RS/Tandy had some absolute gems though. The one thing they had with their machine which no PC has since done was having a usable copy of DOS in ROM.
This is a very simple thing. If a PC had a ROM image of either Linux or a BSD, or even a Windows PE image with recovery tools, it would make life a lot easier for support staff in general. Add hooks for iLO support, and it would be a big asset for IT, even if it is just booting into the recovery OS to wipe the drives to repurpose the box.
For the individual user, having a recovery OS would be extremely useful. First, one can run AV tools to scan and find rootkits. Complete, bare metal backups would be doable. One can do a disk scrub to look for errors without worrying about interfering with what stuff is in use. If a HDD is going bad, and it can't be booted from, one can dd a disk image before the drive completely dies.
I am actually surprised that no modern PC offers this. SSD isn't that expensive, and a recovery image can easily fit on 4-8 GB of space. If a PC can store firmware, it can store an OS recovery image and have it available.
Of course, an ideal would be a recovery image, and another image for reinstalling the OS (or perhaps both in instance, similar to how Solaris 11 ships.) That way, no matter how severe the HDD failure, the machine will always be usable.
I try to stay out of the systemd fray... but it goes against the core of UNIX... which is the KISS principle.
Init should start tasks, possibly stick them into jails or containers, and set resource limitations. Having something do everything including the kitchen sink is just asking to get hacked down the road unless millions of dollars are spent on source code audits.
As an IT person, results are important. What does systemd provide that previous mechanisms didn't. Parallel startup? I don't boot servers that often where asynchronous startup of processes is a big issue. Resource limits? Doable with the shell script that gets plopped into/etc/rc.d. I'm just not seeing the benefit, but what I am seeing is a gigantic amount of code which touches the entire system, giving me concerns about security and stability, and there have been a number of articles on/. about systemd, to the point where people are even forking distros just so they don't have to deal with it.
It would be nice to see a return to wired networking, just because it is a lot harder to hack (requires physical access), and it is faster. There is no way a Wi-Fi adapter can handle what even an eight port gigE switch can deal with.
Ironically, I'm seeing combined devices with newer SAN offerings. If you have a FC HBA, a CNA card, or even just a plain NIC, the SAN will be happy to do fiber channel, FCoE, iSCSI, NFS, CIFS, or WebDAV, all at the same time. Cutting the cord might be nice for tablets and smartphones, but for real speed, it requires a cord, even if it is a copper wire.
The desktop (as in role... this physical machine can be a laptop, a desktop, a server, or a tablet with a dock like the Surface Pro) machine isn't going anywhere, and has plenty of room to grow.
As for a market, it is actually surprising nobody has made a LAN version of OnLive where the video commands are sent to a rendering server, and streamed video is sent back. This way, each device on the LAN can have a decent framerate for video without needing large amounts of GPU present.
Of course, backups, centralized storage, virtualization, IDS/IPS utility, and many other items have not even been scratched in the home LAN arena, so there is still plenty of room for a company to grow with basic items like that.
Why do we have these non-standard wireless keyboard protocols that have unknown (if not nonexistant) levels of security, when BlueTooth is a widely accepted standard, and has proven itself quite robust to attack (it isn't perfect, but BT 4.2 is pretty darn secure.)
Why doesn't MS and other keyboard makers bundle a BT dongle ($10 on Amazon), and go with a tried/true standard? If the keyboard supports USB for charging, then pairing is definitely not an issue. If not, it can come pre-paired (similar to how Apple pairs USB mice and keyboards when they are shipped with iMacs), or one can use one of many pairing methods.
Going with BT not just means that there is actual guarenteed security in place, but there are facilities for running at low power levels and not having to maintain a constant radio connection.
With SSDs becoming more commonplace coupled with filesystem-level deduplication, I wonder if this might be a good thing. Throw not just applications, but multiple instances (browser tabs, for example) into completely separated VMs.
MS has a ways to go to catch up to VMWare, especially with features like transparent page sharing and other memory management techniques that ESXi uses to handle RAM overcommits. However if they can catch up in those departments, it wouldn't be far-fetched to have every simple application instance to have its own OS and filesystem space, and be well secured.
Add a software firewall as a VM (think something like PFSense), and if one of the VMs gets compromised, the amount of damage it can do would be limited.
Long term, with filesystem level deduplication becoming more common, I wonder if the best thing would be to move back to statically linked executables. With the same code deduplicated by the filesystem, there wouldn't be much need for dynamic linked executables, and even though it may take up a bit more space, it would save on aggravation, version conflicts, and other headaches.
Even non-DLLs can be an issue. For example various applications requiring specific JVM versions. It would be nice to have that built into the program itself, as opposed to having to play "guess that smell" and hope the JVM in use isn't too insecure.
The ironic thing is that this can be done under Windows. VMWare's ThinApp, and Evalaze are utilities which can take a Windows package and turn the whole thing into a single file. ThinApp could even find the latest update of a packaged application in a share, so if one ran Word, it would execute the latest one.
It takes up disk space, but it would be nice to have Windows offer a completely virtual machine (with virtual FS and Registry) so one could click on an application, and its data would be stored in a part of the user's home directory, completely isolated from other utilities. Of course, there would have to be something put in so an E-mail program could fetch an attachment from the spreadsheet directory, but that is definitely not an impossible task.
Storage is in tiers, and each tier is different. From the stuff in registers to what is stashed on Amazon Glacier, and everything in between (RAM, SSD, HDD, etc.) A revolution at one strata will have a completely different impact than a revolution at another level.
