That is exactly where electric motors shine. When a vehicle is stopped, an electric motor requires zero energy to function except for cab climate control and computer devices. If one drives a hybrid or EV, stop and go traffic sucks a lot less with one of those than a gas or diesel engine which is chugging away at idle burning fuel. (Yes, one can start/stop the engine, but that may be more trouble than its worth, especially if it is very hot or cold outside.)
It only will get better. Once we get battery technology within 1/10 of energy by volume as gasoline, the Otto engine is history.
Part of it is that the soul of innovation has been beaten out of people here in the US in the past decade or so. The seeds of this were sewn back in the 1990s with Operation Sun Devil which drove the hacking community underground, and long term, caused it to move to Europe and Russia. Even now, if a kid shows hacking experience, in other countries, it would be encouraged. In the US, they would be tossed in jail until age 21 because most public schools are more interested in "teaching" the three "C"s here (conform, comply, consume) than trying to bring out talents in their students that would be useful later on.
I just confirmed that. Here in the US, EMV cards can be used without a PIN. So, all it will take is an unscrupulous person to run the card in two EMV readers, the legit transaction, then another for another charge, and the customer wouldn't know until it hits the monthly statement.
I hope that if a PIN is set, an EMV transaction does not move foward, period... but we already have PINless debit transactions, so I wouldn't be surprised to see such a basic security upgrade like EMV gutted.
Russia, China, Middle East, etc. Unlike the Internet when there was a threat of having the upstream pull the connection, so there was incentive of minding the store when it came to attacks, there is none now. In fact, some countries encourage it, since they dislike the West and view any place there as open season.
Realistically, the only solution is to do like the US Government with SIPRNet and NIPRNet, and have dedicated wires (not VPNs or stuff running over existing Internet connections) for a financial network that is completely disconnected from the Internet.
Perhaps a protocol can be designed from layer 1 up with public/private key encryption in the NIC hardware (preferably in a tamper-resistant case) so that a machine that is not expressly added to the core fabric is completely ignored. Since this network is not public, it can be designed from the ground up to be secure, with a strict central party being the gatekeeper of which machines can and cannot communicate with each other. With this in mind, plus the fact that the central authority has the ability to pull access if a member of machine gets compromised, it would boost security tremendously. Not 100%, as there will always be ways to bridge things, even air gaps, but will be far better than just having it accessible to the Internet if the internal firewalls get turned off.
This is "all eggs in one basket" syndrome, and it is only going to get worse as more people move to the cloud, LEOs of various countries (the example of countries demanding access to Blackberry's BIS servers comes to mind) getting their backdoors (and thus a database of keys to them), and more data in general is stashed in one place.
To boot, there is no real financial gain by companies in general to actually bother with more than token security. They lose nothing by a major compromise, as they will have zero consequences if someone's personal info or medical records get compromised. Same with cloud data. There are no laws securing it. Even in the financial sector, Visa will just do a light hand slap if PCI-DSS3 is completely ignored on all but the smallest merchants. HIPAA is lightly enforced in the medical sector, if that. FERPA as well.
In the past, banks had to worry about regulators and the threat of more laws if they didn't run a tight ship. Now, there is no incentive either way, be it a carrot for being secure, nor a stick for not taking basic security precautions. Bank customers may complain, but most of the clients would have to change too much stuff to move to another financial institution, so they won't have that many people stop doing business overall, especially if there is some vague promise of "we will do better next time".
The first is when space is precious and every single watt is needed. This can be urban areas, applications in space, even things like a weather monitor in an extremely remote area. Here, it matters less of currency per watt than watts obtained.
The second is where currency per watt matters, and there are large surfaces that can be covered, be it a rooftop solar array, a tent, windows, and other surfaces where a couple watts here and there lost isn't critical. There are a lot of surfaces that can be used for solar so just getting any amount of energy coming in is important.
There is room for improvement, especially with charge controllers. Charge controllers are more for off-grid, but there is still room for improvement. Cheaper MPPT [1] charge controllers would be useful, as well as ones that are better equipped for higher voltages (so thinner gauge wires can be used or more panels stacked up in series.) Controllers able to handle higher amperages don't hurt either, since we are getting to the point where it doesn't take many solar panels to hit amp limits on a lot of controllers.
