near LSOs or other items.)
The only solution to this is a trustworthy VPN so traffic is encrypted from the device on out (and can't be modified without parties noticing.)
VirtualBox has one advantage now, and that is that it is licensed at no charge. On Linux, this isn't a big deal (as KVM and Xen are decent alternatives), but a hypervisor on Windows or OS X, this can be important.
However, if one can choose a non-free solution, the competition has lapped VirtualBox several times. VMWare is extremely strong, both with Workstation on Windows or Linux [1], as well as Fusion on Mac. For a dedicated box with a tier 1 hypervisor, both Hyper-V (can be downloaded separately from Windows) and ESXi are quite useful (although there are limitations without the commercial management tools.)
I've tried various VM products, and the main reason that I chose to just go with VMWare is the universal-ness, and because it is at least a generation past the competition with dealing with RAM overcommits, snapshots, clustering [2], and other features. Plus, if a company sells an appliance, it almost always will be distributed as an .ova file, and other hypervisor architectures come in second. The downside of VMWare is the price... it isn't cheap ($250 for Workstation, ~$70 for Fusion), but it does work well.
Hyper-V isn't bad, as the latest iteration auto-activates Windows VMs sitting on it (no need to worry about a KMS server accessible by all VMs... just the operating system instances running on bare metal). However, usually it is implemented with the full Windows Server OS underneath, making an attack surface, as well as a point of downtime. However, for a Windows shop, the price is right, and it does a good job. VMware is great... but you do pay a king's ransom for the features it brings with it.
[1]: If one needs a home machine to run VMWare stuff on, one might be better off running VMWare Workstation ontop of Linux because ESXi cannot use USB hard drives as backing stores, while VMWare Workstation really doesn't care since it is a type 2 hypervisor and lets the OS handle the disk stuff. Of course, don't expect vMotion or other stuff... but if one wants a dedicated box just for virtual machines, this is a usable alternative.
[2]: Clustering and fault tolerance is brain-dead easy, either using VMFS on a logical drive from a SAN or a NFS backing store.
Same as how upkeep is done in submarines. They also have very low oxygen, but enough for a person not to die. Of course, there are side effects... your thinking is slower, and wounds take a lot longer to heal, but it does work, and the low O2 in the air does keep fires from spreading.
I hope the RAM is installed is replaceable. If not, 8GB was something acceptable back in 2008... but a laptop should be at 16, if not 32 gigs of RAM. This is the biggest turnoff of the MacBook Airs. Disk space can be worked around using the third party SSD that goes in the SD card. Network connectivity can be augmented via a Thunderbolt or USB NIC. The CPU is good enough for most tasks, but RAM is the biggest bottleneck.
The paucity of RAM is my biggest complaint. For a lightweight laptop, the other stuff is acceptable. It would be nice if Dell and other PC vendors would hop on the Thunderbolt bandwagon which would allow for an external GPU (assuming enough PCI lanes are available to make it worthwhile.)
Of course it would be nice to have dock connector, but Dimensions are consumer level models, and they would likely never get used.
I would guess it would be cheaper in most cases for an attacker to black-bag the hardware (evil maid attack), or just use xkcd.com/538 and a wrench.
TEMPEST attacks are very low on my worry list. If I were running an organization that dealt with that sensitive a data, it would be well tucked away in a building designed from the ground up to keep cameras and detectors quite a ways from the juicy stuff. However, before I even bothered with that, I'd be working on physical security, network security, various encryption levels, and having pentesters in to actually verify that the stuff in place is actually doing the job versus looking cool.
Cooling costs come to mind as well. SSDs are one thing, as they can be powered off and not used. However, HDDs have to be either spinning (which creates a lot of heat, especially at 10k+ RPMs that enterprise disks spin at), or spun up/down, and spinning enterprise disks up and down isn't good for them, and might even cause array faults unless the array firmware is designed to deal with it.
There is also expense. If I have five hard disks worth of data, I need (5*4)/2, or ten HDDs by the OP's metrics. However, I've had batches of hard drives all fail at once. If I get multiple failures, even RAID 6 isn't going to help. If HDDs popped at random times, I might be OK, but not in this case.