Take RRAM, MRAM, or some random access memory technology which is up to speed with DRAM, except cheaper and doesn't need refreshed. This would end up not just supplanting RAM, but also making inroads on SSD, depending how inexpensive it is. Will this fundamentally change computing? Somewhat, although I doubt that RRAM would ever drop near the price of HDD or even SSD.
Or, take WAN bandwidth. If the average home had terabytes of bandwidth, a phone had the same, this would change things fundamentally. Cloud storage could go from stashing occasional files to being a tier 2 NAS, especially with proper client security and encryption. However, this is extremely unlikely as well.
Perhaps a tape drive company is able to make reliable media with the bit density of hard disk platters, and is able to fit 100 TB on a cartridge for $10, with drives costing $500. Far-fetched, but if this happens, it would have a different impact to computing than memory costing 1/100 of what it does... but it would be significant.
Improvements in the middle tiers may or may not help things. Bigger hard drives will have to deal with currently small I/O pipes, making array rebuild times longer, and forcing businesses to go past RAID 6 to ensure the drives have protection when things get degraded. Already, some arrays can take 24 hours to rebuild from one lost HDD, and if capacity increases without I/O coming with it, we might have to have RAID levels that factor in not just two levels of parity, but three or four, perhaps with another level just for bit rot checking.
So, when someone says that there are storage breakthroughs... it really depends on the tier that the breakthrough happens at.
I remember mention way back in the Android 2.2 days about having Android be more modular so that even though a phone may be relatively old, it would still be able to run the latest code.
The lesson to this is to get a device with at the minimum, an unlockable bootloader. That way, even if there are no unofficial patches, one can still find a ROM like CyanogenMod or another party which keeps updated.
Of course, something like the Xposed framework is quite useful as well, especially items like XPrivacy which help with on device security extremely.
What I've wondered about is something that was present on Compaqs back in 1993-1994 -- an "enable flash" jumper.
Having this would put a kibosh on flashing option ROMs without the user knowing. Of course, there is always the dancing bunny attack, where a pr0n site asks a user to follow some detailed instructions before downloading a codec, or a dodgy device from China won't work unless the user follows directions (including flipping that jumper and disabling signature enforcement.) However, a master switch would be a significant security boost.
With modern PCs, it wouldn't be a jumper/switch per se, but would be something done from a BIOS level app. This utility would be something a user would almost never use, but would be available just in case someone is doing development work. This way, option ROMs that are signed can be used without issue, but unsigned Trojans would be stopped cold. This mechanism also gives the user the ability to purge all loaded option ROMs and restore back to a default, should their machine get nailed.
I like how UEFI is now on x86 machines. Ships enabled, but easily turned off if you have any technical knowledge. Some BIOS config tools even put up a warning to help ward off "dancing bunny" attacks.
Maybe Apple should see about TPMs. On most machines, they ship disabled, but easily turned on. If FileVault 2 used a TPM, this would not just provide resistance to evil maid attacks, but would stop brute force password guess attacks in their tracks, since the key decoding the VEK would be stashed in the TPM. Of course, if that is lost, there are other mechanisms for recovery (the number string Apple tells you to stash in a secure place.) TPMs would also do a decent job at securing local KeyRing storage, so credentials stored there would be well protected from compromise, even if FileVault isn't used, as the TPM would hold that data, not the OS.
The days of tapes not being in sync (as in the Travan era) is long since gone. LTO tapes are quite stable, even moreso than DLT, and a lot better than 8mm or 4mm when it comes to hard errors. Tape got a bad name back in the 1990s when 8mm drives were common and had a fairly high failure rate, mainly because it was designed as a video format, not for data.
Both external USB hard drives and tape have advantages and disadvantages. With tape, I can set the cartridge read only, and if there is malware on the machine I'm restoring to, the tape will not be affected. On the other hand, USB drives could get easily nuked, especially if they are encrypted [1].
Tape has its place. If some company could make a decently reliable tape drive for around a grand, they would make a lot of money. The days of the 8mm and 4mm horror stories are over two decades behind us, and as threats like malware grow that are set up to nail backups, having a tape drive that can do WORM in hardware can save a business.
[1]: Encryption goes without saying on removable media. However, with encryption comes easier data loss. A format on BitLocker encrypted media will overwrite the areas on the drive holding the volume keys, pretty much ensuring the data won't be able to be decrypted.
SGID is one way, but there are other ways to separate programs. Docker and containers comes to mind. Of course, there will need to be a mechanism that allows a user to move/copy/link a file between the *Office and MUA containers, but that can be easily dealt with.
Those are OK recommendations... but I'd probably add a few of my own:
1: First and foremost, limit the IP address space of what the SSH daemon can communicate with. If the bad guys can't get to the front door, they can't kick it in.
2: Install SSHGuard, Fail2Ban, or a tarpit program. This won't stop the distributed brute force attacks that do 2-3 guesses per IP block, but it is a line of defense.
3: 2FA. I use the Google Authenticator as backup to RSA keys.
4: If root doesn't need SSH access, don't allow it.
My concern is with the bad guys getting in, although cipher choice is important. However implementing SSH is just as much about access control as it is about encryption.
Right now, Windows... but I wouldn't be surprised to see it on OS X and UNIX operating systems since it would be quite easy to write. It would be simple to write a shell script that fetched a public key from key servers, did a find command, passed the output to PGP or gpg to encrypt files, then wipe the old.doc files.