[1]: maximum point power tracking... they take a higher voltage, and change it to a voltage/amperage best for the batteries, as opposed to a PWM charger which doesn't use any energy above the voltage level it chooses for the batteries. With a PWM charger, a 100 watt solar panel putting out 24 volts will only function as a 50 watt panel (assuming the controller is using 12.0 volts just for example's sake), while a MPPT charger will step down the voltage and step up the incoming amperage.
Even with current advances, there are still a bunch of links with the solar chain. For example, micro-inverters are one innovation which minimize the effect of shade on a panel (where just shading one cell causes the whole panel's incoming energy to drop by half or more.)
Once solar roof shingles become inexpensive and standardized to the point where replacing those is as easy as conventional shingles, this will dramatically increase energy gain. Similar with solar window tint on south (or north depending on what hemisphere one is in) facing buildings.
Of course, is always a use for installs that can be used in an on-grid manner (inverters feeding the grid), off-grid (batteries charged), and being able to transition between the two states. The advantage of having a set of batteries always charged up and ready means that a circuit or two would have UPS-like power protection, and a low-draw circuit could be completely kept on the batteries.
More details would be useful. Is this a Java hole, or is it just another Trojan such as when there was a pirated version of iWork out a few years ago (when it was a paid product?) Is it even a hole in Safari or another browser which gets a user's context? This seems unlikely because of the SeatBelt facility which uses sandbox_init() to keep the Web browser contained so a malicious process wouldn't be able to do much even if it got root access via the Web browser's context.
One reason why Linux and Macs have been pretty clean is the use of stores or repositories. It is the exception rather than the rule for a Linux user to have to fetch something and run it manually as opposed to grabbing it via yum or dpkg from a repository. Similar with Macs and Apple's store or even the mac-ports repository. Windows has always had the users fetch software from the vendor's website (even now, as Metro apps are next to useless for a lot of tasks), so there isn't any real active gatekeeper between the software maker and the user, while with other operating systems, there is a curator who at least makes a token effort to test things, or will actively pull a package should a problem arise.
I'm personally neutral on Apple (like and hate the company), but I wonder what the exact vulnerability is here. I doubt it is ShellShock, because an external process would have to have access to bash for it to be exploited.
OS9? When System 7 was out, MS-DOS was at 5.x, and Windows was at 3.1.
Before OS X, MacOS was getting pretty shaky. It had no preemptive multitasking ability (well, except for A/UX and that was a completely different animal), which meant that any program that didn't use WaitNextEvent() often would hang the box, forcing one to reach for the debug/reset switch or power off button. It did show how relatively robust HFS (not HFS+, HFS) was because it handled dirty restarts quite well.
In fact, at that era, restarts were a matter of course. If you had to get a project done, restart beforehand, restart afterwards, and maybe a restart every few hours on a prophylactic basis.
OS X was a major upgrade. It didn't just fix problems with Macs that were issues since the MultiFinder days of System 6, but added real security and user separation which previously could only be put in place by third party software and various hacks (using PBSetCatInfo() to hide folders, etc.)
The funny thing is that on machines (ab)used often, backing it up with wbadmin, then nuking it and restoring it from the saved image actually seems to speed things up to the "freshly installed" speed.
Not sure why it helps, be it NTFS issues, actual registry files or other core OS files fragmented, or some other factor, but it does. A backup/format/restore seems to do just as good as a reinstall. It could even be a rootkit that hid itself from the backup utility would not be present when the system was restored, although it doesn't hurt to mount a drive on another box and scan the disk image for nasties just in case.
Android doesn't jail() apps (where the application cannot see outside the space it sits in), but it does sandbox apps. Apps get their own UID, and by default, they cannot get into other apps spaces./system is usually root owned and the whole volume is read-only, for example.
Recent versions of Android use SELinux, so if an app does get access it shouldn't have, it still is stuck in the role it was assigned. For example, some app getting root will still be constrained even with UID 0, so it couldn't remount/system read-write, for example.