Of course, I've ranted about this before... RAID is solid for protecting data against disk failure... but that is just one of -many- failure scenarios. I have seen disk controllers fail and write garbage to the entire array. One goober doing an rm or a dd command will toss the array. If you want serious backups, you need to not just focus on disk. Tape isn't perfect, but done right, after the initial cost of the drive, the cartridges are inexpensive, take zero watts (other than climate control), last decades, have innate encryption (LTO-4 and newer), and can have hardware write protect enabled, as well as WORM media. This is great for people with the "keep it forever" mindset. Just set a password [1], stream the data off to a pile of WORM tapes, and stuff those in a closet somewhere. If the tapes vanish, since they were encrypted, and assuming only a few people have the password, it can be written off has "just" a hardware loss.
[1]: It is boneheadedly easy to set encryption on LTO media via SPIN/SPOUT, so might as well set something, even if it is a variant of "correct horse battery staple". Ideally, the password should change every year or so... but just setting -something- is better than nothing.
If someone gets physical access to my machine while I'm away and the screen locker has not activated, regardless of OS I am on, I am screwed. Be it Windows where a utility can be run to hook into the keyboard, OS X and a .kext that flashes a custom ROM to the keyboard so it doubles as a keystroke logger, AIX could have the bootlist modifed to boot from an unauthorized rootvg, Solaris could have the root role moved to all users, and so on.
Realistically, X-Windows authentication and running rogue clients has been a non-issue since the late 1990s. By default, X is locked down quite tightly, taking an explicit "xhost +" to undo those measures. Even when SSH-ing into a remote machine, by default, the X-windows port is not authorized or forwarded unless both the client and server are explicitly changed to permit this. These days, relatively few applications are X-windows clients, other than legacy stuff. Most enterprise level items (be it an Isilon, VNX, VMWare vSphere, tape silo, and so on) either have a dedicated client, allow SSH in, or have a web page for their configuration. The last time I've used a X-Windows client from a remote machine was running the NetBackup administrative client application from a master server, because it was the most reliable way I could watch what was going on.
One cannot make light of security holes, but there are things to work on and ones that are too difficult for an attacker to ignore. It takes some explicit commands to force X-windows to allow clients other than from the local machine to connect (including disabling the kernel packet filter or actively allowing connections through it.) So, someone connecting remotely to an X server before xlock activates can be a hole... but it is something extremely hard to take advantage of.
It does have its appeal. For the average user who isn't that technical, and who doesn't know/care how to use PGP or gnuPG, this phone is a step up. At least a user who bought this will get better fixes with regards to security issues than with a lot of smartphones.
My biggest complaint is that it is a closed ecosystem. It would be nice if other devices that are not BlackPhones can run the apps so there can be a wider customer base. Otherwise, the device's acceptance will be hindered because everyone has to have that specific maker's phone. Plus, for every closed application, there is an open alternative.
Maybe the ideal would be to get PGP working independently and transparently with text messaging [1], mail, voice, video, and other items. That way, the metadata can be protected via one layer, but the actual contents are protected no matter what, even if the protocol is completely broken wide open.
[1]: An ideal would be something where sender's device would check if the receiver had the ability to receive (likely having the app poll a server every so often), and if so, send it over the Internet (mainly so it can be acknowledged it was received). If not, send it via SMS/MMS. Unlike iMessage, it would fall back and not assume that a specific app was installed and running.
This is one reason why I have hedged on buying one. How are they better from CyanogenMod, and for tools, open-source items, be it apg, K-9, EncFS (so files can be secured on both SD cards and cloud providers), RedPhone, TextSecure, and other apps that have their source available if one wants to manually look it it.
I respect PRZ incredibly, but one of the reasons why I continue to use PGP even though he states that it is obsolete is that PGP (and GnuPG) are open source... and they are platform and transport mechanism independent. I can send an OpenPGP ASCII armored packet via E-mail, texting, XMPP, Facebook, or any other messaging protocol. I do respect PRZ by founding a security company in an era where most "security" is PR, but I prefer to pack my own parachute and use the tried and true.
The problem is that a company that has security as part of their mindset is hard to find. Most at best have it as an afterthought, something strapped on at the last moment.
Security takes R&D, just like everything else. Would I expect a v1.0 product to be secure, especially from focused attack by people who want to bypass it? No, and not even in a v1.0.10 product. Breaches will happen for the first few years.
However, I will state one thing about BlackPhone: They fixed the issue. Other vendors would just tell their customers to buy a new smartphone or go pound sand. Where the rubber meets the road is how security flaws are handled. Are they acknowledged and patched, or are they covered up, flagged as FNR (fixed in next release), and only threats of litigation able to actually get the vendor to make a patch. There will -always- be flaws. However, part of a company selling security is how they respond to issues, and here, BlackPhone has performed quite well. There was a problem, they fixed it, and that is what matters.