At least with UNIX, there are programs like amanda and bacula which can be used in client/server mode so that malware on a client can't touch the backup server and its data.
Another lesson is to use virtual machines when possible. An infected VM is a lot less of a hassle to deal with than an infected physical box, especially if snapshots are used [1].
For personal use, I wonder about moving to a NAS and two ESXi nodes. Browsing using RDP is just as fast as a local Web browser, and if configured right, none of the stuff in the VMs would have access to the NAS itself, which helps isolate damage to just that VM itself. As for "real" backups, plugging an external drive to the NAS, copying the VMs after suspending them, and unmounting the external drive should do the trick.
[1]: Snapshots are not backups, but they do have their place.
You would be surprised. There are a lot of places out there that consider an EMC Avamar with replication to a hot site the final answer for backups. For most things, this is good enough.
The problem is that for all but human-caused disasters, RAID and hard drives are seductive, especially tier 2 NAS items like Isilons or NetApps where adding more space is quite easy (as opposed to tier 1 SANs where one has to add new logical drives or expand existing ones). Stash data there, it gets deduped, when it gets near full, add a node, drawer, or more drives.
Of course, as stated above, RAID works well... but it isn't a backup. There are some items which -can- help like the SmartLock functionality on Isilons, which keeps data even if someone logs on as root and does an "rm -rf/ifs/data".
As for tape, a lot of installations have moved to VTLs. Of course, the same issue applies to this. As a bad guy, they can log on as the SAN admin, dump the filesystem that is presented as the libraries and tapes, then call it a day.
It would be nice to see a renaissance in tapes (perhaps a slower LTO-6 spec that can handle USB 3 speeds) just because they are the best way to back up data, even against malicious intervention, bar none. A set of cartridges in a tape safe is as secure as data is going to get from malware, especially if the tapes are set to be read only.
What about a photos directory in the FB app structure? If someone wants to upload a photo of their cat, just dragging and dropping it into that, then firing up FB to upload that isn't that much of a hindrance... and it will boost security by a large amount. Same with dropping a file into a subdirectory of a mail program, so the MUA doesn't have the ability to send attachments of every document present.
Yes, it is one extra step, but it would help a lot with security.
Interesting appliance offerings. The 312 and the other desktop model appear quite useful for almost everyone, if the price is right. Just the fact that malware can't go in and "rm -rf/" the device adds significant protection.
The 312/313 look interesting. The $4000 price point isn't cheap, but trying to do something similar, like building a PC with Windows Server 2012 R2 and then finding an application to do the backups, may run into higher costs overall.
IMHO, be it a Unitrends appliance, a machine running bru [1], NetBackup, or anything along those lines, are a must for businesses these days. The Cryptowall/CryptoLocker malware is only going to get worse, and be able to do more stuff [2]
[1]: bru is the only backup utility that allows you to install and restore stuff without having to input a serial number. Quite useful. It also has been around since the early 1990s, and is tried and true. Wish it came with RedHat like it did in ages bygone.
[2]: I will not be surprised to see malware/ransomware start getting even more sophisticated to the point of encrypting files, but having a low level driver in place that allows access... then at some certain date, all file access is locked out. This way, even backups will not be usable. It would also be modular so that it would hook into programs like Mozy, CrashPlan, Carbonite, and others, and encrypt the data as it is sent up.
The biggest problem we have is that businesses have moved to SAN and cloud backups. Yes, that VNX replicating asynchronously with constant snapshots is a great way to handle "natural" dangers... but it doesn't take much to drop and zero out all LUNs presented to all machines, and the replication client will just propagate the changes. Same with a tier 2 NAS like a NetApp box or an Isilon. Even with cloud backups, it doesn't take much time to drop a vault or a container.
There just isn't any thought put into "what happens if the bad guy gains control of the core SAN."
I feel old fashioned advocating tapes, but a set of tapes sitting in a safe, in a sealed tub at an offsite warehouse, or just in a silo are far more resistant to a mass wipe than anything else out there.
As the parent said, we need some granularity that doesn't allow an application full access to a user's context. There are existing mechanisms in place, like SELinux, AppArmor, and others, but those are generally used for server programs, as opposed to desktop applications like web browsers, Office suites, and other day to day tools.
We have been on this merry-go-round before. Back in the days of PC viruses, there was a time when most were benign, but then there was a race towards the end to see who could trash the most, be it frying multisync monitors, wiping firmware on the BIOS or devices, and many other things. When viruses were passive, people really didn't care, but as soon as people had physical hardware damage, the days of passing random executables stopped, and people went for clean download sites.
These days, malware injected via a Web browser isn't too tough to defeat... AdBlock does far more to keep a machine clean than almost any AV program. Click to play helps as well, and finally running the browser in a VM or a sandbox is the final backstop. It looks like even the malware writers fear stuff like sandboxie due to the checks for it, so it would be a must have.
That's the rub. The ideal is something like a NetBackup appliance that has deduplication on the backend, the capability for clientside and serverside encryption [1], and the ability for a backup process to go to the client and start snarfing data.
However, unless one has $58,000.00 for a small NetBackup appliance, the only thing that comes even close is Retrospect, which is $2100 for multiple servers, around $1000 for one server. For maximum security, a dedicated, locked down PC is needed so no bad stuff can affect the backup machine. It also doesn't hurt to have an external HDD available to transfer the backup set that will be used for a bare metal restore, because booting and trying to restore from the network can be extremely dicey on a wireless network.