Android 4.3 adds onto that by adding SELinux rules onto the external SD card, limiting its use. If you have root, you can use a utility like NextApp SD fix to change SELinux rules back to how they were previously, or SELinuxModeChanger to entirely disable SELinux on your device. Disclaimer: SELinux is a good thing overall, and killing it does weaken security.
iOS's security model is weakened by a jailbreak, while Android's is unaffected if the user has root (assuming the user didn't use the su app to give a rogue app root [1].)
Of course, Android's model has its issues... the all or nothing aspect [2] (where one can choose what stuff an app has access to in iOS), for example.
[1]: Newer apps have a special permission on install which shows the user that it might want root, and the su binary will warn or not allow access to any apps that don't declare that permission in their manifest.
[2]: Cyanogen's privacy features help, as well as XPrivacy. XPrivacy gives extremely fine grained control to what an app can use or cannot use. However, I'd not consider this part of Android proper, though it should be.
The ironic thing is that third party companies have been able to repackage Windows programs so only one file is needed to run it. Not an installer... just an executable that provides a virtual environment for the program, and redirects all file and Registry changes to a specific directory in the user's homedir. A couple examples: VMWare ThinApp or Evalaze.
Yes, it takes a bit to create a clean system (VMs are perfect for this with snapshots), pop a "before" run, install the software, then click that it is done. The result is a single file that takes every single change the installer did, and puts it in a sandbox/partition.
If third party companies can do this, why can't MS extend their virtual redirects (which are used with some legacy applications to redirect stuff that would be stored in Program Files to the user's homedir) to include everything the program does? Container functionality is a core part of some other operating systems (RedHat 7), so why not Windows? That way, uninstallation of a program is just tossing the file it is in.
Sandboxes are not new either. I use sandboxie to ensure that what is in my web browser stays in my web browser and doesn't get out. This isn't a 100% solution since an undocumented MS API call would allow a program to "leak" out, but it is usable.
How do you know that your next phone will have an unlockable/unlocked bootloader, even a way to get rooted/jailbroken? The Samsung S5 took $18,000 in a bounty to get root for, and its bootloader is still locked up tight unless you have the developer model.
This is true about any government body. One laws get passed almost anywhere [1], they stay on the books forever.
[1]: I wish that tale about Swedish towns where each year, the mayor recited all the laws he knew. If he forgot one, it was stricken off the books. The ideal would be relatively few laws, but well enforced, rather than having a ton of stuff on the books that may or may not get stuff done about it.
Bingo. This exact same argument was made in the early 1990s about the Clipper Chip and banning encryption other than Clipper/Skipjack. Since Skipjack was broken, the bad guys would have access to the LEAF (law enforcement access field), and could zero out the ones on their chips. Great for them, an uncorrectable security nightmare for anyone who chose to abide by the law.
This also brings in the US's Third Amendment. Can spyware be considered an electronic soldier? Or perhaps the Fifth Amendment about being deprived of property (spyware uses RAM/disk/network bandwidth/CPU cycles) without due process.) Micing someone's place is one thing, making them pay for being spied on is another.
I think because Google gets bashed often, they want to do like Apple and MS, and have the apps be part of the OS, so when a consumer sees a device has a certain version of Android, it will have the same level of app functionality across the board, regardless of what carrier, make, or model of phone.
Android, as it stands now, can mean a device bristling with apps (as a consumer-level one that comes from a carrier comes with) to an AOSP build that has almost nothing. Having Google force OEMs to "standardize" on at least a basic number of apps gives the average consumer a better way to compare devices.
I'd probably say either the N5 (or another GPE device), or if one wants to be completely GApp free, then go with CyanogenMod and another store or repo. Amazon has their own (heavily curated/moderated) app store, and there is always F-Droid.
I don't mind the Google stuff, so I've found GPE devices or CM + Gapps pretty workable, although I do replace the messaging app with TextSecure and the dialer with RedPhone (disabling the other SMS utilities) so I have additional security. I also have XPrivacy running as well, so if something doesn't _need_ GPS, let it think I'm in Antigua then.
I wonder how long this will last. There will come a point where FB can't sell any more info than it is getting. Then what do they do?