UNIX machines are easier -- bacula and other utilities can do this, but Windows is where the need is for this type of utility, and there isn't anything out there.
There is a niche for this. Both software that can be used on an older machine, as well as a dedicated appliance.
I wouldn't be surprised to see this actually be a niche market, similar to NAS appliances. A box that one plops down, configures, installs a client on Windows, OS X, or Linux, and can do the basic range of backups, be it files, or complete bare metal OS images. A file restore would be just accessing the backup client. A complete image restore could even be telling the appliance to map a USB port to a virtual bootable image, boot the machine via the USB port, and let the application code do the rest from there. That way, the machine is never on the network in a vulnerable state.
[1]: Yes, this kills deduplication... but there are some machines which need to be secured in case the backup appliance gets hacked.
I've always liked the old standby -- using studio monitors [1] and amps. They get just as loud as the audiophile stuff, but are engineered to have a flat response. That way, if I want boomy bass (no clue why), I can boost using parametric EQ. The ironic thing is that the price of studio items isn't cheap, but is reasonable, and you get what you pay for, as opposed to the snake oil audiophile stuff (studio monitors don't need to sit on quartz-free granite from Scotland, for example... they are just A-OK on a stand, mounted to a wall, on a desk, or sitting on the floor, depending on size and preference.)
What I wonder about is how a LP made these days compares to a LP made back before CDs. Will it be mixed the same, or will it be compressed [2] one hair before 0dB, just like almost any recent album mix?
[1]: The speakers, that is. Not the screen, nor the lizard.
[2]: Dynamic range compression... loud sounds get damped, quiet ones get boosted. Not audio compression like MPEG.
Of course, there is the retro side to vinyl. However, there is the physical aspect of the media, from plenty of space on the cover for album art (as opposed to what is shown on a smartphone display) to having liner notes and other niceties with the album, to the actual handling of a record which is 100% analog. Of course, its audio quality compared to a CD is debatable, but there is definitely something about having a record collection and the physical aspect of that.
For example, one physical aspect was Jethro Tull's "Thick as a Brick" newspaper. Another album actually folded into a miniature desk. This is a physical trait that has been lost, and is now being rediscovered.
Of course, there is the fact that DRM and the play device phoning home isn't an issue, and it doesn't take that much in the way of electronics to play a record compared to a CD or MP3 file.
I might as well mention predictions, that may be something that will be something IT shops have to deal with as well:
The main thing is the sea change of malware and active hacking from passive slurping of data to active destruction. This was shown in this past year by CryptoLocker, but driven home by the Sony malware. In the past, a company could just shrug, and continue with their policies because the leaked data didn't mean much -- their original data is still in place. However, if the bad guys start going in with destruction in mind... which is easy, we will start seeing companies actually start going bankrupt. A good example of this is the fact that a lot of businesses are SAN based. An attacker just has to go in on the tier 1 SAN, drop all LUNs, and in the case of a SSD based SAN, do a TRIM against all devices. Depending on how fast the garbage collector is on the controller, there is likely no way in Hell the data would ever be recoverable. Even SANs that replicate data will be affected, as they will just write over the good data.
A lot of companies use tier 2 NAS systems (Isilons, Avamars) for backups because of deduplication. Even though Isilons have SmartLock (for example), an attacker that manages to get root on a node can still do a lot of damage, usually a single command would purge the entire data stored on the cluster. Even with SmartLock, if the attacker gets root, that functionality can be bypassed and the drives zeroed.
In the past, tape drives were used, but because companies were focused on data loss due to hardware failure (which RAID, multipathing, replication, and snapshots help mitigate), backups to deduplicated disk arrays became the target of choice. Now, businesses may be forced to go back to tape in some way, just because it is harder for an attacker to zero out the contents. It can be done (purge a storage pool, tell it to zero out all media), but if there is media offsite, this can be mitigated, since the attacker can't "rm -rf" a tape sitting on a shelf at the local Iron Maiden warehouse.
So, there will be a change in IT so data is stored more robustly, so a purge of the company SAN doesn't kill the company.
On a smaller scale, CryptoLocker and such affect individuals. Again, malware use to "just" read data, now it is actively locked up and destroyed. On a SOHO/SMB scale, this is mitigated by a device that initiates backups, dumps the local desktops to a drive (or array) for backups. The reason it does the backups as opposed to dumping to a share is, again, ensuring that malware can't zero things out with a simple diskpart clean all command.
Another prediction I have is SANs actually using more features in SSD. With SSD moving from disk interfaces to SIMMS/DIMMS, RAID can be handled in a different manner, but still prove results. I saw Pure Storage's dog and pony show where they are running SANs, all on SSD. This is where mainline SAN storage is going to head for the most part (barring extremely large amounts of data that SSD is just too expensive for.) HDD will remain, but likely end up used for backups and archiving as opposed to primary storage.
Of course, the third prediction is that smartphones get enough capacity to be used as personal servers. I don't think the Motorola Atrix like functionality will come around for a number of years, but I wouldn't be surprised in the future that VMs can be stored on one's smartphone, and one's desktop be essentially a compute node, booting ESXi, and using the phone as a backing store. How will this affect IT? Apple and Google are going to have to crack some deals with MS to handle GPOs, perhaps allowing iOS and Android to join AD domains and be managed under SCOM/SCCM/etc.