I've found that FB is pretty intrusive, asking for almost every permission but root on my Android device. On my computer, it gets its own sandboxed instance of a browser (using sandboxie), while everything else is separate. On Android, XPrivacy and the privacy tools in CyanogenMod mitigate things. iOS is much harder to keep info away (although with a jailbreak and Protect My Privacy, it helps a lot.)
Why does a fridge need hooked up to the Net? They have worked for a century without requiring networking, and there is no fundamental reason why they need it, especially with the fact that there are major issues with basic security. It is like RV fridges that now require batteries as well as propane. Do they keep your beer cold any better? Nope. Do they have another point of failure because they rely on the 12 volt system for the control board? Yes.
If someone just has to have some inventory control system in their fridge, why not go to a system that uses short range RFID, Bluetooth to a hardened monitor, and only that monitor would have Internet access? Maybe even have a second module that is a dedicated firewall before the 3G chip. Having every device directly connected to the Net is a blackhat's dream, especially in this attitude of "security has no ROI" that is prevalent by a lot of companies.
A standard even can be made... a RFID check or BT PAN, those log info to a hardened, secure module that then sends it on the Internet.
Problem is that SSL, and to a lesser extent SSH suck, but almost everything out there is worse, barring physically dropping off a large drive array and using one time pads on each endpoint.
SSL for public web servers is tough to fix. Have more than 2 CAs sign a key? What keeps two CAs from being compromised? Have a revocation list, the bad guys can block that from propagating. Have a key get "known" may be an add-on, but some sites use hundreds of server keys and change them out often.
For other tasks, it is fairly simple. If a server and client are static, then they can trust each other, similar to how SSH works, and dispense with the CA stuff entirely. Other tasks might work with an out of band method for distributing and authenticating keys.
SSL/TLS is a hard protocol to fix. Make a change willy-nilly without heavy regression testing will just open new vulnerabilities.
I might as well lay my anecdote on the line as well: I've had very good luck with LEDs, and the only time I've seen them die was overvoltage, extreme overheating, or they were just DOA.
For my RV, I replaced the overhead 12 volt bulbs with cheapie $1 LEDs from Taiwan (free shipping). Their color temperature isn't that great, but they take 1/7 the electricity that the previous ones did, which is important for dry camping. Several years later, the bulbs are still working.
For my abode, I replaced all bulbs with LEDs (mainly Feit Electric.) They are all dimmable, and use PWM for dimming, run fairly cool, (although the heat sink may be about 120-130 degrees after a few days.)
I chose to replace the CFLs not because they were that big of energy hogs, but because they create a mini Superfund site if they would break. So far, so good.
VMWare's fault tolerance is decent, but nothing that will recover in milliseconds. Even with vMotion and HA, it will take some time for the machine to reboot.
Of course, there is the FT mode of VMWare... but it has a lot of limitations, such as only allowing 1 vCPU, but it does run two VMs in lockstep so if the heartbeat drops, the downtime is in seconds, not minutes as with a machine restarting.
I wonder about these things as well.. In Austin, there are the solar "flowers" that point south (they are fixed and don't track the sun) on I-35 near the former airport that could be easily replaced by one of these. Each of the "flowers" generates 1Kwh per day, which is 1/12 of the IBM setup, as per the parent's estimates.
Solar works best when one uses it on large surfaces, be it the roof of buildings, solar film on windows, or other places. It may get a fraction of the light that a two axis concentrator does... but it is far cheaper to install and maintain.
This isn't to say the solar concentrator technology is a bad thing, but it is limited to areas where real estate is precious.
Solar is getting pretty cheap. I've grabbed a cast-off 24 volt panel for free, a $8 no-name PWM charge controller [1] from eBay, a couple fuses (I always, a switch, a disused car battery, some wires, several $1 12 volt to USB adapters, a couple 340 lumens USB bulbs, and the result was a working setup for outbuilding lights on a friend's farm, well under a C-note, and it works well for the purpose needed -- give light to an outbuilding on the far end of the property, where running an extension cord for a half mile would not be possible.
[1]: In reality, the PWM controller just lopped off about half the energy coming from the panel, but for the task at hand, beggars can't be choosers.
Slashdot Mirror
That is exactly where electric motors shine. When a vehicle is stopped, an electric motor requires zero energy to function except for cab climate control and computer devices. If one drives a hybrid or EV, stop and go traffic sucks a lot less with one of those than a gas or diesel engine which is chugging away at idle burning fuel. (Yes, one can start/stop the engine, but that may be more trouble than its worth, especially if it is very hot or cold outside.)
It only will get better. Once we get battery technology within 1/10 of energy by volume as gasoline, the Otto engine is history.
Part of it is that the soul of innovation has been beaten out of people here in the US in the past decade or so. The seeds of this were sewn back in the 1990s with Operation Sun Devil which drove the hacking community underground, and long term, caused it to move to Europe and Russia. Even now, if a kid shows hacking experience, in other countries, it would be encouraged. In the US, they would be tossed in jail until age 21 because most public schools are more interested in "teaching" the three "C"s here (conform, comply, consume) than trying to bring out talents in their students that would be useful later on.
I just confirmed that. Here in the US, EMV cards can be used without a PIN. So, all it will take is an unscrupulous person to run the card in two EMV readers, the legit transaction, then another for another charge, and the customer wouldn't know until it hits the monthly statement.
I hope that if a PIN is set, an EMV transaction does not move foward, period... but we already have PINless debit transactions, so I wouldn't be surprised to see such a basic security upgrade like EMV gutted.
Russia, China, Middle East, etc. Unlike the Internet when there was a threat of having the upstream pull the connection, so there was incentive of minding the store when it came to attacks, there is none now. In fact, some countries encourage it, since they dislike the West and view any place there as open season.
Realistically, the only solution is to do like the US Government with SIPRNet and NIPRNet, and have dedicated wires (not VPNs or stuff running over existing Internet connections) for a financial network that is completely disconnected from the Internet.
Perhaps a protocol can be designed from layer 1 up with public/private key encryption in the NIC hardware (preferably in a tamper-resistant case) so that a machine that is not expressly added to the core fabric is completely ignored. Since this network is not public, it can be designed from the ground up to be secure, with a strict central party being the gatekeeper of which machines can and cannot communicate with each other. With this in mind, plus the fact that the central authority has the ability to pull access if a member of machine gets compromised, it would boost security tremendously. Not 100%, as there will always be ways to bridge things, even air gaps, but will be far better than just having it accessible to the Internet if the internal firewalls get turned off.
This is "all eggs in one basket" syndrome, and it is only going to get worse as more people move to the cloud, LEOs of various countries (the example of countries demanding access to Blackberry's BIS servers comes to mind) getting their backdoors (and thus a database of keys to them), and more data in general is stashed in one place.
To boot, there is no real financial gain by companies in general to actually bother with more than token security. They lose nothing by a major compromise, as they will have zero consequences if someone's personal info or medical records get compromised. Same with cloud data. There are no laws securing it. Even in the financial sector, Visa will just do a light hand slap if PCI-DSS3 is completely ignored on all but the smallest merchants. HIPAA is lightly enforced in the medical sector, if that. FERPA as well.
In the past, banks had to worry about regulators and the threat of more laws if they didn't run a tight ship. Now, there is no incentive either way, be it a carrot for being secure, nor a stick for not taking basic security precautions. Bank customers may complain, but most of the clients would have to change too much stuff to move to another financial institution, so they won't have that many people stop doing business overall, especially if there is some vague promise of "we will do better next time".
I can see two ways PV can grow.
The first is when space is precious and every single watt is needed. This can be urban areas, applications in space, even things like a weather monitor in an extremely remote area. Here, it matters less of currency per watt than watts obtained.
The second is where currency per watt matters, and there are large surfaces that can be covered, be it a rooftop solar array, a tent, windows, and other surfaces where a couple watts here and there lost isn't critical. There are a lot of surfaces that can be used for solar so just getting any amount of energy coming in is important.
There is room for improvement, especially with charge controllers. Charge controllers are more for off-grid, but there is still room for improvement. Cheaper MPPT [1] charge controllers would be useful, as well as ones that are better equipped for higher voltages (so thinner gauge wires can be used or more panels stacked up in series.) Controllers able to handle higher amperages don't hurt either, since we are getting to the point where it doesn't take many solar panels to hit amp limits on a lot of controllers.