Slashdot Mirror
RS/Tandy had some absolute gems though. The one thing they had with their machine which no PC has since done was having a usable copy of DOS in ROM.
This is a very simple thing. If a PC had a ROM image of either Linux or a BSD, or even a Windows PE image with recovery tools, it would make life a lot easier for support staff in general. Add hooks for iLO support, and it would be a big asset for IT, even if it is just booting into the recovery OS to wipe the drives to repurpose the box.
For the individual user, having a recovery OS would be extremely useful. First, one can run AV tools to scan and find rootkits. Complete, bare metal backups would be doable. One can do a disk scrub to look for errors without worrying about interfering with what stuff is in use. If a HDD is going bad, and it can't be booted from, one can dd a disk image before the drive completely dies.
I am actually surprised that no modern PC offers this. SSD isn't that expensive, and a recovery image can easily fit on 4-8 GB of space. If a PC can store firmware, it can store an OS recovery image and have it available.
Of course, an ideal would be a recovery image, and another image for reinstalling the OS (or perhaps both in instance, similar to how Solaris 11 ships.) That way, no matter how severe the HDD failure, the machine will always be usable.
I try to stay out of the systemd fray... but it goes against the core of UNIX... which is the KISS principle.
Init should start tasks, possibly stick them into jails or containers, and set resource limitations. Having something do everything including the kitchen sink is just asking to get hacked down the road unless millions of dollars are spent on source code audits.
As an IT person, results are important. What does systemd provide that previous mechanisms didn't. Parallel startup? I don't boot servers that often where asynchronous startup of processes is a big issue. Resource limits? Doable with the shell script that gets plopped into /etc/rc.d. I'm just not seeing the benefit, but what I am seeing is a gigantic amount of code which touches the entire system, giving me concerns about security and stability, and there have been a number of articles on /. about systemd, to the point where people are even forking distros just so they don't have to deal with it.
It would be nice to see a return to wired networking, just because it is a lot harder to hack (requires physical access), and it is faster. There is no way a Wi-Fi adapter can handle what even an eight port gigE switch can deal with.
Ironically, I'm seeing combined devices with newer SAN offerings. If you have a FC HBA, a CNA card, or even just a plain NIC, the SAN will be happy to do fiber channel, FCoE, iSCSI, NFS, CIFS, or WebDAV, all at the same time. Cutting the cord might be nice for tablets and smartphones, but for real speed, it requires a cord, even if it is a copper wire.
The tablet market is pretty much saturated.
The desktop (as in role... this physical machine can be a laptop, a desktop, a server, or a tablet with a dock like the Surface Pro) machine isn't going anywhere, and has plenty of room to grow.
As for a market, it is actually surprising nobody has made a LAN version of OnLive where the video commands are sent to a rendering server, and streamed video is sent back. This way, each device on the LAN can have a decent framerate for video without needing large amounts of GPU present.
Of course, backups, centralized storage, virtualization, IDS/IPS utility, and many other items have not even been scratched in the home LAN arena, so there is still plenty of room for a company to grow with basic items like that.
This raises a question:
Why do we have these non-standard wireless keyboard protocols that have unknown (if not nonexistant) levels of security, when BlueTooth is a widely accepted standard, and has proven itself quite robust to attack (it isn't perfect, but BT 4.2 is pretty darn secure.)
Why doesn't MS and other keyboard makers bundle a BT dongle ($10 on Amazon), and go with a tried/true standard? If the keyboard supports USB for charging, then pairing is definitely not an issue. If not, it can come pre-paired (similar to how Apple pairs USB mice and keyboards when they are shipped with iMacs), or one can use one of many pairing methods.
Going with BT not just means that there is actual guarenteed security in place, but there are facilities for running at low power levels and not having to maintain a constant radio connection.
With SSDs becoming more commonplace coupled with filesystem-level deduplication, I wonder if this might be a good thing. Throw not just applications, but multiple instances (browser tabs, for example) into completely separated VMs.
MS has a ways to go to catch up to VMWare, especially with features like transparent page sharing and other memory management techniques that ESXi uses to handle RAM overcommits. However if they can catch up in those departments, it wouldn't be far-fetched to have every simple application instance to have its own OS and filesystem space, and be well secured.
Add a software firewall as a VM (think something like PFSense), and if one of the VMs gets compromised, the amount of damage it can do would be limited.
Long term, with filesystem level deduplication becoming more common, I wonder if the best thing would be to move back to statically linked executables. With the same code deduplicated by the filesystem, there wouldn't be much need for dynamic linked executables, and even though it may take up a bit more space, it would save on aggravation, version conflicts, and other headaches.
Even non-DLLs can be an issue. For example various applications requiring specific JVM versions. It would be nice to have that built into the program itself, as opposed to having to play "guess that smell" and hope the JVM in use isn't too insecure.
The ironic thing is that this can be done under Windows. VMWare's ThinApp, and Evalaze are utilities which can take a Windows package and turn the whole thing into a single file. ThinApp could even find the latest update of a packaged application in a share, so if one ran Word, it would execute the latest one.
It takes up disk space, but it would be nice to have Windows offer a completely virtual machine (with virtual FS and Registry) so one could click on an application, and its data would be stored in a part of the user's home directory, completely isolated from other utilities. Of course, there would have to be something put in so an E-mail program could fetch an attachment from the spreadsheet directory, but that is definitely not an impossible task.