[1]: maximum point power tracking... they take a higher voltage, and change it to a voltage/amperage best for the batteries, as opposed to a PWM charger which doesn't use any energy above the voltage level it chooses for the batteries. With a PWM charger, a 100 watt solar panel putting out 24 volts will only function as a 50 watt panel (assuming the controller is using 12.0 volts just for example's sake), while a MPPT charger will step down the voltage and step up the incoming amperage.
Even with current advances, there are still a bunch of links with the solar chain. For example, micro-inverters are one innovation which minimize the effect of shade on a panel (where just shading one cell causes the whole panel's incoming energy to drop by half or more.)
Once solar roof shingles become inexpensive and standardized to the point where replacing those is as easy as conventional shingles, this will dramatically increase energy gain. Similar with solar window tint on south (or north depending on what hemisphere one is in) facing buildings.
Of course, is always a use for installs that can be used in an on-grid manner (inverters feeding the grid), off-grid (batteries charged), and being able to transition between the two states. The advantage of having a set of batteries always charged up and ready means that a circuit or two would have UPS-like power protection, and a low-draw circuit could be completely kept on the batteries.
More details would be useful. Is this a Java hole, or is it just another Trojan such as when there was a pirated version of iWork out a few years ago (when it was a paid product?) Is it even a hole in Safari or another browser which gets a user's context? This seems unlikely because of the SeatBelt facility which uses sandbox_init() to keep the Web browser contained so a malicious process wouldn't be able to do much even if it got root access via the Web browser's context.
One reason why Linux and Macs have been pretty clean is the use of stores or repositories. It is the exception rather than the rule for a Linux user to have to fetch something and run it manually as opposed to grabbing it via yum or dpkg from a repository. Similar with Macs and Apple's store or even the mac-ports repository. Windows has always had the users fetch software from the vendor's website (even now, as Metro apps are next to useless for a lot of tasks), so there isn't any real active gatekeeper between the software maker and the user, while with other operating systems, there is a curator who at least makes a token effort to test things, or will actively pull a package should a problem arise.
I'm personally neutral on Apple (like and hate the company), but I wonder what the exact vulnerability is here. I doubt it is ShellShock, because an external process would have to have access to bash for it to be exploited.
OS9? When System 7 was out, MS-DOS was at 5.x, and Windows was at 3.1.
Before OS X, MacOS was getting pretty shaky. It had no preemptive multitasking ability (well, except for A/UX and that was a completely different animal), which meant that any program that didn't use WaitNextEvent() often would hang the box, forcing one to reach for the debug/reset switch or power off button. It did show how relatively robust HFS (not HFS+, HFS) was because it handled dirty restarts quite well.
In fact, at that era, restarts were a matter of course. If you had to get a project done, restart beforehand, restart afterwards, and maybe a restart every few hours on a prophylactic basis.
OS X was a major upgrade. It didn't just fix problems with Macs that were issues since the MultiFinder days of System 6, but added real security and user separation which previously could only be put in place by third party software and various hacks (using PBSetCatInfo() to hide folders, etc.)
The funny thing is that on machines (ab)used often, backing it up with wbadmin, then nuking it and restoring it from the saved image actually seems to speed things up to the "freshly installed" speed.
Not sure why it helps, be it NTFS issues, actual registry files or other core OS files fragmented, or some other factor, but it does. A backup/format/restore seems to do just as good as a reinstall. It could even be a rootkit that hid itself from the backup utility would not be present when the system was restored, although it doesn't hurt to mount a drive on another box and scan the disk image for nasties just in case.
Android doesn't jail() apps (where the application cannot see outside the space it sits in), but it does sandbox apps. Apps get their own UID, and by default, they cannot get into other apps spaces. /system is usually root owned and the whole volume is read-only, for example.
Recent versions of Android use SELinux, so if an app does get access it shouldn't have, it still is stuck in the role it was assigned. For example, some app getting root will still be constrained even with UID 0, so it couldn't remount /system read-write, for example.