Storage is in tiers, and each tier is different. From the stuff in registers to what is stashed on Amazon Glacier, and everything in between (RAM, SSD, HDD, etc.) A revolution at one strata will have a completely different impact than a revolution at another level.
Take RRAM, MRAM, or some random access memory technology which is up to speed with DRAM, except cheaper and doesn't need refreshed. This would end up not just supplanting RAM, but also making inroads on SSD, depending how inexpensive it is. Will this fundamentally change computing? Somewhat, although I doubt that RRAM would ever drop near the price of HDD or even SSD.
Or, take WAN bandwidth. If the average home had terabytes of bandwidth, a phone had the same, this would change things fundamentally. Cloud storage could go from stashing occasional files to being a tier 2 NAS, especially with proper client security and encryption. However, this is extremely unlikely as well.
Perhaps a tape drive company is able to make reliable media with the bit density of hard disk platters, and is able to fit 100 TB on a cartridge for $10, with drives costing $500. Far-fetched, but if this happens, it would have a different impact to computing than memory costing 1/100 of what it does... but it would be significant.
Improvements in the middle tiers may or may not help things. Bigger hard drives will have to deal with currently small I/O pipes, making array rebuild times longer, and forcing businesses to go past RAID 6 to ensure the drives have protection when things get degraded. Already, some arrays can take 24 hours to rebuild from one lost HDD, and if capacity increases without I/O coming with it, we might have to have RAID levels that factor in not just two levels of parity, but three or four, perhaps with another level just for bit rot checking.
So, when someone says that there are storage breakthroughs... it really depends on the tier that the breakthrough happens at.
I remember mention way back in the Android 2.2 days about having Android be more modular so that even though a phone may be relatively old, it would still be able to run the latest code.
The lesson to this is to get a device with at the minimum, an unlockable bootloader. That way, even if there are no unofficial patches, one can still find a ROM like CyanogenMod or another party which keeps updated.
Of course, something like the Xposed framework is quite useful as well, especially items like XPrivacy which help with on device security extremely.
What I've wondered about is something that was present on Compaqs back in 1993-1994 -- an "enable flash" jumper.
Having this would put a kibosh on flashing option ROMs without the user knowing. Of course, there is always the dancing bunny attack, where a pr0n site asks a user to follow some detailed instructions before downloading a codec, or a dodgy device from China won't work unless the user follows directions (including flipping that jumper and disabling signature enforcement.) However, a master switch would be a significant security boost.
With modern PCs, it wouldn't be a jumper/switch per se, but would be something done from a BIOS level app. This utility would be something a user would almost never use, but would be available just in case someone is doing development work. This way, option ROMs that are signed can be used without issue, but unsigned Trojans would be stopped cold. This mechanism also gives the user the ability to purge all loaded option ROMs and restore back to a default, should their machine get nailed.
I like how UEFI is now on x86 machines. Ships enabled, but easily turned off if you have any technical knowledge. Some BIOS config tools even put up a warning to help ward off "dancing bunny" attacks.
Maybe Apple should see about TPMs. On most machines, they ship disabled, but easily turned on. If FileVault 2 used a TPM, this would not just provide resistance to evil maid attacks, but would stop brute force password guess attacks in their tracks, since the key decoding the VEK would be stashed in the TPM. Of course, if that is lost, there are other mechanisms for recovery (the number string Apple tells you to stash in a secure place.) TPMs would also do a decent job at securing local KeyRing storage, so credentials stored there would be well protected from compromise, even if FileVault isn't used, as the TPM would hold that data, not the OS.
The days of tapes not being in sync (as in the Travan era) is long since gone. LTO tapes are quite stable, even moreso than DLT, and a lot better than 8mm or 4mm when it comes to hard errors. Tape got a bad name back in the 1990s when 8mm drives were common and had a fairly high failure rate, mainly because it was designed as a video format, not for data.
Both external USB hard drives and tape have advantages and disadvantages. With tape, I can set the cartridge read only, and if there is malware on the machine I'm restoring to, the tape will not be affected. On the other hand, USB drives could get easily nuked, especially if they are encrypted [1].
Tape has its place. If some company could make a decently reliable tape drive for around a grand, they would make a lot of money. The days of the 8mm and 4mm horror stories are over two decades behind us, and as threats like malware grow that are set up to nail backups, having a tape drive that can do WORM in hardware can save a business.
[1]: Encryption goes without saying on removable media. However, with encryption comes easier data loss. A format on BitLocker encrypted media will overwrite the areas on the drive holding the volume keys, pretty much ensuring the data won't be able to be decrypted.
SGID is one way, but there are other ways to separate programs. Docker and containers comes to mind. Of course, there will need to be a mechanism that allows a user to move/copy/link a file between the *Office and MUA containers, but that can be easily dealt with.
Those are OK recommendations... but I'd probably add a few of my own:
1: First and foremost, limit the IP address space of what the SSH daemon can communicate with. If the bad guys can't get to the front door, they can't kick it in.
2: Install SSHGuard, Fail2Ban, or a tarpit program. This won't stop the distributed brute force attacks that do 2-3 guesses per IP block, but it is a line of defense.
3: 2FA. I use the Google Authenticator as backup to RSA keys.
4: If root doesn't need SSH access, don't allow it.
My concern is with the bad guys getting in, although cipher choice is important. However implementing SSH is just as much about access control as it is about encryption.
Right now, Windows... but I wouldn't be surprised to see it on OS X and UNIX operating systems since it would be quite easy to write. It would be simple to write a shell script that fetched a public key from key servers, did a find command, passed the output to PGP or gpg to encrypt files, then wipe the old .doc files.