Android 4.3 adds onto that by adding SELinux rules onto the external SD card, limiting its use. If you have root, you can use a utility like NextApp SD fix to change SELinux rules back to how they were previously, or SELinuxModeChanger to entirely disable SELinux on your device. Disclaimer: SELinux is a good thing overall, and killing it does weaken security.
iOS's security model is weakened by a jailbreak, while Android's is unaffected if the user has root (assuming the user didn't use the su app to give a rogue app root [1].)
Of course, Android's model has its issues... the all or nothing aspect [2] (where one can choose what stuff an app has access to in iOS), for example.
[1]: Newer apps have a special permission on install which shows the user that it might want root, and the su binary will warn or not allow access to any apps that don't declare that permission in their manifest.
[2]: Cyanogen's privacy features help, as well as XPrivacy. XPrivacy gives extremely fine grained control to what an app can use or cannot use. However, I'd not consider this part of Android proper, though it should be.
The ironic thing is that third party companies have been able to repackage Windows programs so only one file is needed to run it. Not an installer... just an executable that provides a virtual environment for the program, and redirects all file and Registry changes to a specific directory in the user's homedir. A couple examples: VMWare ThinApp or Evalaze.
Yes, it takes a bit to create a clean system (VMs are perfect for this with snapshots), pop a "before" run, install the software, then click that it is done. The result is a single file that takes every single change the installer did, and puts it in a sandbox/partition.
If third party companies can do this, why can't MS extend their virtual redirects (which are used with some legacy applications to redirect stuff that would be stored in Program Files to the user's homedir) to include everything the program does? Container functionality is a core part of some other operating systems (RedHat 7), so why not Windows? That way, uninstallation of a program is just tossing the file it is in.
Sandboxes are not new either. I use sandboxie to ensure that what is in my web browser stays in my web browser and doesn't get out. This isn't a 100% solution since an undocumented MS API call would allow a program to "leak" out, but it is usable.
Devil's advocate:
How do you know that your next phone will have an unlockable/unlocked bootloader, even a way to get rooted/jailbroken? The Samsung S5 took $18,000 in a bounty to get root for, and its bootloader is still locked up tight unless you have the developer model.
Isn't he going to be appointed for SCOTUS when a justice retires?
This is true about any government body. One laws get passed almost anywhere [1], they stay on the books forever.
[1]: I wish that tale about Swedish towns where each year, the mayor recited all the laws he knew. If he forgot one, it was stricken off the books. The ideal would be relatively few laws, but well enforced, rather than having a ton of stuff on the books that may or may not get stuff done about it.
Bingo. This exact same argument was made in the early 1990s about the Clipper Chip and banning encryption other than Clipper/Skipjack. Since Skipjack was broken, the bad guys would have access to the LEAF (law enforcement access field), and could zero out the ones on their chips. Great for them, an uncorrectable security nightmare for anyone who chose to abide by the law.
This also brings in the US's Third Amendment. Can spyware be considered an electronic soldier? Or perhaps the Fifth Amendment about being deprived of property (spyware uses RAM/disk/network bandwidth/CPU cycles) without due process.) Micing someone's place is one thing, making them pay for being spied on is another.
I think because Google gets bashed often, they want to do like Apple and MS, and have the apps be part of the OS, so when a consumer sees a device has a certain version of Android, it will have the same level of app functionality across the board, regardless of what carrier, make, or model of phone.
Android, as it stands now, can mean a device bristling with apps (as a consumer-level one that comes from a carrier comes with) to an AOSP build that has almost nothing. Having Google force OEMs to "standardize" on at least a basic number of apps gives the average consumer a better way to compare devices.
I'd probably say either the N5 (or another GPE device), or if one wants to be completely GApp free, then go with CyanogenMod and another store or repo. Amazon has their own (heavily curated/moderated) app store, and there is always F-Droid.
I don't mind the Google stuff, so I've found GPE devices or CM + Gapps pretty workable, although I do replace the messaging app with TextSecure and the dialer with RedPhone (disabling the other SMS utilities) so I have additional security. I also have XPrivacy running as well, so if something doesn't _need_ GPS, let it think I'm in Antigua then.
I wonder how long this will last. There will come a point where FB can't sell any more info than it is getting. Then what do they do?
I've found that FB is pretty intrusive, asking for almost every permission but root on my Android device. On my computer, it gets its own sandboxed instance of a browser (using sandboxie), while everything else is separate. On Android, XPrivacy and the privacy tools in CyanogenMod mitigate things. iOS is much harder to keep info away (although with a jailbreak and Protect My Privacy, it helps a lot.)
This.
Why does a fridge need hooked up to the Net? They have worked for a century without requiring networking, and there is no fundamental reason why they need it, especially with the fact that there are major issues with basic security. It is like RV fridges that now require batteries as well as propane. Do they keep your beer cold any better? Nope. Do they have another point of failure because they rely on the 12 volt system for the control board? Yes.
If someone just has to have some inventory control system in their fridge, why not go to a system that uses short range RFID, Bluetooth to a hardened monitor, and only that monitor would have Internet access? Maybe even have a second module that is a dedicated firewall before the 3G chip. Having every device directly connected to the Net is a blackhat's dream, especially in this attitude of "security has no ROI" that is prevalent by a lot of companies.
A standard even can be made... a RFID check or BT PAN, those log info to a hardened, secure module that then sends it on the Internet.
Problem is that SSL, and to a lesser extent SSH suck, but almost everything out there is worse, barring physically dropping off a large drive array and using one time pads on each endpoint.
SSL for public web servers is tough to fix. Have more than 2 CAs sign a key? What keeps two CAs from being compromised? Have a revocation list, the bad guys can block that from propagating. Have a key get "known" may be an add-on, but some sites use hundreds of server keys and change them out often.
For other tasks, it is fairly simple. If a server and client are static, then they can trust each other, similar to how SSH works, and dispense with the CA stuff entirely. Other tasks might work with an out of band method for distributing and authenticating keys.
SSL/TLS is a hard protocol to fix. Make a change willy-nilly without heavy regression testing will just open new vulnerabilities.
I might as well lay my anecdote on the line as well: I've had very good luck with LEDs, and the only time I've seen them die was overvoltage, extreme overheating, or they were just DOA.
For my RV, I replaced the overhead 12 volt bulbs with cheapie $1 LEDs from Taiwan (free shipping). Their color temperature isn't that great, but they take 1/7 the electricity that the previous ones did, which is important for dry camping. Several years later, the bulbs are still working.
For my abode, I replaced all bulbs with LEDs (mainly Feit Electric.) They are all dimmable, and use PWM for dimming, run fairly cool, (although the heat sink may be about 120-130 degrees after a few days.)
I chose to replace the CFLs not because they were that big of energy hogs, but because they create a mini Superfund site if they would break. So far, so good.
VMWare's fault tolerance is decent, but nothing that will recover in milliseconds. Even with vMotion and HA, it will take some time for the machine to reboot.
Of course, there is the FT mode of VMWare... but it has a lot of limitations, such as only allowing 1 vCPU, but it does run two VMs in lockstep so if the heartbeat drops, the downtime is in seconds, not minutes as with a machine restarting.
I wonder about these things as well.. In Austin, there are the solar "flowers" that point south (they are fixed and don't track the sun) on I-35 near the former airport that could be easily replaced by one of these. Each of the "flowers" generates 1Kwh per day, which is 1/12 of the IBM setup, as per the parent's estimates.
Solar works best when one uses it on large surfaces, be it the roof of buildings, solar film on windows, or other places. It may get a fraction of the light that a two axis concentrator does... but it is far cheaper to install and maintain.
This isn't to say the solar concentrator technology is a bad thing, but it is limited to areas where real estate is precious.
Solar is getting pretty cheap. I've grabbed a cast-off 24 volt panel for free, a $8 no-name PWM charge controller [1] from eBay, a couple fuses (I always, a switch, a disused car battery, some wires, several $1 12 volt to USB adapters, a couple 340 lumens USB bulbs, and the result was a working setup for outbuilding lights on a friend's farm, well under a C-note, and it works well for the purpose needed -- give light to an outbuilding on the far end of the property, where running an extension cord for a half mile would not be possible.
[1]: In reality, the PWM controller just lopped off about half the energy coming from the panel, but for the task at hand, beggars can't be choosers.