At least with UNIX, there are programs like amanda and bacula which can be used in client/server mode so that malware on a client can't touch the backup server and its data.
Another lesson is to use virtual machines when possible. An infected VM is a lot less of a hassle to deal with than an infected physical box, especially if snapshots are used [1].
For personal use, I wonder about moving to a NAS and two ESXi nodes. Browsing using RDP is just as fast as a local Web browser, and if configured right, none of the stuff in the VMs would have access to the NAS itself, which helps isolate damage to just that VM itself. As for "real" backups, plugging an external drive to the NAS, copying the VMs after suspending them, and unmounting the external drive should do the trick.
[1]: Snapshots are not backups, but they do have their place.
You would be surprised. There are a lot of places out there that consider an EMC Avamar with replication to a hot site the final answer for backups. For most things, this is good enough.
The problem is that for all but human-caused disasters, RAID and hard drives are seductive, especially tier 2 NAS items like Isilons or NetApps where adding more space is quite easy (as opposed to tier 1 SANs where one has to add new logical drives or expand existing ones). Stash data there, it gets deduped, when it gets near full, add a node, drawer, or more drives.
Of course, as stated above, RAID works well... but it isn't a backup. There are some items which -can- help like the SmartLock functionality on Isilons, which keeps data even if someone logs on as root and does an "rm -rf /ifs/data".
As for tape, a lot of installations have moved to VTLs. Of course, the same issue applies to this. As a bad guy, they can log on as the SAN admin, dump the filesystem that is presented as the libraries and tapes, then call it a day.
It would be nice to see a renaissance in tapes (perhaps a slower LTO-6 spec that can handle USB 3 speeds) just because they are the best way to back up data, even against malicious intervention, bar none. A set of cartridges in a tape safe is as secure as data is going to get from malware, especially if the tapes are set to be read only.
What about a photos directory in the FB app structure? If someone wants to upload a photo of their cat, just dragging and dropping it into that, then firing up FB to upload that isn't that much of a hindrance... and it will boost security by a large amount. Same with dropping a file into a subdirectory of a mail program, so the MUA doesn't have the ability to send attachments of every document present.
Yes, it is one extra step, but it would help a lot with security.
Interesting appliance offerings. The 312 and the other desktop model appear quite useful for almost everyone, if the price is right. Just the fact that malware can't go in and "rm -rf /" the device adds significant protection.
The 312/313 look interesting. The $4000 price point isn't cheap, but trying to do something similar, like building a PC with Windows Server 2012 R2 and then finding an application to do the backups, may run into higher costs overall.
IMHO, be it a Unitrends appliance, a machine running bru [1], NetBackup, or anything along those lines, are a must for businesses these days. The Cryptowall/CryptoLocker malware is only going to get worse, and be able to do more stuff [2]
[1]: bru is the only backup utility that allows you to install and restore stuff without having to input a serial number. Quite useful. It also has been around since the early 1990s, and is tried and true. Wish it came with RedHat like it did in ages bygone.
[2]: I will not be surprised to see malware/ransomware start getting even more sophisticated to the point of encrypting files, but having a low level driver in place that allows access... then at some certain date, all file access is locked out. This way, even backups will not be usable. It would also be modular so that it would hook into programs like Mozy, CrashPlan, Carbonite, and others, and encrypt the data as it is sent up.
The biggest problem we have is that businesses have moved to SAN and cloud backups. Yes, that VNX replicating asynchronously with constant snapshots is a great way to handle "natural" dangers... but it doesn't take much to drop and zero out all LUNs presented to all machines, and the replication client will just propagate the changes. Same with a tier 2 NAS like a NetApp box or an Isilon. Even with cloud backups, it doesn't take much time to drop a vault or a container.
There just isn't any thought put into "what happens if the bad guy gains control of the core SAN."
I feel old fashioned advocating tapes, but a set of tapes sitting in a safe, in a sealed tub at an offsite warehouse, or just in a silo are far more resistant to a mass wipe than anything else out there.
As the parent said, we need some granularity that doesn't allow an application full access to a user's context. There are existing mechanisms in place, like SELinux, AppArmor, and others, but those are generally used for server programs, as opposed to desktop applications like web browsers, Office suites, and other day to day tools.
We have been on this merry-go-round before. Back in the days of PC viruses, there was a time when most were benign, but then there was a race towards the end to see who could trash the most, be it frying multisync monitors, wiping firmware on the BIOS or devices, and many other things. When viruses were passive, people really didn't care, but as soon as people had physical hardware damage, the days of passing random executables stopped, and people went for clean download sites.
These days, malware injected via a Web browser isn't too tough to defeat... AdBlock does far more to keep a machine clean than almost any AV program. Click to play helps as well, and finally running the browser in a VM or a sandbox is the final backstop. It looks like even the malware writers fear stuff like sandboxie due to the checks for it, so it would be a must have.
That's the rub. The ideal is something like a NetBackup appliance that has deduplication on the backend, the capability for clientside and serverside encryption [1], and the ability for a backup process to go to the client and start snarfing data.
However, unless one has $58,000.00 for a small NetBackup appliance, the only thing that comes even close is Retrospect, which is $2100 for multiple servers, around $1000 for one server. For maximum security, a dedicated, locked down PC is needed so no bad stuff can affect the backup machine. It also doesn't hurt to have an external HDD available to transfer the backup set that will be used for a bare metal restore, because booting and trying to restore from the network can be extremely dicey on a wireless network.
UNIX machines are easier -- bacula and other utilities can do this, but Windows is where the need is for this type of utility, and there isn't anything out there.
There is a niche for this. Both software that can be used on an older machine, as well as a dedicated appliance.
I wouldn't be surprised to see this actually be a niche market, similar to NAS appliances. A box that one plops down, configures, installs a client on Windows, OS X, or Linux, and can do the basic range of backups, be it files, or complete bare metal OS images. A file restore would be just accessing the backup client. A complete image restore could even be telling the appliance to map a USB port to a virtual bootable image, boot the machine via the USB port, and let the application code do the rest from there. That way, the machine is never on the network in a vulnerable state.
[1]: Yes, this kills deduplication... but there are some machines which need to be secured in case the backup appliance gets hacked.
I've always liked the old standby -- using studio monitors [1] and amps. They get just as loud as the audiophile stuff, but are engineered to have a flat response. That way, if I want boomy bass (no clue why), I can boost using parametric EQ. The ironic thing is that the price of studio items isn't cheap, but is reasonable, and you get what you pay for, as opposed to the snake oil audiophile stuff (studio monitors don't need to sit on quartz-free granite from Scotland, for example... they are just A-OK on a stand, mounted to a wall, on a desk, or sitting on the floor, depending on size and preference.)
What I wonder about is how a LP made these days compares to a LP made back before CDs. Will it be mixed the same, or will it be compressed [2] one hair before 0dB, just like almost any recent album mix?
[1]: The speakers, that is. Not the screen, nor the lizard.
[2]: Dynamic range compression... loud sounds get damped, quiet ones get boosted. Not audio compression like MPEG.
Of course, there is the retro side to vinyl. However, there is the physical aspect of the media, from plenty of space on the cover for album art (as opposed to what is shown on a smartphone display) to having liner notes and other niceties with the album, to the actual handling of a record which is 100% analog. Of course, its audio quality compared to a CD is debatable, but there is definitely something about having a record collection and the physical aspect of that.
For example, one physical aspect was Jethro Tull's "Thick as a Brick" newspaper. Another album actually folded into a miniature desk. This is a physical trait that has been lost, and is now being rediscovered.
Of course, there is the fact that DRM and the play device phoning home isn't an issue, and it doesn't take that much in the way of electronics to play a record compared to a CD or MP3 file.
I might as well mention predictions, that may be something that will be something IT shops have to deal with as well:
The main thing is the sea change of malware and active hacking from passive slurping of data to active destruction. This was shown in this past year by CryptoLocker, but driven home by the Sony malware. In the past, a company could just shrug, and continue with their policies because the leaked data didn't mean much -- their original data is still in place. However, if the bad guys start going in with destruction in mind... which is easy, we will start seeing companies actually start going bankrupt. A good example of this is the fact that a lot of businesses are SAN based. An attacker just has to go in on the tier 1 SAN, drop all LUNs, and in the case of a SSD based SAN, do a TRIM against all devices. Depending on how fast the garbage collector is on the controller, there is likely no way in Hell the data would ever be recoverable. Even SANs that replicate data will be affected, as they will just write over the good data.
A lot of companies use tier 2 NAS systems (Isilons, Avamars) for backups because of deduplication. Even though Isilons have SmartLock (for example), an attacker that manages to get root on a node can still do a lot of damage, usually a single command would purge the entire data stored on the cluster. Even with SmartLock, if the attacker gets root, that functionality can be bypassed and the drives zeroed.
In the past, tape drives were used, but because companies were focused on data loss due to hardware failure (which RAID, multipathing, replication, and snapshots help mitigate), backups to deduplicated disk arrays became the target of choice. Now, businesses may be forced to go back to tape in some way, just because it is harder for an attacker to zero out the contents. It can be done (purge a storage pool, tell it to zero out all media), but if there is media offsite, this can be mitigated, since the attacker can't "rm -rf" a tape sitting on a shelf at the local Iron Maiden warehouse.
So, there will be a change in IT so data is stored more robustly, so a purge of the company SAN doesn't kill the company.
On a smaller scale, CryptoLocker and such affect individuals. Again, malware use to "just" read data, now it is actively locked up and destroyed. On a SOHO/SMB scale, this is mitigated by a device that initiates backups, dumps the local desktops to a drive (or array) for backups. The reason it does the backups as opposed to dumping to a share is, again, ensuring that malware can't zero things out with a simple diskpart clean all command.
Another prediction I have is SANs actually using more features in SSD. With SSD moving from disk interfaces to SIMMS/DIMMS, RAID can be handled in a different manner, but still prove results. I saw Pure Storage's dog and pony show where they are running SANs, all on SSD. This is where mainline SAN storage is going to head for the most part (barring extremely large amounts of data that SSD is just too expensive for.) HDD will remain, but likely end up used for backups and archiving as opposed to primary storage.
Of course, the third prediction is that smartphones get enough capacity to be used as personal servers. I don't think the Motorola Atrix like functionality will come around for a number of years, but I wouldn't be surprised in the future that VMs can be stored on one's smartphone, and one's desktop be essentially a compute node, booting ESXi, and using the phone as a backing store. How will this affect IT? Apple and Google are going to have to crack some deals with MS to handle GPOs, perhaps allowing iOS and Android to join AD domains and be managed under SCOM/SCCM/etc.